Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1–30 of 117 CVEs · Page 1 of 4 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jun 9, 2026 CVE-2026-11645 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerabi…
8.8 5.5%
Apr 1, 2026 CVE-2026-5281 Google Dawn
browser smb essential
Google Dawn Use-After-Free Vulnerability
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.…
0.9%
Mar 13, 2026 CVE-2026-3909 Google Skia
browser smb essential
Google Skia Out-of-Bounds Write Vulnerability
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability aff…
0.5%
Mar 13, 2026 CVE-2026-3910 Google Chromium V8
browser smb essential
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code i…
3.2%
Feb 17, 2026 CVE-2026-2441 Google Chromium
browser smb essential
Google Chromium CSS Use-After-Free Vulnerability
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability c…
23.1%
Dec 15, 2025 CVE-2025-43529 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This…
0.2%
Dec 12, 2025 CVE-2025-14174 Google Chromium
browser smb essential
Google Chromium Out of Bounds Memory Access Vulnerability
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. T…
0.3%
Nov 19, 2025 CVE-2025-13223 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
2.9%
Oct 6, 2025 CVE-2010-3765 Mozilla Multiple Products
browser smb essential
Mozilla Multiple Products Remote Code Execution Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors rel…
86.8%
Sep 23, 2025 CVE-2025-10585 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
2.1%
Jul 22, 2025 CVE-2025-6558 Google Chromium
browser smb essential
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via …
0.3%
Jul 2, 2025 CVE-2025-6554 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could aff…
1.6%
Jun 5, 2025 CVE-2025-5419 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This v…
3.8%
Mar 27, 2025 CVE-2025-2783 Google Chromium Mojo
browser smb essential
Google Chromium Mojo Sandbox Escape Vulnerability
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances…
44.0%
Mar 13, 2025 CVE-2025-24201 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Conten…
0.2%
Oct 15, 2024 CVE-2024-9680
Ransomware
Mozilla Firefox
browser smb essential
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
30.8%
Aug 28, 2024 CVE-2024-7965 Google Chromium V8
browser smb essential
Google Chromium V8 Inappropriate Implementation Vulnerability
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulner…
22.8%
Aug 26, 2024 CVE-2024-7971 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multip…
1.9%
May 28, 2024 CVE-2024-5274 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web brow…
6.6%
May 20, 2024 CVE-2024-4947 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
1.1%
May 16, 2024 CVE-2024-4761 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that util…
3.0%
May 13, 2024 CVE-2024-4671 Google Chromium
browser smb essential
Google Chromium Visuals Use-After-Free Vulnerability
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect m…
0.6%
Feb 6, 2024 CVE-2023-4762 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web brow…
55.8%
Jan 23, 2024 CVE-2024-23222 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnera…
0.6%
Jan 17, 2024 CVE-2024-0519 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This …
0.2%
Jan 2, 2024 CVE-2023-7024 Google Chromium WebRTC
browser smb essential
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to …
3.1%
Dec 4, 2023 CVE-2023-42916 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. Th…
0.1%
Dec 4, 2023 CVE-2023-42917 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerabil…
0.1%
Nov 30, 2023 CVE-2023-6345 Google Chromium Skia
browser smb essential
Google Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
1.3%
Oct 2, 2023 CVE-2023-5217 Google Chromium libvpx
browser smb essential
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …
5.0%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.