Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2024-54085 ↗ | AMI MegaRAC SPx — AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerabil... | AMI | 2025-06-25 |
| High | CVE-2024-0769 ↗ | D-Link DIR-859 Router — D-Link DIR-859 Router Path Traversal Vulnerability | D-Link | 2025-06-25 |
| Critical | CVE-2019-6693 ↗ | Fortinet FortiOS — Fortinet FortiOS Use of Hard-Coded Credentials Vulnerabilit... | Fortinet | 2025-06-25 |
| High | CVE-2023-0386 ↗ | Linux Kernel — Linux Kernel Improper Ownership Management Vulnerability | Linux | 2025-06-17 |
| High | CVE-2025-43200 ↗ | Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability | Apple | 2025-06-16 |
| High | CVE-2023-33538 ↗ | TP-Link Multiple Routers — TP-Link Multiple Routers Command Injection Vulnerab... | TP-Link | 2025-06-16 |
| High | CVE-2025-24016 ↗ | Wazuh Wazuh Server — Wazuh Server Deserialization of Untrusted Data Vulnerabil... | Wazuh | 2025-06-10 |
| High | CVE-2025-33053 ↗ | Microsoft Windows — Microsoft Windows External Control of File Name or Path V... | Microsoft | 2025-06-10 |
| High | CVE-2025-32433 ↗ | Erlang Erlang/OTP — Erlang Erlang/OTP SSH Server Missing Authentication for Cr... | Erlang | 2025-06-09 |
| High | CVE-2024-42009 ↗ | Roundcube Webmail — RoundCube Webmail Cross-Site Scripting Vulnerability | Roundcube | 2025-06-09 |
| High | CVE-2025-5419 ↗ | Google Chromium V8 — Google Chromium V8 Out-of-Bounds Read and Write Vulnerabi... | 2025-06-05 | |
| High | CVE-2025-27038 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnera... | Qualcomm | 2025-06-03 |
| High | CVE-2025-21480 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Incorrect Authorizatio... | Qualcomm | 2025-06-03 |
| High | CVE-2025-21479 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Incorrect Authorizatio... | Qualcomm | 2025-06-03 |
| High | CVE-2023-39780 ↗ | ASUS RT-AX55 Routers — ASUS RT-AX55 Routers OS Command Injection Vulnerability | ASUS | 2025-06-02 |
| High | CVE-2024-56145 ↗ | Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability | Craft CMS | 2025-06-02 |
| High | CVE-2025-35939 ↗ | Craft CMS Craft CMS — Craft CMS External Control of Assumed-Immutable Web Para... | Craft CMS | 2025-06-02 |
| High | CVE-2025-3935 ↗ | ConnectWise ScreenConnect — ConnectWise ScreenConnect Improper Authentication... | ConnectWise | 2025-06-02 |
| High | CVE-2021-32030 ↗ | ASUS Routers — ASUS Routers Improper Authentication Vulnerability | ASUS | 2025-06-02 |
| High | CVE-2025-4632 ↗ | Samsung MagicINFO 9 Server — Samsung MagicINFO 9 Server Path Traversal Vulnera... | Samsung | 2025-05-22 |
| High | CVE-2025-4427 ↗ | Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM)... | Ivanti | 2025-05-19 |
| High | CVE-2025-4428 ↗ | Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM)... | Ivanti | 2025-05-19 |
| High | CVE-2024-11182 ↗ | MDaemon Email Server — MDaemon Email Server Cross-Site Scripting (XSS) Vulnera... | MDaemon | 2025-05-19 |
| High | CVE-2025-27920 ↗ | Srimax Output Messenger — Srimax Output Messenger Directory Traversal Vulnerab... | Srimax | 2025-05-19 |
| High | CVE-2024-27443 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | 2025-05-19 |
