Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 871–900 of 1,619 CVEs · Page 30 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jun 8, 2022 CVE-2017-6862 NETGEAR Multiple Devices
network
NETGEAR Multiple Devices Buffer Overflow Vulnerability
Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.
43.1%
Jun 8, 2022 CVE-2018-17463 Google Chromium V8
browser smb essential
Google Chromium V8 Remote Code Execution Vulnerability
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could af…
92.2%
Jun 8, 2022 CVE-2018-17480 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability cou…
30.4%
Jun 8, 2022 CVE-2018-4990 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Double Free Vulnerability
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
51.5%
Jun 8, 2022 CVE-2018-6065 Google Chromium V8
browser smb essential
Google Chromium V8 Integer Overflow Vulnerability
Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerabili…
89.6%
Jun 8, 2022 CVE-2019-15271 Cisco RV Series Routers
network
Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code w…
5.6%
Jun 8, 2022 CVE-2019-5825 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
78.2%
Jun 8, 2022 CVE-2019-7192
Ransomware
QNAP Photo Station
QNAP Photo Station Improper Access Control Vulnerability
QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
94.3%
Jun 8, 2022 CVE-2019-7193
Ransomware
QNAP QTS
QNAP QTS Improper Input Validation Vulnerability
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
25.8%
Jun 8, 2022 CVE-2019-7194
Ransomware
QNAP Photo Station
QNAP Photo Station Path Traversal Vulnerability
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
93.9%
Jun 8, 2022 CVE-2019-7195
Ransomware
QNAP Photo Station
QNAP Photo Station Path Traversal Vulnerability
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
94.1%
Jun 2, 2022 CVE-2022-26134
Ransomware
Atlassian Confluence Server/Data Center
enterprise smb essential
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
94.4%
May 25, 2022 CVE-2010-0738
Ransomware
Red Hat JBoss
server os
Red Hat JBoss Authentication Bypass Vulnerability
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attacker…
92.4%
May 25, 2022 CVE-2010-0840 Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vec…
92.1%
May 25, 2022 CVE-2010-1428
Ransomware
Red Hat JBoss
server os
Red Hat JBoss Information Disclosure Vulnerability
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET…
67.6%
May 25, 2022 CVE-2012-1710
Ransomware
Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availab…
40.8%
May 25, 2022 CVE-2013-0074
Ransomware
Microsoft Silverlight
endpoint m365 smb essential
Microsoft Silverlight Double Dereference Vulnerability
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.
93.7%
May 25, 2022 CVE-2013-0422
Ransomware
Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Remote Code Execution Vulnerability
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
93.6%
May 25, 2022 CVE-2013-0431
Ransomware
Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Sandbox Bypass Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
91.5%
May 25, 2022 CVE-2013-2423 Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
93.4%
May 25, 2022 CVE-2013-3896 Microsoft Silverlight
endpoint m365 smb essential
Microsoft Silverlight Information Disclosure Vulnerability
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silver…
84.7%
May 25, 2022 CVE-2013-3993
Ransomware
IBM InfoSphere BigInsights
enterprise
IBM InfoSphere BigInsights Invalid Input Vulnerability
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
26.5%
May 25, 2022 CVE-2013-7331 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect a…
81.8%
May 25, 2022 CVE-2014-0546 Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Sandbox Bypass Vulnerability
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.
28.4%
May 25, 2022 CVE-2014-2817 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
29.1%
May 25, 2022 CVE-2014-3153 Linux Kernel
server os
Linux Kernel Privilege Escalation Vulnerability
The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.
75.3%
May 25, 2022 CVE-2014-4077 Microsoft Input Method Editor (IME) Japanese
endpoint m365 smb essential
Microsoft IME Japanese Privilege Escalation Vulnerability
Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as di…
51.3%
May 25, 2022 CVE-2014-4123 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
39.8%
May 25, 2022 CVE-2014-4148 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
55.7%
May 25, 2022 CVE-2014-8439 Adobe Flash Player
smb essential
Adobe Flash Player Dereferenced Pointer Vulnerability
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
34.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.