Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 27, 2022 | CVE-2021-4034 | Red Hat Polkit |
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
|
— | 87.4% |
| Jun 27, 2022 |
CVE-2022-29499
Ransomware |
Mitel MiVoice Connect |
Mitel MiVoice Connect Data Validation Vulnerability
The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.
|
— | 88.6% |
| Jun 14, 2022 |
CVE-2022-30190
Ransomware |
Microsoft Windows |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnera…
|
— | 93.6% |
| Jun 9, 2022 | CVE-2016-2386 | SAP NetWeaver |
SAP NetWeaver SQL Injection Vulnerability
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
— | 44.5% |
| Jun 9, 2022 | CVE-2016-2388 | SAP NetWeaver |
SAP NetWeaver Information Disclosure Vulnerability
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
|
— | 67.8% |
| Jun 9, 2022 | CVE-2021-38163 | SAP NetWeaver |
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
|
— | 83.5% |
| Jun 8, 2022 | CVE-2006-2492 | Microsoft Word |
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
|
— | 79.1% |
| Jun 8, 2022 | CVE-2007-5659 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
|
— | 92.9% |
| Jun 8, 2022 | CVE-2008-0655 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Unspecified Vulnerability
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of…
|
— | 67.3% |
| Jun 8, 2022 | CVE-2009-0557 | Microsoft Office |
Microsoft Office Object Record Corruption Vulnerability
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
|
— | 86.4% |
| Jun 8, 2022 | CVE-2009-0563 | Microsoft Office |
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
|
— | 79.9% |
| Jun 8, 2022 | CVE-2009-1862 | Adobe Acrobat and Reader, Flash Player |
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 58.6% |
| Jun 8, 2022 | CVE-2009-3953 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
|
— | 90.5% |
| Jun 8, 2022 | CVE-2009-4324 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
|
— | 92.9% |
| Jun 8, 2022 | CVE-2010-1297 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 92.8% |
| Jun 8, 2022 | CVE-2010-2572 | Microsoft PowerPoint |
Microsoft PowerPoint Buffer Overflow Vulnerability
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
|
— | 74.7% |
| Jun 8, 2022 | CVE-2010-2883 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 92.8% |
| Jun 8, 2022 | CVE-2011-0609 | Adobe Flash Player |
Adobe Flash Player Unspecified Vulnerability
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 92.1% |
| Jun 8, 2022 | CVE-2011-2462 | Adobe Reader and Acrobat |
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-servi…
|
— | 91.6% |
| Jun 8, 2022 | CVE-2012-0151 | Microsoft Windows |
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allow…
|
— | 89.0% |
| Jun 8, 2022 | CVE-2012-0754 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 91.5% |
| Jun 8, 2022 | CVE-2012-0767 | Adobe Flash Player |
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
|
— | 14.9% |
| Jun 8, 2022 | CVE-2012-1889 | Microsoft XML Core Services |
Microsoft XML Core Services Memory Corruption Vulnerability
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
|
— | 93.1% |
| Jun 8, 2022 | CVE-2012-4969 | Microsoft Internet Explorer |
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
|
— | 91.8% |
| Jun 8, 2022 | CVE-2012-5054 | Adobe Flash Player |
Adobe Flash Player Integer Overflow Vulnerability
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
|
— | 71.5% |
| Jun 8, 2022 | CVE-2013-1331 | Microsoft Office |
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
|
— | 88.9% |
| Jun 8, 2022 | CVE-2016-1646 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Read Vulnerability
Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via c…
|
— | 66.9% |
| Jun 8, 2022 | CVE-2016-5198 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a cr…
|
— | 78.7% |
| Jun 8, 2022 | CVE-2017-5030 | Google Chromium V8 |
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multipl…
|
— | 50.3% |
| Jun 8, 2022 | CVE-2017-5070 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
|
— | 74.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.