Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,021–1,050 of 1,619 CVEs · Page 35 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 28, 2022 CVE-2012-2034 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
10.3%
Mar 28, 2022 CVE-2012-2539 Microsoft Word
endpoint m365 smb essential
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
84.4%
Mar 28, 2022 CVE-2012-5076 Oracle Java SE
database enterprise
Oracle Java SE Sandbox Bypass Vulnerability
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java applic…
91.4%
Mar 28, 2022 CVE-2013-1690 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (Do…
47.1%
Mar 28, 2022 CVE-2013-2465
Ransomware
Oracle Java SE
database enterprise
Oracle Java SE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unkn…
93.2%
Mar 28, 2022 CVE-2013-2551
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
92.4%
Mar 28, 2022 CVE-2013-2729 Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
89.6%
Mar 28, 2022 CVE-2013-3660 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allo…
70.6%
Mar 28, 2022 CVE-2015-1770 Microsoft Office
endpoint m365 smb essential
Microsoft Office Uninitialized Memory Use Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
79.7%
Mar 28, 2022 CVE-2015-2419 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
49.5%
Mar 28, 2022 CVE-2015-2426 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
91.8%
Mar 28, 2022 CVE-2016-0040 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
75.8%
Mar 28, 2022 CVE-2016-0151
Ransomware
Microsoft Client-Server Run-time Subsystem (CSRSS)
endpoint m365 smb essential
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
32.4%
Mar 28, 2022 CVE-2016-0189 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption)…
90.8%
Mar 28, 2022 CVE-2016-7200 Microsoft Edge
browser endpoint m365 smb essential
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
88.0%
Mar 28, 2022 CVE-2016-7201 Microsoft Edge
browser endpoint m365 smb essential
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
88.9%
Mar 28, 2022 CVE-2017-0037 Microsoft Edge and Internet Explorer
browser endpoint m365 smb essential
Microsoft Edge and Internet Explorer Type Confusion Vulnerability
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
91.2%
Mar 28, 2022 CVE-2017-0059 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Information Disclosure Vulnerability
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
83.6%
Mar 28, 2022 CVE-2017-0213
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
92.6%
Mar 28, 2022 CVE-2018-8405
Ransomware
Microsoft DirectX Graphics Kernel (DXGKRNL)
endpoint m365 smb essential
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
50.0%
Mar 28, 2022 CVE-2018-8406
Ransomware
Microsoft DirectX Graphics Kernel (DXGKRNL)
endpoint m365 smb essential
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
50.0%
Mar 28, 2022 CVE-2018-8440
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
74.2%
Mar 28, 2022 CVE-2019-7483 SonicWall SMA100
network vpn remote
SonicWall SMA100 Directory Traversal Vulnerability
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
47.9%
Mar 28, 2022 CVE-2021-20028
Ransomware
SonicWall Secure Remote Access (SRA)
network vpn remote
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
80.3%
Mar 28, 2022 CVE-2021-26085
Ransomware
Atlassian Confluence Server
enterprise smb essential
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
94.0%
Mar 28, 2022 CVE-2021-34486 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
36.5%
Mar 28, 2022 CVE-2021-38646
Ransomware
Microsoft Office
endpoint m365 smb essential
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
50.9%
Mar 28, 2022 CVE-2022-0543 Redis Debian-specific Redis Servers
database
Debian-specific Redis Server Lua Sandbox Escape Vulnerability
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
94.4%
Mar 28, 2022 CVE-2022-1096 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
37.7%
Mar 25, 2022 CVE-2005-2773 Hewlett Packard (HP) OpenView Network Node Manager
HP OpenView Network Node Manager Remote Code Execution Vulnerability
HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.
89.8%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.