Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| Critical | CVE-2025-10035 ↗ | Fortra GoAnywhere MFT — Fortra GoAnywhere MFT Deserialization of Untrusted Dat... | Fortra | 2025-09-29 |
| High | CVE-2025-59689 ↗ | Libraesva Email Security Gateway — Libraesva Email Security Gateway Command In... | Libraesva | 2025-09-29 |
| High | CVE-2025-32463 ↗ | Sudo Sudo — Sudo Inclusion of Functionality from Untrusted Control Sphere Vuln... | Sudo | 2025-09-29 |
| High | CVE-2025-20333 ↗ | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat D... | Cisco | 2025-09-25 |
| High | CVE-2025-20362 ↗ | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat D... | Cisco | 2025-09-25 |
| High | CVE-2025-10585 ↗ | Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability | 2025-09-23 | |
| High | CVE-2025-5086 ↗ | Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Deserializat... | Dassault Systèmes | 2025-09-11 |
| High | CVE-2025-53690 ↗ | Sitecore Multiple Products — Sitecore Multiple Products Deserialization of Unt... | Sitecore | 2025-09-04 |
| High | CVE-2025-48543 ↗ | Android Runtime — Android Runtime Use-After-Free Vulnerability | Android | 2025-09-04 |
| High | CVE-2025-38352 ↗ | Linux Kernel — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition... | Linux | 2025-09-04 |
| High | CVE-2025-9377 ↗ | TP-Link Multiple Routers — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Comma... | TP-Link | 2025-09-03 |
| High | CVE-2023-50224 ↗ | TP-Link TL-WR841N — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulner... | TP-Link | 2025-09-03 |
| High | CVE-2025-55177 ↗ | Meta Platforms WhatsApp — Meta Platforms WhatsApp Incorrect Authorization Vuln... | Meta Platforms | 2025-09-02 |
| High | CVE-2020-24363 ↗ | TP-Link TL-WA855RE — TP-link TL-WA855RE Missing Authentication for Critical Fu... | TP-Link | 2025-09-02 |
| High | CVE-2025-57819 ↗ | Sangoma FreePBX — Sangoma FreePBX Authentication Bypass Vulnerability | Sangoma | 2025-08-29 |
| High | CVE-2025-7775 ↗ | Citrix NetScaler — Citrix NetScaler Memory Overflow Vulnerability | Citrix | 2025-08-26 |
| High | CVE-2024-8069 ↗ | Citrix Session Recording — Citrix Session Recording Deserialization of Untrust... | Citrix | 2025-08-25 |
| High | CVE-2024-8068 ↗ | Citrix Session Recording — Citrix Session Recording Improper Privilege Managem... | Citrix | 2025-08-25 |
| High | CVE-2025-48384 ↗ | Git Git — Git Link Following Vulnerability | Git | 2025-08-25 |
| High | CVE-2025-43300 ↗ | Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Out-of-Bounds Writ... | Apple | 2025-08-21 |
| High | CVE-2025-54948 ↗ | Trend Micro Apex One — Trend Micro Apex One OS Command Injection Vulnerability | Trend Micro | 2025-08-18 |
| High | CVE-2025-8875 ↗ | N-able N-Central — N-able N-Central Insecure Deserialization Vulnerability | N-able | 2025-08-13 |
| High | CVE-2025-8876 ↗ | N-able N-Central — N-able N-Central Command Injection Vulnerability | N-able | 2025-08-13 |
| High | CVE-2013-3893 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Resource Management... | Microsoft | 2025-08-12 |
| High | CVE-2007-0671 ↗ | Microsoft Office — Microsoft Office Excel Remote Code Execution Vulnerability | Microsoft | 2025-08-12 |
| High | CVE-2025-8088 ↗ | RARLAB WinRAR — RARLAB WinRAR Path Traversal Vulnerability | RARLAB | 2025-08-12 |
| High | CVE-2022-40799 ↗ | D-Link DNR-322L — D-Link DNR-322L Download of Code Without Integrity Check Vul... | D-Link | 2025-08-05 |
| High | CVE-2020-25079 ↗ | D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Comman... | D-Link | 2025-08-05 |
| High | CVE-2020-25078 ↗ | D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Device... | D-Link | 2025-08-05 |
| High | CVE-2025-20281 ↗ | Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vuln... | Cisco | 2025-07-28 |
| High | CVE-2025-20337 ↗ | Cisco Identity Services Engine — Cisco Identity Services Engine Injection Vuln... | Cisco | 2025-07-28 |
| High | CVE-2023-2533 ↗ | PaperCut NG/MF — PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerabilit... | PaperCut | 2025-07-28 |
| Critical | CVE-2025-49706 ↗ | Microsoft SharePoint — Microsoft SharePoint Improper Authentication Vulnerabil... | Microsoft | 2025-07-22 |
| Critical | CVE-2025-49704 ↗ | Microsoft SharePoint — Microsoft SharePoint Code Injection Vulnerability | Microsoft | 2025-07-22 |
| High | CVE-2025-54309 ↗ | CrushFTP CrushFTP — CrushFTP Unprotected Alternate Channel Vulnerability | CrushFTP | 2025-07-22 |
| High | CVE-2025-6558 ↗ | Google Chromium — Google Chromium ANGLE and GPU Improper Input Validation Vuln... | 2025-07-22 | |
| High | CVE-2025-2776 ↗ | SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External En... | SysAid | 2025-07-22 |
| High | CVE-2025-2775 ↗ | SysAid SysAid On-Prem — SysAid On-Prem Improper Restriction of XML External En... | SysAid | 2025-07-22 |
| Critical | CVE-2025-53770 ↗ | Microsoft SharePoint — Microsoft SharePoint Deserialization of Untrusted Data... | Microsoft | 2025-07-20 |
| High | CVE-2025-25257 ↗ | Fortinet FortiWeb — Fortinet FortiWeb SQL Injection Vulnerability | Fortinet | 2025-07-18 |
| High | CVE-2025-47812 ↗ | Wing FTP Server Wing FTP Server — Wing FTP Server Improper Neutralization of N... | Wing FTP Server | 2025-07-14 |
| Critical | CVE-2025-5777 ↗ | Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Out-of-Bou... | Citrix | 2025-07-10 |
| High | CVE-2014-3931 ↗ | Looking Glass Multi-Router Looking Glass (MRLG) — Multi-Router Looking Glass (... | Looking Glass | 2025-07-07 |
| High | CVE-2016-10033 ↗ | PHP PHPMailer — PHPMailer Command Injection Vulnerability | PHP | 2025-07-07 |
| High | CVE-2019-5418 ↗ | Rails Ruby on Rails — Rails Ruby on Rails Path Traversal Vulnerability | Rails | 2025-07-07 |
| High | CVE-2019-9621 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | 2025-07-07 |
| High | CVE-2025-6554 ↗ | Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability | 2025-07-02 | |
| High | CVE-2025-48927 ↗ | TeleMessage TM SGNL — TeleMessage TM SGNL Initialization of a Resource with an... | TeleMessage | 2025-07-01 |
| High | CVE-2025-48928 ↗ | TeleMessage TM SGNL — TeleMessage TM SGNL Exposure of Core Dump File to an Una... | TeleMessage | 2025-07-01 |
| High | CVE-2025-6543 ↗ | Citrix NetScaler ADC and Gateway — Citrix NetScaler ADC and Gateway Buffer Ove... | Citrix | 2025-06-30 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.