Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,111–1,140 of 1,619 CVEs · Page 38 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 25, 2022 CVE-2021-22941
Ransomware
Citrix ShareFile
enterprise vpn remote
Citrix ShareFile Improper Access Control Vulnerability
Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
88.5%
Mar 25, 2022 CVE-2021-42237
Ransomware
Sitecore XP
Sitecore XP Remote Command Execution Vulnerability
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
94.4%
Mar 25, 2022 CVE-2022-21999
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
73.2%
Mar 25, 2022 CVE-2022-26143 Mitel MiCollab, MiVoice Business Express
MiCollab, MiVoice Business Express Access Control Vulnerability
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, ca…
89.1%
Mar 25, 2022 CVE-2022-26318 WatchGuard Firebox and XTM Appliances
network
WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
92.5%
Mar 15, 2022 CVE-2015-2546
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Memory Corruption Vulnerability
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
40.6%
Mar 15, 2022 CVE-2016-3309
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run…
43.2%
Mar 15, 2022 CVE-2017-0101
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
72.3%
Mar 15, 2022 CVE-2018-8120
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
94.1%
Mar 15, 2022 CVE-2019-0543
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes …
42.7%
Mar 15, 2022 CVE-2019-0841
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
82.7%
Mar 15, 2022 CVE-2019-1064
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
11.8%
Mar 15, 2022 CVE-2019-1069
Ransomware
Microsoft Task Scheduler
endpoint m365 smb essential
Microsoft Task Scheduler Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
32.5%
Mar 15, 2022 CVE-2019-1129
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
2.1%
Mar 15, 2022 CVE-2019-1132 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
36.5%
Mar 15, 2022 CVE-2019-1253
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
27.7%
Mar 15, 2022 CVE-2019-1315
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could ove…
7.6%
Mar 15, 2022 CVE-2019-1322
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes …
36.5%
Mar 15, 2022 CVE-2019-1405
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
53.9%
Mar 15, 2022 CVE-2020-5135 SonicWall SonicOS
network vpn remote
SonicWall SonicOS Buffer Overflow Vulnerability
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the f…
25.5%
Mar 7, 2022 CVE-2009-3960
Ransomware
Adobe BlazeDS
smb essential
Adobe BlazeDS Information Disclosure Vulnerability
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
90.4%
Mar 7, 2022 CVE-2013-0625 Adobe ColdFusion
smb essential
Adobe ColdFusion Authentication Bypass Vulnerability
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
78.3%
Mar 7, 2022 CVE-2013-0629 Adobe ColdFusion
smb essential
Adobe ColdFusion Directory Traversal Vulnerability
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
81.8%
Mar 7, 2022 CVE-2013-0631 Adobe ColdFusion
smb essential
Adobe ColdFusion Information Disclosure Vulnerability
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
81.6%
Mar 7, 2022 CVE-2016-6277 NETGEAR Multiple Routers
network
NETGEAR Multiple Routers Remote Code Execution Vulnerability
NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.
94.3%
Mar 7, 2022 CVE-2017-6077 NETGEAR Wireless Router DGN2200
network
NETGEAR DGN2200 Remote Code Execution Vulnerability
NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.
83.2%
Mar 7, 2022 CVE-2019-11581 Atlassian Jira Server and Data Center
enterprise smb essential
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
94.4%
Mar 7, 2022 CVE-2020-8218 Pulse Secure Pulse Connect Secure
vpn remote
Pulse Connect Secure Code Injection Vulnerability
A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
91.1%
Mar 7, 2022 CVE-2021-21973 VMware vCenter Server and Cloud Foundation
enterprise
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosur…
90.4%
Mar 7, 2022 CVE-2022-26485 Mozilla Firefox
browser smb essential
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
2.9%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.