LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE · CISA KEV

Known Exploited
Vulnerabilities.

Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.

CVE-2024-42009 added 2025-06-09
RoundCube Webmail Cross-Site Scripting Vulnerability
Roundcube Webmail
CVE-2025-32433 added 2025-06-09
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Erlang Erlang/OTP
CVE-2025-5419 added 2025-06-05
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8
CVE-2025-21479 added 2025-06-03
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Qualcomm Multiple Chipsets
CVE-2025-21480 added 2025-06-03
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Qualcomm Multiple Chipsets
CVE-2025-27038 added 2025-06-03
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Qualcomm Multiple Chipsets
CVE-2021-32030 added 2025-06-02
ASUS Routers Improper Authentication Vulnerability
ASUS Routers
CVE-2025-3935 added 2025-06-02
ConnectWise ScreenConnect Improper Authentication Vulnerability
ConnectWise ScreenConnect
CVE-2025-35939 added 2025-06-02
Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
Craft CMS Craft CMS
CVE-2024-56145 added 2025-06-02
Craft CMS Code Injection Vulnerability
Craft CMS Craft CMS
CVE-2023-39780 added 2025-06-02
ASUS RT-AX55 Routers OS Command Injection Vulnerability
ASUS RT-AX55 Routers
CVE-2025-4632 added 2025-05-22
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server
CVE-2023-38950 added 2025-05-19
ZKTeco BioTime Path Traversal Vulnerability
ZKTeco BioTime
CVE-2024-27443 added 2025-05-19
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2025-27920 added 2025-05-19
Srimax Output Messenger Directory Traversal Vulnerability
Srimax Output Messenger
CVE-2024-11182 added 2025-05-19
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
MDaemon Email Server
CVE-2025-4428 added 2025-05-19
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM)
CVE-2025-4427 added 2025-05-19
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM)
CVE-2025-42999 added 2025-05-15
SAP NetWeaver Deserialization Vulnerability
SAP NetWeaver
CVE-2024-12987 added 2025-05-15
DrayTek Vigor Routers OS Command Injection Vulnerability
DrayTek Vigor Routers
CVE-2025-32756 added 2025-05-14
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Fortinet Multiple Products
CVE-2025-32709 added 2025-05-13
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Microsoft Windows
CVE-2025-30397 added 2025-05-13
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Microsoft Windows
CVE-2025-32706 added 2025-05-13
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows
CVE-2025-32701 added 2025-05-13
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows
CVE-2025-30400 added 2025-05-13
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Microsoft Windows
CVE-2025-47729 added 2025-05-12
TeleMessage TM SGNL Hidden Functionality Vulnerability
TeleMessage TM SGNL
CVE-2024-11120 added 2025-05-07
GeoVision Devices OS Command Injection Vulnerability
GeoVision Multiple Devices
CVE-2024-6047 added 2025-05-07
GeoVision Devices OS Command Injection Vulnerability
GeoVision Multiple Devices
CVE-2025-27363 added 2025-05-06
FreeType Out-of-Bounds Write Vulnerability
FreeType FreeType
CVE-2025-3248 added 2025-05-05
Langflow Missing Authentication Vulnerability
Langflow Langflow
CVE-2025-34028 added 2025-05-02
Commvault Command Center Path Traversal Vulnerability
Commvault Command Center
CVE-2024-58136 added 2025-05-02
Yiiframework Yii Improper Protection of Alternate Path Vulnerability
Yiiframework Yii
CVE-2024-38475 added 2025-05-01
Apache HTTP Server Improper Escaping of Output Vulnerability
Apache HTTP Server
CVE-2023-44221 added 2025-05-01
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA100 Appliances
CVE-2025-31324 added 2025-04-29 RANSOMWARE
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver
CVE-2025-1976 added 2025-04-28
Broadcom Brocade Fabric OS Code Injection Vulnerability
Broadcom Brocade Fabric OS
CVE-2025-42599 added 2025-04-28
Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
Qualitia Active! Mail
CVE-2025-3928 added 2025-04-28
Commvault Web Server Unspecified Vulnerability
Commvault Web Server
CVE-2025-24054 added 2025-04-17
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
Microsoft Windows
CVE-2025-31201 added 2025-04-17
Apple Multiple Products Arbitrary Read and Write Vulnerability
Apple Multiple Products
CVE-2025-31200 added 2025-04-17
Apple Multiple Products Memory Corruption Vulnerability
Apple Multiple Products
CVE-2021-20035 added 2025-04-16
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA100 Appliances
CVE-2024-53150 added 2025-04-09
Linux Kernel Out-of-Bounds Read Vulnerability
Linux Kernel
CVE-2024-53197 added 2025-04-09
Linux Kernel Out-of-Bounds Access Vulnerability
Linux Kernel
CVE-2025-29824 added 2025-04-08 RANSOMWARE
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows
CVE-2025-30406 added 2025-04-08
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
Gladinet CentreStack
CVE-2025-31161 added 2025-04-07 RANSOMWARE
CrushFTP Authentication Bypass Vulnerability
CrushFTP CrushFTP
CVE-2025-22457 added 2025-04-04 RANSOMWARE
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2025-24813 added 2025-04-01
Apache Tomcat Path Equivalence Vulnerability
Apache Tomcat
CVE-2024-20439 added 2025-03-31
Cisco Smart Licensing Utility Static Credential Vulnerability
Cisco Smart Licensing Utility
CVE-2025-2783 added 2025-03-27
Google Chromium Mojo Sandbox Escape Vulnerability
Google Chromium Mojo
CVE-2019-9875 added 2025-03-26
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Sitecore CMS and Experience Platform (XP)
CVE-2019-9874 added 2025-03-26
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Sitecore CMS and Experience Platform (XP)
CVE-2025-30154 added 2025-03-24
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
reviewdog action-setup GitHub Action
CVE-2017-12637 added 2025-03-19
SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver
CVE-2024-48248 added 2025-03-19
NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
NAKIVO Backup and Replication
CVE-2025-1316 added 2025-03-19
Edimax IC-7100 IP Camera OS Command Injection Vulnerability
Edimax IC-7100 IP Camera
CVE-2025-30066 added 2025-03-18
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
tj-actions changed-files GitHub Action
CVE-2025-24472 added 2025-03-18 RANSOMWARE
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Fortinet FortiOS and FortiProxy
← Prev Page 5 of 27 Next →
Scroll to Top