Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 211–240 of 383 CVEs · Page 8 of 13 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 28, 2022 CVE-2013-3660 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allo…
70.6%
Mar 28, 2022 CVE-2015-1770 Microsoft Office
endpoint m365 smb essential
Microsoft Office Uninitialized Memory Use Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
79.7%
Mar 28, 2022 CVE-2015-2419 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
49.5%
Mar 28, 2022 CVE-2015-2426 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
91.8%
Mar 28, 2022 CVE-2016-0040 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
75.8%
Mar 28, 2022 CVE-2016-0151
Ransomware
Microsoft Client-Server Run-time Subsystem (CSRSS)
endpoint m365 smb essential
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
32.4%
Mar 28, 2022 CVE-2016-0189 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption)…
90.8%
Mar 28, 2022 CVE-2016-7200 Microsoft Edge
browser endpoint m365 smb essential
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
88.0%
Mar 28, 2022 CVE-2016-7201 Microsoft Edge
browser endpoint m365 smb essential
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
88.9%
Mar 28, 2022 CVE-2017-0037 Microsoft Edge and Internet Explorer
browser endpoint m365 smb essential
Microsoft Edge and Internet Explorer Type Confusion Vulnerability
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
91.2%
Mar 28, 2022 CVE-2017-0059 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Information Disclosure Vulnerability
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
83.6%
Mar 28, 2022 CVE-2017-0213
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
92.6%
Mar 28, 2022 CVE-2018-8405
Ransomware
Microsoft DirectX Graphics Kernel (DXGKRNL)
endpoint m365 smb essential
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
50.0%
Mar 28, 2022 CVE-2018-8406
Ransomware
Microsoft DirectX Graphics Kernel (DXGKRNL)
endpoint m365 smb essential
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
50.0%
Mar 28, 2022 CVE-2018-8440
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
74.2%
Mar 28, 2022 CVE-2021-34486 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
36.5%
Mar 28, 2022 CVE-2021-38646
Ransomware
Microsoft Office
endpoint m365 smb essential
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
50.9%
Mar 25, 2022 CVE-2014-6324 Microsoft Kerberos Key Distribution Center (KDC)
endpoint m365 smb essential
Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
90.4%
Mar 25, 2022 CVE-2014-6332 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
94.1%
Mar 25, 2022 CVE-2017-0146
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SMB Remote Code Execution Vulnerability
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
93.3%
Mar 25, 2022 CVE-2018-8373 Microsoft Internet Explorer Scripting Engine
endpoint m365 smb essential
Microsoft Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
82.5%
Mar 25, 2022 CVE-2018-8414 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
89.2%
Mar 25, 2022 CVE-2019-0903 Microsoft Graphics Device Interface (GDI)
endpoint m365 smb essential
Microsoft GDI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this…
34.4%
Mar 25, 2022 CVE-2022-21999
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
73.2%
Mar 15, 2022 CVE-2015-2546
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Memory Corruption Vulnerability
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
40.6%
Mar 15, 2022 CVE-2016-3309
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run…
43.2%
Mar 15, 2022 CVE-2017-0101
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
72.3%
Mar 15, 2022 CVE-2018-8120
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
94.1%
Mar 15, 2022 CVE-2019-0543
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes …
42.7%
Mar 15, 2022 CVE-2019-0841
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
82.7%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.