Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2021-20035 ↗ | SonicWall SMA100 Appliances — SonicWall SMA100 Appliances OS Command Injection... | SonicWall | 2025-04-16 |
| High | CVE-2024-53197 ↗ | Linux Kernel — Linux Kernel Out-of-Bounds Access Vulnerability | Linux | 2025-04-09 |
| High | CVE-2024-53150 ↗ | Linux Kernel — Linux Kernel Out-of-Bounds Read Vulnerability | Linux | 2025-04-09 |
| High | CVE-2025-30406 ↗ | Gladinet CentreStack — Gladinet CentreStack and Triofox Use of Hard-coded Cryp... | Gladinet | 2025-04-08 |
| Critical | CVE-2025-29824 ↗ | Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Use... | Microsoft | 2025-04-08 |
| Critical | CVE-2025-31161 ↗ | CrushFTP CrushFTP — CrushFTP Authentication Bypass Vulnerability | CrushFTP | 2025-04-07 |
| Critical | CVE-2025-22457 ↗ | Ivanti Connect Secure, Policy Secure, and ZTA Gateways — Ivanti Connect Secure... | Ivanti | 2025-04-04 |
| High | CVE-2025-24813 ↗ | Apache Tomcat — Apache Tomcat Path Equivalence Vulnerability | Apache | 2025-04-01 |
| High | CVE-2024-20439 ↗ | Cisco Smart Licensing Utility — Cisco Smart Licensing Utility Static Credentia... | Cisco | 2025-03-31 |
| High | CVE-2025-2783 ↗ | Google Chromium Mojo — Google Chromium Mojo Sandbox Escape Vulnerability | 2025-03-27 | |
| High | CVE-2019-9874 ↗ | Sitecore CMS and Experience Platform (XP) — Sitecore CMS and Experience Platfo... | Sitecore | 2025-03-26 |
| High | CVE-2019-9875 ↗ | Sitecore CMS and Experience Platform (XP) — Sitecore CMS and Experience Platfo... | Sitecore | 2025-03-26 |
| High | CVE-2025-30154 ↗ | reviewdog action-setup GitHub Action — reviewdog/action-setup GitHub Action Em... | reviewdog | 2025-03-24 |
| High | CVE-2025-1316 ↗ | Edimax IC-7100 IP Camera — Edimax IC-7100 IP Camera OS Command Injection Vulne... | Edimax | 2025-03-19 |
| High | CVE-2024-48248 ↗ | NAKIVO Backup and Replication — NAKIVO Backup and Replication Absolute Path Tr... | NAKIVO | 2025-03-19 |
| High | CVE-2017-12637 ↗ | SAP NetWeaver — SAP NetWeaver Directory Traversal Vulnerability | SAP | 2025-03-19 |
| Critical | CVE-2025-24472 ↗ | Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Authenticati... | Fortinet | 2025-03-18 |
| High | CVE-2025-30066 ↗ | tj-actions changed-files GitHub Action — tj-actions/changed-files GitHub Actio... | tj-actions | 2025-03-18 |
| High | CVE-2025-24201 ↗ | Apple Multiple Products — Apple Multiple Products WebKit Out-of-Bounds Write V... | Apple | 2025-03-13 |
| High | CVE-2025-21590 ↗ | Juniper Junos OS — Juniper Junos OS Improper Isolation or Compartmentalization... | Juniper | 2025-03-13 |
| Critical | CVE-2025-26633 ↗ | Microsoft Windows — Microsoft Windows Management Console (MMC) Improper Neutra... | Microsoft | 2025-03-11 |
| High | CVE-2025-24983 ↗ | Microsoft Windows — Microsoft Windows Win32k Use-After-Free Vulnerability | Microsoft | 2025-03-11 |
| High | CVE-2025-24984 ↗ | Microsoft Windows — Microsoft Windows NTFS Information Disclosure Vulnerabilit... | Microsoft | 2025-03-11 |
| High | CVE-2025-24985 ↗ | Microsoft Windows — Microsoft Windows Fast FAT File System Driver Integer Over... | Microsoft | 2025-03-11 |
| High | CVE-2025-24991 ↗ | Microsoft Windows — Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability | Microsoft | 2025-03-11 |
