Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2017-11774 | Microsoft Office |
Microsoft Office Outlook Security Feature Bypass Vulnerability
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute comma…
|
— | 85.6% |
| Nov 3, 2021 |
CVE-2017-11882
Ransomware |
Microsoft Office |
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2017-16651 | Roundcube Roundcube Webmail |
Roundcube Webmail File Disclosure Vulnerability
Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.
|
— | 35.9% |
| Nov 3, 2021 |
CVE-2017-5638
Ransomware |
Apache Struts |
Apache Struts Remote Code Execution Vulnerability
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
|
— | 94.3% |
| Nov 3, 2021 | CVE-2017-6327 | Symantec Symantec Messaging Gateway |
Symantec Messaging Gateway Remote Code Execution Vulnerability
Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also…
|
— | 75.9% |
| Nov 3, 2021 | CVE-2017-7269 | Microsoft Internet Information Services (IIS) |
Microsoft Windows Server Buffer Overflow Vulnerability
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long heade…
|
— | 94.4% |
| Nov 3, 2021 | CVE-2017-8759 | Microsoft .NET Framework |
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
|
— | 94.0% |
| Nov 3, 2021 | CVE-2017-9248 | Progress ASP.NET AJAX and Sitefinity |
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogPar…
|
— | 89.4% |
| Nov 3, 2021 | CVE-2017-9805 | Apache Struts |
Apache Struts Deserialization of Untrusted Data Vulnerability
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deseriali…
|
— | 94.3% |
| Nov 3, 2021 |
CVE-2017-9822
Ransomware |
DotNetNuke (DNN) DotNetNuke (DNN) |
DotNetNuke (DNN) Remote Code Execution Vulnerability
DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.
|
— | 94.3% |
| Nov 3, 2021 | CVE-2018-0171 | Cisco IOS and IOS XE |
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (…
|
— | 92.9% |
| Nov 3, 2021 | CVE-2018-0296 | Cisco Adaptive Security Appliance (ASA) |
Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS)…
|
— | 94.4% |
| Nov 3, 2021 | CVE-2018-0798 | Microsoft Office |
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
|
— | 94.1% |
| Nov 3, 2021 | CVE-2018-0802 | Microsoft Office |
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
|
— | 94.1% |
| Nov 3, 2021 | CVE-2018-11776 | Apache Struts |
Apache Struts Remote Code Execution Vulnerability
Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't s…
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2018-13379
Ransomware |
Fortinet FortiOS |
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted H…
|
— | 94.5% |
| Nov 3, 2021 | CVE-2018-14558 | Tenda AC7, AC9, and AC10 Routers |
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful…
|
— | 78.3% |
| Nov 3, 2021 | CVE-2018-15811 | DotNetNuke (DNN) DotNetNuke (DNN) |
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
|
— | 93.0% |
| Nov 3, 2021 | CVE-2018-15961 | Adobe ColdFusion |
Adobe ColdFusion Unrestricted File Upload Vulnerability
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2018-18325 | DotNetNuke (DNN) DotNetNuke (DNN) |
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves a…
|
— | 92.9% |
| Nov 3, 2021 | CVE-2018-20062 | ThinkPHP noneCms |
ThinkPHP "noneCms" Remote Code Execution Vulnerability
ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
|
— | 94.3% |
| Nov 3, 2021 |
CVE-2018-2380
Ransomware |
SAP Customer Relationship Management (CRM) |
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.
|
— | 48.8% |
| Nov 3, 2021 |
CVE-2018-4878
Ransomware |
Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
|
— | 93.5% |
| Nov 3, 2021 | CVE-2018-4939 | Adobe ColdFusion |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
|
— | 50.5% |
| Nov 3, 2021 |
CVE-2018-6789
Ransomware |
Exim Exim |
Exim Buffer Overflow Vulnerability
Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.
|
— | 86.6% |
| Nov 3, 2021 |
CVE-2018-7600
Ransomware |
Drupal Drupal Core |
Drupal Core Remote Code Execution Vulnerability
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
|
— | 94.5% |
| Nov 3, 2021 | CVE-2018-8653 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
|
— | 35.6% |
| Nov 3, 2021 | CVE-2019-0211 | Apache HTTP Server |
Apache HTTP Server Privilege Escalation Vulnerability
Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpre…
|
— | 89.6% |
| Nov 3, 2021 | CVE-2019-0541 | Microsoft MSHTML |
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
|
— | 87.2% |
| Nov 3, 2021 |
CVE-2019-0604
Ransomware |
Microsoft SharePoint |
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of th…
|
— | 94.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.