Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 181–210 of 667 CVEs · Page 7 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Oct 10, 2023 CVE-2023-36563 Microsoft WordPad
endpoint m365 smb essential
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
2.8%
Oct 10, 2023 CVE-2023-41763 Microsoft Skype for Business
endpoint m365 smb essential
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
16.5%
Oct 5, 2023 CVE-2023-22515
Ransomware
Atlassian Confluence Data Center and Server
enterprise smb essential
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and acc…
94.4%
Oct 5, 2023 CVE-2023-42824 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
1.0%
Oct 4, 2023 CVE-2023-28229 Microsoft Windows CNG Key Isolation Service
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
8.6%
Oct 2, 2023 CVE-2023-5217 Google Chromium libvpx
browser smb essential
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
5.0%
Sep 25, 2023 CVE-2023-41991 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
3.9%
Sep 25, 2023 CVE-2023-41992 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
1.1%
Sep 25, 2023 CVE-2023-41993 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
24.2%
Sep 14, 2023 CVE-2023-26369 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
0.8%
Sep 13, 2023 CVE-2023-4863 Google Chromium WebP
browser smb essential
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulne…
93.3%
Sep 12, 2023 CVE-2023-36761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
5.5%
Sep 12, 2023 CVE-2023-36802 Microsoft Streaming Service Proxy
endpoint m365 smb essential
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
75.4%
Sep 11, 2023 CVE-2023-41061 Apple iOS, iPadOS, and watchOS
endpoint mobile smb essential
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code executi…
1.1%
Sep 11, 2023 CVE-2023-41064 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability w…
85.4%
Aug 21, 2023 CVE-2023-26359 Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
79.1%
Aug 9, 2023 CVE-2023-38180 Microsoft .NET Core and Visual Studio
endpoint m365 smb essential
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
0.9%
Jul 26, 2023 CVE-2023-38606 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Kernel Unspecified Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
0.1%
Jul 20, 2023 CVE-2023-29298 Adobe ColdFusion
smb essential
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
94.3%
Jul 20, 2023 CVE-2023-38205 Adobe ColdFusion
smb essential
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
94.3%
Jul 17, 2023 CVE-2023-36884
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leadin…
93.0%
Jul 13, 2023 CVE-2023-37450 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
0.1%
Jul 11, 2023 CVE-2023-32046 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
42.7%
Jul 11, 2023 CVE-2023-32049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
7.7%
Jul 11, 2023 CVE-2023-35311 Microsoft Outlook
endpoint m365 smb essential
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
0.5%
Jul 11, 2023 CVE-2023-36874 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
70.2%
Jun 23, 2023 CVE-2023-32434 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
52.4%
Jun 23, 2023 CVE-2023-32435 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
0.4%
Jun 23, 2023 CVE-2023-32439 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
1.2%
Jun 22, 2023 CVE-2016-0165 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
6.0%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.