Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| May 24, 2022 |
CVE-2016-3351
Ransomware |
Microsoft Internet Explorer and Edge |
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker …
|
— | 45.4% |
| May 24, 2022 | CVE-2016-4657 | Apple iOS |
Apple iOS Webkit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerabil…
|
— | 79.4% |
| May 23, 2022 | CVE-2019-11707 | Mozilla Firefox and Thunderbird |
Mozilla Firefox and Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable …
|
— | 84.3% |
| May 23, 2022 | CVE-2019-11708 | Mozilla Firefox and Thunderbird |
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
|
— | 68.8% |
| May 23, 2022 | CVE-2019-13720 | Google Chrome WebAudio |
Google Chrome WebAudio Use-After-Free Vulnerability
Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
— | 89.6% |
| May 23, 2022 | CVE-2019-5786 | Google Chrome Blink |
Google Chrome Blink Use-After-Free Vulnerability
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
— | 89.9% |
| May 23, 2022 | CVE-2019-8720 | WebKitGTK WebKitGTK |
WebKitGTK Memory Corruption Vulnerability
WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.
|
— | 4.1% |
| Apr 15, 2022 | CVE-2022-1364 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 17.5% |
| Apr 11, 2022 | CVE-2021-39793 | Google Pixel |
Google Pixel Out-of-Bounds Write Vulnerability
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
|
— | 0.1% |
| Mar 28, 2022 | CVE-2013-1690 | Mozilla Firefox and Thunderbird |
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (Do…
|
— | 47.1% |
| Mar 28, 2022 | CVE-2016-7200 | Microsoft Edge |
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
|
— | 88.0% |
| Mar 28, 2022 | CVE-2016-7201 | Microsoft Edge |
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
|
— | 88.9% |
| Mar 28, 2022 | CVE-2017-0037 | Microsoft Edge and Internet Explorer |
Microsoft Edge and Internet Explorer Type Confusion Vulnerability
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
|
— | 91.2% |
| Mar 28, 2022 | CVE-2022-1096 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 37.7% |
| Mar 25, 2022 | CVE-2018-6961 | VMware SD-WAN Edge |
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code executi…
|
— | 93.9% |
| Mar 7, 2022 | CVE-2022-26485 | Mozilla Firefox |
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
|
— | 2.9% |
| Mar 7, 2022 | CVE-2022-26486 | Mozilla Firefox |
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
|
— | 2.5% |
| Mar 3, 2022 | CVE-2013-1675 | Mozilla Firefox |
Mozilla Firefox Information Disclosure Vulnerability
Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to…
|
— | 7.9% |
| Feb 15, 2022 | CVE-2022-0609 | Google Chromium Animation |
Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 49.0% |
| Feb 11, 2022 | CVE-2022-22620 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
|
— | 4.0% |
| Jan 10, 2022 | CVE-2020-6572 | Google Chrome Media |
Google Chrome Media Use-After-Free Vulnerability
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
|
— | 19.1% |
| Dec 15, 2021 | CVE-2021-4102 | Google Chromium V8 |
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 5.5% |
| Nov 3, 2021 | CVE-2019-17026 | Mozilla Firefox and Thunderbird |
Mozilla Firefox And Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
|
— | 56.2% |
| Nov 3, 2021 |
CVE-2020-0878
Ransomware |
Microsoft Edge and Internet Explorer |
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
|
— | 5.3% |
| Nov 3, 2021 | CVE-2020-15999 | Google Chrome FreeType |
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG…
|
— | 93.0% |
| Nov 3, 2021 | CVE-2020-16009 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 84.4% |
| Nov 3, 2021 | CVE-2020-16010 | Google Chrome for Android UI |
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbo…
|
— | 19.6% |
| Nov 3, 2021 | CVE-2020-16013 | Google Chromium V8 |
Google Chromium V8 Incorrect Implementation Vulnerabililty
Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This…
|
— | 26.1% |
| Nov 3, 2021 | CVE-2020-16017 | Google Chrome |
Google Chrome Use-After-Free Vulnerability
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafte…
|
— | 21.4% |
| Nov 3, 2021 | CVE-2020-6418 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could…
|
— | 86.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.