CVE DATABASE · CISA KEV
Known Exploited
Vulnerabilities.
Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.
CVE-2025-32463
added 2025-09-29
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
Sudo Sudo
CVE-2025-59689
added 2025-09-29
Libraesva Email Security Gateway Command Injection Vulnerability
Libraesva Email Security Gateway
CVE-2025-10035
added 2025-09-29
RANSOMWARE
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
Fortra GoAnywhere MFT
CVE-2025-20352
added 2025-09-29
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Cisco IOS and IOS XE
CVE-2021-21311
added 2025-09-29
Adminer Server-Side Request Forgery Vulnerability
Adminer Adminer
CVE-2025-20362
added 2025-09-25
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
CVE-2025-20333
added 2025-09-25
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
CVE-2025-10585
added 2025-09-23
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8
CVE-2025-5086
added 2025-09-11
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability
Dassault Systèmes DELMIA Apriso
CVE-2025-38352
added 2025-09-04
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
Linux Kernel
CVE-2025-48543
added 2025-09-04
Android Runtime Use-After-Free Vulnerability
Android Runtime
CVE-2025-53690
added 2025-09-04
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
Sitecore Multiple Products
CVE-2023-50224
added 2025-09-03
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
TP-Link TL-WR841N
CVE-2025-9377
added 2025-09-03
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
TP-Link Multiple Routers
CVE-2020-24363
added 2025-09-02
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
TP-Link TL-WA855RE
CVE-2025-55177
added 2025-09-02
Meta Platforms WhatsApp Incorrect Authorization Vulnerability
Meta Platforms WhatsApp
CVE-2025-57819
added 2025-08-29
Sangoma FreePBX Authentication Bypass Vulnerability
Sangoma FreePBX
CVE-2025-7775
added 2025-08-26
Citrix NetScaler Memory Overflow Vulnerability
Citrix NetScaler
CVE-2025-48384
added 2025-08-25
Git Link Following Vulnerability
Git Git
CVE-2024-8068
added 2025-08-25
Citrix Session Recording Improper Privilege Management Vulnerability
Citrix Session Recording
CVE-2024-8069
added 2025-08-25
Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Citrix Session Recording
CVE-2025-43300
added 2025-08-21
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS
CVE-2025-54948
added 2025-08-18
Trend Micro Apex One OS Command Injection Vulnerability
Trend Micro Apex One
CVE-2025-8876
added 2025-08-13
N-able N-Central Command Injection Vulnerability
N-able N-Central
CVE-2025-8875
added 2025-08-13
N-able N-Central Insecure Deserialization Vulnerability
N-able N-Central
CVE-2025-8088
added 2025-08-12
RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR
CVE-2007-0671
added 2025-08-12
Microsoft Office Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2013-3893
added 2025-08-12
Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer
CVE-2020-25078
added 2025-08-05
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
D-Link DCS-2530L and DCS-2670L Devices
CVE-2020-25079
added 2025-08-05
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
D-Link DCS-2530L and DCS-2670L Devices
CVE-2022-40799
added 2025-08-05
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
D-Link DNR-322L
CVE-2023-2533
added 2025-07-28
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
PaperCut NG/MF
CVE-2025-20337
added 2025-07-28
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine
CVE-2025-20281
added 2025-07-28
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine
CVE-2025-2775
added 2025-07-22
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid SysAid On-Prem
CVE-2025-2776
added 2025-07-22
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid SysAid On-Prem
CVE-2025-6558
added 2025-07-22
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium
CVE-2025-54309
added 2025-07-22
CrushFTP Unprotected Alternate Channel Vulnerability
CrushFTP CrushFTP
CVE-2025-49704
added 2025-07-22
RANSOMWARE
Microsoft SharePoint Code Injection Vulnerability
Microsoft SharePoint
CVE-2025-49706
added 2025-07-22
RANSOMWARE
Microsoft SharePoint Improper Authentication Vulnerability
Microsoft SharePoint
CVE-2025-53770
added 2025-07-20
RANSOMWARE
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint
CVE-2025-25257
added 2025-07-18
Fortinet FortiWeb SQL Injection Vulnerability
Fortinet FortiWeb
CVE-2025-47812
added 2025-07-14
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
Wing FTP Server Wing FTP Server
CVE-2025-5777
added 2025-07-10
RANSOMWARE
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC and Gateway
CVE-2019-9621
added 2025-07-07
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2019-5418
added 2025-07-07
Rails Ruby on Rails Path Traversal Vulnerability
Rails Ruby on Rails
CVE-2016-10033
added 2025-07-07
PHPMailer Command Injection Vulnerability
PHP PHPMailer
CVE-2014-3931
added 2025-07-07
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Looking Glass Multi-Router Looking Glass (MRLG)
CVE-2025-6554
added 2025-07-02
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8
CVE-2025-48928
added 2025-07-01
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
TeleMessage TM SGNL
CVE-2025-48927
added 2025-07-01
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
TeleMessage TM SGNL
CVE-2025-6543
added 2025-06-30
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and Gateway
CVE-2019-6693
added 2025-06-25
RANSOMWARE
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Fortinet FortiOS
CVE-2024-0769
added 2025-06-25
D-Link DIR-859 Router Path Traversal Vulnerability
D-Link DIR-859 Router
CVE-2024-54085
added 2025-06-25
AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
AMI MegaRAC SPx
CVE-2023-0386
added 2025-06-17
Linux Kernel Improper Ownership Management Vulnerability
Linux Kernel
CVE-2023-33538
added 2025-06-16
TP-Link Multiple Routers Command Injection Vulnerability
TP-Link Multiple Routers
CVE-2025-43200
added 2025-06-16
Apple Multiple Products Unspecified Vulnerability
Apple Multiple Products
CVE-2025-33053
added 2025-06-10
Microsoft Windows External Control of File Name or Path Vulnerability
Microsoft Windows
CVE-2025-24016
added 2025-06-10
Wazuh Server Deserialization of Untrusted Data Vulnerability
Wazuh Wazuh Server