Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 211–240 of 1,619 CVEs · Page 8 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Sep 3, 2025 CVE-2025-9377 TP-Link Multiple Routers
network
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL)…
26.9%
Sep 2, 2025 CVE-2020-24363 TP-Link TL-WA855RE
network
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submi…
11.4%
Sep 2, 2025 CVE-2025-55177 Meta Platforms WhatsApp
Meta Platforms WhatsApp Incorrect Authorization Vulnerability
Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could al…
0.8%
Aug 29, 2025 CVE-2025-57819 Sangoma FreePBX
Sangoma FreePBX Authentication Bypass Vulnerability
Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading t…
76.7%
Aug 26, 2025 CVE-2025-7775 Citrix NetScaler
enterprise vpn remote
Citrix NetScaler Memory Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
7.8%
Aug 25, 2025 CVE-2024-8068 Citrix Session Recording
enterprise vpn remote
Citrix Session Recording Improper Privilege Management Vulnerability
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an…
8.1%
Aug 25, 2025 CVE-2024-8069 Citrix Session Recording
enterprise vpn remote
Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. At…
48.3%
Aug 25, 2025 CVE-2025-48384 Git Git
Git Link Following Vulnerability
Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files.
0.6%
Aug 21, 2025 CVE-2025-43300 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
4.4%
Aug 18, 2025 CVE-2025-54948 Trend Micro Apex One
endpoint
Trend Micro Apex One OS Command Injection Vulnerability
Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code a…
13.9%
Aug 13, 2025 CVE-2025-8875 N-able N-Central
N-able N-Central Insecure Deserialization Vulnerability
N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.
3.8%
Aug 13, 2025 CVE-2025-8876 N-able N-Central
N-able N-Central Command Injection Vulnerability
N-able N-Central contains a command injection vulnerability via improper sanitization of user input.
11.7%
Aug 12, 2025 CVE-2007-0671 Microsoft Office
endpoint m365 smb essential
Microsoft Office Excel Remote Code Execution Vulnerability
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered a…
52.3%
Aug 12, 2025 CVE-2013-3893 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-servic…
84.9%
Aug 12, 2025 CVE-2025-8088 RARLAB WinRAR
RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting mal…
11.6%
Aug 5, 2025 CVE-2020-25078 D-Link DCS-2530L and DCS-2670L Devices
network
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-l…
94.1%
Aug 5, 2025 CVE-2020-25079 D-Link DCS-2530L and DCS-2670L Devices
network
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-servi…
41.9%
Aug 5, 2025 CVE-2022-40799 D-Link DNR-322L
network
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impact…
57.0%
Jul 28, 2025 CVE-2023-2533 PaperCut NG/MF
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or exe…
36.3%
Jul 28, 2025 CVE-2025-20281 Cisco Identity Services Engine
network
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing …
33.5%
Jul 28, 2025 CVE-2025-20337 Cisco Identity Services Engine
network
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing …
1.4%
Jul 22, 2025 CVE-2025-2775 SysAid SysAid On-Prem
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover…
69.3%
Jul 22, 2025 CVE-2025-2776 SysAid SysAid On-Prem
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeo…
62.6%
Jul 22, 2025 CVE-2025-49704
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Code Injection Vulnerability
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2…
59.6%
Jul 22, 2025 CVE-2025-49706
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Improper Authentication Vulnerability
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow…
73.8%
Jul 22, 2025 CVE-2025-54309 CrushFTP CrushFTP
CrushFTP Unprotected Alternate Channel Vulnerability
CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obt…
76.8%
Jul 22, 2025 CVE-2025-6558 Google Chromium
browser smb essential
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via …
0.3%
Jul 20, 2025 CVE-2025-53770
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This v…
88.2%
Jul 18, 2025 CVE-2025-25257 Fortinet FortiWeb
network vpn remote
Fortinet FortiWeb SQL Injection Vulnerability
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
26.2%
Jul 14, 2025 CVE-2025-47812 Wing FTP Server Wing FTP Server
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability
Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be…
92.9%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.