Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2021-30661 | Apple Multiple Products |
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web cont…
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-30663 | Apple Multiple Products |
Apple Multiple Products WebKit Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vuln…
|
— | 1.0% |
| Nov 3, 2021 | CVE-2021-30665 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vul…
|
— | 0.2% |
| Nov 3, 2021 | CVE-2021-30666 | Apple iOS |
Apple iOS WebKit Buffer Overflow Vulnerability
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parser…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-30713 | Apple macOS |
Apple macOS Unspecified Vulnerability
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-30761 | Apple iOS |
Apple iOS WebKit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML pars…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-30762 | Apple iOS |
Apple iOS WebKit Use-After-Free Vulnerability
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers…
|
— | 0.0% |
| Nov 3, 2021 | CVE-2021-30807 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
|
— | 21.0% |
| Nov 3, 2021 | CVE-2021-30858 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
|
— | 0.8% |
| Nov 3, 2021 | CVE-2021-30860 | Apple Multiple Products |
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerab…
|
— | 72.0% |
| Nov 3, 2021 | CVE-2021-30869 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
|
— | 1.7% |
| Nov 3, 2021 | CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.9% |
| Nov 3, 2021 | CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.7% |
| Nov 3, 2021 |
CVE-2021-31207
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Security Feature Bypass Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
|
— | 93.8% |
| Nov 3, 2021 | CVE-2021-31955 | Microsoft Windows |
Microsoft Windows Kernel Information Disclosure Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memo…
|
— | 3.6% |
| Nov 3, 2021 | CVE-2021-31956 | Microsoft Windows |
Microsoft Windows NTFS Privilege Escalation Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
|
— | 90.7% |
| Nov 3, 2021 | CVE-2021-31979 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.2% |
| Nov 3, 2021 | CVE-2021-33739 | Microsoft Windows |
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
|
— | 16.9% |
| Nov 3, 2021 | CVE-2021-33742 | Microsoft Windows |
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
|
— | 72.1% |
| Nov 3, 2021 | CVE-2021-33771 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.4% |
| Nov 3, 2021 | CVE-2021-34448 | Microsoft Windows |
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.
|
— | 3.1% |
| Nov 3, 2021 |
CVE-2021-34473
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
|
— | 94.2% |
| Nov 3, 2021 |
CVE-2021-34523
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
|
— | 94.0% |
| Nov 3, 2021 |
CVE-2021-34527
Ransomware |
Microsoft Windows |
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploit…
|
— | 94.2% |
| Nov 3, 2021 |
CVE-2021-36942
Ransomware |
Microsoft Windows |
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the dom…
|
— | 93.6% |
| Nov 3, 2021 | CVE-2021-36948 | Microsoft Windows |
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 1.0% |
| Nov 3, 2021 |
CVE-2021-36955
Ransomware |
Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
|
— | 20.7% |
| Nov 3, 2021 | CVE-2021-37973 | Google Chromium Portals |
Google Chromium Portals Use-After-Free Vulnerability
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
|
— | 14.8% |
| Nov 3, 2021 | CVE-2021-37975 | Google Chromium V8 |
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 63.0% |
| Nov 3, 2021 | CVE-2021-37976 | Google Chromium |
Google Chromium Information Disclosure Vulnerability
Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from pr…
|
— | 20.1% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.