Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 121–150 of 667 CVEs · Page 5 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Sep 17, 2024 CVE-2013-0648 Adobe Flash Player
smb essential
Adobe Flash Player Code Execution Vulnerability
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SW…
55.5%
Sep 17, 2024 CVE-2014-0497 Adobe Flash Player
smb essential
Adobe Flash Player Integer Underflow Vulnerablity
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
93.2%
Sep 17, 2024 CVE-2014-0502 Adobe Flash Player
smb essential
Adobe Flash Player Double Free Vulnerablity
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
89.8%
Sep 16, 2024 CVE-2024-43461 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerab…
9.9%
Sep 10, 2024 CVE-2024-38014 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Improper Privilege Management Vulnerability
Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.
12.8%
Sep 10, 2024 CVE-2024-38217 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited …
13.8%
Sep 10, 2024 CVE-2024-38226 Microsoft Publisher
endpoint m365 smb essential
Microsoft Publisher Protection Mechanism Failure Vulnerability
Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
1.4%
Sep 3, 2024 CVE-2024-7262 Kingsoft WPS Office
smb essential
Kingsoft WPS Office Path Traversal Vulnerability
Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
9.7%
Aug 28, 2024 CVE-2024-7965 Google Chromium V8
browser smb essential
Google Chromium V8 Inappropriate Implementation Vulnerability
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulner…
22.8%
Aug 26, 2024 CVE-2024-7971 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multip…
1.9%
Aug 21, 2024 CVE-2021-31196 Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
3.3%
Aug 13, 2024 CVE-2024-38106 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation o…
0.8%
Aug 13, 2024 CVE-2024-38107 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
3.4%
Aug 13, 2024 CVE-2024-38178 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
30.2%
Aug 13, 2024 CVE-2024-38189 Microsoft Project
endpoint m365 smb essential
Microsoft Project Remote Code Execution Vulnerability
Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.
43.7%
Aug 13, 2024 CVE-2024-38193 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privil…
73.2%
Aug 13, 2024 CVE-2024-38213 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.
59.3%
Aug 5, 2024 CVE-2018-0824 Microsoft Windows
endpoint m365 smb essential
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or…
91.5%
Jul 23, 2024 CVE-2012-4792 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an objec…
91.2%
Jul 17, 2024 CVE-2024-34102 Adobe Commerce and Magento Open Source
smb essential
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerabil…
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
94.2%
Jul 9, 2024 CVE-2024-38080 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Hyper-V Privilege Escalation Vulnerability
Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
14.2%
Jul 9, 2024 CVE-2024-38112 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
93.0%
Jun 13, 2024 CVE-2024-26169
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
34.6%
May 28, 2024 CVE-2024-5274 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web brow…
6.6%
May 20, 2024 CVE-2024-4947 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
1.1%
May 16, 2024 CVE-2024-4761 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that util…
3.0%
May 14, 2024 CVE-2024-30040 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.
28.7%
May 14, 2024 CVE-2024-30051
Ransomware
Microsoft DWM Core Library
endpoint m365 smb essential
Microsoft DWM Core Library Privilege Escalation Vulnerability
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
48.1%
May 13, 2024 CVE-2024-4671 Google Chromium
browser smb essential
Google Chromium Visuals Use-After-Free Vulnerability
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect m…
0.6%
May 1, 2024 CVE-2023-7028 GitLab GitLab CE/EE
enterprise smb essential
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified ema…
93.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.