Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 3, 2022 | CVE-2017-6663 | Cisco IOS and IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of a…
|
— | 2.6% |
| Mar 3, 2022 | CVE-2017-6736 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 88.5% |
| Mar 3, 2022 | CVE-2017-6737 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 20.4% |
| Mar 3, 2022 | CVE-2017-6738 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 20.4% |
| Mar 3, 2022 | CVE-2017-6739 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 20.4% |
| Mar 3, 2022 | CVE-2017-6740 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 16.1% |
| Mar 3, 2022 | CVE-2017-6743 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
|
— | 20.4% |
| Mar 3, 2022 | CVE-2017-6744 | Cisco IOS software |
Cisco IOS Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an a…
|
— | 7.6% |
| Mar 3, 2022 | CVE-2017-8540 | Microsoft Malware Protection Engine |
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows …
|
— | 79.4% |
| Mar 3, 2022 | CVE-2018-0151 | Cisco IOS and IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of serv…
|
— | 5.9% |
| Mar 3, 2022 | CVE-2018-0154 | Cisco IOS Software |
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause …
|
— | 11.7% |
| Mar 3, 2022 | CVE-2018-0155 | Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches |
Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow…
|
— | 14.5% |
| Mar 3, 2022 | CVE-2018-0156 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected dev…
|
— | 15.5% |
| Mar 3, 2022 | CVE-2018-0158 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
|
— | 14.6% |
| Mar 3, 2022 | CVE-2018-0159 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
|
— | 7.0% |
| Mar 3, 2022 | CVE-2018-0161 | Cisco IOS Software |
Cisco IOS Software Resource Management Errors Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated,…
|
— | 0.9% |
| Mar 3, 2022 | CVE-2018-0167 | Cisco IOS, XR, and XE Software |
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could …
|
— | 1.2% |
| Mar 3, 2022 | CVE-2018-0172 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
|
— | 6.2% |
| Mar 3, 2022 | CVE-2018-0173 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for deni…
|
— | 5.4% |
| Mar 3, 2022 | CVE-2018-0174 | Cisco IOS XE Software |
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
|
— | 5.4% |
| Mar 3, 2022 | CVE-2018-0175 | Cisco IOS, XR, and XE Software |
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenti…
|
— | 2.9% |
| Mar 3, 2022 | CVE-2018-0179 | Cisco IOS Software |
Cisco IOS Software Denial-of-Service Vulnerability
A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, re…
|
— | 2.0% |
| Mar 3, 2022 | CVE-2018-0180 | Cisco IOS Software |
Cisco IOS Software Denial-of-Service Vulnerability
A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, re…
|
— | 1.7% |
| Mar 3, 2022 | CVE-2018-8298 | ChakraCore ChakraCore scripting engine |
ChakraCore Scripting Engine Type Confusion Vulnerability
The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.
|
— | 89.4% |
| Mar 3, 2022 |
CVE-2018-8581
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of …
|
— | 91.8% |
| Mar 3, 2022 | CVE-2019-1297 | Microsoft Excel |
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
|
— | 40.7% |
| Mar 3, 2022 | CVE-2019-1652 | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers |
Cisco Small Business Routers Improper Input Validation Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with admin…
|
— | 92.7% |
| Mar 3, 2022 | CVE-2019-16928 | Exim Exim Internet Mailer |
Exim Out-of-bounds Write Vulnerability
Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.
|
— | 90.3% |
| Mar 3, 2022 | CVE-2020-11899 | Treck TCP/IP stack IPv6 |
Treck TCP/IP stack Out-of-Bounds Read Vulnerability
The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.
|
— | 35.3% |
| Mar 3, 2022 | CVE-2020-1938 | Apache Tomcat |
Apache Tomcat Improper Privilege Management Vulnerability
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker,…
|
— | 94.5% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.