Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 241–270 of 667 CVEs · Page 9 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 14, 2022 CVE-2022-41049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
13.2%
Nov 8, 2022 CVE-2022-41073
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
2.3%
Nov 8, 2022 CVE-2022-41091
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
6.3%
Nov 8, 2022 CVE-2022-41125 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
0.7%
Nov 8, 2022 CVE-2022-41128 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
39.2%
Oct 28, 2022 CVE-2022-3723 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
0.5%
Oct 25, 2022 CVE-2022-42827 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
0.2%
Oct 24, 2022 CVE-2020-3153
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious…
25.1%
Oct 24, 2022 CVE-2020-3433
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at …
3.9%
Oct 11, 2022 CVE-2022-41033 Microsoft Windows COM+ Event System Service
endpoint m365 smb essential
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
1.7%
Sep 30, 2022 CVE-2022-36804 Atlassian Bitbucket Server and Data Center
enterprise smb essential
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or w…
94.4%
Sep 30, 2022 CVE-2022-41040
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Server-Side Request Forgery Vulnerability
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code executio…
94.1%
Sep 30, 2022 CVE-2022-41082
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with C…
90.8%
Sep 15, 2022 CVE-2010-2568 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attac…
92.1%
Sep 14, 2022 CVE-2022-32917 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
0.9%
Sep 14, 2022 CVE-2022-37969 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
12.8%
Sep 8, 2022 CVE-2020-9934 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Input Validation Vulnerability
Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
2.1%
Sep 8, 2022 CVE-2022-3075 Google Chromium Mojo
browser smb essential
Google Chromium Mojo Insufficient Data Validation Vulnerability
Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandb…
2.1%
Aug 25, 2022 CVE-2021-31010 Apple iOS, macOS, watchOS
endpoint mobile smb essential
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
0.7%
Aug 18, 2022 CVE-2022-21971 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Runtime Remote Code Execution Vulnerability
Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
87.8%
Aug 18, 2022 CVE-2022-26923 Microsoft Active Directory
endpoint identity m365 smb essential
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow fo…
91.6%
Aug 18, 2022 CVE-2022-2856 Google Chromium Intents
browser smb essential
Google Chromium Intents Insufficient Input Validation Vulnerability
Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page…
3.3%
Aug 18, 2022 CVE-2022-32893 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
0.1%
Aug 18, 2022 CVE-2022-32894 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
0.3%
Aug 9, 2022 CVE-2022-34713 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
4.5%
Jul 29, 2022 CVE-2022-26138 Atlassian Confluence
enterprise smb essential
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to …
94.3%
Jul 12, 2022 CVE-2022-22047 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability
Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
1.2%
Jul 1, 2022 CVE-2022-26925 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows LSA Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
37.4%
Jun 27, 2022 CVE-2018-4344 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
0.2%
Jun 27, 2022 CVE-2019-8605 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Use-After-Free Vulnerability
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
13.8%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.