Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2021-1870 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-1871 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-1879 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. Th…
|
— | 0.8% |
| Nov 3, 2021 |
CVE-2021-22893
Ransomware |
Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
|
— | 93.6% |
| Nov 3, 2021 | CVE-2021-22894 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciousl…
|
— | 42.0% |
| Nov 3, 2021 | CVE-2021-22899 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
|
— | 19.5% |
| Nov 3, 2021 | CVE-2021-22900 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive…
|
— | 2.6% |
| Nov 3, 2021 | CVE-2021-23874 | McAfee McAfee Total Protection (MTP) |
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-def…
|
— | 0.7% |
| Nov 3, 2021 |
CVE-2021-26411
Ransomware |
Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
|
— | 92.5% |
| Nov 3, 2021 |
CVE-2021-26855
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 94.3% |
| Nov 3, 2021 |
CVE-2021-26857
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 40.5% |
| Nov 3, 2021 |
CVE-2021-26858
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 73.2% |
| Nov 3, 2021 | CVE-2021-27059 | Microsoft Office |
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
|
— | 2.8% |
| Nov 3, 2021 |
CVE-2021-27065
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 94.2% |
| Nov 3, 2021 | CVE-2021-27085 | Microsoft Internet Explorer |
Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
|
— | 1.8% |
| Nov 3, 2021 | CVE-2021-28310 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 54.0% |
| Nov 3, 2021 | CVE-2021-30657 | Apple macOS |
Apple macOS Unspecified Vulnerability
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
|
— | 83.1% |
| Nov 3, 2021 | CVE-2021-30661 | Apple Multiple Products |
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web cont…
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-30663 | Apple Multiple Products |
Apple Multiple Products WebKit Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vuln…
|
— | 1.0% |
| Nov 3, 2021 | CVE-2021-30665 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vul…
|
— | 0.2% |
| Nov 3, 2021 | CVE-2021-30666 | Apple iOS |
Apple iOS WebKit Buffer Overflow Vulnerability
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parser…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-30713 | Apple macOS |
Apple macOS Unspecified Vulnerability
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-30761 | Apple iOS |
Apple iOS WebKit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML pars…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-30762 | Apple iOS |
Apple iOS WebKit Use-After-Free Vulnerability
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers…
|
— | 0.0% |
| Nov 3, 2021 | CVE-2021-30807 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
|
— | 21.0% |
| Nov 3, 2021 | CVE-2021-30858 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
|
— | 0.8% |
| Nov 3, 2021 | CVE-2021-30860 | Apple Multiple Products |
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerab…
|
— | 72.0% |
| Nov 3, 2021 | CVE-2021-30869 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
|
— | 1.7% |
| Nov 3, 2021 | CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.9% |
| Nov 3, 2021 | CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.7% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.