Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 151–180 of 531 CVEs · Page 6 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jan 10, 2024 CVE-2024-21887
Ransomware
Ivanti Connect Secure and Policy Secure
endpoint vpn remote
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, whi…
94.4%
Jan 8, 2024 CVE-2023-41990 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
2.7%
Dec 4, 2023 CVE-2023-42916 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. Th…
0.1%
Dec 4, 2023 CVE-2023-42917 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
0.1%
Nov 16, 2023 CVE-2023-1671 Sophos Web Appliance
endpoint network
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
94.3%
Nov 16, 2023 CVE-2023-36584 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
15.4%
Nov 14, 2023 CVE-2023-36025 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prom…
90.2%
Nov 14, 2023 CVE-2023-36033 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
0.9%
Nov 14, 2023 CVE-2023-36036 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
1.8%
Oct 10, 2023 CVE-2023-36563 Microsoft WordPad
endpoint m365 smb essential
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
2.8%
Oct 10, 2023 CVE-2023-41763 Microsoft Skype for Business
endpoint m365 smb essential
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
16.5%
Oct 5, 2023 CVE-2023-42824 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
1.0%
Oct 4, 2023 CVE-2023-28229 Microsoft Windows CNG Key Isolation Service
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
8.6%
Sep 25, 2023 CVE-2023-41991 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
3.9%
Sep 25, 2023 CVE-2023-41992 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
1.1%
Sep 25, 2023 CVE-2023-41993 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
24.2%
Sep 21, 2023 CVE-2023-41179 Trend Micro Apex One and Worry-Free Business Security
endpoint
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the…
2.5%
Sep 12, 2023 CVE-2023-36761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
5.5%
Sep 12, 2023 CVE-2023-36802 Microsoft Streaming Service Proxy
endpoint m365 smb essential
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
75.4%
Sep 11, 2023 CVE-2023-41061 Apple iOS, iPadOS, and watchOS
endpoint mobile smb essential
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code executi…
1.1%
Sep 11, 2023 CVE-2023-41064 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability w…
85.4%
Aug 22, 2023 CVE-2023-38035
Ransomware
Ivanti Sentry
endpoint vpn remote
Ivanti Sentry Authentication Bypass Vulnerability
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrat…
94.4%
Aug 9, 2023 CVE-2023-38180 Microsoft .NET Core and Visual Studio
endpoint m365 smb essential
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
0.9%
Jul 31, 2023 CVE-2023-35081 Ivanti Endpoint Manager Mobile (EPMM)
endpoint vpn remote
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This…
90.7%
Jul 26, 2023 CVE-2023-38606 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Kernel Unspecified Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
0.1%
Jul 25, 2023 CVE-2023-35078
Ransomware
Ivanti Endpoint Manager Mobile (EPMM)
endpoint vpn remote
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths.…
94.4%
Jul 17, 2023 CVE-2023-36884
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leadin…
93.0%
Jul 13, 2023 CVE-2023-37450 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
0.1%
Jul 11, 2023 CVE-2023-32046 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
42.7%
Jul 11, 2023 CVE-2023-32049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
7.7%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.