Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2020-8243 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code…
|
— | 20.5% |
| Nov 3, 2021 | CVE-2020-8260 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Code Execution Vulnerability
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
|
— | 73.0% |
| Nov 3, 2021 | CVE-2020-8467 | Trend Micro Apex One and OfficeScan |
Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.
|
— | 31.1% |
| Nov 3, 2021 | CVE-2020-8468 | Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents |
Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agen…
|
— | 19.1% |
| Nov 3, 2021 | CVE-2020-8515 | DrayTek Multiple Vigor Routers |
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
|
— | 94.3% |
| Nov 3, 2021 | CVE-2020-8599 | Trend Micro Apex One and OfficeScan |
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
|
— | 57.9% |
| Nov 3, 2021 | CVE-2020-8644 | PlaySMS PlaySMS |
PlaySMS Server-Side Template Injection Vulnerability
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
|
— | 94.1% |
| Nov 3, 2021 | CVE-2020-8655 | EyesOfNetwork EyesOfNetwork |
EyesOfNetwork Improper Privilege Management Vulnerability
EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.
|
— | 87.9% |
| Nov 3, 2021 | CVE-2020-8657 | EyesOfNetwork EyesOfNetwork |
EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin acces…
|
— | 88.9% |
| Nov 3, 2021 | CVE-2020-9818 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously craf…
|
— | 0.9% |
| Nov 3, 2021 | CVE-2020-9819 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
|
— | 0.6% |
| Nov 3, 2021 | CVE-2020-9859 | Apple Multiple Products |
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-1497 | Cisco HyperFlex HX |
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the…
|
— | 94.4% |
| Nov 3, 2021 | CVE-2021-1498 | Cisco HyperFlex HX |
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the…
|
— | 94.2% |
| Nov 3, 2021 | CVE-2021-1647 | Microsoft Defender |
Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.
|
— | 76.1% |
| Nov 3, 2021 |
CVE-2021-1675
Ransomware |
Microsoft Windows |
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
|
— | 94.3% |
| Nov 3, 2021 |
CVE-2021-1732
Ransomware |
Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 88.3% |
| Nov 3, 2021 | CVE-2021-1782 | Apple Multiple Products |
Apple Multiple Products Race Condition Vulnerability
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
|
— | 5.9% |
| Nov 3, 2021 | CVE-2021-1870 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-1871 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-1879 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. Th…
|
— | 0.8% |
| Nov 3, 2021 | CVE-2021-1905 | Qualcomm Multiple Chipsets |
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.
|
— | 0.8% |
| Nov 3, 2021 | CVE-2021-1906 | Qualcomm Multiple Chipsets |
Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability
Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU addr…
|
— | 0.1% |
| Nov 3, 2021 |
CVE-2021-20016
Ransomware |
SonicWall SSLVPN SMA100 |
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
|
— | 79.8% |
| Nov 3, 2021 |
CVE-2021-20021
Ransomware |
SonicWall SonicWall Email Security |
SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to t…
|
— | 91.2% |
| Nov 3, 2021 |
CVE-2021-20022
Ransomware |
SonicWall SonicWall Email Security |
SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. T…
|
— | 32.6% |
| Nov 3, 2021 |
CVE-2021-20023
Ransomware |
SonicWall SonicWall Email Security |
SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in …
|
— | 55.4% |
| Nov 3, 2021 | CVE-2021-20090 | Arcadyan Buffalo Firmware |
Arcadyan Buffalo Firmware Path Traversal Vulnerability
Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. Thi…
|
— | 94.4% |
| Nov 3, 2021 | CVE-2021-21017 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current …
|
— | 90.2% |
| Nov 3, 2021 | CVE-2021-21148 | Google Chromium V8 |
Google Chromium V8 Heap Buffer Overflow Vulnerability
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 22.3% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.