Vulnérabilités activement exploitées (KEV CISA)
36 entrées
| CVE | Sévérité | KEV | Publié | Description |
|---|---|---|---|---|
| CVE-2023-41974 | N/A | KEV | Indexé via Apple Security Releases — métadonnées NVD à venir. | |
| CVE-2023-43000 | N/A | KEV | Indexé via Apple Security Releases — métadonnées NVD à venir. | |
| CVE-2026-21385 | N/A | KEV | Indexé via Android Security Bulletin — métadonnées NVD à venir. | |
| CVE-2025-14174 | N/A | KEV | Indexé via Apple Security Releases — métadonnées NVD à venir. | |
| CVE-2025-43529 | N/A | KEV | Indexé via Apple Security Releases — métadonnées NVD à venir. | |
| CVE-2026-20700 | N/A | KEV | Indexé via Apple Security Releases — métadonnées NVD à venir. | |
| CVE-2025-14611 | CRITICAL 9.8 | KEV | Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades secur… | |
| CVE-2025-48633 | N/A | KEV | Indexé via Android Security Bulletin — métadonnées NVD à venir. | |
| CVE-2025-48572 | N/A | KEV | Indexé via Android Security Bulletin — métadonnées NVD à venir. | |
| CVE-2025-12480 | CRITICAL 9.1 | KEV | Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is com… | |
| CVE-2025-11371 | HIGH 7.5 | KEV | In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended… | |
| CVE-2025-55177 | MEDIUM 5.4 | KEV | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsAp… | |
| CVE-2025-8088 | HIGH 8.8 | KEV | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This… | |
| CVE-2025-48384 | HIGH 8.0 | KEV | Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to int… | |
| CVE-2025-6218 | HIGH 7.8 | KEV | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected install… | |
| CVE-2025-32756 | CRITICAL 9.8 | KEV | A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 … | |
| CVE-2025-0411 | HIGH 7.0 | KEV | 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installat… | |
| CVE-2024-9680 | CRITICAL 9.8 | KEV | An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulner… | |
| CVE-2024-39891 | MEDIUM 5.3 | KEV | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-numb… | |
| CVE-2023-5217 | HIGH 8.8 | KEV | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap… | |
| CVE-2023-4863 | HIGH 8.8 | KEV | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write v… | |
| CVE-2023-38831 | HIGH 7.8 | KEV | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because … | |
| CVE-2022-26486 | CRITICAL 9.6 | KEV | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abu… | |
| CVE-2022-26485 | HIGH 8.8 | KEV | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. Th… | |
| CVE-2021-44228 | CRITICAL 10.0 | KEV | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameter… | |
| CVE-2020-6819 | HIGH 8.1 | KEV | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abu… | |
| CVE-2020-6820 | HIGH 8.1 | KEV | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing thi… | |
| CVE-2019-17026 | HIGH 8.8 | KEV | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild a… | |
| CVE-2019-18426 | HIGH 8.2 | KEV | A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and l… | |
| CVE-2019-11707 | HIGH 8.8 | KEV | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware… | |
| CVE-2019-11708 | CRITICAL 10.0 | KEV | Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process op… | |
| CVE-2018-20250 | HIGH 7.8 | KEV | In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When… | |
| CVE-2016-9079 | HIGH 7.5 | KEV | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox a… | |
| CVE-2013-1690 | HIGH 8.8 | KEV | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadyst… | |
| CVE-2013-1675 | MEDIUM 6.5 | KEV | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data … | |
| CVE-2010-3765 | CRITICAL 9.8 | KEV | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when Ja… |