Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 841–870 of 1,619 CVEs · Page 29 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jun 27, 2022 CVE-2021-4034 Red Hat Polkit
server os
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
87.4%
Jun 27, 2022 CVE-2022-29499
Ransomware
Mitel MiVoice Connect
Mitel MiVoice Connect Data Validation Vulnerability
The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.
88.6%
Jun 14, 2022 CVE-2022-30190
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnera…
93.6%
Jun 9, 2022 CVE-2016-2386 SAP NetWeaver
enterprise
SAP NetWeaver SQL Injection Vulnerability
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
44.5%
Jun 9, 2022 CVE-2016-2388 SAP NetWeaver
enterprise
SAP NetWeaver Information Disclosure Vulnerability
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
67.8%
Jun 9, 2022 CVE-2021-38163 SAP NetWeaver
enterprise
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
83.5%
Jun 8, 2022 CVE-2006-2492 Microsoft Word
endpoint m365 smb essential
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
79.1%
Jun 8, 2022 CVE-2007-5659 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
92.9%
Jun 8, 2022 CVE-2008-0655 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Unspecified Vulnerability
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of…
67.3%
Jun 8, 2022 CVE-2009-0557 Microsoft Office
endpoint m365 smb essential
Microsoft Office Object Record Corruption Vulnerability
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
86.4%
Jun 8, 2022 CVE-2009-0563 Microsoft Office
endpoint m365 smb essential
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
79.9%
Jun 8, 2022 CVE-2009-1862 Adobe Acrobat and Reader, Flash Player
smb essential
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
58.6%
Jun 8, 2022 CVE-2009-3953 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
90.5%
Jun 8, 2022 CVE-2009-4324 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
92.9%
Jun 8, 2022 CVE-2010-1297 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
92.8%
Jun 8, 2022 CVE-2010-2572 Microsoft PowerPoint
endpoint m365 smb essential
Microsoft PowerPoint Buffer Overflow Vulnerability
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
74.7%
Jun 8, 2022 CVE-2010-2883 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
92.8%
Jun 8, 2022 CVE-2011-0609 Adobe Flash Player
smb essential
Adobe Flash Player Unspecified Vulnerability
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
92.1%
Jun 8, 2022 CVE-2011-2462 Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-servi…
91.6%
Jun 8, 2022 CVE-2012-0151 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allow…
89.0%
Jun 8, 2022 CVE-2012-0754 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
91.5%
Jun 8, 2022 CVE-2012-0767 Adobe Flash Player
smb essential
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
14.9%
Jun 8, 2022 CVE-2012-1889 Microsoft XML Core Services
endpoint m365 smb essential
Microsoft XML Core Services Memory Corruption Vulnerability
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
93.1%
Jun 8, 2022 CVE-2012-4969 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
91.8%
Jun 8, 2022 CVE-2012-5054 Adobe Flash Player
smb essential
Adobe Flash Player Integer Overflow Vulnerability
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
71.5%
Jun 8, 2022 CVE-2013-1331 Microsoft Office
endpoint m365 smb essential
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
88.9%
Jun 8, 2022 CVE-2016-1646 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Read Vulnerability
Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via c…
66.9%
Jun 8, 2022 CVE-2016-5198 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a cr…
78.7%
Jun 8, 2022 CVE-2017-5030 Google Chromium V8
browser smb essential
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multipl…
50.3%
Jun 8, 2022 CVE-2017-5070 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
74.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.