Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 61–90 of 117 CVEs · Page 3 of 4 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
May 24, 2022 CVE-2016-3351
Ransomware
Microsoft Internet Explorer and Edge
browser endpoint m365 smb essential
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker …
45.4%
May 24, 2022 CVE-2016-4657 Apple iOS
browser endpoint mobile smb essential
Apple iOS Webkit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerabil…
79.4%
May 23, 2022 CVE-2019-11707 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox and Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable …
84.3%
May 23, 2022 CVE-2019-11708 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
68.8%
May 23, 2022 CVE-2019-13720 Google Chrome WebAudio
browser smb essential
Google Chrome WebAudio Use-After-Free Vulnerability
Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
89.6%
May 23, 2022 CVE-2019-5786 Google Chrome Blink
browser smb essential
Google Chrome Blink Use-After-Free Vulnerability
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.
89.9%
May 23, 2022 CVE-2019-8720 WebKitGTK WebKitGTK
browser
WebKitGTK Memory Corruption Vulnerability
WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.
4.1%
Apr 15, 2022 CVE-2022-1364 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
17.5%
Apr 11, 2022 CVE-2021-39793 Google Pixel
browser smb essential
Google Pixel Out-of-Bounds Write Vulnerability
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
0.1%
Mar 28, 2022 CVE-2013-1690 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (Do…
47.1%
Mar 28, 2022 CVE-2016-7200 Microsoft Edge
browser endpoint m365 smb essential
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
88.0%
Mar 28, 2022 CVE-2016-7201 Microsoft Edge
browser endpoint m365 smb essential
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
88.9%
Mar 28, 2022 CVE-2017-0037 Microsoft Edge and Internet Explorer
browser endpoint m365 smb essential
Microsoft Edge and Internet Explorer Type Confusion Vulnerability
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
91.2%
Mar 28, 2022 CVE-2022-1096 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
37.7%
Mar 25, 2022 CVE-2018-6961 VMware SD-WAN Edge
browser enterprise network smb essential
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code executi…
93.9%
Mar 7, 2022 CVE-2022-26485 Mozilla Firefox
browser smb essential
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
2.9%
Mar 7, 2022 CVE-2022-26486 Mozilla Firefox
browser smb essential
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
2.5%
Mar 3, 2022 CVE-2013-1675 Mozilla Firefox
browser smb essential
Mozilla Firefox Information Disclosure Vulnerability
Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to…
7.9%
Feb 15, 2022 CVE-2022-0609 Google Chromium Animation
browser smb essential
Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
49.0%
Feb 11, 2022 CVE-2022-22620 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
4.0%
Jan 10, 2022 CVE-2020-6572 Google Chrome Media
browser smb essential
Google Chrome Media Use-After-Free Vulnerability
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
19.1%
Dec 15, 2021 CVE-2021-4102 Google Chromium V8
browser smb essential
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
5.5%
Nov 3, 2021 CVE-2019-17026 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox And Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
56.2%
Nov 3, 2021 CVE-2020-0878
Ransomware
Microsoft Edge and Internet Explorer
browser endpoint m365 smb essential
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
5.3%
Nov 3, 2021 CVE-2020-15999 Google Chrome FreeType
browser smb essential
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG…
93.0%
Nov 3, 2021 CVE-2020-16009 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
84.4%
Nov 3, 2021 CVE-2020-16010 Google Chrome for Android UI
browser mobile smb essential
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbo…
19.6%
Nov 3, 2021 CVE-2020-16013 Google Chromium V8
browser smb essential
Google Chromium V8 Incorrect Implementation Vulnerabililty
Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This…
26.1%
Nov 3, 2021 CVE-2020-16017 Google Chrome
browser smb essential
Google Chrome Use-After-Free Vulnerability
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafte…
21.4%
Nov 3, 2021 CVE-2020-6418 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could…
86.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.