Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 811–840 of 1,619 CVEs · Page 28 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Aug 25, 2022 CVE-2021-31010 Apple iOS, macOS, watchOS
endpoint mobile smb essential
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
0.7%
Aug 25, 2022 CVE-2021-38406 Delta Electronics DOPSoft 2
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that …
62.1%
Aug 25, 2022 CVE-2021-39226 Grafana Labs Grafana
Grafana Authentication Bypass Vulnerability
Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete…
94.4%
Aug 25, 2022 CVE-2022-2294
Ransomware
WebRTC WebRTC
WebRTC Heap Buffer Overflow Vulnerability
WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode exec…
1.1%
Aug 25, 2022 CVE-2022-22963 VMware Tanzu Spring Cloud
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in …
94.5%
Aug 25, 2022 CVE-2022-24112 Apache APISIX
web server
Apache APISIX Authentication Bypass Vulnerability
Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.
94.4%
Aug 25, 2022 CVE-2022-24706 Apache CouchDB
web server
Apache CouchDB Insecure Default Initialization of Resource Vulnerability
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
94.4%
Aug 25, 2022 CVE-2022-26352
Ransomware
dotCMS dotCMS
dotCMS Unrestricted Upload of File Vulnerability
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of t…
94.3%
Aug 22, 2022 CVE-2022-0028 Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
4.7%
Aug 18, 2022 CVE-2017-15944 Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.
94.0%
Aug 18, 2022 CVE-2022-21971 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Runtime Remote Code Execution Vulnerability
Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
87.8%
Aug 18, 2022 CVE-2022-22536 SAP Multiple Products
enterprise
SAP Multiple Products HTTP Request Smuggling Vulnerability
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthentic…
93.8%
Aug 18, 2022 CVE-2022-26923 Microsoft Active Directory
endpoint identity m365 smb essential
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow fo…
91.6%
Aug 18, 2022 CVE-2022-2856 Google Chromium Intents
browser smb essential
Google Chromium Intents Insufficient Input Validation Vulnerability
Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page…
3.3%
Aug 18, 2022 CVE-2022-32893 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
0.1%
Aug 18, 2022 CVE-2022-32894 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
0.3%
Aug 11, 2022 CVE-2022-27925
Ransomware
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code executi…
94.3%
Aug 11, 2022 CVE-2022-37042
Ransomware
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows f…
94.3%
Aug 9, 2022 CVE-2022-30333
Ransomware
RARLAB UnRAR
RARLAB UnRAR Directory Traversal Vulnerability
RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
92.8%
Aug 9, 2022 CVE-2022-34713 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
4.5%
Aug 4, 2022 CVE-2022-27924
Ransomware
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.
90.7%
Jul 29, 2022 CVE-2022-26138 Atlassian Confluence
enterprise smb essential
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to …
94.3%
Jul 12, 2022 CVE-2022-22047 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability
Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
1.2%
Jul 1, 2022 CVE-2022-26925 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows LSA Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
37.4%
Jun 27, 2022 CVE-2018-4344 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
0.2%
Jun 27, 2022 CVE-2019-8605 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Use-After-Free Vulnerability
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
13.8%
Jun 27, 2022 CVE-2020-3837 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
6.4%
Jun 27, 2022 CVE-2020-9907 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
0.5%
Jun 27, 2022 CVE-2021-30533 Google Chromium PopupBlocker
browser smb essential
Google Chromium PopupBlocker Security Bypass Vulnerability
Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This v…
16.7%
Jun 27, 2022 CVE-2021-30983 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Buffer Overflow Vulnerability
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
0.5%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.