Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Oct 10, 2023 | CVE-2023-36563 | Microsoft WordPad |
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.
|
— | 2.8% |
| Oct 10, 2023 | CVE-2023-41763 | Microsoft Skype for Business |
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.
|
— | 16.5% |
| Oct 5, 2023 |
CVE-2023-22515
Ransomware |
Atlassian Confluence Data Center and Server |
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and acc…
|
— | 94.4% |
| Oct 5, 2023 | CVE-2023-42824 | Apple iOS and iPadOS |
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.0% |
| Oct 4, 2023 | CVE-2023-28229 | Microsoft Windows CNG Key Isolation Service |
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privilege…
|
— | 8.6% |
| Oct 2, 2023 | CVE-2023-5217 | Google Chromium libvpx |
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
|
— | 5.0% |
| Sep 25, 2023 | CVE-2023-41991 | Apple Multiple Products |
Apple Multiple Products Improper Certificate Validation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
|
— | 3.9% |
| Sep 25, 2023 | CVE-2023-41992 | Apple Multiple Products |
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
|
— | 1.1% |
| Sep 25, 2023 | CVE-2023-41993 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 24.2% |
| Sep 14, 2023 | CVE-2023-26369 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
|
— | 0.8% |
| Sep 13, 2023 | CVE-2023-4863 | Google Chromium WebP |
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulne…
|
— | 93.3% |
| Sep 12, 2023 | CVE-2023-36761 | Microsoft Word |
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure.
|
— | 5.5% |
| Sep 12, 2023 | CVE-2023-36802 | Microsoft Streaming Service Proxy |
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
|
— | 75.4% |
| Sep 11, 2023 | CVE-2023-41061 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code executi…
|
— | 1.1% |
| Sep 11, 2023 | CVE-2023-41064 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability w…
|
— | 85.4% |
| Aug 21, 2023 | CVE-2023-26359 | Adobe ColdFusion |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
|
— | 79.1% |
| Aug 9, 2023 | CVE-2023-38180 | Microsoft .NET Core and Visual Studio |
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
|
— | 0.9% |
| Jul 26, 2023 | CVE-2023-38606 | Apple Multiple Products |
Apple Multiple Products Kernel Unspecified Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.
|
— | 0.1% |
| Jul 20, 2023 | CVE-2023-29298 | Adobe ColdFusion |
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
|
— | 94.3% |
| Jul 20, 2023 | CVE-2023-38205 | Adobe ColdFusion |
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
|
— | 94.3% |
| Jul 17, 2023 |
CVE-2023-36884
Ransomware |
Microsoft Windows |
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leadin…
|
— | 93.0% |
| Jul 13, 2023 | CVE-2023-37450 | Apple Multiple Products |
Apple Multiple Products WebKit Code Execution Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability c…
|
— | 0.1% |
| Jul 11, 2023 | CVE-2023-32046 | Microsoft Windows |
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
|
— | 42.7% |
| Jul 11, 2023 | CVE-2023-32049 | Microsoft Windows |
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
|
— | 7.7% |
| Jul 11, 2023 | CVE-2023-35311 | Microsoft Outlook |
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
|
— | 0.5% |
| Jul 11, 2023 | CVE-2023-36874 | Microsoft Windows |
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 70.2% |
| Jun 23, 2023 | CVE-2023-32434 | Apple Multiple Products |
Apple Multiple Products Integer Overflow Vulnerability
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
|
— | 52.4% |
| Jun 23, 2023 | CVE-2023-32435 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
|
— | 0.4% |
| Jun 23, 2023 | CVE-2023-32439 | Apple Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
|
— | 1.2% |
| Jun 22, 2023 | CVE-2016-0165 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.0% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.