CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    7.5

    CVSS31
    CVE-2016-0189 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0189

    Alert Date: Mar 28, 2022 | 1181 days ago

    7.8

    CVSS31
    CVE-2016-0151 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0151

    Alert Date: Mar 28, 2022 | 1181 days ago

    7.8

    CVSS31
    CVE-2016-0040 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0040

    Alert Date: Mar 28, 2022 | 1181 days ago

    8.8

    CVSS31
    CVE-2015-2426 - Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2426

    Alert Date: Mar 28, 2022 | 1181 days ago

    8.8

    CVSS31
    CVE-2015-2419 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2419

    Alert Date: Mar 28, 2022 | 1181 days ago

    8.8

    CVSS31
    CVE-2015-1770 - Microsoft Office Uninitialized Memory Use Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1770

    Alert Date: Mar 28, 2022 | 1181 days ago

    9.8

    CVSS31
    CVE-2013-2729 - Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Adobe

    Description : Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2729

    Alert Date: Mar 28, 2022 | 1181 days ago

    8.8

    CVSS31
    CVE-2013-2551 - Microsoft Internet Explorer Use-After-Free Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2551

    Alert Date: Mar 28, 2022 | 1181 days ago

    9.8

    CVSS31
    CVE-2013-2465 - Oracle Java SE Unspecified Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Oracle

    Description : Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2465

    Alert Date: Mar 28, 2022 | 1181 days ago

    8.8

    CVSS31
    CVE-2013-1690 - Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Mozilla

    Description : Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1690

    Alert Date: Mar 28, 2022 | 1181 days ago

    9.8

    CVSS31
    CVE-2012-5076 - Oracle Java SE Sandbox Bypass Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Oracle

    Description : The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-5076

    Alert Date: Mar 28, 2022 | 1181 days ago

    7.8

    CVSS31
    CVE-2012-2539 - Microsoft Word Remote Code Execution Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-2539

    Alert Date: Mar 28, 2022 | 1181 days ago

    4.7

    CVSS31
    CVE-2012-0518 - Oracle Fusion Middleware Unspecified Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Oracle

    Description : Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0518

    Alert Date: Mar 28, 2022 | 1181 days ago

    7.8

    CVSS31
    CVE-2011-2005 - Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-2005

    Alert Date: Mar 28, 2022 | 1181 days ago

    7.8

    CVSS31
    CVE-2010-4398 - Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability -

    Action Due Apr 21, 2022 Target Vendor : Microsoft

    Description : Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-4398

    Alert Date: Mar 28, 2022 | 1181 days ago

    8.8

    CVSS31
    CVE-2022-1096 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-1096

    Alert Date: Mar 28, 2022 | 1181 days ago

    5.3

    CVSS31
    CVE-2021-26085 - Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Atlassian

    Description : Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-26085

    Alert Date: Mar 28, 2022 | 1181 days ago

    8.8

    CVSS31
    CVE-2016-7201 - Microsoft Edge Memory Corruption Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7201

    Alert Date: Mar 28, 2022 | 1181 days ago

    7.8

    CVSS31
    CVE-2013-3660 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-3660

    Alert Date: Mar 28, 2022 | 1181 days ago

    7.5

    CVSS31
    CVE-2012-2034 - Adobe Flash Player Memory Corruption Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-2034

    Alert Date: Mar 28, 2022 | 1181 days ago
Showing 20 of 1370 Results

Filters

© cvefeed.io
Latest DB Update: Jun. 21, 2025 14:47