| High | CVE-2025-24993 ↗ | Microsoft Windows — Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerab... | Microsoft | 2025-03-11 |
| High | CVE-2025-25181 ↗ | Advantive VeraCore — Advantive VeraCore SQL Injection Vulnerability | Advantive | 2025-03-10 |
| High | CVE-2024-57968 ↗ | Advantive VeraCore — Advantive VeraCore Unrestricted File Upload Vulnerability | Advantive | 2025-03-10 |
| High | CVE-2024-13159 ↗ | Ivanti Endpoint Manager (EPM) — Ivanti Endpoint Manager (EPM) Absolute Path Tr... | Ivanti | 2025-03-10 |
| High | CVE-2024-13160 ↗ | Ivanti Endpoint Manager (EPM) — Ivanti Endpoint Manager (EPM) Absolute Path Tr... | Ivanti | 2025-03-10 |
| High | CVE-2024-13161 ↗ | Ivanti Endpoint Manager (EPM) — Ivanti Endpoint Manager (EPM) Absolute Path Tr... | Ivanti | 2025-03-10 |
| High | CVE-2024-50302 ↗ | Linux Kernel — Linux Kernel Use of Uninitialized Resource Vulnerability | Linux | 2025-03-04 |
| High | CVE-2025-22224 ↗ | VMware ESXi and Workstation — VMware ESXi and Workstation TOCTOU Race Conditio... | VMware | 2025-03-04 |
| Critical | CVE-2025-22225 ↗ | VMware ESXi — VMware ESXi Arbitrary Write Vulnerability | VMware | 2025-03-04 |
| High | CVE-2025-22226 ↗ | VMware ESXi, Workstation, and Fusion — VMware ESXi, Workstation, and Fusion In... | VMware | 2025-03-04 |
| High | CVE-2023-20118 ↗ | Cisco Small Business RV Series Routers — Cisco Small Business RV Series Router... | Cisco | 2025-03-03 |
| High | CVE-2022-43939 ↗ | Hitachi Vantara Pentaho Business Analytics (BA) Server — Hitachi Vantara Penta... | Hitachi Vantara | 2025-03-03 |
| High | CVE-2022-43769 ↗ | Hitachi Vantara Pentaho Business Analytics (BA) Server — Hitachi Vantara Penta... | Hitachi Vantara | 2025-03-03 |
| Critical | CVE-2018-8639 ↗ | Microsoft Windows — Microsoft Windows Win32k Improper Resource Shutdown or Rel... | Microsoft | 2025-03-03 |
| High | CVE-2024-4885 ↗ | Progress WhatsUp Gold — Progress WhatsUp Gold Path Traversal Vulnerability | Progress | 2025-03-03 |
| High | CVE-2024-49035 ↗ | Microsoft Partner Center — Microsoft Partner Center Improper Access Control Vu... | Microsoft | 2025-02-25 |
| High | CVE-2023-34192 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | 2025-02-25 |
| High | CVE-2017-3066 ↗ | Adobe ColdFusion — Adobe ColdFusion Deserialization Vulnerability | Adobe | 2025-02-24 |
| High | CVE-2024-20953 ↗ | Oracle Agile Product Lifecycle Management (PLM) — Oracle Agile Product Lifecyc... | Oracle | 2025-02-24 |
| High | CVE-2025-24989 ↗ | Microsoft Power Pages — Microsoft Power Pages Improper Access Control Vulnerab... | Microsoft | 2025-02-21 |
| High | CVE-2025-23209 ↗ | Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability | Craft CMS | 2025-02-20 |
| High | CVE-2025-0111 ↗ | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS File Read Vulnerability | Palo Alto Networks | 2025-02-20 |
| Critical | CVE-2024-53704 ↗ | SonicWall SonicOS — SonicWall SonicOS SSLVPN Improper Authentication Vulnerabi... | SonicWall | 2025-02-18 |
| High | CVE-2025-0108 ↗ | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Authentication Bypass Vu... | Palo Alto Networks | 2025-02-18 |
| Critical | CVE-2024-57727 ↗ | SimpleHelp SimpleHelp — SimpleHelp Path Traversal Vulnerability | SimpleHelp | 2025-02-13 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.