Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 181–210 of 531 CVEs · Page 7 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jul 11, 2023 CVE-2023-35311 Microsoft Outlook
endpoint m365 smb essential
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
0.5%
Jul 11, 2023 CVE-2023-36874 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
70.2%
Jun 23, 2023 CVE-2023-32434 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
52.4%
Jun 23, 2023 CVE-2023-32435 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
0.4%
Jun 23, 2023 CVE-2023-32439 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
1.2%
Jun 22, 2023 CVE-2016-0165 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
6.0%
May 22, 2023 CVE-2023-28204 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted …
0.1%
May 22, 2023 CVE-2023-32373 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. Thi…
0.0%
May 22, 2023 CVE-2023-32409 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vuln…
0.3%
May 9, 2023 CVE-2023-29336 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32K Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
76.7%
Apr 17, 2023 CVE-2019-8526 Apple macOS
endpoint mobile smb essential
Apple macOS Use-After-Free Vulnerability
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
0.2%
Apr 11, 2023 CVE-2023-28252
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
61.6%
Apr 10, 2023 CVE-2023-28205 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
0.1%
Apr 10, 2023 CVE-2023-28206 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
21.6%
Apr 7, 2023 CVE-2019-1388
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
8.0%
Mar 30, 2023 CVE-2013-3163 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
84.6%
Mar 30, 2023 CVE-2021-30900 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
0.5%
Mar 14, 2023 CVE-2023-23397 Microsoft Office
endpoint m365 smb essential
Microsoft Office Outlook Privilege Escalation Vulnerability
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
93.4%
Mar 14, 2023 CVE-2023-24880
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malici…
74.6%
Feb 14, 2023 CVE-2023-21715 Microsoft Office
endpoint m365 smb essential
Microsoft Office Publisher Security Feature Bypass Vulnerability
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
0.5%
Feb 14, 2023 CVE-2023-21823 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.
2.3%
Feb 14, 2023 CVE-2023-23376
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
15.2%
Feb 14, 2023 CVE-2023-23529 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability …
0.1%
Feb 10, 2023 CVE-2015-2291
Ransomware
Intel Ethernet Diagnostics Driver for Windows
endpoint smb essential
Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).
5.6%
Jan 10, 2023 CVE-2022-41080
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote …
93.8%
Jan 10, 2023 CVE-2023-21674 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
19.7%
Dec 14, 2022 CVE-2022-42856 Apple iOS
endpoint mobile smb essential
Apple iOS Type Confusion Vulnerability
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
0.2%
Dec 13, 2022 CVE-2022-44698
Ransomware
Microsoft Defender
endpoint m365 smb essential
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malic…
67.2%
Nov 14, 2022 CVE-2022-41049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
13.2%
Nov 8, 2022 CVE-2022-41073
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
2.3%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.