Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2025-66644 ↗ | Array Networks ArrayOS AG — Array Networks ArrayOS AG OS Command Injection Vul... | Array Networks | 2025-12-08 |
| High | CVE-2022-37055 ↗ | D-Link Routers — D-Link Routers Buffer Overflow Vulnerability | D-Link | 2025-12-08 |
| Critical | CVE-2025-55182 ↗ | Meta React Server Components — Meta React Server Components Remote Code Execut... | Meta | 2025-12-05 |
| High | CVE-2021-26828 ↗ | OpenPLC ScadaBR — OpenPLC ScadaBR Unrestricted Upload of File with Dangerous T... | OpenPLC | 2025-12-03 |
| High | CVE-2025-48572 ↗ | Android Framework — Android Framework Privilege Escalation Vulnerability | Android | 2025-12-02 |
| High | CVE-2025-48633 ↗ | Android Framework — Android Framework Information Disclosure Vulnerability | Android | 2025-12-02 |
| High | CVE-2021-26829 ↗ | OpenPLC ScadaBR — OpenPLC ScadaBR Cross-site Scripting Vulnerability | OpenPLC | 2025-11-28 |
| High | CVE-2025-61757 ↗ | Oracle Fusion Middleware — Oracle Fusion Middleware Missing Authentication for... | Oracle | 2025-11-21 |
| High | CVE-2025-13223 ↗ | Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability | 2025-11-19 | |
| High | CVE-2025-58034 ↗ | Fortinet FortiWeb — Fortinet FortiWeb OS Command Injection Vulnerability | Fortinet | 2025-11-18 |
| High | CVE-2025-64446 ↗ | Fortinet FortiWeb — Fortinet FortiWeb Path Traversal Vulnerability | Fortinet | 2025-11-14 |
| High | CVE-2025-9242 ↗ | WatchGuard Firebox — WatchGuard Firebox Out-of-Bounds Write Vulnerability | WatchGuard | 2025-11-12 |
| High | CVE-2025-62215 ↗ | Microsoft Windows — Microsoft Windows Race Condition Vulnerability | Microsoft | 2025-11-12 |
| High | CVE-2025-12480 ↗ | Gladinet Triofox — Gladinet Triofox Improper Access Control Vulnerability | Gladinet | 2025-11-12 |
| High | CVE-2025-21042 ↗ | Samsung Mobile Devices — Samsung Mobile Devices Out-of-Bounds Write Vulnerabil... | Samsung | 2025-11-10 |
| High | CVE-2025-11371 ↗ | Gladinet CentreStack and Triofox — Gladinet CentreStack and Triofox Files or D... | Gladinet | 2025-11-04 |
| High | CVE-2025-48703 ↗ | CWP Control Web Panel — CWP Control Web Panel OS Command Injection Vulnerabili... | CWP | 2025-11-04 |
| High | CVE-2025-24893 ↗ | XWiki Platform — XWiki Platform Eval Injection Vulnerability | XWiki | 2025-10-30 |
| High | CVE-2025-41244 ↗ | Broadcom VMware Aria Operations and VMware Tools — Broadcom VMware Aria Operat... | Broadcom | 2025-10-30 |
| High | CVE-2025-6205 ↗ | Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Missing Auth... | Dassault Systèmes | 2025-10-28 |
| High | CVE-2025-6204 ↗ | Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Code Injecti... | Dassault Systèmes | 2025-10-28 |
| High | CVE-2025-59287 ↗ | Microsoft Windows — Microsoft Windows Server Update Service (WSUS) Deserializa... | Microsoft | 2025-10-24 |
| High | CVE-2025-54236 ↗ | Adobe Commerce and Magento — Adobe Commerce and Magento Improper Input Validat... | Adobe | 2025-10-24 |
| High | CVE-2025-61932 ↗ | Motex LANSCOPE Endpoint Manager — Motex LANSCOPE Endpoint Manager Improper Ver... | Motex | 2025-10-22 |
| Critical | CVE-2025-61884 ↗ | Oracle E-Business Suite — Oracle E-Business Suite Server-Side Request Forgery... | Oracle | 2025-10-20 |
