LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE · CISA KEV

Known Exploited
Vulnerabilities.

Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.

CVE-2025-14733 added 2025-12-19
WatchGuard Firebox Out of Bounds Write Vulnerability
WatchGuard Firebox
CVE-2025-59374 added 2025-12-17
ASUS Live Update Embedded Malicious Code Vulnerability
ASUS Live Update
CVE-2025-40602 added 2025-12-17
SonicWall SMA1000 Missing Authorization Vulnerability
SonicWall SMA1000 appliance
CVE-2025-20393 added 2025-12-17
Cisco Multiple Products Improper Input Validation Vulnerability
Cisco Multiple Products
CVE-2025-59718 added 2025-12-16
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
Fortinet Multiple Products
CVE-2025-14611 added 2025-12-15
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
Gladinet CentreStack and Triofox
CVE-2025-43529 added 2025-12-15
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple Multiple Products
CVE-2018-4063 added 2025-12-12
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
Sierra Wireless AirLink ALEOS
CVE-2025-14174 added 2025-12-12
Google Chromium Out of Bounds Memory Access Vulnerability
Google Chromium
CVE-2025-58360 added 2025-12-11
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
OSGeo GeoServer
CVE-2025-6218 added 2025-12-09
RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR
CVE-2025-62221 added 2025-12-09
Microsoft Windows Use After Free Vulnerability
Microsoft Windows
CVE-2022-37055 added 2025-12-08
D-Link Routers Buffer Overflow Vulnerability
D-Link Routers
CVE-2025-66644 added 2025-12-08
Array Networks ArrayOS AG OS Command Injection Vulnerability
Array Networks ArrayOS AG
CVE-2025-55182 added 2025-12-05 RANSOMWARE
Meta React Server Components Remote Code Execution Vulnerability
Meta React Server Components
CVE-2021-26828 added 2025-12-03
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability
OpenPLC ScadaBR
CVE-2025-48633 added 2025-12-02
Android Framework Information Disclosure Vulnerability
Android Framework
CVE-2025-48572 added 2025-12-02
Android Framework Privilege Escalation Vulnerability
Android Framework
CVE-2021-26829 added 2025-11-28
OpenPLC ScadaBR Cross-site Scripting Vulnerability
OpenPLC ScadaBR
CVE-2025-61757 added 2025-11-21
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
Oracle Fusion Middleware
CVE-2025-13223 added 2025-11-19
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8
CVE-2025-58034 added 2025-11-18
Fortinet FortiWeb OS Command Injection Vulnerability
Fortinet FortiWeb
CVE-2025-64446 added 2025-11-14
Fortinet FortiWeb Path Traversal Vulnerability
Fortinet FortiWeb
CVE-2025-12480 added 2025-11-12
Gladinet Triofox Improper Access Control Vulnerability
Gladinet Triofox
CVE-2025-62215 added 2025-11-12
Microsoft Windows Race Condition Vulnerability
Microsoft Windows
CVE-2025-9242 added 2025-11-12
WatchGuard Firebox Out-of-Bounds Write Vulnerability
WatchGuard Firebox
CVE-2025-21042 added 2025-11-10
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung Mobile Devices
CVE-2025-48703 added 2025-11-04
CWP Control Web Panel OS Command Injection Vulnerability
CWP Control Web Panel
CVE-2025-11371 added 2025-11-04
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
Gladinet CentreStack and Triofox
CVE-2025-41244 added 2025-10-30
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
Broadcom VMware Aria Operations and VMware Tools
CVE-2025-24893 added 2025-10-30
XWiki Platform Eval Injection Vulnerability
XWiki Platform
CVE-2025-6204 added 2025-10-28
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability
Dassault Systèmes DELMIA Apriso
CVE-2025-6205 added 2025-10-28
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability
Dassault Systèmes DELMIA Apriso
CVE-2025-54236 added 2025-10-24
Adobe Commerce and Magento Improper Input Validation Vulnerability
Adobe Commerce and Magento
CVE-2025-59287 added 2025-10-24
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Microsoft Windows
CVE-2025-61932 added 2025-10-22
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability
Motex LANSCOPE Endpoint Manager
CVE-2022-48503 added 2025-10-20
Apple Multiple Products Unspecified Vulnerability
Apple Multiple Products
CVE-2025-2746 added 2025-10-20
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS
CVE-2025-2747 added 2025-10-20
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS
CVE-2025-33073 added 2025-10-20
Microsoft Windows SMB Client Improper Access Control Vulnerability
Microsoft Windows
CVE-2025-61884 added 2025-10-20 RANSOMWARE
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
Oracle E-Business Suite
CVE-2025-54253 added 2025-10-15
Adobe Experience Manager Forms Code Execution Vulnerability
Adobe Experience Manager (AEM) Forms
CVE-2025-47827 added 2025-10-14
IGEL OS Use of a Key Past its Expiration Date Vulnerability
IGEL IGEL OS
CVE-2025-24990 added 2025-10-14
Microsoft Windows Untrusted Pointer Dereference Vulnerability
Microsoft Windows
CVE-2025-59230 added 2025-10-14
Microsoft Windows Improper Access Control Vulnerability
Microsoft Windows
CVE-2016-7836 added 2025-10-14
SKYSEA Client View Improper Authentication Vulnerability
SKYSEA Client View
CVE-2021-43798 added 2025-10-09
Grafana Path Traversal Vulnerability
Grafana Labs Grafana
CVE-2025-27915 added 2025-10-07
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2021-22555 added 2025-10-06
Linux Kernel Heap Out-of-Bounds Write Vulnerability
Linux Kernel
CVE-2010-3962 added 2025-10-06
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Microsoft Internet Explorer
CVE-2021-43226 added 2025-10-06
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows
CVE-2013-3918 added 2025-10-06
Microsoft Windows Out-of-Bounds Write Vulnerability
Microsoft Windows
CVE-2011-3402 added 2025-10-06
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows
CVE-2010-3765 added 2025-10-06
Mozilla Multiple Products Remote Code Execution Vulnerability
Mozilla Multiple Products
CVE-2025-61882 added 2025-10-06 RANSOMWARE
Oracle E-Business Suite Unspecified Vulnerability
Oracle E-Business Suite
CVE-2014-6278 added 2025-10-02
GNU Bash OS Command Injection Vulnerability
GNU GNU Bash
CVE-2017-1000353 added 2025-10-02
Jenkins Remote Code Execution Vulnerability
Jenkins Jenkins
CVE-2015-7755 added 2025-10-02
Juniper ScreenOS Improper Authentication Vulnerability
Juniper ScreenOS
CVE-2025-21043 added 2025-10-02
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung Mobile Devices
CVE-2025-4008 added 2025-10-02
Smartbedded Meteobridge Command Injection Vulnerability
Smartbedded Meteobridge
← Prev Page 3 of 27 Next →
Scroll to Top