Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 22, 2023 | CVE-2016-9079 | Mozilla Firefox, Firefox ESR, and Thunderbird |
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
|
— | 84.8% |
| Jun 7, 2023 | CVE-2023-3079 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 1.7% |
| May 22, 2023 | CVE-2023-28204 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted …
|
— | 0.1% |
| May 22, 2023 | CVE-2023-32373 | Apple Multiple Products |
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. Thi…
|
— | 0.0% |
| May 22, 2023 | CVE-2023-32409 | Apple Multiple Products |
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vuln…
|
— | 0.3% |
| May 9, 2023 | CVE-2023-29336 | Microsoft Win32k |
Microsoft Win32K Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
|
— | 76.7% |
| Apr 21, 2023 | CVE-2023-2136 | Google Chromium Skia |
Google Chrome Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
|
— | 0.4% |
| Apr 17, 2023 | CVE-2019-8526 | Apple macOS |
Apple macOS Use-After-Free Vulnerability
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
|
— | 0.2% |
| Apr 17, 2023 | CVE-2023-2033 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 22.8% |
| Apr 11, 2023 |
CVE-2023-28252
Ransomware |
Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
|
— | 61.6% |
| Apr 10, 2023 | CVE-2023-28205 | Apple Multiple Products |
Apple Multiple Products WebKit Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability…
|
— | 0.1% |
| Apr 10, 2023 | CVE-2023-28206 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
|
— | 21.6% |
| Apr 7, 2023 |
CVE-2019-1388
Ransomware |
Microsoft Windows |
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
|
— | 8.0% |
| Mar 30, 2023 | CVE-2013-3163 | Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
|
— | 84.6% |
| Mar 30, 2023 | CVE-2021-30900 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
|
— | 0.5% |
| Mar 30, 2023 | CVE-2022-3038 | Google Chromium Network Service |
Google Chromium Network Service Use-After-Free Vulnerability
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 36.0% |
| Mar 15, 2023 | CVE-2023-26360 | Adobe ColdFusion |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
|
— | 94.3% |
| Mar 14, 2023 | CVE-2023-23397 | Microsoft Office |
Microsoft Office Outlook Privilege Escalation Vulnerability
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
|
— | 93.4% |
| Mar 14, 2023 |
CVE-2023-24880
Ransomware |
Microsoft Windows |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malici…
|
— | 74.6% |
| Feb 14, 2023 | CVE-2023-21715 | Microsoft Office |
Microsoft Office Publisher Security Feature Bypass Vulnerability
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
|
— | 0.5% |
| Feb 14, 2023 | CVE-2023-21823 | Microsoft Windows |
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.
|
— | 2.3% |
| Feb 14, 2023 |
CVE-2023-23376
Ransomware |
Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
|
— | 15.2% |
| Feb 14, 2023 | CVE-2023-23529 | Apple Multiple Products |
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability …
|
— | 0.1% |
| Feb 10, 2023 |
CVE-2015-2291
Ransomware |
Intel Ethernet Diagnostics Driver for Windows |
Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).
|
— | 5.6% |
| Jan 10, 2023 |
CVE-2022-41080
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote …
|
— | 93.8% |
| Jan 10, 2023 | CVE-2023-21674 | Microsoft Windows |
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
|
— | 19.7% |
| Dec 14, 2022 | CVE-2022-42856 | Apple iOS |
Apple iOS Type Confusion Vulnerability
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
|
— | 0.2% |
| Dec 13, 2022 |
CVE-2022-44698
Ransomware |
Microsoft Defender |
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malic…
|
— | 67.2% |
| Dec 5, 2022 | CVE-2022-4262 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 8.6% |
| Nov 28, 2022 | CVE-2022-4135 | Google Chromium GPU |
Google Chromium GPU Heap Buffer Overflow Vulnerability
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape …
|
— | 0.1% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.