Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 9, 2026 | CVE-2026-11645 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerabi…
|
8.8 | 5.5% |
| Apr 1, 2026 | CVE-2026-5281 | Google Dawn |
Google Dawn Use-After-Free Vulnerability
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.…
|
— | 0.9% |
| Mar 13, 2026 | CVE-2026-3909 | Google Skia |
Google Skia Out-of-Bounds Write Vulnerability
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability aff…
|
— | 0.5% |
| Mar 13, 2026 | CVE-2026-3910 | Google Chromium V8 |
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code i…
|
— | 3.2% |
| Feb 17, 2026 | CVE-2026-2441 | Google Chromium |
Google Chromium CSS Use-After-Free Vulnerability
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability c…
|
— | 23.1% |
| Dec 15, 2025 | CVE-2025-43529 | Apple Multiple Products |
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This…
|
— | 0.2% |
| Dec 12, 2025 | CVE-2025-14174 | Google Chromium |
Google Chromium Out of Bounds Memory Access Vulnerability
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. T…
|
— | 0.3% |
| Nov 19, 2025 | CVE-2025-13223 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
|
— | 2.9% |
| Oct 6, 2025 | CVE-2010-3765 | Mozilla Multiple Products |
Mozilla Multiple Products Remote Code Execution Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors rel…
|
— | 86.8% |
| Sep 23, 2025 | CVE-2025-10585 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
|
— | 2.1% |
| Jul 22, 2025 | CVE-2025-6558 | Google Chromium |
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via …
|
— | 0.3% |
| Jul 2, 2025 | CVE-2025-6554 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could aff…
|
— | 1.6% |
| Jun 5, 2025 | CVE-2025-5419 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This v…
|
— | 3.8% |
| Mar 27, 2025 | CVE-2025-2783 | Google Chromium Mojo |
Google Chromium Mojo Sandbox Escape Vulnerability
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances…
|
— | 44.0% |
| Mar 13, 2025 | CVE-2025-24201 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Conten…
|
— | 0.2% |
| Oct 15, 2024 |
CVE-2024-9680
Ransomware |
Mozilla Firefox |
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
|
— | 30.8% |
| Aug 28, 2024 | CVE-2024-7965 | Google Chromium V8 |
Google Chromium V8 Inappropriate Implementation Vulnerability
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulner…
|
— | 22.8% |
| Aug 26, 2024 | CVE-2024-7971 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multip…
|
— | 1.9% |
| May 28, 2024 | CVE-2024-5274 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web brow…
|
— | 6.6% |
| May 20, 2024 | CVE-2024-4947 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
|
— | 1.1% |
| May 16, 2024 | CVE-2024-4761 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that util…
|
— | 3.0% |
| May 13, 2024 | CVE-2024-4671 | Google Chromium |
Google Chromium Visuals Use-After-Free Vulnerability
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect m…
|
— | 0.6% |
| Feb 6, 2024 | CVE-2023-4762 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web brow…
|
— | 55.8% |
| Jan 23, 2024 | CVE-2024-23222 | Apple Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnera…
|
— | 0.6% |
| Jan 17, 2024 | CVE-2024-0519 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This …
|
— | 0.2% |
| Jan 2, 2024 | CVE-2023-7024 | Google Chromium WebRTC |
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to …
|
— | 3.1% |
| Dec 4, 2023 | CVE-2023-42916 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. Th…
|
— | 0.1% |
| Dec 4, 2023 | CVE-2023-42917 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
|
— | 0.1% |
| Nov 30, 2023 | CVE-2023-6345 | Google Chromium Skia |
Google Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
|
— | 1.3% |
| Oct 2, 2023 | CVE-2023-5217 | Google Chromium libvpx |
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
|
— | 5.0% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.