Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 601–630 of 1,619 CVEs · Page 21 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Oct 16, 2023 CVE-2023-20198 Cisco IOS XE Web UI
mobile network
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege…
94.0%
Oct 10, 2023 CVE-2023-20109 Cisco IOS and IOS XE
mobile network vpn remote
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has…
0.6%
Oct 10, 2023 CVE-2023-21608 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
77.5%
Oct 10, 2023 CVE-2023-36563 Microsoft WordPad
endpoint m365 smb essential
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
2.8%
Oct 10, 2023 CVE-2023-41763 Microsoft Skype for Business
endpoint m365 smb essential
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
16.5%
Oct 10, 2023 CVE-2023-44487 IETF HTTP/2
HTTP/2 Rapid Reset Attack Vulnerability
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
94.4%
Oct 5, 2023 CVE-2023-22515
Ransomware
Atlassian Confluence Data Center and Server
enterprise smb essential
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and acc…
94.4%
Oct 5, 2023 CVE-2023-40044
Ransomware
Progress WS_FTP Server
enterprise
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on…
94.4%
Oct 5, 2023 CVE-2023-42824 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
1.0%
Oct 4, 2023 CVE-2023-28229 Microsoft Windows CNG Key Isolation Service
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
8.6%
Oct 4, 2023 CVE-2023-42793
Ransomware
JetBrains TeamCity
JetBrains TeamCity Authentication Bypass Vulnerability
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
92.9%
Oct 3, 2023 CVE-2023-4211 Arm Mali GPU Kernel Driver
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to alr…
0.3%
Oct 2, 2023 CVE-2023-5217 Google Chromium libvpx
browser smb essential
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
5.0%
Sep 28, 2023 CVE-2018-14667 Red Hat JBoss RichFaces Framework
server os
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vuln…
89.5%
Sep 25, 2023 CVE-2023-41991 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
3.9%
Sep 25, 2023 CVE-2023-41992 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
1.1%
Sep 25, 2023 CVE-2023-41993 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
24.2%
Sep 21, 2023 CVE-2023-41179 Trend Micro Apex One and Worry-Free Business Security
endpoint
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the…
2.5%
Sep 19, 2023 CVE-2023-28434 MinIO MinIO
MinIO Security Feature Bypass Vulnerability
MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket wh…
52.1%
Sep 18, 2023 CVE-2014-8361 Realtek SDK
Realtek SDK Improper Input Validation Vulnerability
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient …
94.0%
Sep 18, 2023 CVE-2017-6884
Ransomware
Zyxel EMG2926 Routers
Zyxel EMG2926 Routers Command Injection Vulnerability
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors …
90.1%
Sep 18, 2023 CVE-2021-3129
Ransomware
Laravel Ignition
Laravel Ignition File Upload Vulnerability
Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_…
94.3%
Sep 18, 2023 CVE-2022-22265 Samsung Mobile Devices
mobile
Samsung Mobile Devices Use-After-Free Vulnerability
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
0.2%
Sep 14, 2023 CVE-2023-26369 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
0.8%
Sep 13, 2023 CVE-2023-20269
Ransomware
Cisco Adaptive Security Appliance and Firepower Threat Defense
network
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute…
1.2%
Sep 13, 2023 CVE-2023-35674 Android Framework
mobile
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
0.1%
Sep 13, 2023 CVE-2023-4863 Google Chromium WebP
browser smb essential
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulne…
93.3%
Sep 12, 2023 CVE-2023-36761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
5.5%
Sep 12, 2023 CVE-2023-36802 Microsoft Streaming Service Proxy
endpoint m365 smb essential
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
75.4%
Sep 11, 2023 CVE-2023-41061 Apple iOS, iPadOS, and watchOS
endpoint mobile smb essential
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code executi…
1.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.