Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,351–1,380 of 1,619 CVEs · Page 46 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2017-11774 Microsoft Office
endpoint m365 smb essential
Microsoft Office Outlook Security Feature Bypass Vulnerability
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute comma…
85.6%
Nov 3, 2021 CVE-2017-11882
Ransomware
Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
94.4%
Nov 3, 2021 CVE-2017-16651 Roundcube Roundcube Webmail
Roundcube Webmail File Disclosure Vulnerability
Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.
35.9%
Nov 3, 2021 CVE-2017-5638
Ransomware
Apache Struts
web server
Apache Struts Remote Code Execution Vulnerability
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
94.3%
Nov 3, 2021 CVE-2017-6327 Symantec Symantec Messaging Gateway
endpoint
Symantec Messaging Gateway Remote Code Execution Vulnerability
Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also…
75.9%
Nov 3, 2021 CVE-2017-7269 Microsoft Internet Information Services (IIS)
endpoint m365 server os smb essential web server
Microsoft Windows Server Buffer Overflow Vulnerability
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long heade…
94.4%
Nov 3, 2021 CVE-2017-8759 Microsoft .NET Framework
endpoint m365 smb essential
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
94.0%
Nov 3, 2021 CVE-2017-9248 Progress ASP.NET AJAX and Sitefinity
enterprise
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogPar…
89.4%
Nov 3, 2021 CVE-2017-9805 Apache Struts
web server
Apache Struts Deserialization of Untrusted Data Vulnerability
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deseriali…
94.3%
Nov 3, 2021 CVE-2017-9822
Ransomware
DotNetNuke (DNN) DotNetNuke (DNN)
DotNetNuke (DNN) Remote Code Execution Vulnerability
DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.
94.3%
Nov 3, 2021 CVE-2018-0171 Cisco IOS and IOS XE
mobile network
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (…
92.9%
Nov 3, 2021 CVE-2018-0296 Cisco Adaptive Security Appliance (ASA)
network
Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS)…
94.4%
Nov 3, 2021 CVE-2018-0798 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
94.1%
Nov 3, 2021 CVE-2018-0802 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
94.1%
Nov 3, 2021 CVE-2018-11776 Apache Struts
web server
Apache Struts Remote Code Execution Vulnerability
Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't s…
94.4%
Nov 3, 2021 CVE-2018-13379
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted H…
94.5%
Nov 3, 2021 CVE-2018-14558 Tenda AC7, AC9, and AC10 Routers
Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful…
78.3%
Nov 3, 2021 CVE-2018-15811 DotNetNuke (DNN) DotNetNuke (DNN)
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
93.0%
Nov 3, 2021 CVE-2018-15961 Adobe ColdFusion
smb essential
Adobe ColdFusion Unrestricted File Upload Vulnerability
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
94.4%
Nov 3, 2021 CVE-2018-18325 DotNetNuke (DNN) DotNetNuke (DNN)
DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves a…
92.9%
Nov 3, 2021 CVE-2018-20062 ThinkPHP noneCms
ThinkPHP "noneCms" Remote Code Execution Vulnerability
ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
94.3%
Nov 3, 2021 CVE-2018-2380
Ransomware
SAP Customer Relationship Management (CRM)
enterprise
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.
48.8%
Nov 3, 2021 CVE-2018-4878
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
93.5%
Nov 3, 2021 CVE-2018-4939 Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
50.5%
Nov 3, 2021 CVE-2018-6789
Ransomware
Exim Exim
Exim Buffer Overflow Vulnerability
Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.
86.6%
Nov 3, 2021 CVE-2018-7600
Ransomware
Drupal Drupal Core
web server
Drupal Core Remote Code Execution Vulnerability
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
94.5%
Nov 3, 2021 CVE-2018-8653 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
35.6%
Nov 3, 2021 CVE-2019-0211 Apache HTTP Server
web server
Apache HTTP Server Privilege Escalation Vulnerability
Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpre…
89.6%
Nov 3, 2021 CVE-2019-0541 Microsoft MSHTML
endpoint m365 smb essential
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
87.2%
Nov 3, 2021 CVE-2019-0604
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of th…
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.