Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 121–150 of 383 CVEs · Page 5 of 13 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
May 26, 2023 CVE-2023-2868 Barracuda Networks Email Security Gateway (ESG) Appliance
network
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
89.2%
May 9, 2023 CVE-2023-29336 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32K Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
76.7%
Apr 11, 2023 CVE-2023-28252
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
61.6%
Apr 7, 2023 CVE-2019-1388
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
8.0%
Mar 30, 2023 CVE-2013-3163 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
84.6%
Mar 14, 2023 CVE-2023-23397 Microsoft Office
endpoint m365 smb essential
Microsoft Office Outlook Privilege Escalation Vulnerability
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
93.4%
Mar 14, 2023 CVE-2023-24880
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malici…
74.6%
Feb 14, 2023 CVE-2023-21715 Microsoft Office
endpoint m365 smb essential
Microsoft Office Publisher Security Feature Bypass Vulnerability
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
0.5%
Feb 14, 2023 CVE-2023-21823 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.
2.3%
Feb 14, 2023 CVE-2023-23376
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
15.2%
Jan 10, 2023 CVE-2022-41080
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote …
93.8%
Jan 10, 2023 CVE-2023-21674 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
19.7%
Dec 13, 2022 CVE-2022-44698
Ransomware
Microsoft Defender
endpoint m365 smb essential
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malic…
67.2%
Nov 14, 2022 CVE-2022-41049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
13.2%
Nov 8, 2022 CVE-2022-41073
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
2.3%
Nov 8, 2022 CVE-2022-41091
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
6.3%
Nov 8, 2022 CVE-2022-41125 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
0.7%
Nov 8, 2022 CVE-2022-41128 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
39.2%
Oct 11, 2022 CVE-2022-41033 Microsoft Windows COM+ Event System Service
endpoint m365 smb essential
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
1.7%
Sep 30, 2022 CVE-2022-41040
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Server-Side Request Forgery Vulnerability
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code executio…
94.1%
Sep 30, 2022 CVE-2022-41082
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with C…
90.8%
Sep 15, 2022 CVE-2010-2568 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attac…
92.1%
Sep 14, 2022 CVE-2022-37969 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
12.8%
Aug 18, 2022 CVE-2022-21971 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Runtime Remote Code Execution Vulnerability
Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
87.8%
Aug 18, 2022 CVE-2022-26923 Microsoft Active Directory
endpoint identity m365 smb essential
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow fo…
91.6%
Aug 9, 2022 CVE-2022-34713 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
4.5%
Jul 12, 2022 CVE-2022-22047 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability
Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
1.2%
Jul 1, 2022 CVE-2022-26925 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows LSA Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
37.4%
Jun 14, 2022 CVE-2022-30190
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnera…
93.6%
Jun 8, 2022 CVE-2006-2492 Microsoft Word
endpoint m365 smb essential
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
79.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.