Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Apr 4, 2024 | CVE-2024-29745 | Android Pixel |
Android Pixel Information Disclosure Vulnerability
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
|
— | 0.2% |
| Apr 4, 2024 | CVE-2024-29748 | Android Pixel |
Android Pixel Privilege Escalation Vulnerability
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.
|
— | 0.4% |
| Mar 6, 2024 | CVE-2024-23225 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to b…
|
— | 0.2% |
| Mar 6, 2024 | CVE-2024-23296 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kerne…
|
— | 0.3% |
| Mar 5, 2024 | CVE-2023-21237 | Android Pixel |
Android Pixel Information Disclosure Vulnerability
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. Thi…
|
— | 1.0% |
| Jan 31, 2024 | CVE-2022-48618 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities t…
|
— | 0.1% |
| Jan 23, 2024 | CVE-2024-23222 | Apple Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnera…
|
— | 0.6% |
| Jan 8, 2024 | CVE-2023-41990 | Apple Multiple Products |
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
|
— | 2.7% |
| Dec 4, 2023 | CVE-2023-42916 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. Th…
|
— | 0.1% |
| Dec 4, 2023 | CVE-2023-42917 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
|
— | 0.1% |
| Oct 23, 2023 | CVE-2023-20273 | Cisco Cisco IOS XE Web UI |
Cisco IOS XE Web UI Command Injection Vulnerability
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privil…
|
— | 92.6% |
| Oct 16, 2023 | CVE-2023-20198 | Cisco IOS XE Web UI |
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege…
|
— | 94.0% |
| Oct 10, 2023 | CVE-2023-20109 | Cisco IOS and IOS XE |
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has…
|
— | 0.6% |
| Oct 5, 2023 | CVE-2023-42824 | Apple iOS and iPadOS |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.0% |
| Sep 25, 2023 | CVE-2023-41991 | Apple Multiple Products |
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
|
— | 3.9% |
| Sep 25, 2023 | CVE-2023-41992 | Apple Multiple Products |
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.1% |
| Sep 25, 2023 | CVE-2023-41993 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 24.2% |
| Sep 18, 2023 | CVE-2022-22265 | Samsung Mobile Devices |
Samsung Mobile Devices Use-After-Free Vulnerability
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
|
— | 0.2% |
| Sep 13, 2023 | CVE-2023-35674 | Android Framework |
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.1% |
| Sep 11, 2023 | CVE-2023-41061 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code executi…
|
— | 1.1% |
| Sep 11, 2023 | CVE-2023-41064 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability w…
|
— | 85.4% |
| Jul 26, 2023 | CVE-2023-38606 | Apple Multiple Products |
Apple Multiple Products Kernel Unspecified Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
|
— | 0.1% |
| Jul 13, 2023 | CVE-2023-37450 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 0.1% |
| Jun 29, 2023 | CVE-2021-25371 | Samsung Mobile Devices |
Samsung Mobile Devices Unspecified Vulnerability
Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
|
— | 1.6% |
| Jun 29, 2023 | CVE-2021-25372 | Samsung Mobile Devices |
Samsung Mobile Devices Improper Boundary Check Vulnerability
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
|
— | 1.8% |
| Jun 29, 2023 | CVE-2021-25394 | Samsung Mobile Devices |
Samsung Mobile Devices Race Condition Vulnerability
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromi…
|
— | 0.4% |
| Jun 29, 2023 | CVE-2021-25395 | Samsung Mobile Devices |
Samsung Mobile Devices Race Condition Vulnerability
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromi…
|
— | 0.2% |
| Jun 29, 2023 | CVE-2021-25487 | Samsung Mobile Devices |
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to r…
|
— | 2.6% |
| Jun 29, 2023 | CVE-2021-25489 | Samsung Mobile Devices |
Samsung Mobile Devices Improper Input Validation Vulnerability
Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
|
— | 0.3% |
| Jun 23, 2023 | CVE-2023-32434 | Apple Multiple Products |
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
|
— | 52.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.