Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 211–240 of 531 CVEs · Page 8 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 8, 2022 CVE-2022-41091
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
6.3%
Nov 8, 2022 CVE-2022-41125 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
0.7%
Nov 8, 2022 CVE-2022-41128 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
39.2%
Oct 25, 2022 CVE-2022-42827 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
0.2%
Oct 24, 2022 CVE-2020-3153
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious…
25.1%
Oct 24, 2022 CVE-2020-3433
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at …
3.9%
Oct 11, 2022 CVE-2022-41033 Microsoft Windows COM+ Event System Service
endpoint m365 smb essential
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
1.7%
Sep 30, 2022 CVE-2022-41040
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Server-Side Request Forgery Vulnerability
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code executio…
94.1%
Sep 30, 2022 CVE-2022-41082
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with C…
90.8%
Sep 23, 2022 CVE-2022-3236 Sophos Firewall
endpoint network
Sophos Firewall Code Injection Vulnerability
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
92.8%
Sep 15, 2022 CVE-2010-2568 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attac…
92.1%
Sep 15, 2022 CVE-2022-40139 Trend Micro Apex One and Apex One as a Service
endpoint
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
8.9%
Sep 14, 2022 CVE-2022-32917 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
0.9%
Sep 14, 2022 CVE-2022-37969 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
12.8%
Sep 8, 2022 CVE-2020-9934 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Input Validation Vulnerability
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
2.1%
Aug 25, 2022 CVE-2021-31010 Apple iOS, macOS, watchOS
endpoint mobile smb essential
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
0.7%
Aug 18, 2022 CVE-2022-21971 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Runtime Remote Code Execution Vulnerability
Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
87.8%
Aug 18, 2022 CVE-2022-26923 Microsoft Active Directory
endpoint identity m365 smb essential
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow fo…
91.6%
Aug 18, 2022 CVE-2022-32893 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
0.1%
Aug 18, 2022 CVE-2022-32894 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
0.3%
Aug 9, 2022 CVE-2022-34713 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
4.5%
Jul 12, 2022 CVE-2022-22047 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability
Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
1.2%
Jul 1, 2022 CVE-2022-26925 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows LSA Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
37.4%
Jun 27, 2022 CVE-2018-4344 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
0.2%
Jun 27, 2022 CVE-2019-8605 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Use-After-Free Vulnerability
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
13.8%
Jun 27, 2022 CVE-2020-3837 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
6.4%
Jun 27, 2022 CVE-2020-9907 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
0.5%
Jun 27, 2022 CVE-2021-30983 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Buffer Overflow Vulnerability
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
0.5%
Jun 14, 2022 CVE-2022-30190
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnera…
93.6%
Jun 8, 2022 CVE-2006-2492 Microsoft Word
endpoint m365 smb essential
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
79.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.