Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,231–1,260 of 1,619 CVEs · Page 42 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 3, 2022 CVE-2021-41379
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
1.0%
Mar 3, 2022 CVE-2022-20699 Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
network
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges…
89.4%
Mar 3, 2022 CVE-2022-20700 Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
network
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges…
28.6%
Mar 3, 2022 CVE-2022-20701 Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
network
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges…
6.1%
Mar 3, 2022 CVE-2022-20703 Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
network
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges…
2.0%
Mar 3, 2022 CVE-2022-20708 Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
network
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges…
9.3%
Feb 25, 2022 CVE-2014-6352 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Code Injection Vulnerability
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.
90.7%
Feb 25, 2022 CVE-2017-0222 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
65.3%
Feb 25, 2022 CVE-2017-8570 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
94.2%
Feb 25, 2022 CVE-2022-24682
Ransomware
Synacor Zimbra Collaborate Suite (ZCS)
Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.
88.6%
Feb 22, 2022 CVE-2022-23131 Zabbix Frontend
enterprise
Zabbix Frontend Authentication Bypass Vulnerability
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.
94.0%
Feb 22, 2022 CVE-2022-23134 Zabbix Frontend
enterprise
Zabbix Frontend Improper Access Control Vulnerability
Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.
92.6%
Feb 15, 2022 CVE-2013-3906 Microsoft Graphics Component
endpoint m365 smb essential
Microsoft Graphics Component Memory Corruption Vulnerability
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
92.4%
Feb 15, 2022 CVE-2014-1761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Memory Corruption Vulnerability
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
93.3%
Feb 15, 2022 CVE-2017-9841 PHPUnit PHPUnit
PHPUnit Command Injection Vulnerability
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendo…
94.2%
Feb 15, 2022 CVE-2018-15982
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
93.6%
Feb 15, 2022 CVE-2018-20250
Ransomware
RARLAB WinRAR
WinRAR Absolute Path Traversal Vulnerability
WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution
93.5%
Feb 15, 2022 CVE-2018-8174
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
94.3%
Feb 15, 2022 CVE-2019-0752
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Type Confusion Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
91.5%
Feb 15, 2022 CVE-2022-0609 Google Chromium Animation
browser smb essential
Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
49.0%
Feb 15, 2022 CVE-2022-24086 Adobe Commerce and Magento Open Source
smb essential
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
93.7%
Feb 11, 2022 CVE-2022-22620 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
4.0%
Feb 10, 2022 CVE-2014-4404 Apple OS X
endpoint mobile smb essential
Apple OS X Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
62.0%
Feb 10, 2022 CVE-2015-1130 Apple OS X
endpoint mobile smb essential
Apple OS X Authentication Bypass Vulnerability
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
23.4%
Feb 10, 2022 CVE-2015-1635 Microsoft HTTP.sys
endpoint m365 smb essential
Microsoft HTTP.sys Remote Code Execution Vulnerability
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
94.3%
Feb 10, 2022 CVE-2015-2051 D-Link DIR-645 Router
network
D-Link DIR-645 Router Remote Code Execution Vulnerability
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
92.7%
Feb 10, 2022 CVE-2016-3088 Apache ActiveMQ
web server
Apache ActiveMQ Improper Input Validation Vulnerability
The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request
94.3%
Feb 10, 2022 CVE-2017-0144
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
94.3%
Feb 10, 2022 CVE-2017-0145
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
93.3%
Feb 10, 2022 CVE-2017-0262 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office.
65.0%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.