Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2024-41710 ↗ | Mitel SIP Phones — Mitel SIP Phones Argument Injection Vulnerability | Mitel | 2025-02-12 |
| High | CVE-2025-24200 ↗ | Apple iOS and iPadOS — Apple iOS and iPadOS Incorrect Authorization Vulnerabil... | Apple | 2025-02-12 |
| High | CVE-2025-21391 ↗ | Microsoft Windows — Microsoft Windows Storage Link Following Vulnerability | Microsoft | 2025-02-11 |
| High | CVE-2025-21418 ↗ | Microsoft Windows — Microsoft Windows Ancillary Function Driver for WinSock He... | Microsoft | 2025-02-11 |
| High | CVE-2024-40890 ↗ | Zyxel DSL CPE Devices — Zyxel DSL CPE OS Command Injection Vulnerability | Zyxel | 2025-02-11 |
| High | CVE-2024-40891 ↗ | Zyxel DSL CPE Devices — Zyxel DSL CPE OS Command Injection Vulnerability | Zyxel | 2025-02-11 |
| High | CVE-2025-0994 ↗ | Trimble Cityworks — Trimble Cityworks Deserialization Vulnerability | Trimble | 2025-02-07 |
| High | CVE-2025-0411 ↗ | 7-Zip 7-Zip — 7-Zip Mark of the Web Bypass Vulnerability | 7-Zip | 2025-02-06 |
| High | CVE-2022-23748 ↗ | Audinate Dante Discovery — Dante Discovery Process Control Vulnerability | Audinate | 2025-02-06 |
| High | CVE-2024-21413 ↗ | Microsoft Office Outlook — Microsoft Outlook Improper Input Validation Vulnera... | Microsoft | 2025-02-06 |
| High | CVE-2020-29574 ↗ | Sophos CyberoamOS — CyberoamOS (CROS) SQL Injection Vulnerability | Sophos | 2025-02-06 |
| High | CVE-2020-15069 ↗ | Sophos XG Firewall — Sophos XG Firewall Buffer Overflow Vulnerability | Sophos | 2025-02-06 |
| High | CVE-2024-53104 ↗ | Linux Kernel — Linux Kernel Out-of-Bounds Write Vulnerability | Linux | 2025-02-05 |
| High | CVE-2024-45195 ↗ | Apache OFBiz — Apache OFBiz Forced Browsing Vulnerability | Apache | 2025-02-04 |
| High | CVE-2024-29059 ↗ | Microsoft .NET Framework — Microsoft .NET Framework Information Disclosure Vul... | Microsoft | 2025-02-04 |
| High | CVE-2018-9276 ↗ | Paessler PRTG Network Monitor — Paessler PRTG Network Monitor OS Command Injec... | Paessler | 2025-02-04 |
| High | CVE-2018-19410 ↗ | Paessler PRTG Network Monitor — Paessler PRTG Network Monitor Local File Inclu... | Paessler | 2025-02-04 |
| High | CVE-2025-24085 ↗ | Apple Multiple Products — Apple Multiple Products Use-After-Free Vulnerability | Apple | 2025-01-29 |
| Critical | CVE-2025-23006 ↗ | SonicWall SMA1000 Appliances — SonicWall SMA1000 Appliances Deserialization Vu... | SonicWall | 2025-01-24 |
| High | CVE-2020-11023 ↗ | JQuery JQuery — JQuery Cross-Site Scripting (XSS) Vulnerability | JQuery | 2025-01-23 |
| High | CVE-2024-50603 ↗ | Aviatrix Controllers — Aviatrix Controllers OS Command Injection Vulnerability | Aviatrix | 2025-01-16 |
| Critical | CVE-2024-55591 ↗ | Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Authenticati... | Fortinet | 2025-01-14 |
| High | CVE-2025-21333 ↗ | Microsoft Windows — Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-b... | Microsoft | 2025-01-14 |
| High | CVE-2025-21334 ↗ | Microsoft Windows — Microsoft Windows Hyper-V NT Kernel Integration VSP Use-Af... | Microsoft | 2025-01-14 |
| High | CVE-2025-21335 ↗ | Microsoft Windows — Microsoft Windows Hyper-V NT Kernel Integration VSP Use-Af... | Microsoft | 2025-01-14 |
