Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 3, 2022 | CVE-2015-2387 | Microsoft ATM Font Driver |
Microsoft ATM Font Driver Privilege Escalation Vulnerability
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
|
— | 24.7% |
| Mar 3, 2022 | CVE-2015-2424 | Microsoft PowerPoint |
Microsoft PowerPoint Memory Corruption Vulnerability
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
|
— | 64.5% |
| Mar 3, 2022 | CVE-2015-2545 | Microsoft Office |
Microsoft Office Malformed EPS File Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
|
— | 93.2% |
| Mar 3, 2022 | CVE-2015-2590 | Oracle Java SE |
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
|
— | 66.6% |
| Mar 3, 2022 | CVE-2015-3043 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
|
— | 87.4% |
| Mar 3, 2022 | CVE-2015-4902 | Oracle Java SE |
Oracle Java SE Integrity Check Vulnerability
Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.
|
— | 18.3% |
| Mar 3, 2022 | CVE-2015-5119 | Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
|
— | 93.2% |
| Mar 3, 2022 |
CVE-2015-7645
Ransomware |
Adobe Flash Player |
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
|
— | 85.2% |
| Mar 3, 2022 |
CVE-2016-0099
Ransomware |
Microsoft Windows |
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who success…
|
— | 90.4% |
| Mar 3, 2022 |
CVE-2016-1019
Ransomware |
Adobe Flash Player |
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
|
— | 56.7% |
| Mar 3, 2022 | CVE-2016-4117 | Adobe Flash Player |
Adobe Flash Player Arbitrary Code Execution Vulnerability
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
|
— | 93.0% |
| Mar 3, 2022 | CVE-2016-5195 | Linux Kernel |
Linux Kernel Race Condition Vulnerability
Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.
|
— | 93.9% |
| Mar 3, 2022 | CVE-2016-7193 | Microsoft Office |
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
|
— | 73.8% |
| Mar 3, 2022 | CVE-2016-7262 | Microsoft Excel |
Microsoft Office Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary com…
|
— | 88.2% |
| Mar 3, 2022 | CVE-2016-7855 | Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
|
— | 59.0% |
| Mar 3, 2022 | CVE-2016-8562 | Siemens SIMATIC CP |
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of servi…
|
— | 18.5% |
| Mar 3, 2022 | CVE-2017-0001 | Microsoft Graphics Device Interface (GDI) |
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1…
|
— | 47.8% |
| Mar 3, 2022 | CVE-2017-0261 | Microsoft Office |
Microsoft Office Use-After-Free Vulnerability
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
|
— | 92.3% |
| Mar 3, 2022 | CVE-2017-11292 | Adobe Flash Player |
Adobe Flash Player Type Confusion Vulnerability
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
|
— | 34.4% |
| Mar 3, 2022 | CVE-2017-11826 | Microsoft Office |
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the …
|
— | 91.7% |
| Mar 3, 2022 | CVE-2017-12231 | Cisco IOS software |
Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability
A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.
|
— | 9.4% |
| Mar 3, 2022 | CVE-2017-12232 | Cisco IOS software |
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent a…
|
— | 1.4% |
| Mar 3, 2022 | CVE-2017-12233 | Cisco IOS software |
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected de…
|
— | 11.3% |
| Mar 3, 2022 | CVE-2017-12234 | Cisco IOS software |
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected de…
|
— | 11.3% |
| Mar 3, 2022 | CVE-2017-12235 | Cisco IOS software |
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affec…
|
— | 5.2% |
| Mar 3, 2022 | CVE-2017-12237 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, …
|
— | 9.3% |
| Mar 3, 2022 | CVE-2017-12238 | Cisco Catalyst 6800 Series Switches |
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a de…
|
— | 1.0% |
| Mar 3, 2022 | CVE-2017-12240 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker…
|
— | 10.7% |
| Mar 3, 2022 | CVE-2017-12319 | Cisco IOS XE Software |
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to c…
|
— | 1.3% |
| Mar 3, 2022 | CVE-2017-6627 | Cisco IOS and IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability
A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packe…
|
— | 10.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.