Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Sep 25, 2023 | CVE-2023-41993 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 24.2% |
| Sep 13, 2023 | CVE-2023-4863 | Google Chromium WebP |
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulne…
|
— | 93.3% |
| Jul 13, 2023 | CVE-2023-37450 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 0.1% |
| Jun 23, 2023 | CVE-2023-32435 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
|
— | 0.4% |
| Jun 23, 2023 | CVE-2023-32439 | Apple Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
|
— | 1.2% |
| Jun 22, 2023 | CVE-2016-9079 | Mozilla Firefox, Firefox ESR, and Thunderbird |
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
|
— | 84.8% |
| Jun 7, 2023 | CVE-2023-3079 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 1.7% |
| May 22, 2023 | CVE-2023-28204 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted …
|
— | 0.1% |
| May 22, 2023 | CVE-2023-32373 | Apple Multiple Products |
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. Thi…
|
— | 0.0% |
| May 22, 2023 | CVE-2023-32409 | Apple Multiple Products |
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vuln…
|
— | 0.3% |
| Apr 21, 2023 | CVE-2023-2136 | Google Chromium Skia |
Google Chrome Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
|
— | 0.4% |
| Apr 17, 2023 | CVE-2023-2033 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 22.8% |
| Apr 10, 2023 | CVE-2023-28205 | Apple Multiple Products |
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
|
— | 0.1% |
| Mar 30, 2023 | CVE-2022-3038 | Google Chromium Network Service |
Google Chromium Network Service Use-After-Free Vulnerability
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 36.0% |
| Feb 14, 2023 | CVE-2023-23529 | Apple Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability …
|
— | 0.1% |
| Dec 5, 2022 | CVE-2022-4262 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 8.6% |
| Nov 28, 2022 | CVE-2022-4135 | Google Chromium GPU |
Google Chromium GPU Heap Buffer Overflow Vulnerability
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape …
|
— | 0.1% |
| Oct 28, 2022 | CVE-2022-3723 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 0.5% |
| Sep 8, 2022 | CVE-2022-3075 | Google Chromium Mojo |
Google Chromium Mojo Insufficient Data Validation Vulnerability
Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandb…
|
— | 2.1% |
| Aug 18, 2022 | CVE-2022-2856 | Google Chromium Intents |
Google Chromium Intents Insufficient Input Validation Vulnerability
Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page…
|
— | 3.3% |
| Jun 27, 2022 | CVE-2021-30533 | Google Chromium PopupBlocker |
Google Chromium PopupBlocker Security Bypass Vulnerability
Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This v…
|
— | 16.7% |
| Jun 8, 2022 | CVE-2016-1646 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Read Vulnerability
Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via c…
|
— | 66.9% |
| Jun 8, 2022 | CVE-2016-5198 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a cr…
|
— | 78.7% |
| Jun 8, 2022 | CVE-2017-5030 | Google Chromium V8 |
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multipl…
|
— | 50.3% |
| Jun 8, 2022 | CVE-2017-5070 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
|
— | 74.4% |
| Jun 8, 2022 | CVE-2018-17463 | Google Chromium V8 |
Google Chromium V8 Remote Code Execution Vulnerability
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could af…
|
— | 92.2% |
| Jun 8, 2022 | CVE-2018-17480 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability cou…
|
— | 30.4% |
| Jun 8, 2022 | CVE-2018-6065 | Google Chromium V8 |
Google Chromium V8 Integer Overflow Vulnerability
Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerabili…
|
— | 89.6% |
| Jun 8, 2022 | CVE-2019-5825 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 78.2% |
| May 25, 2022 | CVE-2015-4495 | Mozilla Firefox |
Mozilla Firefox Security Feature Bypass Vulnerability
Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
|
— | 71.6% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.