Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Known Exploited Vulnerabilities Catalog
Share:

Filters

  • Accellion
  • Qlik
  • CrushFTP
  • OSGeo
  • ServiceNow
  • Dahua
  • PTZOptics
  • CyberPersons
  • Cleo
  • Reolink
  • NUUO
  • BeyondTrust
  • Paessler
  • Hitachi Vantara
  • Advantive
  • Commvault
  • GeoVision
  • Unitronics
  • FXC
  • Spreadsheet::ParseExcel
  • Joomla!
  • ConnectWise
  • Sunhillo
  • Nice
  • NextGen Healthcare
  • Justice AV Solutions
  • Check Point
  • PHP Group
  • Twilio
  • (-) Remove filterAcronis
  • Versa
  • Kingsoft
  • ScienceLogic
  • Nostromo
  • Metabase
  • Array Networks
  • North Grid
  • ProjectSend
  • Acclaim Systems
  • JQuery
  • Audinate
  • 7-Zip
  • Trimble
  • SimpleHelp
  • Craft CMS
  • tj-actions
  • NAKIVO
  • Edimax
  • reviewdog
  • Gladinet
  • Broadcom
  • Qualitia
  • Yiiframework
  • Langflow
  • FreeType
  • ownCloud
  • Adobe
  • Alcatel
  • Amcrest
  • Android
  • Apache
  • (-) Remove filterApple
  • Arcadyan
  • Arcserve
  • Arm
  • Artifex
  • Atlassian
  • Aviatrix
  • Barracuda Networks
  • BQE
  • Cacti
  • ChakraCore
  • Checkbox
  • Cisco
  • Citrix
  • Code Aurora
  • Crestron
  • CWP
  • D-Link
  • D-Link and TRENDnet
  • Dasan
  • Dell
  • Delta Electronics
  • Docker
  • dotCMS
  • DotNetNuke (DNN)
  • DrayTek
  • Drupal
  • Elastic
  • Embedthis
  • Exim
  • EyesOfNetwork
  • F5
  • FatPipe
  • ForgeRock
  • Fortinet
  • Fortra
  • Fuel CMS
  • GIGABYTE
  • GitLab
  • GNU
  • Google
  • Grafana Labs
  • Grandstream
  • Hewlett Packard (HP)
  • Hikvision
  • IBM
  • IETF
  • Ignite Realtime
  • ImageMagick
  • InduSoft
  • Intel
  • Ivanti
  • Jenkins
  • JetBrains
  • Juniper
  • Kaseya
  • Kentico
  • Laravel
  • LG
  • Liferay
  • Linux
  • McAfee
  • MediaTek
  • Meta Platforms
  • Micro Focus
  • Microsoft
  • (-) Remove filterMikroTik
  • MinIO
  • Mitel
  • MongoDB
  • Mozilla
  • Nagios
  • NETGEAR
  • Netis
  • Netwrix
  • Novi Survey
  • Npm package
  • October CMS
  • OpenBSD
  • OpenSSL
  • Oracle
  • Palo Alto Networks
  • PaperCut
  • PEAR
  • Perl
  • PHP
  • phpMyAdmin
  • PHPUnit
  • Pi-hole
  • PlaySMS
  • Plex
  • Primetek
  • Progress
  • Pulse Secure
  • QNAP
  • QNAP Systems
  • Qualcomm
  • Quest
  • Rails
  • RARLAB
  • rConfig
  • Realtek
  • Red Hat
  • Redis
  • Rejetto
  • Roundcube
  • Ruckus Wireless
  • SaltStack
  • Samba
  • Samsung
  • SAP
  • Schneider Electric
  • Siemens
  • SIMalliance
  • Sitecore
  • SolarView
  • SolarWinds
  • Sonatype
  • SonicWall
  • Sophos
  • Sudo
  • SugarCRM
  • Sumavision
  • Symantec
  • Synacor
  • SysAid
  • TeamViewer
  • Teclib
  • Telerik
  • Tenda
  • TerraMaster
  • ThinkPHP
  • TIBCO
  • TP-Link
  • Treck TCP/IP stack
  • Trend Micro
  • Trihedral
  • TVT
  • Ubiquiti
  • Unraid
  • vBulletin
  • Veeam
  • Veritas
  • VMware
  • VMware Tanzu
  • WatchGuard
  • WebKitGTK
  • Webmin
  • WebRTC
  • WordPress
  • WSO2
  • XStream
  • Yealink
  • Zabbix
  • ZK Framework
  • Zoho
  • Zyxel
No result
Reset

Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License


Showing 1 - 20 of 85
Filters:
  • (-) Remove filterAcronis
  • (-) Remove filterApple
  • (-) Remove filterMikroTik
  • Clear all filters
Apple | Multiple Products

CVE-2025-31201

Apple Multiple Products Arbitrary Read and Write Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-04-17
  • Due Date: 2025-05-08
Additional Notes
https://support.apple.com/en-us/122282 ; https://support.apple.com/en-us/122400 ; https://support.apple.com/en-us/122401 ; https://support.apple.com/en-us/122402 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31201
Apple | Multiple Products

CVE-2025-31200

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-04-17
  • Due Date: 2025-05-08
Additional Notes
https://support.apple.com/en-us/122282 ; https://support.apple.com/en-us/122400 ; https://support.apple.com/en-us/122401 ; https://support.apple.com/en-us/122402 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31200
Apple | Multiple Products

