Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jan 10, 2024 |
CVE-2024-21887
Ransomware |
Ivanti Connect Secure and Policy Secure |
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, whi…
|
— | 94.4% |
| Jan 8, 2024 | CVE-2023-41990 | Apple Multiple Products |
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
|
— | 2.7% |
| Dec 4, 2023 | CVE-2023-42916 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. Th…
|
— | 0.1% |
| Dec 4, 2023 | CVE-2023-42917 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
|
— | 0.1% |
| Nov 16, 2023 | CVE-2023-1671 | Sophos Web Appliance |
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
|
— | 94.3% |
| Nov 16, 2023 | CVE-2023-36584 | Microsoft Windows |
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
|
— | 15.4% |
| Nov 14, 2023 | CVE-2023-36025 | Microsoft Windows |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prom…
|
— | 90.2% |
| Nov 14, 2023 | CVE-2023-36033 | Microsoft Windows |
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.9% |
| Nov 14, 2023 | CVE-2023-36036 | Microsoft Windows |
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
|
— | 1.8% |
| Oct 10, 2023 | CVE-2023-36563 | Microsoft WordPad |
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
|
— | 2.8% |
| Oct 10, 2023 | CVE-2023-41763 | Microsoft Skype for Business |
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
|
— | 16.5% |
| Oct 5, 2023 | CVE-2023-42824 | Apple iOS and iPadOS |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.0% |
| Oct 4, 2023 | CVE-2023-28229 | Microsoft Windows CNG Key Isolation Service |
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
|
— | 8.6% |
| Sep 25, 2023 | CVE-2023-41991 | Apple Multiple Products |
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
|
— | 3.9% |
| Sep 25, 2023 | CVE-2023-41992 | Apple Multiple Products |
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.1% |
| Sep 25, 2023 | CVE-2023-41993 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 24.2% |
| Sep 21, 2023 | CVE-2023-41179 | Trend Micro Apex One and Worry-Free Business Security |
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the…
|
— | 2.5% |
| Sep 12, 2023 | CVE-2023-36761 | Microsoft Word |
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
|
— | 5.5% |
| Sep 12, 2023 | CVE-2023-36802 | Microsoft Streaming Service Proxy |
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
|
— | 75.4% |
| Sep 11, 2023 | CVE-2023-41061 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code executi…
|
— | 1.1% |
| Sep 11, 2023 | CVE-2023-41064 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability w…
|
— | 85.4% |
| Aug 22, 2023 |
CVE-2023-38035
Ransomware |
Ivanti Sentry |
Ivanti Sentry Authentication Bypass Vulnerability
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrat…
|
— | 94.4% |
| Aug 9, 2023 | CVE-2023-38180 | Microsoft .NET Core and Visual Studio |
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
|
— | 0.9% |
| Jul 31, 2023 | CVE-2023-35081 | Ivanti Endpoint Manager Mobile (EPMM) |
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This…
|
— | 90.7% |
| Jul 26, 2023 | CVE-2023-38606 | Apple Multiple Products |
Apple Multiple Products Kernel Unspecified Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
|
— | 0.1% |
| Jul 25, 2023 |
CVE-2023-35078
Ransomware |
Ivanti Endpoint Manager Mobile (EPMM) |
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths.…
|
— | 94.4% |
| Jul 17, 2023 |
CVE-2023-36884
Ransomware |
Microsoft Windows |
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leadin…
|
— | 93.0% |
| Jul 13, 2023 | CVE-2023-37450 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 0.1% |
| Jul 11, 2023 | CVE-2023-32046 | Microsoft Windows |
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
|
— | 42.7% |
| Jul 11, 2023 | CVE-2023-32049 | Microsoft Windows |
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
|
— | 7.7% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.