| High | CVE-2024-12686 ↗ | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) — BeyondTru... | BeyondTrust | 2025-01-13 |
| Critical | CVE-2023-48365 ↗ | Qlik Sense — Qlik Sense HTTP Tunneling Vulnerability | Qlik | 2025-01-13 |
| Critical | CVE-2025-0282 ↗ | Ivanti Connect Secure, Policy Secure, and ZTA Gateways — Ivanti Connect Secure... | Ivanti | 2025-01-08 |
| Critical | CVE-2024-41713 ↗ | Mitel MiCollab — Mitel MiCollab Path Traversal Vulnerability | Mitel | 2025-01-07 |
| Critical | CVE-2024-55550 ↗ | Mitel MiCollab — Mitel MiCollab Path Traversal Vulnerability | Mitel | 2025-01-07 |
| High | CVE-2020-2883 ↗ | Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability | Oracle | 2025-01-07 |
| High | CVE-2024-3393 ↗ | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Malicious DNS Packet Vul... | Palo Alto Networks | 2024-12-30 |
| High | CVE-2021-44207 ↗ | Acclaim Systems USAHERDS — Acclaim Systems USAHERDS Use of Hard-Coded Credenti... | Acclaim Systems | 2024-12-23 |
| High | CVE-2024-12356 ↗ | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) — BeyondTru... | BeyondTrust | 2024-12-19 |
| High | CVE-2018-14933 ↗ | NUUO NVRmini Devices — NUUO NVRmini Devices OS Command Injection Vulnerability... | NUUO | 2024-12-18 |
| High | CVE-2022-23227 ↗ | NUUO NVRmini2 Devices — NUUO NVRmini2 Devices Missing Authentication Vulnerabi... | NUUO | 2024-12-18 |
| High | CVE-2019-11001 ↗ | Reolink Multiple IP Cameras — Reolink Multiple IP Cameras OS Command Injection... | Reolink | 2024-12-18 |
| High | CVE-2021-40407 ↗ | Reolink RLC-410W IP Camera — Reolink RLC-410W IP Camera OS Command Injection V... | Reolink | 2024-12-18 |
| Critical | CVE-2024-55956 ↗ | Cleo Multiple Products — Cleo Multiple Products Unauthenticated File Upload Vu... | Cleo | 2024-12-17 |
| High | CVE-2024-20767 ↗ | Adobe ColdFusion — Adobe ColdFusion Improper Access Control Vulnerability | Adobe | 2024-12-16 |
| High | CVE-2024-35250 ↗ | Microsoft Windows — Microsoft Windows Kernel-Mode Driver Untrusted Pointer Der... | Microsoft | 2024-12-16 |
| Critical | CVE-2024-50623 ↗ | Cleo Multiple Products — Cleo Multiple Products Unrestricted File Upload Vulne... | Cleo | 2024-12-13 |
| High | CVE-2024-49138 ↗ | Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Hea... | Microsoft | 2024-12-10 |
| Critical | CVE-2024-51378 ↗ | CyberPersons CyberPanel — CyberPanel Incorrect Default Permissions Vulnerabili... | CyberPersons | 2024-12-04 |
| High | CVE-2023-45727 ↗ | North Grid Proself — North Grid Proself Improper Restriction of XML External E... | North Grid | 2024-12-03 |
| High | CVE-2024-11680 ↗ | ProjectSend ProjectSend — ProjectSend Improper Authentication Vulnerability | ProjectSend | 2024-12-03 |
| Critical | CVE-2024-11667 ↗ | Zyxel Multiple Firewalls — Zyxel Multiple Firewalls Path Traversal Vulnerabili... | Zyxel | 2024-12-03 |
| Critical | CVE-2023-28461 ↗ | Array Networks AG/vxAG ArrayOS — Array Networks AG and vxAG ArrayOS Missing Au... | Array Networks | 2024-11-25 |
| High | CVE-2024-44308 ↗ | Apple Multiple Products — Apple Multiple Products Code Execution Vulnerability | Apple | 2024-11-21 |
| High | CVE-2024-44309 ↗ | Apple Multiple Products — Apple Multiple Products Cross-Site Scripting (XSS) V... | Apple | 2024-11-21 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.