Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 481–510 of 531 CVEs · Page 17 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2021-1870 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
1.2%
Nov 3, 2021 CVE-2021-1871 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
0.5%
Nov 3, 2021 CVE-2021-1879 Apple iOS, iPadOS, and watchOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. Th…
0.8%
Nov 3, 2021 CVE-2021-22893
Ransomware
Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
93.6%
Nov 3, 2021 CVE-2021-22894 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciousl…
42.0%
Nov 3, 2021 CVE-2021-22899 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
19.5%
Nov 3, 2021 CVE-2021-22900 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive…
2.6%
Nov 3, 2021 CVE-2021-23874 McAfee McAfee Total Protection (MTP)
endpoint
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-def…
0.7%
Nov 3, 2021 CVE-2021-26411
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
92.5%
Nov 3, 2021 CVE-2021-26855
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
94.3%
Nov 3, 2021 CVE-2021-26857
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
40.5%
Nov 3, 2021 CVE-2021-26858
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
73.2%
Nov 3, 2021 CVE-2021-27059 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
2.8%
Nov 3, 2021 CVE-2021-27065
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
94.2%
Nov 3, 2021 CVE-2021-27085 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
1.8%
Nov 3, 2021 CVE-2021-28310 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
54.0%
Nov 3, 2021 CVE-2021-30657 Apple macOS
endpoint mobile smb essential
Apple macOS Unspecified Vulnerability
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
83.1%
Nov 3, 2021 CVE-2021-30661 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web cont…
0.1%
Nov 3, 2021 CVE-2021-30663 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vuln…
1.0%
Nov 3, 2021 CVE-2021-30665 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vul…
0.2%
Nov 3, 2021 CVE-2021-30666 Apple iOS
browser endpoint mobile smb essential
Apple iOS WebKit Buffer Overflow Vulnerability
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parser…
1.2%
Nov 3, 2021 CVE-2021-30713 Apple macOS
endpoint mobile smb essential
Apple macOS Unspecified Vulnerability
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
0.1%
Nov 3, 2021 CVE-2021-30761 Apple iOS
browser endpoint mobile smb essential
Apple iOS WebKit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML pars…
0.5%
Nov 3, 2021 CVE-2021-30762 Apple iOS
browser endpoint mobile smb essential
Apple iOS WebKit Use-After-Free Vulnerability
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers…
0.0%
Nov 3, 2021 CVE-2021-30807 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
21.0%
Nov 3, 2021 CVE-2021-30858 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
0.8%
Nov 3, 2021 CVE-2021-30860 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerab…
72.0%
Nov 3, 2021 CVE-2021-30869 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
1.7%
Nov 3, 2021 CVE-2021-31199 Microsoft Enhanced Cryptographic Provider
endpoint m365 smb essential
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
0.9%
Nov 3, 2021 CVE-2021-31201 Microsoft Enhanced Cryptographic Provider
endpoint m365 smb essential
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
0.7%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.