CVE-2025-24201

Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-13
  • Due Date: 2025-04-03
Additional Notes
https://support.apple.com/en-us/122281 ; https://support.apple.com/en-us/122283 ; https://support.apple.com/en-us/122284 ; https://support.apple.com/en-us/122285 ; ; https://nvd.nist.gov/vuln/detail/CVE-2025-24201
Apple | iOS and iPadOS

CVE-2025-24200

Apple iOS and iPadOS Incorrect Authorization Vulnerability: Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-12
  • Due Date: 2025-03-05
Additional Notes
https://support.apple.com/en-us/122173 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24200
Apple | Multiple Products

CVE-2025-24085

Apple Multiple Products Use-After-Free Vulnerability: Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-29
  • Due Date: 2025-02-19
Additional Notes
https://support.apple.com/en-us/122066 ; https://support.apple.com/en-us/122068 ; https://support.apple.com/en-us/122071 ; https://support.apple.com/en-us/122072 ; https://support.apple.com/en-us/122073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24085
Apple | Multiple Products

CVE-2024-44308

Apple Multiple Products Code Execution Vulnerability: Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-21
  • Due Date: 2024-12-12
Additional Notes
https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44308
Apple | Multiple Products

CVE-2024-44309

Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability: Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-21
  • Due Date: 2024-12-12
Additional Notes
https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44309
Acronis | Cyber Infrastructure (ACI)

CVE-2023-45249

Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability: Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.

Related CWE: CWE-1393

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-29
  • Due Date: 2024-08-19
Additional Notes
https://security-advisory.acronis.com/advisories/SEC-6452; https://nvd.nist.gov/vuln/detail/CVE-2023-45249
Apple | Multiple Products

CVE-2024-23225

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-06
  • Due Date: 2024-03-27
Additional Notes
https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214083, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214085, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214087, https://support.apple.com/en-us/HT214088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23225
Apple | Multiple Products

CVE-2024-23296

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-06
  • Due Date: 2024-03-27
Additional Notes
https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23296
Apple | Multiple Products

CVE-2022-48618

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-31
  • Due Date: 2024-02-21
Additional Notes
https://support.apple.com/en-us/HT213530, https://support.apple.com/en-us/HT213532, https://support.apple.com/en-us/HT213535, https://support.apple.com/en-us/HT213536; https://nvd.nist.gov/vuln/detail/CVE-2022-48618
Apple | Multiple Products

CVE-2024-23222

Apple Multiple Products WebKit Type Confusion Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-23
  • Due Date: 2024-02-13
Additional Notes
https://support.apple.com/en-us/HT214055, https://support.apple.com/en-us/HT214056, https://support.apple.com/en-us/HT214057, https://support.apple.com/en-us/HT214058, https://support.apple.com/en-us/HT214059, https://support.apple.com/en-us/HT214061, https://support.apple.com/en-us/HT214063 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23222
Apple | Multiple Products

CVE-2023-41990

Apple Multiple Products Code Execution Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-08
  • Due Date: 2024-01-29
Additional Notes
https://support.apple.com/en-us/HT213599, https://support.apple.com/en-us/HT213601, https://support.apple.com/en-us/HT213605, https://support.apple.com/en-us/HT213606, https://support.apple.com/en-us/HT213842, https://support.apple.com/en-us/HT213844, https://support.apple.com/en-us/HT213845 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41990
Apple | Multiple Products

CVE-2023-42916

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-04
  • Due Date: 2023-12-25
Additional Notes
https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-42916
Apple | Multiple Products

CVE-2023-42917

Apple Multiple Products WebKit Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-04
  • Due Date: 2023-12-25
Additional Notes
https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-42917
Apple | iOS and iPadOS

CVE-2023-42824

Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability: Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-05
  • Due Date: 2023-10-26
Additional Notes
https://support.apple.com/en-us/HT213961; https://nvd.nist.gov/vuln/detail/CVE-2023-42824
Apple | Multiple Products

CVE-2023-41991

Apple Multiple Products Improper Certificate Validation Vulnerability: Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-25
  • Due Date: 2023-10-16
Additional Notes
https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41991
Apple | Multiple Products

CVE-2023-41993

Apple Multiple Products WebKit Code Execution Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-754

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-25
  • Due Date: 2023-10-16
Additional Notes
https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213930; https://nvd.nist.gov/vuln/detail/CVE-2023-41993
Apple | Multiple Products

CVE-2023-41992

Apple Multiple Products Kernel Privilege Escalation Vulnerability: Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.

Related CWE: CWE-754

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-25
  • Due Date: 2023-10-16
Additional Notes
https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931, https://support.apple.com/en-us/HT213932; https://nvd.nist.gov/vuln/detail/CVE-2023-41992
Apple | iOS, iPadOS, and macOS

CVE-2023-41064

Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability: Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-11
  • Due Date: 2023-10-02
Additional Notes
https://support.apple.com/en-us/HT213905, https://support.apple.com/en-us/HT213906; https://nvd.nist.gov/vuln/detail/CVE-2023-41064
  • Currently on page 1
  • Page 2
  • Page 3
  • Page 4
  • Page 5
  • Go to next pageNext
  • Go to last pageLast

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback