Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 10, 2025 | CVE-2025-33053 | Microsoft Windows |
Microsoft Windows External Control of File Name or Path Vulnerability
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the Worki…
|
— | 50.3% |
| May 19, 2025 | CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) |
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper cre…
|
— | 91.3% |
| May 19, 2025 | CVE-2025-4428 | Ivanti Endpoint Manager Mobile (EPMM) |
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via cra…
|
— | 41.0% |
| May 13, 2025 | CVE-2025-30397 | Microsoft Windows |
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.
|
— | 20.7% |
| May 13, 2025 | CVE-2025-30400 | Microsoft Windows |
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 0.9% |
| May 13, 2025 | CVE-2025-32701 | Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 1.9% |
| May 13, 2025 | CVE-2025-32706 | Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 1.1% |
| May 13, 2025 | CVE-2025-32709 | Microsoft Windows |
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
|
— | 1.0% |
| Apr 17, 2025 | CVE-2025-24054 | Microsoft Windows |
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.
|
— | 8.0% |
| Apr 17, 2025 | CVE-2025-31200 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafte…
|
— | 1.7% |
| Apr 17, 2025 | CVE-2025-31201 | Apple Multiple Products |
Apple Multiple Products Arbitrary Read and Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
|
— | 3.4% |
| Apr 8, 2025 |
CVE-2025-29824
Ransomware |
Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 0.8% |
| Apr 4, 2025 |
CVE-2025-22457
Ransomware |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways |
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code ex…
|
— | 58.9% |
| Mar 13, 2025 | CVE-2025-24201 | Apple Multiple Products |
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Conten…
|
— | 0.2% |
| Mar 11, 2025 | CVE-2025-24983 | Microsoft Windows |
Microsoft Windows Win32k Use-After-Free Vulnerability
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
|
— | 1.8% |
| Mar 11, 2025 | CVE-2025-24984 | Microsoft Windows |
Microsoft Windows NTFS Information Disclosure Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose inf…
|
— | 4.3% |
| Mar 11, 2025 | CVE-2025-24985 | Microsoft Windows |
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.
|
— | 2.1% |
| Mar 11, 2025 | CVE-2025-24991 | Microsoft Windows |
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally.
|
— | 1.6% |
| Mar 11, 2025 | CVE-2025-24993 | Microsoft Windows |
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.
|
— | 2.5% |
| Mar 11, 2025 |
CVE-2025-26633
Ransomware |
Microsoft Windows |
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
|
— | 45.3% |
| Mar 10, 2025 | CVE-2024-13159 | Ivanti Endpoint Manager (EPM) |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
|
— | 94.0% |
| Mar 10, 2025 | CVE-2024-13160 | Ivanti Endpoint Manager (EPM) |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
|
— | 93.8% |
| Mar 10, 2025 | CVE-2024-13161 | Ivanti Endpoint Manager (EPM) |
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
|
— | 91.8% |
| Mar 3, 2025 |
CVE-2018-8639
Ransomware |
Microsoft Windows |
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully ex…
|
— | 33.2% |
| Feb 25, 2025 | CVE-2024-49035 | Microsoft Partner Center |
Microsoft Partner Center Improper Access Control Vulnerability
Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
|
— | 6.2% |
| Feb 21, 2025 | CVE-2025-24989 | Microsoft Power Pages |
Microsoft Power Pages Improper Access Control Vulnerability
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user re…
|
— | 31.6% |
| Feb 12, 2025 | CVE-2025-24200 | Apple iOS and iPadOS |
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
|
— | 48.4% |
| Feb 11, 2025 | CVE-2025-21391 | Microsoft Windows |
Microsoft Windows Storage Link Following Vulnerability
Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including da…
|
— | 4.7% |
| Feb 11, 2025 | CVE-2025-21418 | Microsoft Windows |
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain…
|
— | 10.3% |
| Feb 6, 2025 | CVE-2020-15069 | Sophos XG Firewall |
Sophos XG Firewall Buffer Overflow Vulnerability
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
|
— | 82.6% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.