Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 |
CVE-2021-1732
Ransomware |
Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 88.3% |
| Nov 3, 2021 | CVE-2021-1782 | Apple Multiple Products |
Apple Multiple Products Race Condition Vulnerability
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
|
— | 5.9% |
| Nov 3, 2021 | CVE-2021-1870 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-1871 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-1879 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. Th…
|
— | 0.8% |
| Nov 3, 2021 | CVE-2021-21017 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current …
|
— | 90.2% |
| Nov 3, 2021 | CVE-2021-21148 | Google Chromium V8 |
Google Chromium V8 Heap Buffer Overflow Vulnerability
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 22.3% |
| Nov 3, 2021 | CVE-2021-21166 | Google Chromium |
Google Chromium Race Condition Vulnerability
Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affe…
|
— | 38.0% |
| Nov 3, 2021 | CVE-2021-21193 | Google Chromium Blink |
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
|
— | 13.8% |
| Nov 3, 2021 | CVE-2021-21206 | Google Chromium Blink |
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
|
— | 17.5% |
| Nov 3, 2021 | CVE-2021-21220 | Google Chromium V8 |
Google Chromium V8 Improper Input Validation Vulnerability
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vu…
|
— | 91.2% |
| Nov 3, 2021 | CVE-2021-21224 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
|
— | 42.5% |
| Nov 3, 2021 |
CVE-2021-22205
Ransomware |
GitLab Community and Enterprise Editions |
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file ex…
|
— | 94.5% |
| Nov 3, 2021 |
CVE-2021-26084
Ransomware |
Atlassian Confluence Server and Data Center |
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2021-26411
Ransomware |
Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
|
— | 92.5% |
| Nov 3, 2021 |
CVE-2021-26855
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 94.3% |
| Nov 3, 2021 |
CVE-2021-26857
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 40.5% |
| Nov 3, 2021 |
CVE-2021-26858
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 73.2% |
| Nov 3, 2021 | CVE-2021-27059 | Microsoft Office |
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
|
— | 2.8% |
| Nov 3, 2021 |
CVE-2021-27065
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
|
— | 94.2% |
| Nov 3, 2021 | CVE-2021-27085 | Microsoft Internet Explorer |
Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
|
— | 1.8% |
| Nov 3, 2021 | CVE-2021-28310 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 54.0% |
| Nov 3, 2021 | CVE-2021-28550 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
|
— | 30.7% |
| Nov 3, 2021 |
CVE-2021-30116
Ransomware |
Kaseya Virtual System/Server Administrator (VSA) |
Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further …
|
— | 54.1% |
| Nov 3, 2021 | CVE-2021-30551 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 82.2% |
| Nov 3, 2021 | CVE-2021-30554 | Google Chromium WebGL |
Google Chromium WebGL Use-After-Free Vulnerability
Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
|
— | 5.8% |
| Nov 3, 2021 | CVE-2021-30563 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 2.6% |
| Nov 3, 2021 | CVE-2021-30632 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 83.8% |
| Nov 3, 2021 | CVE-2021-30633 | Google Chromium Indexed DB API |
Google Chromium Indexed DB API Use-After-Free Vulnerability
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox es…
|
— | 30.1% |
| Nov 3, 2021 | CVE-2021-30657 | Apple macOS |
Apple macOS Unspecified Vulnerability
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
|
— | 83.1% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.