Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 8, 2022 | CVE-2017-6862 | NETGEAR Multiple Devices |
NETGEAR Multiple Devices Buffer Overflow Vulnerability
Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.
|
— | 43.1% |
| Jun 8, 2022 | CVE-2018-17463 | Google Chromium V8 |
Google Chromium V8 Remote Code Execution Vulnerability
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could af…
|
— | 92.2% |
| Jun 8, 2022 | CVE-2018-17480 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability cou…
|
— | 30.4% |
| Jun 8, 2022 | CVE-2018-4990 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Double Free Vulnerability
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
|
— | 51.5% |
| Jun 8, 2022 | CVE-2018-6065 | Google Chromium V8 |
Google Chromium V8 Integer Overflow Vulnerability
Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerabili…
|
— | 89.6% |
| Jun 8, 2022 | CVE-2019-15271 | Cisco RV Series Routers |
Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code w…
|
— | 5.6% |
| Jun 8, 2022 | CVE-2019-5825 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 78.2% |
| Jun 8, 2022 |
CVE-2019-7192
Ransomware |
QNAP Photo Station |
QNAP Photo Station Improper Access Control Vulnerability
QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
|
— | 94.3% |
| Jun 8, 2022 |
CVE-2019-7193
Ransomware |
QNAP QTS |
QNAP QTS Improper Input Validation Vulnerability
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
|
— | 25.8% |
| Jun 8, 2022 |
CVE-2019-7194
Ransomware |
QNAP Photo Station |
QNAP Photo Station Path Traversal Vulnerability
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
|
— | 93.9% |
| Jun 8, 2022 |
CVE-2019-7195
Ransomware |
QNAP Photo Station |
QNAP Photo Station Path Traversal Vulnerability
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
|
— | 94.1% |
| Jun 2, 2022 |
CVE-2022-26134
Ransomware |
Atlassian Confluence Server/Data Center |
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
|
— | 94.4% |
| May 25, 2022 |
CVE-2010-0738
Ransomware |
Red Hat JBoss |
Red Hat JBoss Authentication Bypass Vulnerability
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attacker…
|
— | 92.4% |
| May 25, 2022 | CVE-2010-0840 | Oracle Java Runtime Environment (JRE) |
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vec…
|
— | 92.1% |
| May 25, 2022 |
CVE-2010-1428
Ransomware |
Red Hat JBoss |
Red Hat JBoss Information Disclosure Vulnerability
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET…
|
— | 67.6% |
| May 25, 2022 |
CVE-2012-1710
Ransomware |
Oracle Fusion Middleware |
Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availab…
|
— | 40.8% |
| May 25, 2022 |
CVE-2013-0074
Ransomware |
Microsoft Silverlight |
Microsoft Silverlight Double Dereference Vulnerability
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.
|
— | 93.7% |
| May 25, 2022 |
CVE-2013-0422
Ransomware |
Oracle Java Runtime Environment (JRE) |
Oracle JRE Remote Code Execution Vulnerability
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
|
— | 93.6% |
| May 25, 2022 |
CVE-2013-0431
Ransomware |
Oracle Java Runtime Environment (JRE) |
Oracle JRE Sandbox Bypass Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
|
— | 91.5% |
| May 25, 2022 | CVE-2013-2423 | Oracle Java Runtime Environment (JRE) |
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
|
— | 93.4% |
| May 25, 2022 | CVE-2013-3896 | Microsoft Silverlight |
Microsoft Silverlight Information Disclosure Vulnerability
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silver…
|
— | 84.7% |
| May 25, 2022 |
CVE-2013-3993
Ransomware |
IBM InfoSphere BigInsights |
IBM InfoSphere BigInsights Invalid Input Vulnerability
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
|
— | 26.5% |
| May 25, 2022 | CVE-2013-7331 | Microsoft Internet Explorer |
Microsoft Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect a…
|
— | 81.8% |
| May 25, 2022 | CVE-2014-0546 | Adobe Reader and Acrobat |
Adobe Reader and Acrobat Sandbox Bypass Vulnerability
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.
|
— | 28.4% |
| May 25, 2022 | CVE-2014-2817 | Microsoft Internet Explorer |
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
|
— | 29.1% |
| May 25, 2022 | CVE-2014-3153 | Linux Kernel |
Linux Kernel Privilege Escalation Vulnerability
The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.
|
— | 75.3% |
| May 25, 2022 | CVE-2014-4077 | Microsoft Input Method Editor (IME) Japanese |
Microsoft IME Japanese Privilege Escalation Vulnerability
Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as di…
|
— | 51.3% |
| May 25, 2022 | CVE-2014-4123 | Microsoft Internet Explorer |
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
|
— | 39.8% |
| May 25, 2022 | CVE-2014-4148 | Microsoft Windows |
Microsoft Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
|
— | 55.7% |
| May 25, 2022 | CVE-2014-8439 | Adobe Flash Player |
Adobe Flash Player Dereferenced Pointer Vulnerability
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
|
— | 34.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.