Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 91–120 of 383 CVEs · Page 4 of 13 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jul 9, 2024 CVE-2024-38112 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
93.0%
Jun 13, 2024 CVE-2024-26169
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
34.6%
May 30, 2024 CVE-2024-24919
Ransomware
Check Point Quantum Security Gateways
network vpn remote
Check Point Quantum Security Gateways Information Disclosure Vulnerability
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gatewa…
94.3%
May 14, 2024 CVE-2024-30040 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.
28.7%
May 14, 2024 CVE-2024-30051
Ransomware
Microsoft DWM Core Library
endpoint m365 smb essential
Microsoft DWM Core Library Privilege Escalation Vulnerability
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
48.1%
Apr 30, 2024 CVE-2024-29988 Microsoft SmartScreen Prompt
endpoint m365 smb essential
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chain…
62.8%
Apr 23, 2024 CVE-2022-38028 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permis…
3.9%
Mar 26, 2024 CVE-2023-24955
Ransomware
Microsoft SharePoint Server
endpoint m365 smb essential
Microsoft SharePoint Server Code Injection Vulnerability
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
91.8%
Mar 4, 2024 CVE-2024-21338
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a…
79.4%
Feb 29, 2024 CVE-2023-29360 Microsoft Streaming Service
endpoint m365 smb essential
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
30.3%
Feb 15, 2024 CVE-2024-21410 Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
6.1%
Feb 13, 2024 CVE-2024-21351 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gai…
10.7%
Feb 13, 2024 CVE-2024-21412
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.
93.8%
Jan 10, 2024 CVE-2023-29357
Ransomware
Microsoft SharePoint Server
endpoint m365 smb essential
Microsoft SharePoint Server Privilege Escalation Vulnerability
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them …
94.4%
Nov 16, 2023 CVE-2023-36584 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
15.4%
Nov 14, 2023 CVE-2023-36025 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prom…
90.2%
Nov 14, 2023 CVE-2023-36033 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
0.9%
Nov 14, 2023 CVE-2023-36036 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
1.8%
Oct 10, 2023 CVE-2023-36563 Microsoft WordPad
endpoint m365 smb essential
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
2.8%
Oct 10, 2023 CVE-2023-41763 Microsoft Skype for Business
endpoint m365 smb essential
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
16.5%
Oct 4, 2023 CVE-2023-28229 Microsoft Windows CNG Key Isolation Service
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
8.6%
Sep 12, 2023 CVE-2023-36761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
5.5%
Sep 12, 2023 CVE-2023-36802 Microsoft Streaming Service Proxy
endpoint m365 smb essential
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
75.4%
Aug 9, 2023 CVE-2023-38180 Microsoft .NET Core and Visual Studio
endpoint m365 smb essential
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
0.9%
Jul 17, 2023 CVE-2023-36884
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leadin…
93.0%
Jul 11, 2023 CVE-2023-32046 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
42.7%
Jul 11, 2023 CVE-2023-32049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
7.7%
Jul 11, 2023 CVE-2023-35311 Microsoft Outlook
endpoint m365 smb essential
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
0.5%
Jul 11, 2023 CVE-2023-36874 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
70.2%
Jun 22, 2023 CVE-2016-0165 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
6.0%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.