| High | CVE-2025-33073 ↗ | Microsoft Windows — Microsoft Windows SMB Client Improper Access Control Vulne... | Microsoft | 2025-10-20 |
| High | CVE-2025-2747 ↗ | Kentico Xperience CMS — Kentico Xperience CMS Authentication Bypass Using an A... | Kentico | 2025-10-20 |
| High | CVE-2025-2746 ↗ | Kentico Xperience CMS — Kentico Xperience CMS Authentication Bypass Using an A... | Kentico | 2025-10-20 |
| High | CVE-2022-48503 ↗ | Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability | Apple | 2025-10-20 |
| High | CVE-2025-54253 ↗ | Adobe Experience Manager (AEM) Forms — Adobe Experience Manager Forms Code Exe... | Adobe | 2025-10-15 |
| High | CVE-2016-7836 ↗ | SKYSEA Client View — SKYSEA Client View Improper Authentication Vulnerability | SKYSEA | 2025-10-14 |
| High | CVE-2025-59230 ↗ | Microsoft Windows — Microsoft Windows Improper Access Control Vulnerability | Microsoft | 2025-10-14 |
| High | CVE-2025-24990 ↗ | Microsoft Windows — Microsoft Windows Untrusted Pointer Dereference Vulnerabil... | Microsoft | 2025-10-14 |
| High | CVE-2025-47827 ↗ | IGEL IGEL OS — IGEL OS Use of a Key Past its Expiration Date Vulnerability | IGEL | 2025-10-14 |
| High | CVE-2021-43798 ↗ | Grafana Labs Grafana — Grafana Path Traversal Vulnerability | Grafana Labs | 2025-10-09 |
| High | CVE-2025-27915 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | 2025-10-07 |
| Critical | CVE-2025-61882 ↗ | Oracle E-Business Suite — Oracle E-Business Suite Unspecified Vulnerability | Oracle | 2025-10-06 |
| High | CVE-2010-3765 ↗ | Mozilla Multiple Products — Mozilla Multiple Products Remote Code Execution Vu... | Mozilla | 2025-10-06 |
| High | CVE-2011-3402 ↗ | Microsoft Windows — Microsoft Windows Remote Code Execution Vulnerability | Microsoft | 2025-10-06 |
| High | CVE-2013-3918 ↗ | Microsoft Windows — Microsoft Windows Out-of-Bounds Write Vulnerability | Microsoft | 2025-10-06 |
| High | CVE-2021-43226 ↗ | Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability | Microsoft | 2025-10-06 |
| High | CVE-2010-3962 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Uninitialized Memory... | Microsoft | 2025-10-06 |
| High | CVE-2021-22555 ↗ | Linux Kernel — Linux Kernel Heap Out-of-Bounds Write Vulnerability | Linux | 2025-10-06 |
| High | CVE-2025-4008 ↗ | Smartbedded Meteobridge — Smartbedded Meteobridge Command Injection Vulnerabil... | Smartbedded | 2025-10-02 |
| High | CVE-2025-21043 ↗ | Samsung Mobile Devices — Samsung Mobile Devices Out-of-Bounds Write Vulnerabil... | Samsung | 2025-10-02 |
| High | CVE-2015-7755 ↗ | Juniper ScreenOS — Juniper ScreenOS Improper Authentication Vulnerability | Juniper | 2025-10-02 |
| High | CVE-2017-1000353 ↗ | Jenkins Jenkins — Jenkins Remote Code Execution Vulnerability | Jenkins | 2025-10-02 |
| High | CVE-2014-6278 ↗ | GNU GNU Bash — GNU Bash OS Command Injection Vulnerability | GNU | 2025-10-02 |
| High | CVE-2021-21311 ↗ | Adminer Adminer — Adminer Server-Side Request Forgery Vulnerability | Adminer | 2025-09-29 |
| High | CVE-2025-20352 ↗ | Cisco IOS and IOS XE — Cisco IOS and IOS XE Software SNMP Denial of Service an... | Cisco | 2025-09-29 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.