Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 61–90 of 667 CVEs · Page 3 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Oct 6, 2025 CVE-2013-3918 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Out-of-Bounds Write Vulnerability
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability …
88.5%
Oct 6, 2025 CVE-2021-43226 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
8.4%
Sep 23, 2025 CVE-2025-10585 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
2.1%
Aug 21, 2025 CVE-2025-43300 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
4.4%
Aug 12, 2025 CVE-2007-0671 Microsoft Office
endpoint m365 smb essential
Microsoft Office Excel Remote Code Execution Vulnerability
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered a…
52.3%
Aug 12, 2025 CVE-2013-3893 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-servic…
84.9%
Jul 22, 2025 CVE-2025-49704
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Code Injection Vulnerability
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2…
59.6%
Jul 22, 2025 CVE-2025-49706
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Improper Authentication Vulnerability
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow…
73.8%
Jul 22, 2025 CVE-2025-6558 Google Chromium
browser smb essential
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via …
0.3%
Jul 20, 2025 CVE-2025-53770
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This v…
88.2%
Jul 2, 2025 CVE-2025-6554 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could aff…
1.6%
Jun 16, 2025 CVE-2025-43200 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Unspecified Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
0.9%
Jun 10, 2025 CVE-2025-33053 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows External Control of File Name or Path Vulnerability
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the Worki…
50.3%
Jun 5, 2025 CVE-2025-5419 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This v…
3.8%
Jun 2, 2025 CVE-2025-3935 ConnectWise ScreenConnect
enterprise smb essential
ConnectWise ScreenConnect Improper Authentication Vulnerability
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execut…
6.1%
May 13, 2025 CVE-2025-30397 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.
20.7%
May 13, 2025 CVE-2025-30400 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
0.9%
May 13, 2025 CVE-2025-32701 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
1.9%
May 13, 2025 CVE-2025-32706 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
1.1%
May 13, 2025 CVE-2025-32709 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
1.0%
Apr 17, 2025 CVE-2025-24054 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.
8.0%
Apr 17, 2025 CVE-2025-31200 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafte…
1.7%
Apr 17, 2025 CVE-2025-31201 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Arbitrary Read and Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
3.4%
Apr 8, 2025 CVE-2025-29824
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
0.8%
Mar 27, 2025 CVE-2025-2783 Google Chromium Mojo
browser smb essential
Google Chromium Mojo Sandbox Escape Vulnerability
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances…
44.0%
Mar 13, 2025 CVE-2025-24201 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Conten…
0.2%
Mar 11, 2025 CVE-2025-24983 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Win32k Use-After-Free Vulnerability
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
1.8%
Mar 11, 2025 CVE-2025-24984 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTFS Information Disclosure Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose inf…
4.3%
Mar 11, 2025 CVE-2025-24985 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.
2.1%
Mar 11, 2025 CVE-2025-24991 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally.
1.6%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.