| High | CVE-2023-38950 ↗ | ZKTeco BioTime — ZKTeco BioTime Path Traversal Vulnerability | ZKTeco | 2025-05-19 |
| High | CVE-2024-12987 ↗ | DrayTek Vigor Routers — DrayTek Vigor Routers OS Command Injection Vulnerabili... | DrayTek | 2025-05-15 |
| High | CVE-2025-42999 ↗ | SAP NetWeaver — SAP NetWeaver Deserialization Vulnerability | SAP | 2025-05-15 |
| High | CVE-2025-32756 ↗ | Fortinet Multiple Products — Fortinet Multiple Products Stack-Based Buffer Ove... | Fortinet | 2025-05-14 |
| High | CVE-2025-30400 ↗ | Microsoft Windows — Microsoft Windows DWM Core Library Use-After-Free Vulnerab... | Microsoft | 2025-05-13 |
| High | CVE-2025-32701 ↗ | Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Use... | Microsoft | 2025-05-13 |
| High | CVE-2025-32706 ↗ | Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Hea... | Microsoft | 2025-05-13 |
| High | CVE-2025-30397 ↗ | Microsoft Windows — Microsoft Windows Scripting Engine Type Confusion Vulnerab... | Microsoft | 2025-05-13 |
| High | CVE-2025-32709 ↗ | Microsoft Windows — Microsoft Windows Ancillary Function Driver for WinSock Us... | Microsoft | 2025-05-13 |
| High | CVE-2025-47729 ↗ | TeleMessage TM SGNL — TeleMessage TM SGNL Hidden Functionality Vulnerability | TeleMessage | 2025-05-12 |
| High | CVE-2024-6047 ↗ | GeoVision Multiple Devices — GeoVision Devices OS Command Injection Vulnerabil... | GeoVision | 2025-05-07 |
| High | CVE-2024-11120 ↗ | GeoVision Multiple Devices — GeoVision Devices OS Command Injection Vulnerabil... | GeoVision | 2025-05-07 |
| High | CVE-2025-27363 ↗ | FreeType FreeType — FreeType Out-of-Bounds Write Vulnerability | FreeType | 2025-05-06 |
| High | CVE-2025-3248 ↗ | Langflow Langflow — Langflow Missing Authentication Vulnerability | Langflow | 2025-05-05 |
| High | CVE-2024-58136 ↗ | Yiiframework Yii — Yiiframework Yii Improper Protection of Alternate Path Vuln... | Yiiframework | 2025-05-02 |
| High | CVE-2025-34028 ↗ | Commvault Command Center — Commvault Command Center Path Traversal Vulnerabili... | Commvault | 2025-05-02 |
| High | CVE-2023-44221 ↗ | SonicWall SMA100 Appliances — SonicWall SMA100 Appliances OS Command Injection... | SonicWall | 2025-05-01 |
| High | CVE-2024-38475 ↗ | Apache HTTP Server — Apache HTTP Server Improper Escaping of Output Vulnerabil... | Apache | 2025-05-01 |
| Critical | CVE-2025-31324 ↗ | SAP NetWeaver — SAP NetWeaver Unrestricted File Upload Vulnerability | SAP | 2025-04-29 |
| High | CVE-2025-3928 ↗ | Commvault Web Server — Commvault Web Server Unspecified Vulnerability | Commvault | 2025-04-28 |
| High | CVE-2025-42599 ↗ | Qualitia Active! Mail — Qualitia Active! Mail Stack-Based Buffer Overflow Vuln... | Qualitia | 2025-04-28 |
| High | CVE-2025-1976 ↗ | Broadcom Brocade Fabric OS — Broadcom Brocade Fabric OS Code Injection Vulnera... | Broadcom | 2025-04-28 |
| High | CVE-2025-31200 ↗ | Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerabil... | Apple | 2025-04-17 |
| High | CVE-2025-31201 ↗ | Apple Multiple Products — Apple Multiple Products Arbitrary Read and Write Vul... | Apple | 2025-04-17 |
| High | CVE-2025-24054 ↗ | Microsoft Windows — Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerabil... | Microsoft | 2025-04-17 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.