Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Sep 3, 2025 | CVE-2023-50224 | TP-Link TL-WR841N |
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored …
|
— | 1.5% |
| Sep 3, 2025 | CVE-2025-9377 | TP-Link Multiple Routers |
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL)…
|
— | 26.9% |
| Sep 2, 2025 | CVE-2020-24363 | TP-Link TL-WA855RE |
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submi…
|
— | 11.4% |
| Aug 5, 2025 | CVE-2020-25078 | D-Link DCS-2530L and DCS-2670L Devices |
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-l…
|
— | 94.1% |
| Aug 5, 2025 | CVE-2020-25079 | D-Link DCS-2530L and DCS-2670L Devices |
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-servi…
|
— | 41.9% |
| Aug 5, 2025 | CVE-2022-40799 | D-Link DNR-322L |
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impact…
|
— | 57.0% |
| Jul 28, 2025 | CVE-2025-20281 | Cisco Identity Services Engine |
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing …
|
— | 33.5% |
| Jul 28, 2025 | CVE-2025-20337 | Cisco Identity Services Engine |
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing …
|
— | 1.4% |
| Jul 18, 2025 | CVE-2025-25257 | Fortinet FortiWeb |
Fortinet FortiWeb SQL Injection Vulnerability
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
|
— | 26.2% |
| Jul 7, 2025 | CVE-2014-3931 | Looking Glass Multi-Router Looking Glass (MRLG) |
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
|
— | 50.0% |
| Jun 25, 2025 |
CVE-2019-6693
Ransomware |
Fortinet FortiOS |
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of…
|
— | 72.2% |
| Jun 25, 2025 | CVE-2024-0769 | D-Link DIR-859 Router |
D-Link DIR-859 Router Path Traversal Vulnerability
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the inp…
|
— | 76.8% |
| Jun 16, 2025 | CVE-2023-33538 | TP-Link Multiple Routers |
TP-Link Multiple Routers Command Injection Vulnerability
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be …
|
— | 90.1% |
| May 14, 2025 | CVE-2025-32756 | Fortinet Multiple Products |
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or c…
|
— | 19.7% |
| May 1, 2025 | CVE-2023-44221 | SonicWall SMA100 Appliances |
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative priv…
|
— | 23.1% |
| Apr 16, 2025 | CVE-2021-20035 | SonicWall SMA100 Appliances |
SonicWall SMA100 Appliances OS Command Injection Vulnerability
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a…
|
— | 12.8% |
| Mar 31, 2025 | CVE-2024-20439 | Cisco Smart Licensing Utility |
Cisco Smart Licensing Utility Static Credential Vulnerability
Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative cr…
|
— | 87.1% |
| Mar 18, 2025 |
CVE-2025-24472
Ransomware |
Fortinet FortiOS and FortiProxy |
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
|
— | 10.4% |
| Mar 13, 2025 | CVE-2025-21590 | Juniper Junos OS |
Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary co…
|
— | 1.7% |
| Mar 3, 2025 | CVE-2023-20118 | Cisco Small Business RV Series Routers |
Cisco Small Business RV Series Routers Command Injection Vulnerability
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authentica…
|
— | 3.8% |
| Feb 20, 2025 | CVE-2025-0111 | Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS File Read Vulnerability
Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the man…
|
— | 3.7% |
| Feb 18, 2025 |
CVE-2024-53704
Ransomware |
SonicWall SonicOS |
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
|
— | 93.9% |
| Feb 18, 2025 | CVE-2025-0108 | Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network acces…
|
— | 94.1% |
| Feb 6, 2025 | CVE-2020-15069 | Sophos XG Firewall |
Sophos XG Firewall Buffer Overflow Vulnerability
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
|
— | 82.6% |
| Feb 6, 2025 | CVE-2020-29574 | Sophos CyberoamOS |
CyberoamOS (CROS) SQL Injection Vulnerability
CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.
|
— | 10.1% |
| Jan 24, 2025 |
CVE-2025-23006
Ransomware |
SonicWall SMA1000 Appliances |
SonicWall SMA1000 Appliances Deserialization Vulnerability
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, una…
|
— | 50.1% |
| Jan 14, 2025 |
CVE-2024-55591
Ransomware |
Fortinet FortiOS and FortiProxy |
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted reques…
|
— | 94.1% |
| Dec 30, 2024 | CVE-2024-3393 | Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacke…
|
— | 79.7% |
| Nov 18, 2024 |
CVE-2024-0012
Ransomware |
Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrat…
|
— | 94.3% |
| Nov 18, 2024 |
CVE-2024-9474
Ransomware |
Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, …
|
— | 94.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.