Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,381–1,410 of 1,619 CVEs · Page 47 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2019-0708
Ransomware
Microsoft Remote Desktop Services
endpoint m365 smb essential
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target syste…
94.5%
Nov 3, 2021 CVE-2019-0797 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to …
4.5%
Nov 3, 2021 CVE-2019-0803 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attac…
88.8%
Nov 3, 2021 CVE-2019-0808 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run…
74.0%
Nov 3, 2021 CVE-2019-0859 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
10.6%
Nov 3, 2021 CVE-2019-0863 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
6.2%
Nov 3, 2021 CVE-2019-11510
Ransomware
Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted …
94.5%
Nov 3, 2021 CVE-2019-11539
Ransomware
Ivanti Pulse Connect Secure and Pulse Policy Secure
endpoint vpn remote
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
93.9%
Nov 3, 2021 CVE-2019-11580
Ransomware
Atlassian Crowd and Crowd Data Center
enterprise smb essential
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.
94.4%
Nov 3, 2021 CVE-2019-11634
Ransomware
Citrix Workspace Application and Receiver for Windows
endpoint enterprise smb essential vpn remote
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the client…
52.4%
Nov 3, 2021 CVE-2019-1214 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
3.7%
Nov 3, 2021 CVE-2019-1215
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation …
5.2%
Nov 3, 2021 CVE-2019-13608
Ransomware
Citrix StoreFront Server
enterprise vpn remote
Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability
Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
71.7%
Nov 3, 2021 CVE-2019-1367
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execut…
90.7%
Nov 3, 2021 CVE-2019-1429 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
83.0%
Nov 3, 2021 CVE-2019-15752 Docker Desktop Community Edition
cloud
Docker Desktop Community Edition Privilege Escalation Vulnerability
Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRA…
45.6%
Nov 3, 2021 CVE-2019-15949 Nagios Nagios XI
enterprise
Nagios XI Remote Code Execution Vulnerability
Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.
86.9%
Nov 3, 2021 CVE-2019-16256 SIMalliance Toolbox Browser
SIMalliance Toolbox Browser Command Injection Vulnerability
SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other att…
61.2%
Nov 3, 2021 CVE-2019-1653 Cisco Small Business RV320 and RV325 Routers
network
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configurat…
94.4%
Nov 3, 2021 CVE-2019-16759 vBulletin vBulletin
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php route…
94.4%
Nov 3, 2021 CVE-2019-17026 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox And Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
56.2%
Nov 3, 2021 CVE-2019-17558 Apache Solr
web server
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
94.5%
Nov 3, 2021 CVE-2019-18187 Trend Micro OfficeScan
endpoint
Trend Micro OfficeScan Directory Traversal Vulnerability
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execu…
80.6%
Nov 3, 2021 CVE-2019-18935
Ransomware
Progress Telerik UI for ASP.NET AJAX
enterprise
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context o…
93.7%
Nov 3, 2021 CVE-2019-18988 TeamViewer Desktop
TeamViewer Desktop Bypass Remote Login Vulnerability
TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, …
7.6%
Nov 3, 2021 CVE-2019-19356 Netis WF2419 Devices
Netis WF2419 Devices Remote Code Execution Vulnerability
Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page.
91.0%
Nov 3, 2021 CVE-2019-19781
Ransomware
Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code exe…
94.4%
Nov 3, 2021 CVE-2019-20085 TVT NVMS-1000
TVT NVMS-1000 Directory Traversal Vulnerability
TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.
94.3%
Nov 3, 2021 CVE-2019-2215 Android Android Kernel
mobile
Android Kernel Use-After-Free Vulnerability
Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed ch…
53.1%
Nov 3, 2021 CVE-2019-3396
Ransomware
Atlassian Confluence Server and Data Server
enterprise smb essential
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.
94.5%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.