Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 301–330 of 1,619 CVEs · Page 11 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Apr 9, 2025 CVE-2024-53150 Linux Kernel
server os
Linux Kernel Out-of-Bounds Read Vulnerability
Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.
1.1%
Apr 9, 2025 CVE-2024-53197 Linux Kernel
server os
Linux Kernel Out-of-Bounds Access Vulnerability
Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to pot…
2.0%
Apr 8, 2025 CVE-2025-29824
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
0.8%
Apr 8, 2025 CVE-2025-30406 Gladinet CentreStack
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability
Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verificatio…
85.4%
Apr 7, 2025 CVE-2025-31161
Ransomware
CrushFTP CrushFTP
CrushFTP Authentication Bypass Vulnerability
CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable u…
88.9%
Apr 4, 2025 CVE-2025-22457
Ransomware
Ivanti Connect Secure, Policy Secure, and ZTA Gateways
endpoint vpn remote
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code ex…
58.9%
Apr 1, 2025 CVE-2025-24813 Apache Tomcat
web server
Apache Tomcat Path Equivalence Vulnerability
Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.
94.1%
Mar 31, 2025 CVE-2024-20439 Cisco Smart Licensing Utility
network
Cisco Smart Licensing Utility Static Credential Vulnerability
Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative cr…
87.1%
Mar 27, 2025 CVE-2025-2783 Google Chromium Mojo
browser smb essential
Google Chromium Mojo Sandbox Escape Vulnerability
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances…
44.0%
Mar 26, 2025 CVE-2019-9874 Sitecore CMS and Experience Platform (XP)
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbit…
87.6%
Mar 26, 2025 CVE-2019-9875 Sitecore CMS and Experience Platform (XP)
Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitra…
56.7%
Mar 24, 2025 CVE-2025-30154 reviewdog action-setup GitHub Action
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.
44.2%
Mar 19, 2025 CVE-2017-12637 SAP NetWeaver
enterprise
SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to rea…
93.4%
Mar 19, 2025 CVE-2024-48248 NAKIVO Backup and Replication
NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files.
94.0%
Mar 19, 2025 CVE-2025-1316 Edimax IC-7100 IP Camera
Edimax IC-7100 IP Camera OS Command Injection Vulnerability
Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially c…
86.7%
Mar 18, 2025 CVE-2025-24472
Ransomware
Fortinet FortiOS and FortiProxy
network vpn remote
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
10.4%
Mar 18, 2025 CVE-2025-30066 tj-actions changed-files GitHub Action
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs.…
91.5%
Mar 13, 2025 CVE-2025-21590 Juniper Junos OS
network
Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary co…
1.7%
Mar 13, 2025 CVE-2025-24201 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Conten…
0.2%
Mar 11, 2025 CVE-2025-24983 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Win32k Use-After-Free Vulnerability
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
1.8%
Mar 11, 2025 CVE-2025-24984 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTFS Information Disclosure Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose inf…
4.3%
Mar 11, 2025 CVE-2025-24985 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.
2.1%
Mar 11, 2025 CVE-2025-24991 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally.
1.6%
Mar 11, 2025 CVE-2025-24993 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.
2.5%
Mar 11, 2025 CVE-2025-26633
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
45.3%
Mar 10, 2025 CVE-2024-13159 Ivanti Endpoint Manager (EPM)
endpoint vpn remote
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
94.0%
Mar 10, 2025 CVE-2024-13160 Ivanti Endpoint Manager (EPM)
endpoint vpn remote
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
93.8%
Mar 10, 2025 CVE-2024-13161 Ivanti Endpoint Manager (EPM)
endpoint vpn remote
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
91.8%
Mar 10, 2025 CVE-2024-57968 Advantive VeraCore
Advantive VeraCore Unrestricted File Upload Vulnerability
Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx.
41.1%
Mar 10, 2025 CVE-2025-25181 Advantive VeraCore
Advantive VeraCore SQL Injection Vulnerability
Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.
72.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.