Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,591–1,619 of 1,619 CVEs · Page 54 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2021-33739 Microsoft Windows
endpoint m365 smb essential
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
16.9%
Nov 3, 2021 CVE-2021-33742 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
72.1%
Nov 3, 2021 CVE-2021-33771 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
6.4%
Nov 3, 2021 CVE-2021-34448 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.
3.1%
Nov 3, 2021 CVE-2021-34473
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
94.2%
Nov 3, 2021 CVE-2021-34523
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
94.0%
Nov 3, 2021 CVE-2021-34527
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploit…
94.2%
Nov 3, 2021 CVE-2021-35211
Ransomware
SolarWinds Serv-U
enterprise
SolarWinds Serv-U Remote Code Execution Vulnerability
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.
94.3%
Nov 3, 2021 CVE-2021-35395 Realtek AP-Router SDK
network
Realtek AP-Router SDK Buffer Overflow Vulnerability
Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of…
93.7%
Nov 3, 2021 CVE-2021-35464
Ransomware
ForgeRock Access Management (AM)
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /…
94.4%
Nov 3, 2021 CVE-2021-36741 Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security
endpoint
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
0.7%
Nov 3, 2021 CVE-2021-36742 Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security
endpoint
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
1.4%
Nov 3, 2021 CVE-2021-36942
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the dom…
93.6%
Nov 3, 2021 CVE-2021-36948 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
1.0%
Nov 3, 2021 CVE-2021-36955
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
20.7%
Nov 3, 2021 CVE-2021-37973 Google Chromium Portals
browser smb essential
Google Chromium Portals Use-After-Free Vulnerability
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
14.8%
Nov 3, 2021 CVE-2021-37975 Google Chromium V8
browser smb essential
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
63.0%
Nov 3, 2021 CVE-2021-37976 Google Chromium
browser smb essential
Google Chromium Information Disclosure Vulnerability
Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from pr…
20.1%
Nov 3, 2021 CVE-2021-38000 Google Chromium Intents
browser smb essential
Google Chromium Intents Improper Input Validation Vulnerability
Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This v…
4.2%
Nov 3, 2021 CVE-2021-38003 Google Chromium V8
browser smb essential
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multipl…
64.2%
Nov 3, 2021 CVE-2021-38645 Microsoft Open Management Infrastructure (OMI)
endpoint m365 smb essential
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
11.6%
Nov 3, 2021 CVE-2021-38647
Ransomware
Microsoft Open Management Infrastructure (OMI)
endpoint m365 smb essential
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
94.4%
Nov 3, 2021 CVE-2021-38648 Microsoft Open Management Infrastructure (OMI)
endpoint m365 smb essential
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
38.2%
Nov 3, 2021 CVE-2021-38649 Microsoft Open Management Infrastructure (OMI)
endpoint m365 smb essential
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
6.7%
Nov 3, 2021 CVE-2021-40444
Ransomware
Microsoft MSHTML
endpoint m365 smb essential
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
94.3%
Nov 3, 2021 CVE-2021-40539
Ransomware
Zoho ManageEngine
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
94.4%
Nov 3, 2021 CVE-2021-41773
Ransomware
Apache HTTP Server
web server
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directive…
94.4%
Nov 3, 2021 CVE-2021-42013
Ransomware
Apache HTTP Server
web server
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directive…
94.4%
Nov 3, 2021 CVE-2021-42258
Ransomware
BQE BillQuick Web Suite
BQE BillQuick Web Suite SQL Injection Vulnerability
BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.
94.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.