Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2021-27562 | Arm Trusted Firmware |
Arm Trusted Firmware Out-of-Bounds Write Vulnerability
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data whe…
|
— | 10.9% |
| Nov 3, 2021 | CVE-2021-28310 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 54.0% |
| Nov 3, 2021 | CVE-2021-28550 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
|
— | 30.7% |
| Nov 3, 2021 | CVE-2021-28663 | Arm Mali Graphics Processing Unit (GPU) |
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gai…
|
— | 3.6% |
| Nov 3, 2021 | CVE-2021-28664 | Arm Mali Graphics Processing Unit (GPU) |
Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability
Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain roo…
|
— | 0.3% |
| Nov 3, 2021 |
CVE-2021-30116
Ransomware |
Kaseya Virtual System/Server Administrator (VSA) |
Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further …
|
— | 54.1% |
| Nov 3, 2021 | CVE-2021-30551 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 82.2% |
| Nov 3, 2021 | CVE-2021-30554 | Google Chromium WebGL |
Google Chromium WebGL Use-After-Free Vulnerability
Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
|
— | 5.8% |
| Nov 3, 2021 | CVE-2021-30563 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 2.6% |
| Nov 3, 2021 | CVE-2021-30632 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 83.8% |
| Nov 3, 2021 | CVE-2021-30633 | Google Chromium Indexed DB API |
Google Chromium Indexed DB API Use-After-Free Vulnerability
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox es…
|
— | 30.1% |
| Nov 3, 2021 | CVE-2021-30657 | Apple macOS |
Apple macOS Unspecified Vulnerability
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
|
— | 83.1% |
| Nov 3, 2021 | CVE-2021-30661 | Apple Multiple Products |
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web cont…
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-30663 | Apple Multiple Products |
Apple Multiple Products WebKit Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vuln…
|
— | 1.0% |
| Nov 3, 2021 | CVE-2021-30665 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vul…
|
— | 0.2% |
| Nov 3, 2021 | CVE-2021-30666 | Apple iOS |
Apple iOS WebKit Buffer Overflow Vulnerability
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parser…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-30713 | Apple macOS |
Apple macOS Unspecified Vulnerability
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-30761 | Apple iOS |
Apple iOS WebKit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML pars…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-30762 | Apple iOS |
Apple iOS WebKit Use-After-Free Vulnerability
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers…
|
— | 0.0% |
| Nov 3, 2021 | CVE-2021-30807 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
|
— | 21.0% |
| Nov 3, 2021 | CVE-2021-30858 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
|
— | 0.8% |
| Nov 3, 2021 | CVE-2021-30860 | Apple Multiple Products |
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerab…
|
— | 72.0% |
| Nov 3, 2021 | CVE-2021-30869 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
|
— | 1.7% |
| Nov 3, 2021 | CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.9% |
| Nov 3, 2021 | CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.7% |
| Nov 3, 2021 |
CVE-2021-31207
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Security Feature Bypass Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
|
— | 93.8% |
| Nov 3, 2021 | CVE-2021-31755 | Tenda AC11 Router |
Tenda AC11 Router Stack Buffer Overflow Vulnerability
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
|
— | 94.0% |
| Nov 3, 2021 | CVE-2021-31955 | Microsoft Windows |
Microsoft Windows Kernel Information Disclosure Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memo…
|
— | 3.6% |
| Nov 3, 2021 | CVE-2021-31956 | Microsoft Windows |
Microsoft Windows NTFS Privilege Escalation Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
|
— | 90.7% |
| Nov 3, 2021 | CVE-2021-31979 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.