Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,531–1,560 of 1,619 CVEs · Page 52 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2021-21166 Google Chromium
browser smb essential
Google Chromium Race Condition Vulnerability
Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affe…
38.0%
Nov 3, 2021 CVE-2021-21193 Google Chromium Blink
browser smb essential
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
13.8%
Nov 3, 2021 CVE-2021-21206 Google Chromium Blink
browser smb essential
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
17.5%
Nov 3, 2021 CVE-2021-21220 Google Chromium V8
browser smb essential
Google Chromium V8 Improper Input Validation Vulnerability
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vu…
91.2%
Nov 3, 2021 CVE-2021-21224 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
42.5%
Nov 3, 2021 CVE-2021-21972
Ransomware
VMware vCenter Server
enterprise
VMware vCenter Server Remote Code Execution Vulnerability
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute …
93.8%
Nov 3, 2021 CVE-2021-21985
Ransomware
VMware vCenter Server
enterprise
VMware vCenter Server Improper Input Validation Vulnerability
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for …
94.4%
Nov 3, 2021 CVE-2021-22005
Ransomware
VMware vCenter Server
enterprise
VMware vCenter Server File Upload Vulnerability
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.
94.4%
Nov 3, 2021 CVE-2021-22205
Ransomware
GitLab Community and Enterprise Editions
enterprise smb essential
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file ex…
94.5%
Nov 3, 2021 CVE-2021-22502 Micro Focus Operation Bridge Reporter (OBR)
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
94.0%
Nov 3, 2021 CVE-2021-22506 Micro Focus Micro Focus Access Manager
Micro Focus Access Manager Information Leakage Vulnerability
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
10.5%
Nov 3, 2021 CVE-2021-22893
Ransomware
Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
93.6%
Nov 3, 2021 CVE-2021-22894 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciousl…
42.0%
Nov 3, 2021 CVE-2021-22899 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
19.5%
Nov 3, 2021 CVE-2021-22900 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive…
2.6%
Nov 3, 2021 CVE-2021-22986
Ransomware
F5 BIG-IP and BIG-IQ Centralized Management
network vpn remote
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access …
94.5%
Nov 3, 2021 CVE-2021-23874 McAfee McAfee Total Protection (MTP)
endpoint
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-def…
0.7%
Nov 3, 2021 CVE-2021-26084
Ransomware
Atlassian Confluence Server and Data Center
enterprise smb essential
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
94.4%
Nov 3, 2021 CVE-2021-26411
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
92.5%
Nov 3, 2021 CVE-2021-26855
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
94.3%
Nov 3, 2021 CVE-2021-26857
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
40.5%
Nov 3, 2021 CVE-2021-26858
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
73.2%
Nov 3, 2021 CVE-2021-27059 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
2.8%
Nov 3, 2021 CVE-2021-27065
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
94.2%
Nov 3, 2021 CVE-2021-27085 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
1.8%
Nov 3, 2021 CVE-2021-27101
Ransomware
Accellion FTA
Accellion FTA SQL Injection Vulnerability
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.
0.7%
Nov 3, 2021 CVE-2021-27102
Ransomware
Accellion FTA
Accellion FTA OS Command Injection Vulnerability
Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
0.2%
Nov 3, 2021 CVE-2021-27103
Ransomware
Accellion FTA
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability
Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.
1.1%
Nov 3, 2021 CVE-2021-27104
Ransomware
Accellion FTA
Accellion FTA OS Command Injection Vulnerability
Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
6.4%
Nov 3, 2021 CVE-2021-27561 Yealink Device Management
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
94.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.