Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 541–570 of 1,619 CVEs · Page 19 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Feb 13, 2024 CVE-2024-21351 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gai…
10.7%
Feb 13, 2024 CVE-2024-21412
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.
93.8%
Feb 12, 2024 CVE-2023-43770 Roundcube Webmail
Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages.
80.8%
Feb 9, 2024 CVE-2024-21762
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS Out-of-Bound Write Vulnerability
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
92.6%
Feb 6, 2024 CVE-2023-4762 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web brow…
55.8%
Jan 31, 2024 CVE-2022-48618 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities t…
0.1%
Jan 31, 2024 CVE-2024-21893
Ransomware
Ivanti Connect Secure, Policy Secure, and Neurons
endpoint vpn remote
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAM…
94.3%
Jan 24, 2024 CVE-2023-22527
Ransomware
Atlassian Confluence Data Center and Server
enterprise smb essential
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
94.4%
Jan 23, 2024 CVE-2024-23222 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnera…
0.6%
Jan 22, 2024 CVE-2023-34048 VMware vCenter Server
enterprise
VMware vCenter Server Out-of-Bounds Write Vulnerability
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.
93.2%
Jan 18, 2024 CVE-2023-35082
Ransomware
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core
endpoint vpn remote
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resou…
94.4%
Jan 17, 2024 CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NS…
5.7%
Jan 17, 2024 CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy,…
82.3%
Jan 17, 2024 CVE-2024-0519 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This …
0.2%
Jan 16, 2024 CVE-2018-15133 Laravel Laravel Framework
Laravel Deserialization of Untrusted Data Vulnerability
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user h…
84.4%
Jan 10, 2024 CVE-2023-29357
Ransomware
Microsoft SharePoint Server
endpoint m365 smb essential
Microsoft SharePoint Server Privilege Escalation Vulnerability
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them …
94.4%
Jan 10, 2024 CVE-2023-46805
Ransomware
Ivanti Connect Secure and Policy Secure
endpoint vpn remote
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allo…
94.4%
Jan 10, 2024 CVE-2024-21887
Ransomware
Ivanti Connect Secure and Policy Secure
endpoint vpn remote
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, whi…
94.4%
Jan 8, 2024 CVE-2016-20017 D-Link DSL-2750B Devices
network
D-Link DSL-2750B Devices Command Injection Vulnerability
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.
92.1%
Jan 8, 2024 CVE-2023-23752 Joomla! Joomla!
web server
Joomla! Improper Access Control Vulnerability
Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.
94.5%
Jan 8, 2024 CVE-2023-27524 Apache Superset
web server
Apache Superset Insecure Default Initialization of Resource Vulnerability
Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations …
84.0%
Jan 8, 2024 CVE-2023-29300
Ransomware
Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
93.8%
Jan 8, 2024 CVE-2023-38203
Ransomware
Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
94.3%
Jan 8, 2024 CVE-2023-41990 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
2.7%
Jan 2, 2024 CVE-2023-7024 Google Chromium WebRTC
browser smb essential
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to …
3.1%
Jan 2, 2024 CVE-2023-7101 Spreadsheet::ParseExcel Spreadsheet::ParseExcel
Spreadsheet::ParseExcel Remote Code Execution Vulnerability
Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from t…
57.8%
Dec 21, 2023 CVE-2023-47565 QNAP VioStor NVR
QNAP VioStor NVR OS Command Injection Vulnerability
QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.
86.7%
Dec 21, 2023 CVE-2023-49897 FXC AE1021, AE1021PE
FXC AE1021, AE1021PE OS Command Injection Vulnerability
FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.
24.4%
Dec 11, 2023 CVE-2023-6448 Unitronics Vision PLC and HMI
Unitronics Vision PLC and HMI Insecure Default Password Vulnerability
Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.
13.3%
Dec 7, 2023 CVE-2023-41265
Ransomware
Qlik Sense
Qlik Sense HTTP Tunneling Vulnerability
Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.
92.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.