Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 241–270 of 1,619 CVEs · Page 9 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jul 10, 2025 CVE-2025-5777
Ransomware
Citrix NetScaler ADC and Gateway
enterprise vpn remote
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScale…
71.5%
Jul 7, 2025 CVE-2014-3931 Looking Glass Multi-Router Looking Glass (MRLG)
network
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption.
50.0%
Jul 7, 2025 CVE-2016-10033 PHP PHPMailer
PHPMailer Command Injection Vulnerability
PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.p…
94.4%
Jul 7, 2025 CVE-2019-5418 Rails Ruby on Rails
Rails Ruby on Rails Path Traversal Vulnerability
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files …
94.3%
Jul 7, 2025 CVE-2019-9621 Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.
94.1%
Jul 2, 2025 CVE-2025-6554 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could aff…
1.6%
Jul 1, 2025 CVE-2025-48927 TeleMessage TM SGNL
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with a…
9.5%
Jul 1, 2025 CVE-2025-48928 TeleMessage TM SGNL
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap cont…
8.3%
Jun 30, 2025 CVE-2025-6543 Citrix NetScaler ADC and Gateway
enterprise vpn remote
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN vir…
1.1%
Jun 25, 2025 CVE-2019-6693
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of…
72.2%
Jun 25, 2025 CVE-2024-0769 D-Link DIR-859 Router
network
D-Link DIR-859 Router Path Traversal Vulnerability
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the inp…
76.8%
Jun 25, 2025 CVE-2024-54085 AMI MegaRAC SPx
AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of co…
43.0%
Jun 17, 2025 CVE-2023-0386 Linux Kernel
server os
Linux Kernel Improper Ownership Management Vulnerability
Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel…
48.5%
Jun 16, 2025 CVE-2023-33538 TP-Link Multiple Routers
network
TP-Link Multiple Routers Command Injection Vulnerability
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be …
90.1%
Jun 16, 2025 CVE-2025-43200 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Unspecified Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
0.9%
Jun 10, 2025 CVE-2025-24016 Wazuh Wazuh Server
Wazuh Server Deserialization of Untrusted Data Vulnerability
Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.
93.9%
Jun 10, 2025 CVE-2025-33053 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows External Control of File Name or Path Vulnerability
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the Worki…
50.3%
Jun 9, 2025 CVE-2024-42009 Roundcube Webmail
RoundCube Webmail Cross-Site Scripting Vulnerability
RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message…
91.4%
Jun 9, 2025 CVE-2025-32433 Erlang Erlang/OTP
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid creden…
62.6%
Jun 5, 2025 CVE-2025-5419 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This v…
3.8%
Jun 3, 2025 CVE-2025-21479 Qualcomm Multiple Chipsets
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode…
0.2%
Jun 3, 2025 CVE-2025-21480 Qualcomm Multiple Chipsets
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode…
2.0%
Jun 3, 2025 CVE-2025-27038 Qualcomm Multiple Chipsets
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
1.4%
Jun 2, 2025 CVE-2021-32030 ASUS Routers
ASUS Routers Improper Authentication Vulnerability
ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The…
94.2%
Jun 2, 2025 CVE-2023-39780 ASUS RT-AX55 Routers
ASUS RT-AX55 Routers OS Command Injection Vulnerability
ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-4134…
47.1%
Jun 2, 2025 CVE-2024-56145 Craft CMS Craft CMS
Craft CMS Code Injection Vulnerability
Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` ena…
93.9%
Jun 2, 2025 CVE-2025-35939 Craft CMS Craft CMS
Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, su…
39.4%
Jun 2, 2025 CVE-2025-3935 ConnectWise ScreenConnect
enterprise smb essential
ConnectWise ScreenConnect Improper Authentication Vulnerability
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execut…
6.1%
May 22, 2025 CVE-2025-4632 Samsung MagicINFO 9 Server
mobile
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
42.6%
May 19, 2025 CVE-2023-38950 ZKTeco BioTime
ZKTeco BioTime Path Traversal Vulnerability
ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.
84.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.