Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 81 - 100 of 416
Filters:
Microsoft | Windows CNG Key Isolation Service

CVE-2023-28229

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.

Related CWE: CWE-591

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-04
  • Due Date: 2023-10-25
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28229; https://nvd.nist.gov/vuln/detail/CVE-2023-28229
Apple | Multiple Products

CVE-2023-41991

Apple Multiple Products Improper Certificate Validation Vulnerability: Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-25
  • Due Date: 2023-10-16
Additional Notes
https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41991
Apple | Multiple Products

CVE-2023-41992

Apple Multiple Products Kernel Privilege Escalation Vulnerability: Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.

Related CWE: CWE-754

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-25
  • Due Date: 2023-10-16
Additional Notes
https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931, https://support.apple.com/en-us/HT213932; https://nvd.nist.gov/vuln/detail/CVE-2023-41992
Apple | Multiple Products

CVE-2023-41993

Apple Multiple Products WebKit Code Execution Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-754

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-25
  • Due Date: 2023-10-16
Additional Notes
https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213930; https://nvd.nist.gov/vuln/detail/CVE-2023-41993
Microsoft | Word

CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability: Microsoft Word contains an unspecified vulnerability that allows for information disclosure.

Related CWE: CWE-668

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-12
  • Due Date: 2023-10-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761; https://nvd.nist.gov/vuln/detail/CVE-2023-36761
Microsoft | Streaming Service Proxy

CVE-2023-36802

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability: Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-12
  • Due Date: 2023-10-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802; https://nvd.nist.gov/vuln/detail/CVE-2023-36802
Apple | iOS, iPadOS, and macOS

CVE-2023-41064

Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability: Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-11
  • Due Date: 2023-10-02
Additional Notes
https://support.apple.com/en-us/HT213905, https://support.apple.com/en-us/HT213906; https://nvd.nist.gov/vuln/detail/CVE-2023-41064
Apple | iOS, iPadOS, and watchOS

CVE-2023-41061

Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability: Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-11
  • Due Date: 2023-10-02
Additional Notes
https://support.apple.com/en-us/HT213905, https://support.apple.com/kb/HT213907; https://nvd.nist.gov/vuln/detail/CVE-2023-41061
Microsoft | .NET Core and Visual Studio

CVE-2023-38180

Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability: Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-08-09
  • Due Date: 2023-08-30
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180; https://nvd.nist.gov/vuln/detail/CVE-2023-38180
Apple | Multiple Products

CVE-2023-38606

Apple Multiple Products Kernel Unspecified Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-07-26
  • Due Date: 2023-08-16
Additional Notes
https://support.apple.com/en-us/HT213841, https://support.apple.com/en-us/HT213842, https://support.apple.com/en-us/HT213843,https://support.apple.com/en-us/HT213844,https://support.apple.com/en-us/HT213845,https://support.apple.com/en-us/HT213846,https://support.apple.com/en-us/HT213848 ; https://nvd.nist.gov/vuln/detail/CVE-2023-38606
Microsoft | Windows

CVE-2023-36884

Microsoft Windows Search Remote Code Execution Vulnerability: Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-07-17
  • Due Date: 2023-08-29
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884; https://nvd.nist.gov/vuln/detail/CVE-2023-36884
Apple | Multiple Products

CVE-2023-37450

Apple Multiple Products WebKit Code Execution Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-13
  • Due Date: 2023-08-03
Additional Notes
https://support.apple.com/en-us/HT213826, https://support.apple.com/en-us/HT213841, https://support.apple.com/en-us/HT213843, https://support.apple.com/en-us/HT213846, https://support.apple.com/en-us/HT213848; https://nvd.nist.gov/vuln/detail/CVE-2023-37450
Microsoft | Windows

CVE-2023-36874

Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability: Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874; https://nvd.nist.gov/vuln/detail/CVE-2023-36874
Microsoft | Windows

CVE-2023-32046

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046; https://nvd.nist.gov/vuln/detail/CVE-2023-32046
Microsoft | Outlook

CVE-2023-35311

Microsoft Outlook Security Feature Bypass Vulnerability: Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311; https://nvd.nist.gov/vuln/detail/CVE-2023-35311
Microsoft | Windows

CVE-2023-32049

Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049; https://nvd.nist.gov/vuln/detail/CVE-2023-32049
Apple | Multiple Products

CVE-2023-32434

Apple Multiple Products Integer Overflow Vulnerability: Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-23
  • Due Date: 2023-07-14
Additional Notes
https://support.apple.com/en-us/HT213808, https://support.apple.com/en-us/HT213812, https://support.apple.com/en-us/HT213809, https://support.apple.com/en-us/HT213810, https://support.apple.com/en-us/HT213813, https://support.apple.com/en-us/HT213811, https://support.apple.com/en-us/HT213814; https://nvd.nist.gov/vuln/detail/CVE-2023-32434
Apple | Multiple Products

CVE-2023-32435

Apple Multiple Products WebKit Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-23
  • Due Date: 2023-07-14
Additional Notes
https://support.apple.com/en-us/HT213670, https://support.apple.com/en-us/HT213671, https://support.apple.com/en-us/HT213676, https://support.apple.com/en-us/HT213811; https://nvd.nist.gov/vuln/detail/CVE-2023-32435
Apple | Multiple Products

CVE-2023-32439

Apple Multiple Products WebKit Type Confusion Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-23
  • Due Date: 2023-07-14
Additional Notes
https://support.apple.com/en-us/HT213813, https://support.apple.com/en-us/HT213811, https://support.apple.com/en-us/HT213814, https://support.apple.com/en-us/HT213816; https://nvd.nist.gov/vuln/detail/CVE-2023-32439

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now