Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 211–240 of 667 CVEs · Page 8 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jun 22, 2023 CVE-2016-9079 Mozilla Firefox, Firefox ESR, and Thunderbird
browser smb essential
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
84.8%
Jun 7, 2023 CVE-2023-3079 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
1.7%
May 22, 2023 CVE-2023-28204 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted …
0.1%
May 22, 2023 CVE-2023-32373 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. Thi…
0.0%
May 22, 2023 CVE-2023-32409 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vuln…
0.3%
May 9, 2023 CVE-2023-29336 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32K Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
76.7%
Apr 21, 2023 CVE-2023-2136 Google Chromium Skia
browser smb essential
Google Chrome Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
0.4%
Apr 17, 2023 CVE-2019-8526 Apple macOS
endpoint mobile smb essential
Apple macOS Use-After-Free Vulnerability
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
0.2%
Apr 17, 2023 CVE-2023-2033 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
22.8%
Apr 11, 2023 CVE-2023-28252
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
61.6%
Apr 10, 2023 CVE-2023-28205 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
0.1%
Apr 10, 2023 CVE-2023-28206 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
21.6%
Apr 7, 2023 CVE-2019-1388
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
8.0%
Mar 30, 2023 CVE-2013-3163 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
84.6%
Mar 30, 2023 CVE-2021-30900 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
0.5%
Mar 30, 2023 CVE-2022-3038 Google Chromium Network Service
browser smb essential
Google Chromium Network Service Use-After-Free Vulnerability
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
36.0%
Mar 15, 2023 CVE-2023-26360 Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
94.3%
Mar 14, 2023 CVE-2023-23397 Microsoft Office
endpoint m365 smb essential
Microsoft Office Outlook Privilege Escalation Vulnerability
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
93.4%
Mar 14, 2023 CVE-2023-24880
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malici…
74.6%
Feb 14, 2023 CVE-2023-21715 Microsoft Office
endpoint m365 smb essential
Microsoft Office Publisher Security Feature Bypass Vulnerability
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
0.5%
Feb 14, 2023 CVE-2023-21823 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.
2.3%
Feb 14, 2023 CVE-2023-23376
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
15.2%
Feb 14, 2023 CVE-2023-23529 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability …
0.1%
Feb 10, 2023 CVE-2015-2291
Ransomware
Intel Ethernet Diagnostics Driver for Windows
endpoint smb essential
Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).
5.6%
Jan 10, 2023 CVE-2022-41080
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote …
93.8%
Jan 10, 2023 CVE-2023-21674 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
19.7%
Dec 14, 2022 CVE-2022-42856 Apple iOS
endpoint mobile smb essential
Apple iOS Type Confusion Vulnerability
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
0.2%
Dec 13, 2022 CVE-2022-44698
Ransomware
Microsoft Defender
endpoint m365 smb essential
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malic…
67.2%
Dec 5, 2022 CVE-2022-4262 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
8.6%
Nov 28, 2022 CVE-2022-4135 Google Chromium GPU
browser smb essential
Google Chromium GPU Heap Buffer Overflow Vulnerability
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape …
0.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.