Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 2, 2026 | CVE-2025-48595 | Android Framework |
Android Framework Integer Overflow Vulnerability
Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
|
8.4 | 0.5% |
| Apr 24, 2026 | CVE-2024-7399 | Samsung MagicINFO 9 Server |
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
|
— | 72.9% |
| Mar 20, 2026 | CVE-2025-31277 | Apple Multiple Products |
Apple Multiple Products Buffer Overflow Vulnerability
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may …
|
— | 0.3% |
| Mar 20, 2026 | CVE-2025-43510 | Apple Multiple Products |
Apple Multiple Products Improper Locking Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shar…
|
— | 0.3% |
| Mar 20, 2026 | CVE-2025-43520 | Apple Multiple Products |
Apple Multiple Products Classic Buffer Overflow Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system terminat…
|
— | 0.3% |
| Mar 5, 2026 | CVE-2021-30952 | Apple Multiple Products |
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arb…
|
— | 0.8% |
| Mar 5, 2026 | CVE-2023-41974 | Apple iOS and iPadOS |
Apple iOS and iPadOS Use-After-Free Vulnerability
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
|
— | 0.2% |
| Mar 5, 2026 | CVE-2023-43000 | Apple Multiple Products |
Apple Multiple products Use-After-Free Vulnerability
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
|
— | 0.0% |
| Feb 12, 2026 | CVE-2026-20700 | Apple Multiple Products |
Apple Multiple Buffer Overflow Vulnerability
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with me…
|
— | 0.5% |
| Dec 15, 2025 | CVE-2025-43529 | Apple Multiple Products |
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This…
|
— | 0.2% |
| Dec 2, 2025 | CVE-2025-48572 | Android Framework |
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.2% |
| Dec 2, 2025 | CVE-2025-48633 | Android Framework |
Android Framework Information Disclosure Vulnerability
Android Framework contains an unspecified vulnerability that allows for information disclosure.
|
— | 0.1% |
| Nov 10, 2025 | CVE-2025-21042 | Samsung Mobile Devices |
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
|
— | 4.4% |
| Oct 20, 2025 | CVE-2022-48503 | Apple Multiple Products |
Apple Multiple Products Unspecified Vulnerability
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impac…
|
— | 0.2% |
| Oct 2, 2025 | CVE-2025-21043 | Samsung Mobile Devices |
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
|
— | 4.9% |
| Sep 29, 2025 | CVE-2025-20352 | Cisco IOS and IOS XE |
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remo…
|
— | 3.2% |
| Sep 4, 2025 | CVE-2025-48543 | Android Runtime |
Android Runtime Use-After-Free Vulnerability
Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
|
— | 0.3% |
| Aug 21, 2025 | CVE-2025-43300 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
|
— | 4.4% |
| Jun 16, 2025 | CVE-2025-43200 | Apple Multiple Products |
Apple Multiple Products Unspecified Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
|
— | 0.9% |
| May 22, 2025 | CVE-2025-4632 | Samsung MagicINFO 9 Server |
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
|
— | 42.6% |
| Apr 17, 2025 | CVE-2025-31200 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafte…
|
— | 1.7% |
| Apr 17, 2025 | CVE-2025-31201 | Apple Multiple Products |
Apple Multiple Products Arbitrary Read and Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
|
— | 3.4% |
| Mar 13, 2025 | CVE-2025-24201 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Conten…
|
— | 0.2% |
| Feb 12, 2025 | CVE-2025-24200 | Apple iOS and iPadOS |
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
|
— | 48.4% |
| Jan 29, 2025 | CVE-2025-24085 | Apple Multiple Products |
Apple Multiple Products Use-After-Free Vulnerability
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
|
— | 13.1% |
| Nov 21, 2024 | CVE-2024-44308 | Apple Multiple Products |
Apple Multiple Products Code Execution Vulnerability
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
|
— | 1.0% |
| Nov 21, 2024 | CVE-2024-44309 | Apple Multiple Products |
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attac…
|
— | 0.9% |
| Nov 7, 2024 | CVE-2024-43093 | Android Framework |
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.1% |
| Aug 7, 2024 | CVE-2024-36971 | Android Kernel |
Android Kernel Remote Code Execution Vulnerability
Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, incl…
|
— | 0.4% |
| Jun 13, 2024 | CVE-2024-32896 | Android Pixel |
Android Pixel Privilege Escalation Vulnerability
Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.
|
— | 0.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.