Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| May 19, 2025 | CVE-2024-11182 | MDaemon Email Server |
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message.
|
— | 13.5% |
| May 19, 2025 | CVE-2024-27443 | Synacor Zimbra Collaboration Suite (ZCS) |
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this v…
|
— | 32.9% |
| May 19, 2025 | CVE-2025-27920 | Srimax Output Messenger |
Srimax Output Messenger Directory Traversal Vulnerability
Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to confi…
|
— | 50.1% |
| May 19, 2025 | CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) |
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper cre…
|
— | 91.3% |
| May 19, 2025 | CVE-2025-4428 | Ivanti Endpoint Manager Mobile (EPMM) |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via cra…
|
— | 41.0% |
| May 15, 2025 | CVE-2024-12987 | DrayTek Vigor Routers |
DrayTek Vigor Routers OS Command Injection Vulnerability
DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of …
|
— | 79.0% |
| May 15, 2025 | CVE-2025-42999 | SAP NetWeaver |
SAP NetWeaver Deserialization Vulnerability
SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availa…
|
— | 38.6% |
| May 14, 2025 | CVE-2025-32756 | Fortinet Multiple Products |
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or c…
|
— | 19.7% |
| May 13, 2025 | CVE-2025-30397 | Microsoft Windows |
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.
|
— | 20.7% |
| May 13, 2025 | CVE-2025-30400 | Microsoft Windows |
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 0.9% |
| May 13, 2025 | CVE-2025-32701 | Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 1.9% |
| May 13, 2025 | CVE-2025-32706 | Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 1.1% |
| May 13, 2025 | CVE-2025-32709 | Microsoft Windows |
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
|
— | 1.0% |
| May 12, 2025 | CVE-2025-47729 | TeleMessage TM SGNL |
TeleMessage TM SGNL Hidden Functionality Vulnerability
TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.
|
— | 4.1% |
| May 7, 2025 | CVE-2024-11120 | GeoVision Multiple Devices |
GeoVision Devices OS Command Injection Vulnerability
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impact…
|
— | 66.1% |
| May 7, 2025 | CVE-2024-6047 | GeoVision Multiple Devices |
GeoVision Devices OS Command Injection Vulnerability
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impact…
|
— | 73.0% |
| May 6, 2025 | CVE-2025-27363 | FreeType FreeType |
FreeType Out-of-Bounds Write Vulnerability
FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrar…
|
— | 70.3% |
| May 5, 2025 | CVE-2025-3248 | Langflow Langflow |
Langflow Missing Authentication Vulnerability
Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted…
|
— | 93.0% |
| May 2, 2025 | CVE-2024-58136 | Yiiframework Yii |
Yiiframework Yii Improper Protection of Alternate Path Vulnerability
Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other pro…
|
— | 77.3% |
| May 2, 2025 | CVE-2025-34028 | Commvault Command Center |
Commvault Command Center Path Traversal Vulnerability
Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code.
|
— | 69.3% |
| May 1, 2025 | CVE-2023-44221 | SonicWall SMA100 Appliances |
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative priv…
|
— | 23.1% |
| May 1, 2025 | CVE-2024-38475 | Apache HTTP Server |
Apache HTTP Server Improper Escaping of Output Vulnerability
Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served…
|
— | 93.9% |
| Apr 29, 2025 |
CVE-2025-31324
Ransomware |
SAP NetWeaver |
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable …
|
— | 43.7% |
| Apr 28, 2025 | CVE-2025-1976 | Broadcom Brocade Fabric OS |
Broadcom Brocade Fabric OS Code Injection Vulnerability
Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.
|
— | 0.9% |
| Apr 28, 2025 | CVE-2025-3928 | Commvault Web Server |
Commvault Web Server Unspecified Vulnerability
Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells.
|
— | 28.6% |
| Apr 28, 2025 | CVE-2025-42599 | Qualitia Active! Mail |
Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a…
|
— | 7.9% |
| Apr 17, 2025 | CVE-2025-24054 | Microsoft Windows |
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.
|
— | 8.0% |
| Apr 17, 2025 | CVE-2025-31200 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafte…
|
— | 1.7% |
| Apr 17, 2025 | CVE-2025-31201 | Apple Multiple Products |
Apple Multiple Products Arbitrary Read and Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
|
— | 3.4% |
| Apr 16, 2025 | CVE-2021-20035 | SonicWall SMA100 Appliances |
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a…
|
— | 12.8% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.