Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 631–660 of 1,619 CVEs · Page 22 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Sep 11, 2023 CVE-2023-41064 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability w…
85.4%
Sep 6, 2023 CVE-2023-33246 Apache RocketMQ
web server
Apache RocketMQ Command Execution Vulnerability
Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vul…
94.4%
Aug 24, 2023 CVE-2023-32315 Ignite Realtime Openfire
Ignite Realtime Openfire Path Traversal Vulnerability
Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for admi…
94.4%
Aug 24, 2023 CVE-2023-38831
Ransomware
RARLAB WinRAR
RARLAB WinRAR Code Execution Vulnerability
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.
93.9%
Aug 22, 2023 CVE-2023-27532
Ransomware
Veeam Backup & Replication
enterprise
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the b…
83.6%
Aug 22, 2023 CVE-2023-38035
Ransomware
Ivanti Sentry
endpoint vpn remote
Ivanti Sentry Authentication Bypass Vulnerability
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrat…
94.4%
Aug 21, 2023 CVE-2023-26359 Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
79.1%
Aug 16, 2023 CVE-2023-24489 Citrix Content Collaboration
enterprise vpn remote
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile stora…
94.4%
Aug 9, 2023 CVE-2023-38180 Microsoft .NET Core and Visual Studio
endpoint m365 smb essential
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
0.9%
Aug 7, 2023 CVE-2017-18368 Zyxel P660HN-T1A Routers
Zyxel P660HN-T1A Routers Command Injection Vulnerability
Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via t…
93.6%
Jul 31, 2023 CVE-2023-35081 Ivanti Endpoint Manager Mobile (EPMM)
endpoint vpn remote
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This…
90.7%
Jul 27, 2023 CVE-2023-37580 Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data.
93.9%
Jul 26, 2023 CVE-2023-38606 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Kernel Unspecified Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
0.1%
Jul 25, 2023 CVE-2023-35078
Ransomware
Ivanti Endpoint Manager Mobile (EPMM)
endpoint vpn remote
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths.…
94.4%
Jul 20, 2023 CVE-2023-29298 Adobe ColdFusion
smb essential
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
94.3%
Jul 20, 2023 CVE-2023-38205 Adobe ColdFusion
smb essential
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
94.3%
Jul 19, 2023 CVE-2023-3519
Ransomware
Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
93.5%
Jul 17, 2023 CVE-2023-36884
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leadin…
93.0%
Jul 13, 2023 CVE-2022-29303 SolarView Compact
SolarView Compact Command Injection Vulnerability
SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.
94.4%
Jul 13, 2023 CVE-2023-37450 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
0.1%
Jul 11, 2023 CVE-2022-31199
Ransomware
Netwrix Auditor
Netwrix Auditor Insecure Object Deserialization Vulnerability
Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute cod…
5.9%
Jul 11, 2023 CVE-2023-32046 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
42.7%
Jul 11, 2023 CVE-2023-32049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
7.7%
Jul 11, 2023 CVE-2023-35311 Microsoft Outlook
endpoint m365 smb essential
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
0.5%
Jul 11, 2023 CVE-2023-36874 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
70.2%
Jul 7, 2023 CVE-2021-29256 Arm Mali Graphics Processing Unit (GPU)
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
0.7%
Jun 29, 2023 CVE-2019-17621 D-Link DIR-859 Router
network
D-Link DIR-859 Router Command Execution Vulnerability
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system comm…
93.0%
Jun 29, 2023 CVE-2019-20500 D-Link DWL-2600AP Access Point
network
D-Link DWL-2600AP Access Point Command Injection Vulnerability
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters …
89.9%
Jun 29, 2023 CVE-2021-25371 Samsung Mobile Devices
mobile
Samsung Mobile Devices Unspecified Vulnerability
Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
1.6%
Jun 29, 2023 CVE-2021-25372 Samsung Mobile Devices
mobile
Samsung Mobile Devices Improper Boundary Check Vulnerability
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
1.8%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.