CISA – Known Exploited Vulnerabilities Catalog

Name	Heat 7d	Software	Exploit Code Maturity	Attack Complexity
CVE-2023-41991		macOS	High	High
CVE-2023-41992		macOS	High	Low
CVE-2023-41993		macOS	High	Low
CVE-2023-41179		Worry-Free Busi…	Not Defined	Low
CVE-2020-16009		Google Chrome	Not Defined	–

CISA Alerts & Advisories

Active Exploitation & Zero-Days

Name	Heat 7d	Software	Exploit Code Maturity	Attack Complexity
CVE-2023-41991		macOS	High	High
CVE-2023-41992		macOS	High	Low
CVE-2023-41993		macOS	High	Low
CVE-2023-42753		Linux Kernel	Proof-of-Concept	Low
CVE-2023-5154		D-Link DAR-8000	Proof-of-Concept	Low

High Priority Vulnerabilities

Name	Heat 7d	Software	Base Score	Temp Score
CVE-2023-29357		SharePoint Server	9.8	8.5
Related: Microsoft SharePoint Server Elevation of Privilege Vulnerability Exploit (CVE-2023-29357)
CVE-2019-18935		Argus Safety	9.8	9.8
Related: New Silent Skimmer Campaign Hits Payment Firms in APAC and NALA Regions
CVE-2023-41265		Qlik Sense Enterprise	6.3	6.0
Related: Bypass identified for patched remote code execution flaw in Qlik Sense Enterprise
CVE-2023-42793		TeamCity	7.3	7.0
Related: In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover
CVE-2022-0543		Redis	6.3	6.3
Related: Experts warn of a 600X increase in P2Pinfect traffic

Open Source vs Deep & Dark Web Mentions

Compares mentions of exploited vulnerabilities across open-source reporting and deep and dark web data.

Critical zero-day in WebP has widespread impact

A zero-day vulnerability in WebP, initially believed to affect Google Chrome, has since been found to affect multiple other products, software, and operating systems that incorporate Electron, including Mozilla Firefox and Apple. The vulnerability has been assigned a new CVE identifier and a maximum severity rating.

The flaw has been linked to the BLASTPASS zero-click iMessage exploit chain, which is used to deliver Pegasus spyware to fully patched iPhones for espionage purposes.