Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jul 10, 2025 |
CVE-2025-5777
Ransomware |
Citrix NetScaler ADC and Gateway |
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScale…
|
— | 71.5% |
| Jul 7, 2025 | CVE-2014-3931 | Looking Glass Multi-Router Looking Glass (MRLG) |
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
|
— | 50.0% |
| Jul 7, 2025 | CVE-2016-10033 | PHP PHPMailer |
PHPMailer Command Injection Vulnerability
PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.p…
|
— | 94.4% |
| Jul 7, 2025 | CVE-2019-5418 | Rails Ruby on Rails |
Rails Ruby on Rails Path Traversal Vulnerability
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files …
|
— | 94.3% |
| Jul 7, 2025 | CVE-2019-9621 | Synacor Zimbra Collaboration Suite (ZCS) |
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.
|
— | 94.1% |
| Jul 2, 2025 | CVE-2025-6554 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could aff…
|
— | 1.6% |
| Jul 1, 2025 | CVE-2025-48927 | TeleMessage TM SGNL |
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with a…
|
— | 9.5% |
| Jul 1, 2025 | CVE-2025-48928 | TeleMessage TM SGNL |
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap cont…
|
— | 8.3% |
| Jun 30, 2025 | CVE-2025-6543 | Citrix NetScaler ADC and Gateway |
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN vir…
|
— | 1.1% |
| Jun 25, 2025 |
CVE-2019-6693
Ransomware |
Fortinet FortiOS |
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of…
|
— | 72.2% |
| Jun 25, 2025 | CVE-2024-0769 | D-Link DIR-859 Router |
D-Link DIR-859 Router Path Traversal Vulnerability
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the inp…
|
— | 76.8% |
| Jun 25, 2025 | CVE-2024-54085 | AMI MegaRAC SPx |
AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of co…
|
— | 43.0% |
| Jun 17, 2025 | CVE-2023-0386 | Linux Kernel |
Linux Kernel Improper Ownership Management Vulnerability
Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel…
|
— | 48.5% |
| Jun 16, 2025 | CVE-2023-33538 | TP-Link Multiple Routers |
TP-Link Multiple Routers Command Injection Vulnerability
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be …
|
— | 90.1% |
| Jun 16, 2025 | CVE-2025-43200 | Apple Multiple Products |
Apple Multiple Products Unspecified Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
|
— | 0.9% |
| Jun 10, 2025 | CVE-2025-24016 | Wazuh Wazuh Server |
Wazuh Server Deserialization of Untrusted Data Vulnerability
Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.
|
— | 93.9% |
| Jun 10, 2025 | CVE-2025-33053 | Microsoft Windows |
Microsoft Windows External Control of File Name or Path Vulnerability
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the Worki…
|
— | 50.3% |
| Jun 9, 2025 | CVE-2024-42009 | Roundcube Webmail |
RoundCube Webmail Cross-Site Scripting Vulnerability
RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message…
|
— | 91.4% |
| Jun 9, 2025 | CVE-2025-32433 | Erlang Erlang/OTP |
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid creden…
|
— | 62.6% |
| Jun 5, 2025 | CVE-2025-5419 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This v…
|
— | 3.8% |
| Jun 3, 2025 | CVE-2025-21479 | Qualcomm Multiple Chipsets |
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode…
|
— | 0.2% |
| Jun 3, 2025 | CVE-2025-21480 | Qualcomm Multiple Chipsets |
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode…
|
— | 2.0% |
| Jun 3, 2025 | CVE-2025-27038 | Qualcomm Multiple Chipsets |
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
|
— | 1.4% |
| Jun 2, 2025 | CVE-2021-32030 | ASUS Routers |
ASUS Routers Improper Authentication Vulnerability
ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The…
|
— | 94.2% |
| Jun 2, 2025 | CVE-2023-39780 | ASUS RT-AX55 Routers |
ASUS RT-AX55 Routers OS Command Injection Vulnerability
ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-4134…
|
— | 47.1% |
| Jun 2, 2025 | CVE-2024-56145 | Craft CMS Craft CMS |
Craft CMS Code Injection Vulnerability
Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` ena…
|
— | 93.9% |
| Jun 2, 2025 | CVE-2025-35939 | Craft CMS Craft CMS |
Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, su…
|
— | 39.4% |
| Jun 2, 2025 | CVE-2025-3935 | ConnectWise ScreenConnect |
ConnectWise ScreenConnect Improper Authentication Vulnerability
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execut…
|
— | 6.1% |
| May 22, 2025 | CVE-2025-4632 | Samsung MagicINFO 9 Server |
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
|
— | 42.6% |
| May 19, 2025 | CVE-2023-38950 | ZKTeco BioTime |
ZKTeco BioTime Path Traversal Vulnerability
ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.
|
— | 84.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.