CISA Known Exploited Vulnerabilities (KEV)

To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.

Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.

8.8

HIGH

CVE-2017-5030 - Google Chromium V8 Memory Corruption Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Google

Description : Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-5030

Alert Date: Jun 08, 2022 | 1256 days ago

8.8

HIGH

CVE-2016-5198 - Google Chromium V8 Out-of-Bounds Memory Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Google

Description : Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-5198

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2013-1331 - Microsoft Office Buffer Overflow Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1331

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-5054

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2012-4969 - Microsoft Internet Explorer Use-After-Free Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-4969

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Microsoft

Description : Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1889

Alert Date: Jun 08, 2022 | 1256 days ago

6.1

MEDIUM

CVE-2012-0767 - Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0767

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0754

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2012-0151 - Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Microsoft

Description : The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0151

Alert Date: Jun 08, 2022 | 1256 days ago

10.0

HIGH

CVE-2011-2462 - Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-2462

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-0609

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2010-2883 - Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2883

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2010-2572 - Microsoft PowerPoint Buffer Overflow Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Microsoft

Description : Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2572

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2009-4324 - Adobe Acrobat and Reader Use-After-Free Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-4324

Alert Date: Jun 08, 2022 | 1256 days ago

10.0

HIGH

CVE-2009-3953 - Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-3953

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2009-1862 - Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

Action : For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-1862

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2009-0563 - Microsoft Office Buffer Overflow Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-0563

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2009-0557 - Microsoft Office Object Record Corruption Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-0557

Alert Date: Jun 08, 2022 | 1256 days ago

9.8

CRITICAL

CVE-2008-0655 - Adobe Acrobat and Reader Unspecified Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2008-0655

Alert Date: Jun 08, 2022 | 1256 days ago

9.3

HIGH

CVE-2007-5659 - Adobe Acrobat and Reader Buffer Overflow Vulnerability -

Action Due Jun 22, 2022 Target Vendor : Adobe

Description : Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2007-5659

Alert Date: Jun 08, 2022 | 1256 days ago

Showing 20 of 1464 Results

Filters

What are you looking for ?

Date Added

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

8.8

8.8

9.3

9.3

9.3

9.3

6.1

9.3

9.3

10.0

9.3

9.3

9.3

9.3

10.0

9.3

9.3

9.3

9.8

9.3

Filters

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable