KEV 2012
22 CISA Known Exploited Vulnerabilities from 2012
Critical 8
May 2022
March 2022
Oracle Java SE — GlassFish Package Access Bypass Enables Applet Sandbox Escape via Unrestricted Internal APIs
CVSS 9.8PHP-CGI — Argument Injection via Query String Enables Source Disclosure and Unauthenticated Remote Code Execution
CVSS 9.8Oracle Java SE — Concurrency AtomicReferenceArray Type Confusion Sandbox Escape, Exploited by Flashback Mac Botnet
CVSS 9.8Oracle Java SE — HotSpot JVM Bytecode Verifier Type Confusion Enables Sandbox Escape via Malicious Applets
CVSS 9.8Oracle Java SE — Chained Security Bypass Zero-Day Enabling Complete Sandbox Escape, Exploited at Mass Scale Within Hours
CVSS 9.8January 2022
November 2021
High 12
April 2026
July 2024
June 2022
Microsoft XML Core Services (MSXML) — Zero-Day Use-After-Free in XML Parsing Exploited via IE and Office Before Patch
CVSS 8.8Adobe Flash Player — Matrix3D Integer Overflow Enables Remote Code Execution via Malformed Flash Arguments
CVSS 8.8Adobe Flash Player — MP4 Atom Parsing Out-of-Bounds Write Exploited in Targeted Attacks Against Activists
CVSS 8.1Microsoft Internet Explorer — Zero-Day Use-After-Free in IE 6–9 Exploited via Drive-By Before Emergency Patch
CVSS 8.1Microsoft Windows — WinVerifyTrust Digest Validation Flaw Allows Code Execution via Tampered Signed PE Files
CVSS 7.8March 2022
Microsoft Office MSCOMCTL.OCX — TabStrip ActiveX System-State Corruption Enables RCE via Documents or Web Pages
CVSS 8.8Microsoft Word — Out-of-Bounds Write in RTF Parsing Enables Code Execution via Crafted Documents
CVSS 7.8Adobe Flash Player — Zero-Day Exploited via Flash Embedded in Word Documents in Targeted Spear-Phishing
CVSS 7.8Adobe Flash Player — Heap Memory Corruption Exploited via Malicious SWF Content in Targeted Attacks
CVSS 7.5