Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Oct 16, 2023 | CVE-2023-20198 | Cisco IOS XE Web UI |
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege…
|
— | 94.0% |
| Oct 10, 2023 | CVE-2023-20109 | Cisco IOS and IOS XE |
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has…
|
— | 0.6% |
| Oct 10, 2023 | CVE-2023-21608 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
|
— | 77.5% |
| Oct 10, 2023 | CVE-2023-36563 | Microsoft WordPad |
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
|
— | 2.8% |
| Oct 10, 2023 | CVE-2023-41763 | Microsoft Skype for Business |
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
|
— | 16.5% |
| Oct 10, 2023 | CVE-2023-44487 | IETF HTTP/2 |
HTTP/2 Rapid Reset Attack Vulnerability
HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
|
— | 94.4% |
| Oct 5, 2023 |
CVE-2023-22515
Ransomware |
Atlassian Confluence Data Center and Server |
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and acc…
|
— | 94.4% |
| Oct 5, 2023 |
CVE-2023-40044
Ransomware |
Progress WS_FTP Server |
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on…
|
— | 94.4% |
| Oct 5, 2023 | CVE-2023-42824 | Apple iOS and iPadOS |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.0% |
| Oct 4, 2023 | CVE-2023-28229 | Microsoft Windows CNG Key Isolation Service |
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
|
— | 8.6% |
| Oct 4, 2023 |
CVE-2023-42793
Ransomware |
JetBrains TeamCity |
JetBrains TeamCity Authentication Bypass Vulnerability
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
|
— | 92.9% |
| Oct 3, 2023 | CVE-2023-4211 | Arm Mali GPU Kernel Driver |
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to alr…
|
— | 0.3% |
| Oct 2, 2023 | CVE-2023-5217 | Google Chromium libvpx |
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
|
— | 5.0% |
| Sep 28, 2023 | CVE-2018-14667 | Red Hat JBoss RichFaces Framework |
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vuln…
|
— | 89.5% |
| Sep 25, 2023 | CVE-2023-41991 | Apple Multiple Products |
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
|
— | 3.9% |
| Sep 25, 2023 | CVE-2023-41992 | Apple Multiple Products |
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.1% |
| Sep 25, 2023 | CVE-2023-41993 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 24.2% |
| Sep 21, 2023 | CVE-2023-41179 | Trend Micro Apex One and Worry-Free Business Security |
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the…
|
— | 2.5% |
| Sep 19, 2023 | CVE-2023-28434 | MinIO MinIO |
MinIO Security Feature Bypass Vulnerability
MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket wh…
|
— | 52.1% |
| Sep 18, 2023 | CVE-2014-8361 | Realtek SDK |
Realtek SDK Improper Input Validation Vulnerability
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient …
|
— | 94.0% |
| Sep 18, 2023 |
CVE-2017-6884
Ransomware |
Zyxel EMG2926 Routers |
Zyxel EMG2926 Routers Command Injection Vulnerability
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors …
|
— | 90.1% |
| Sep 18, 2023 |
CVE-2021-3129
Ransomware |
Laravel Ignition |
Laravel Ignition File Upload Vulnerability
Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_…
|
— | 94.3% |
| Sep 18, 2023 | CVE-2022-22265 | Samsung Mobile Devices |
Samsung Mobile Devices Use-After-Free Vulnerability
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
|
— | 0.2% |
| Sep 14, 2023 | CVE-2023-26369 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
|
— | 0.8% |
| Sep 13, 2023 |
CVE-2023-20269
Ransomware |
Cisco Adaptive Security Appliance and Firepower Threat Defense |
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute…
|
— | 1.2% |
| Sep 13, 2023 | CVE-2023-35674 | Android Framework |
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.1% |
| Sep 13, 2023 | CVE-2023-4863 | Google Chromium WebP |
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulne…
|
— | 93.3% |
| Sep 12, 2023 | CVE-2023-36761 | Microsoft Word |
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
|
— | 5.5% |
| Sep 12, 2023 | CVE-2023-36802 | Microsoft Streaming Service Proxy |
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
|
— | 75.4% |
| Sep 11, 2023 | CVE-2023-41061 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code executi…
|
— | 1.1% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.