Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 4, 2025 | CVE-2024-50302 | Linux Kernel |
Linux Kernel Use of Uninitialized Resource Vulnerability
The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.
|
— | 2.6% |
| Mar 4, 2025 | CVE-2025-22224 | VMware ESXi and Workstation |
VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an atta…
|
— | 46.8% |
| Mar 4, 2025 |
CVE-2025-22225
Ransomware |
VMware ESXi |
VMware ESXi Arbitrary Write Vulnerability
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leadi…
|
— | 9.8% |
| Mar 4, 2025 | CVE-2025-22226 | VMware ESXi, Workstation, and Fusion |
VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administ…
|
— | 4.2% |
| Mar 3, 2025 |
CVE-2018-8639
Ransomware |
Microsoft Windows |
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully ex…
|
— | 33.2% |
| Mar 3, 2025 | CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics (BA) Server |
Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitra…
|
— | 94.0% |
| Mar 3, 2025 | CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics (BA) Server |
Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.
|
— | 93.3% |
| Mar 3, 2025 | CVE-2023-20118 | Cisco Small Business RV Series Routers |
Cisco Small Business RV Series Routers Command Injection Vulnerability
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authentica…
|
— | 3.8% |
| Mar 3, 2025 | CVE-2024-4885 | Progress WhatsUp Gold |
Progress WhatsUp Gold Path Traversal Vulnerability
Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.
|
— | 94.3% |
| Feb 25, 2025 | CVE-2023-34192 | Synacor Zimbra Collaboration Suite (ZCS) |
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted sc…
|
— | 89.6% |
| Feb 25, 2025 | CVE-2024-49035 | Microsoft Partner Center |
Microsoft Partner Center Improper Access Control Vulnerability
Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
|
— | 6.2% |
| Feb 24, 2025 | CVE-2017-3066 | Adobe ColdFusion |
Adobe ColdFusion Deserialization Vulnerability
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
|
— | 93.7% |
| Feb 24, 2025 | CVE-2024-20953 | Oracle Agile Product Lifecycle Management (PLM) |
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the syste…
|
— | 67.9% |
| Feb 21, 2025 | CVE-2025-24989 | Microsoft Power Pages |
Microsoft Power Pages Improper Access Control Vulnerability
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user re…
|
— | 31.6% |
| Feb 20, 2025 | CVE-2025-0111 | Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS File Read Vulnerability
Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the man…
|
— | 3.7% |
| Feb 20, 2025 | CVE-2025-23209 | Craft CMS Craft CMS |
Craft CMS Code Injection Vulnerability
Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution.
|
— | 16.4% |
| Feb 18, 2025 |
CVE-2024-53704
Ransomware |
SonicWall SonicOS |
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
|
— | 93.9% |
| Feb 18, 2025 | CVE-2025-0108 | Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network acces…
|
— | 94.1% |
| Feb 13, 2025 |
CVE-2024-57727
Ransomware |
SimpleHelp SimpleHelp |
SimpleHelp Path Traversal Vulnerability
SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp hos…
|
— | 94.0% |
| Feb 12, 2025 | CVE-2024-41710 | Mitel SIP Phones |
Mitel SIP Phones Argument Injection Vulnerability
Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitiza…
|
— | 19.7% |
| Feb 12, 2025 | CVE-2025-24200 | Apple iOS and iPadOS |
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
|
— | 48.4% |
| Feb 11, 2025 | CVE-2024-40890 | Zyxel DSL CPE Devices |
Zyxel DSL CPE OS Command Injection Vulnerability
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands v…
|
— | 45.9% |
| Feb 11, 2025 | CVE-2024-40891 | Zyxel DSL CPE Devices |
Zyxel DSL CPE OS Command Injection Vulnerability
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS co…
|
— | 53.2% |
| Feb 11, 2025 | CVE-2025-21391 | Microsoft Windows |
Microsoft Windows Storage Link Following Vulnerability
Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including da…
|
— | 4.7% |
| Feb 11, 2025 | CVE-2025-21418 | Microsoft Windows |
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain…
|
— | 10.3% |
| Feb 7, 2025 | CVE-2025-0994 | Trimble Cityworks |
Trimble Cityworks Deserialization Vulnerability
Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Interne…
|
— | 74.9% |
| Feb 6, 2025 | CVE-2020-15069 | Sophos XG Firewall |
Sophos XG Firewall Buffer Overflow Vulnerability
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
|
— | 82.6% |
| Feb 6, 2025 | CVE-2020-29574 | Sophos CyberoamOS |
CyberoamOS (CROS) SQL Injection Vulnerability
CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
|
— | 10.1% |
| Feb 6, 2025 | CVE-2022-23748 | Audinate Dante Discovery |
Dante Discovery Process Control Vulnerability
Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the…
|
— | 10.3% |
| Feb 6, 2025 | CVE-2024-21413 | Microsoft Office Outlook |
Microsoft Outlook Improper Input Validation Vulnerability
Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker …
|
— | 93.0% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.