Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1–30 of 171 CVEs · Page 1 of 6 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jun 2, 2026 CVE-2025-48595 Android Framework
mobile
Android Framework Integer Overflow Vulnerability
Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
8.4 0.5%
Apr 24, 2026 CVE-2024-7399 Samsung MagicINFO 9 Server
mobile
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
72.9%
Mar 20, 2026 CVE-2025-31277 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Buffer Overflow Vulnerability
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may …
0.3%
Mar 20, 2026 CVE-2025-43510 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Improper Locking Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shar…
0.3%
Mar 20, 2026 CVE-2025-43520 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Classic Buffer Overflow Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system terminat…
0.3%
Mar 5, 2026 CVE-2021-30952 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arb…
0.8%
Mar 5, 2026 CVE-2023-41974 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Use-After-Free Vulnerability
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
0.2%
Mar 5, 2026 CVE-2023-43000 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple products Use-After-Free Vulnerability
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
0.0%
Feb 12, 2026 CVE-2026-20700 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Buffer Overflow Vulnerability
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with me…
0.5%
Dec 15, 2025 CVE-2025-43529 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This…
0.2%
Dec 2, 2025 CVE-2025-48572 Android Framework
mobile
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
0.2%
Dec 2, 2025 CVE-2025-48633 Android Framework
mobile
Android Framework Information Disclosure Vulnerability
Android Framework contains an unspecified vulnerability that allows for information disclosure.
0.1%
Nov 10, 2025 CVE-2025-21042 Samsung Mobile Devices
mobile
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
4.4%
Oct 20, 2025 CVE-2022-48503 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Unspecified Vulnerability
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impac…
0.2%
Oct 2, 2025 CVE-2025-21043 Samsung Mobile Devices
mobile
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
4.9%
Sep 29, 2025 CVE-2025-20352 Cisco IOS and IOS XE
mobile network
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remo…
3.2%
Sep 4, 2025 CVE-2025-48543 Android Runtime
mobile
Android Runtime Use-After-Free Vulnerability
Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
0.3%
Aug 21, 2025 CVE-2025-43300 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
4.4%
Jun 16, 2025 CVE-2025-43200 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Unspecified Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
0.9%
May 22, 2025 CVE-2025-4632 Samsung MagicINFO 9 Server
mobile
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
42.6%
Apr 17, 2025 CVE-2025-31200 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafte…
1.7%
Apr 17, 2025 CVE-2025-31201 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Arbitrary Read and Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
3.4%
Mar 13, 2025 CVE-2025-24201 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Conten…
0.2%
Feb 12, 2025 CVE-2025-24200 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
48.4%
Jan 29, 2025 CVE-2025-24085 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Use-After-Free Vulnerability
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
13.1%
Nov 21, 2024 CVE-2024-44308 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Code Execution Vulnerability
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
1.0%
Nov 21, 2024 CVE-2024-44309 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attac…
0.9%
Nov 7, 2024 CVE-2024-43093 Android Framework
mobile
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
0.1%
Aug 7, 2024 CVE-2024-36971 Android Kernel
mobile
Android Kernel Remote Code Execution Vulnerability
Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, incl…
0.4%
Jun 13, 2024 CVE-2024-32896 Android Pixel
mobile
Android Pixel Privilege Escalation Vulnerability
Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.
0.2%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.