Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 691–720 of 1,619 CVEs · Page 24 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
May 12, 2023 CVE-2015-5317 Jenkins Jenkins User Interface (UI)
Jenkins User Interface (UI) Information Disclosure Vulnerability
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerpri…
39.7%
May 12, 2023 CVE-2016-3427 Oracle Java SE and JRockit
database enterprise
Oracle Java SE and JRockit Unspecified Vulnerability
Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Ma…
93.3%
May 12, 2023 CVE-2016-8735 Apache Tomcat
web server
Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension…
93.8%
May 12, 2023 CVE-2021-3560 Red Hat Polkit
server os
Red Hat Polkit Incorrect Authorization Vulnerability
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
10.4%
May 12, 2023 CVE-2023-25717 Ruckus Wireless Multiple Products
network
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can…
94.2%
May 9, 2023 CVE-2023-29336 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32K Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
76.7%
May 1, 2023 CVE-2021-45046
Ransomware
Apache Log4j2
web server
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remo…
94.3%
May 1, 2023 CVE-2023-1389 TP-Link Archer AX21
network
TP-Link Archer AX-21 Command Injection Vulnerability
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
93.3%
May 1, 2023 CVE-2023-21839 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
94.2%
Apr 21, 2023 CVE-2023-2136 Google Chromium Skia
browser smb essential
Google Chrome Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
0.4%
Apr 21, 2023 CVE-2023-27350
Ransomware
PaperCut MF/NG
PaperCut MF/NG Improper Access Control Vulnerability
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
94.3%
Apr 21, 2023 CVE-2023-28432 MinIO MinIO
MinIO Information Disclosure Vulnerability
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
94.0%
Apr 19, 2023 CVE-2017-6742 Cisco IOS and IOS XE Software
mobile network
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
14.8%
Apr 17, 2023 CVE-2019-8526 Apple macOS
endpoint mobile smb essential
Apple macOS Use-After-Free Vulnerability
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
0.2%
Apr 17, 2023 CVE-2023-2033 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
22.8%
Apr 13, 2023 CVE-2023-20963 Android Framework
mobile
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges n…
1.1%
Apr 13, 2023 CVE-2023-29492 Novi Survey Novi Survey
Novi Survey Insecure Deserialization Vulnerability
Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.
18.3%
Apr 11, 2023 CVE-2023-28252
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
61.6%
Apr 10, 2023 CVE-2023-28205 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
0.1%
Apr 10, 2023 CVE-2023-28206 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
21.6%
Apr 7, 2023 CVE-2019-1388
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
8.0%
Apr 7, 2023 CVE-2021-27876
Ransomware
Veritas Backup Exec Agent
Veritas Backup Exec Agent File Access Vulnerability
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to acces…
0.9%
Apr 7, 2023 CVE-2021-27877
Ransomware
Veritas Backup Exec Agent
Veritas Backup Exec Agent Improper Authentication Vulnerability
Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
40.3%
Apr 7, 2023 CVE-2021-27878
Ransomware
Veritas Backup Exec Agent
Veritas Backup Exec Agent Command Execution Vulnerability
Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Age…
1.1%
Apr 7, 2023 CVE-2023-26083 Arm Mali Graphics Processing Unit (GPU)
Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel …
5.2%
Apr 3, 2023 CVE-2022-27926 Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.
94.1%
Mar 30, 2023 CVE-2013-3163 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
84.6%
Mar 30, 2023 CVE-2017-7494
Ransomware
Samba Samba
Samba Remote Code Execution Vulnerability
Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
94.2%
Mar 30, 2023 CVE-2021-30900 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
0.5%
Mar 30, 2023 CVE-2022-22706 Arm Mali Graphics Processing Unit (GPU)
Arm Mali GPU Kernel Driver Unspecified Vulnerability
Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.
0.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.