Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| May 4, 2022 | CVE-2014-0160 | OpenSSL OpenSSL |
OpenSSL Information Disclosure Vulnerability
The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.
|
— | 94.5% |
| May 4, 2022 | CVE-2014-0322 | Microsoft Internet Explorer |
Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
|
— | 93.0% |
| May 4, 2022 | CVE-2014-4113 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 78.5% |
| May 4, 2022 | CVE-2019-8506 | Apple Multiple Products |
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
|
— | 8.0% |
| May 4, 2022 | CVE-2021-1789 | Apple Multiple Products |
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
|
— | 0.2% |
| Apr 25, 2022 | CVE-2019-1003029 | Jenkins Script Security Plugin |
Jenkins Script Security Plugin Sandbox Bypass Vulnerability
Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.
|
— | 92.6% |
| Apr 25, 2022 | CVE-2021-40450 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 4.1% |
| Apr 25, 2022 | CVE-2021-41357 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 4.0% |
| Apr 25, 2022 | CVE-2022-0847 | Linux Kernel |
Linux Kernel Privilege Escalation Vulnerability
Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker o…
|
— | 80.8% |
| Apr 25, 2022 | CVE-2022-21919 | Microsoft Windows |
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.3% |
| Apr 25, 2022 | CVE-2022-26904 | Microsoft Windows |
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 23.0% |
| Apr 25, 2022 |
CVE-2022-29464
Ransomware |
WSO2 Multiple Products |
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
|
— | 94.4% |
| Apr 19, 2022 |
CVE-2018-6882
Ransomware |
Synacor Zimbra Collaboration Suite (ZCS) |
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.
|
— | 77.0% |
| Apr 19, 2022 | CVE-2019-3568 | Meta Platforms WhatsApp |
WhatsApp VOIP Stack Buffer Overflow Vulnerability
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.
|
— | 47.4% |
| Apr 19, 2022 | CVE-2022-22718 | Microsoft Windows |
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
|
— | 7.7% |
| Apr 15, 2022 | CVE-2007-3010 | Alcatel OmniPCX Enterprise |
Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.
|
— | 94.1% |
| Apr 15, 2022 | CVE-2010-5330 | Ubiquiti AirOS |
Ubiquiti AirOS Command Injection Vulnerability
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
|
— | 42.8% |
| Apr 15, 2022 | CVE-2014-0780 | InduSoft Web Studio |
InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code e…
|
— | 89.2% |
| Apr 15, 2022 | CVE-2016-4523 | Trihedral VTScada (formerly VTS) |
Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability
The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).
|
— | 65.4% |
| Apr 15, 2022 | CVE-2018-7841 | Schneider Electric U.motion Builder |
Schneider Electric U.motion Builder SQL Injection Vulnerability
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
|
— | 59.3% |
| Apr 15, 2022 |
CVE-2019-16057
Ransomware |
D-Link DNS-320 Storage Device |
D-Link DNS-320 Remote Code Execution Vulnerability
The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
|
— | 94.0% |
| Apr 15, 2022 | CVE-2019-3929 | Crestron Multiple Products |
Crestron Multiple Products Command Injection Vulnerability
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute op…
|
— | 94.3% |
| Apr 15, 2022 | CVE-2022-1364 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 17.5% |
| Apr 15, 2022 | CVE-2022-22960 | VMware Multiple Products |
VMware Multiple Products Privilege Escalation Vulnerability
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.
|
— | 72.5% |
| Apr 14, 2022 |
CVE-2022-22954
Ransomware |
VMware Workspace ONE Access and Identity Manager |
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.
|
— | 94.4% |
| Apr 13, 2022 | CVE-2014-9163 | Adobe Flash Player |
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
|
— | 3.2% |
| Apr 13, 2022 | CVE-2015-0311 | Adobe Flash Player |
Adobe Flash Player Remote Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
|
— | 92.6% |
| Apr 13, 2022 | CVE-2015-0313 | Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
|
— | 92.5% |
| Apr 13, 2022 | CVE-2015-2502 | Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
|
— | 21.7% |
| Apr 13, 2022 | CVE-2015-3113 | Adobe Flash Player |
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
|
— | 92.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.