CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    CVSS31
    CVE-2016-5198 - Google Chromium V8 Out-of-Bounds Memory Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-5198

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2013-1331 - Microsoft Office Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1331

    Alert Date: Jun 08, 2022 | 1133 days ago

    8.8

    CVSS31
    CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-5054

    Alert Date: Jun 08, 2022 | 1133 days ago

    8.1

    CVSS31
    CVE-2012-4969 - Microsoft Internet Explorer Use-After-Free Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-4969

    Alert Date: Jun 08, 2022 | 1133 days ago

    8.8

    CVSS31
    CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1889

    Alert Date: Jun 08, 2022 | 1133 days ago

    6.1

    CVSS31
    CVE-2012-0767 - Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0767

    Alert Date: Jun 08, 2022 | 1133 days ago

    8.1

    CVSS31
    CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0754

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2012-0151 - Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0151

    Alert Date: Jun 08, 2022 | 1133 days ago

    9.8

    CVSS31
    CVE-2011-2462 - Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-2462

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-0609

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.3

    CVSS31
    CVE-2010-2883 - Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2883

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2010-2572 - Microsoft PowerPoint Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2572

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2009-4324 - Adobe Acrobat and Reader Use-After-Free Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-4324

    Alert Date: Jun 08, 2022 | 1133 days ago

    8.8

    CVSS31
    CVE-2009-3953 - Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-3953

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2009-1862 - Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

    Action : For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-1862

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2009-0563 - Microsoft Office Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-0563

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2009-0557 - Microsoft Office Object Record Corruption Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-0557

    Alert Date: Jun 08, 2022 | 1133 days ago

    9.8

    CVSS31
    CVE-2008-0655 - Adobe Acrobat and Reader Unspecified Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2008-0655

    Alert Date: Jun 08, 2022 | 1133 days ago

    7.8

    CVSS31
    CVE-2007-5659 - Adobe Acrobat and Reader Buffer Overflow Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Adobe

    Description : Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2007-5659

    Alert Date: Jun 08, 2022 | 1133 days ago

    8.8

    CVSS31
    CVE-2006-2492 - Microsoft Word Malformed Object Pointer Vulnerability -

    Action Due Jun 22, 2022 Target Vendor : Microsoft

    Description : Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2006-2492

    Alert Date: Jun 08, 2022 | 1133 days ago
Showing 20 of 1383 Results

Filters

© cvefeed.io
Latest DB Update: Jul. 15, 2025 22:31