Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 28, 2022 | CVE-2012-2034 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
|
— | 10.3% |
| Mar 28, 2022 | CVE-2012-2539 | Microsoft Word |
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
|
— | 84.4% |
| Mar 28, 2022 | CVE-2012-5076 | Oracle Java SE |
Oracle Java SE Sandbox Bypass Vulnerability
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java applic…
|
— | 91.4% |
| Mar 28, 2022 | CVE-2013-1690 | Mozilla Firefox and Thunderbird |
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (Do…
|
— | 47.1% |
| Mar 28, 2022 |
CVE-2013-2465
Ransomware |
Oracle Java SE |
Oracle Java SE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unkn…
|
— | 93.2% |
| Mar 28, 2022 |
CVE-2013-2551
Ransomware |
Microsoft Internet Explorer |
Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
|
— | 92.4% |
| Mar 28, 2022 | CVE-2013-2729 | Adobe Reader and Acrobat |
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
|
— | 89.6% |
| Mar 28, 2022 | CVE-2013-3660 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allo…
|
— | 70.6% |
| Mar 28, 2022 | CVE-2015-1770 | Microsoft Office |
Microsoft Office Uninitialized Memory Use Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
|
— | 79.7% |
| Mar 28, 2022 | CVE-2015-2419 | Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
|
— | 49.5% |
| Mar 28, 2022 | CVE-2015-2426 | Microsoft Windows |
Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
|
— | 91.8% |
| Mar 28, 2022 | CVE-2016-0040 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
|
— | 75.8% |
| Mar 28, 2022 |
CVE-2016-0151
Ransomware |
Microsoft Client-Server Run-time Subsystem (CSRSS) |
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
|
— | 32.4% |
| Mar 28, 2022 | CVE-2016-0189 | Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption)…
|
— | 90.8% |
| Mar 28, 2022 | CVE-2016-7200 | Microsoft Edge |
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
|
— | 88.0% |
| Mar 28, 2022 | CVE-2016-7201 | Microsoft Edge |
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
|
— | 88.9% |
| Mar 28, 2022 | CVE-2017-0037 | Microsoft Edge and Internet Explorer |
Microsoft Edge and Internet Explorer Type Confusion Vulnerability
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
|
— | 91.2% |
| Mar 28, 2022 | CVE-2017-0059 | Microsoft Internet Explorer |
Microsoft Internet Explorer Information Disclosure Vulnerability
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
|
— | 83.6% |
| Mar 28, 2022 |
CVE-2017-0213
Ransomware |
Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
|
— | 92.6% |
| Mar 28, 2022 |
CVE-2018-8405
Ransomware |
Microsoft DirectX Graphics Kernel (DXGKRNL) |
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
|
— | 50.0% |
| Mar 28, 2022 |
CVE-2018-8406
Ransomware |
Microsoft DirectX Graphics Kernel (DXGKRNL) |
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
|
— | 50.0% |
| Mar 28, 2022 |
CVE-2018-8440
Ransomware |
Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
|
— | 74.2% |
| Mar 28, 2022 | CVE-2019-7483 | SonicWall SMA100 |
SonicWall SMA100 Directory Traversal Vulnerability
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
|
— | 47.9% |
| Mar 28, 2022 |
CVE-2021-20028
Ransomware |
SonicWall Secure Remote Access (SRA) |
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
|
— | 80.3% |
| Mar 28, 2022 |
CVE-2021-26085
Ransomware |
Atlassian Confluence Server |
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
|
— | 94.0% |
| Mar 28, 2022 | CVE-2021-34486 | Microsoft Windows |
Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
|
— | 36.5% |
| Mar 28, 2022 |
CVE-2021-38646
Ransomware |
Microsoft Office |
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
|
— | 50.9% |
| Mar 28, 2022 | CVE-2022-0543 | Redis Debian-specific Redis Servers |
Debian-specific Redis Server Lua Sandbox Escape Vulnerability
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
|
— | 94.4% |
| Mar 28, 2022 | CVE-2022-1096 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 37.7% |
| Mar 25, 2022 | CVE-2005-2773 | Hewlett Packard (HP) OpenView Network Node Manager |
HP OpenView Network Node Manager Remote Code Execution Vulnerability
HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.
|
— | 89.8% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.