Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jul 9, 2024 | CVE-2024-38112 | Microsoft Windows |
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
|
— | 93.0% |
| Jun 13, 2024 |
CVE-2024-26169
Ransomware |
Microsoft Windows |
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
|
— | 34.6% |
| May 30, 2024 |
CVE-2024-24919
Ransomware |
Check Point Quantum Security Gateways |
Check Point Quantum Security Gateways Information Disclosure Vulnerability
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gatewa…
|
— | 94.3% |
| May 14, 2024 | CVE-2024-30040 | Microsoft Windows |
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.
|
— | 28.7% |
| May 14, 2024 |
CVE-2024-30051
Ransomware |
Microsoft DWM Core Library |
Microsoft DWM Core Library Privilege Escalation Vulnerability
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
|
— | 48.1% |
| Apr 30, 2024 | CVE-2024-29988 | Microsoft SmartScreen Prompt |
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chain…
|
— | 62.8% |
| Apr 23, 2024 | CVE-2022-38028 | Microsoft Windows |
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permis…
|
— | 3.9% |
| Mar 26, 2024 |
CVE-2023-24955
Ransomware |
Microsoft SharePoint Server |
Microsoft SharePoint Server Code Injection Vulnerability
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
|
— | 91.8% |
| Mar 4, 2024 |
CVE-2024-21338
Ransomware |
Microsoft Windows |
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a…
|
— | 79.4% |
| Feb 29, 2024 | CVE-2023-29360 | Microsoft Streaming Service |
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
|
— | 30.3% |
| Feb 15, 2024 | CVE-2024-21410 | Microsoft Exchange Server |
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.1% |
| Feb 13, 2024 | CVE-2024-21351 | Microsoft Windows |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gai…
|
— | 10.7% |
| Feb 13, 2024 |
CVE-2024-21412
Ransomware |
Microsoft Windows |
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.
|
— | 93.8% |
| Jan 10, 2024 |
CVE-2023-29357
Ransomware |
Microsoft SharePoint Server |
Microsoft SharePoint Server Privilege Escalation Vulnerability
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them …
|
— | 94.4% |
| Nov 16, 2023 | CVE-2023-36584 | Microsoft Windows |
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
|
— | 15.4% |
| Nov 14, 2023 | CVE-2023-36025 | Microsoft Windows |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prom…
|
— | 90.2% |
| Nov 14, 2023 | CVE-2023-36033 | Microsoft Windows |
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.9% |
| Nov 14, 2023 | CVE-2023-36036 | Microsoft Windows |
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
|
— | 1.8% |
| Oct 10, 2023 | CVE-2023-36563 | Microsoft WordPad |
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
|
— | 2.8% |
| Oct 10, 2023 | CVE-2023-41763 | Microsoft Skype for Business |
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
|
— | 16.5% |
| Oct 4, 2023 | CVE-2023-28229 | Microsoft Windows CNG Key Isolation Service |
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
|
— | 8.6% |
| Sep 12, 2023 | CVE-2023-36761 | Microsoft Word |
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
|
— | 5.5% |
| Sep 12, 2023 | CVE-2023-36802 | Microsoft Streaming Service Proxy |
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
|
— | 75.4% |
| Aug 9, 2023 | CVE-2023-38180 | Microsoft .NET Core and Visual Studio |
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
|
— | 0.9% |
| Jul 17, 2023 |
CVE-2023-36884
Ransomware |
Microsoft Windows |
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leadin…
|
— | 93.0% |
| Jul 11, 2023 | CVE-2023-32046 | Microsoft Windows |
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
|
— | 42.7% |
| Jul 11, 2023 | CVE-2023-32049 | Microsoft Windows |
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
|
— | 7.7% |
| Jul 11, 2023 | CVE-2023-35311 | Microsoft Outlook |
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
|
— | 0.5% |
| Jul 11, 2023 | CVE-2023-36874 | Microsoft Windows |
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 70.2% |
| Jun 22, 2023 | CVE-2016-0165 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.0% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.