Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2020-0968 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
|
— | 43.7% |
| Nov 3, 2021 | CVE-2020-0986 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
|
— | 16.5% |
| Nov 3, 2021 | CVE-2020-1020 | Microsoft Windows |
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
|
— | 85.7% |
| Nov 3, 2021 | CVE-2020-1040 | Microsoft Hyper-V RemoteFX |
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest…
|
— | 0.2% |
| Nov 3, 2021 | CVE-2020-1054 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an at…
|
— | 81.2% |
| Nov 3, 2021 | CVE-2020-1147 | Microsoft .NET Framework, SharePoint, Visual Studio |
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file inpu…
|
— | 93.4% |
| Nov 3, 2021 |
CVE-2020-12271
Ransomware |
Sophos SFOS |
Sophos SFOS SQL Injection Vulnerability
Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is expose…
|
— | 86.6% |
| Nov 3, 2021 | CVE-2020-1350 | Microsoft Windows |
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability…
|
— | 93.8% |
| Nov 3, 2021 | CVE-2020-1380 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
|
— | 91.7% |
| Nov 3, 2021 | CVE-2020-1464 | Microsoft Windows |
Microsoft Windows Spoofing Vulnerability
Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed…
|
— | 7.9% |
| Nov 3, 2021 |
CVE-2020-1472
Ransomware |
Microsoft Netlogon |
Microsoft Netlogon Privilege Escalation Vulnerability
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a doma…
|
— | 94.4% |
| Nov 3, 2021 | CVE-2020-15505 | Ivanti MobileIron Multiple Products |
Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2020-17087 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
|
— | 20.4% |
| Nov 3, 2021 | CVE-2020-17144 | Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.
|
— | 92.0% |
| Nov 3, 2021 | CVE-2020-24557 | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security |
Trend Micro Multiple Products Improper Access Control Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a…
|
— | 1.9% |
| Nov 3, 2021 | CVE-2020-27930 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
|
— | 43.9% |
| Nov 3, 2021 | CVE-2020-27932 | Apple Multiple Products |
Apple Multiple Products Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
|
— | 15.7% |
| Nov 3, 2021 | CVE-2020-27950 | Apple Multiple Products |
Apple Multiple Products Memory Initialization Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
|
— | 43.8% |
| Nov 3, 2021 | CVE-2020-8243 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code…
|
— | 20.5% |
| Nov 3, 2021 | CVE-2020-8260 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Code Execution Vulnerability
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
|
— | 73.0% |
| Nov 3, 2021 | CVE-2020-8467 | Trend Micro Apex One and OfficeScan |
Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.
|
— | 31.1% |
| Nov 3, 2021 | CVE-2020-8468 | Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents |
Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agen…
|
— | 19.1% |
| Nov 3, 2021 | CVE-2020-8599 | Trend Micro Apex One and OfficeScan |
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
|
— | 57.9% |
| Nov 3, 2021 | CVE-2020-9818 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously craf…
|
— | 0.9% |
| Nov 3, 2021 | CVE-2020-9819 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
|
— | 0.6% |
| Nov 3, 2021 | CVE-2020-9859 | Apple Multiple Products |
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-1647 | Microsoft Defender |
Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.
|
— | 76.1% |
| Nov 3, 2021 |
CVE-2021-1675
Ransomware |
Microsoft Windows |
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
|
— | 94.3% |
| Nov 3, 2021 |
CVE-2021-1732
Ransomware |
Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 88.3% |
| Nov 3, 2021 | CVE-2021-1782 | Apple Multiple Products |
Apple Multiple Products Race Condition Vulnerability
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
|
— | 5.9% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.