CISA KEV Dashboard
Known Exploited Vulnerabilities — Updated Automatically. View ransomware-associated CVEs, recent additions, timelines, and more.
Total KEV Entries
1464
Recent (30 days)
—
Ransomware-Linked
—
Last Added
—
| CVE | Vendor | Product | Name | Added | Due | Risk |
|---|---|---|---|---|---|---|
| CVE-2021-26829 | OpenPLC | ScadaBR | OpenPLC ScadaBR Cross-site Scripting Vulnerability | Nov. 28, 2025 | Dec. 19, 2025 | Low |
| CVE-2025-61757 | Oracle | Fusion Middleware | Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability | Nov. 21, 2025 | Dec. 12, 2025 | Due ≤ 30d |
| CVE-2025-13223 | Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | Nov. 19, 2025 | Dec. 10, 2025 | Due ≤ 30d | |
| CVE-2025-58034 | Fortinet | FortiWeb | Fortinet FortiWeb OS Command Injection Vulnerability | Nov. 18, 2025 | Nov. 25, 2025 | Overdue |
| CVE-2025-64446 | Fortinet | FortiWeb | Fortinet FortiWeb Path Traversal Vulnerability | Nov. 14, 2025 | Nov. 21, 2025 | Overdue |
| CVE-2025-12480 | Gladinet | Triofox | Gladinet Triofox Improper Access Control Vulnerability | Nov. 12, 2025 | Dec. 3, 2025 | Due ≤ 14d |
| CVE-2025-62215 | Microsoft | Windows | Microsoft Windows Race Condition Vulnerability | Nov. 12, 2025 | Dec. 3, 2025 | Due ≤ 14d |
| CVE-2025-9242 | WatchGuard | Firebox | WatchGuard Firebox Out-of-Bounds Write Vulnerability | Nov. 12, 2025 | Dec. 3, 2025 | Due ≤ 14d |
| CVE-2025-21042 | Samsung | Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | Nov. 10, 2025 | Dec. 1, 2025 | Due ≤ 14d |
| CVE-2025-48703 | CWP | Control Web Panel | CWP Control Web Panel OS Command Injection Vulnerability | Nov. 4, 2025 | Nov. 25, 2025 | Overdue |
| CVE-2025-11371 | Gladinet | CentreStack and Triofox | Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability | Nov. 4, 2025 | Nov. 25, 2025 | Overdue |
| CVE-2025-41244 | Broadcom | VMware Aria Operations and VMware Tools | Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability | Oct. 30, 2025 | Nov. 20, 2025 | Overdue |
| CVE-2025-24893 | XWiki | Platform | XWiki Platform Eval Injection Vulnerability | Oct. 30, 2025 | Nov. 20, 2025 | Overdue |
| CVE-2025-6204 | Dassault Systèmes | DELMIA Apriso | Dassault Systèmes DELMIA Apriso Code Injection Vulnerability | Oct. 28, 2025 | Nov. 18, 2025 | Overdue |
| CVE-2025-6205 | Dassault Systèmes | DELMIA Apriso | Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability | Oct. 28, 2025 | Nov. 18, 2025 | Overdue |
| CVE-2025-54236 | Adobe | Commerce and Magento | Adobe Commerce and Magento Improper Input Validation Vulnerability | Oct. 24, 2025 | Nov. 14, 2025 | Overdue |
| CVE-2025-59287 | Microsoft | Windows | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability | Oct. 24, 2025 | Nov. 14, 2025 | Overdue |
| CVE-2025-61932 | Motex | LANSCOPE Endpoint Manager | Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability | Oct. 22, 2025 | Nov. 12, 2025 | Overdue |
| CVE-2022-48503 | Apple | Multiple Products | Apple Multiple Products Unspecified Vulnerability | Oct. 20, 2025 | Nov. 10, 2025 | Overdue |
| CVE-2025-2746 | Kentico | Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | Oct. 20, 2025 | Nov. 10, 2025 | Overdue |
| CVE-2025-2747 | Kentico | Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | Oct. 20, 2025 | Nov. 10, 2025 | Overdue |
| CVE-2025-33073 | Microsoft | Windows | Microsoft Windows SMB Client Improper Access Control Vulnerability | Oct. 20, 2025 | Nov. 10, 2025 | Overdue |
| CVE-2025-61884 | Oracle | E-Business Suite | Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability | Oct. 20, 2025 | Nov. 10, 2025 | Overdue |
| CVE-2025-54253 | Adobe | Experience Manager (AEM) Forms | Adobe Experience Manager Forms Code Execution Vulnerability | Oct. 15, 2025 | Nov. 5, 2025 | Overdue |
| CVE-2025-47827 | IGEL | IGEL OS | IGEL OS Use of a Key Past its Expiration Date Vulnerability | Oct. 14, 2025 | Nov. 4, 2025 | Overdue |
| CVE-2025-24990 | Microsoft | Windows | Microsoft Windows Untrusted Pointer Dereference Vulnerability | Oct. 14, 2025 | Nov. 4, 2025 | Overdue |
| CVE-2025-59230 | Microsoft | Windows | Microsoft Windows Improper Access Control Vulnerability | Oct. 14, 2025 | Nov. 4, 2025 | Overdue |
| CVE-2016-7836 | SKYSEA | Client View | SKYSEA Client View Improper Authentication Vulnerability | Oct. 14, 2025 | Nov. 4, 2025 | Overdue |
| CVE-2021-43798 | Grafana Labs | Grafana | Grafana Path Traversal Vulnerability | Oct. 9, 2025 | Oct. 30, 2025 | Overdue |
| CVE-2025-27915 | Synacor | Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | Oct. 7, 2025 | Oct. 28, 2025 | Overdue |
| CVE-2021-22555 | Linux | Kernel | Linux Kernel Heap Out-of-Bounds Write Vulnerability | Oct. 6, 2025 | Oct. 27, 2025 | Overdue |
| CVE-2010-3962 | Microsoft | Internet Explorer | Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability | Oct. 6, 2025 | Oct. 27, 2025 | Overdue |
| CVE-2021-43226 | Microsoft | Windows | Microsoft Windows Privilege Escalation Vulnerability | Oct. 6, 2025 | Oct. 27, 2025 | Overdue |
| CVE-2013-3918 | Microsoft | Windows | Microsoft Windows Out-of-Bounds Write Vulnerability | Oct. 6, 2025 | Oct. 27, 2025 | Overdue |
| CVE-2011-3402 | Microsoft | Windows | Microsoft Windows Remote Code Execution Vulnerability | Oct. 6, 2025 | Oct. 27, 2025 | Overdue |
| CVE-2010-3765 | Mozilla | Multiple Products | Mozilla Multiple Products Remote Code Execution Vulnerability | Oct. 6, 2025 | Oct. 27, 2025 | Overdue |
| CVE-2025-61882 | Oracle | E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | Oct. 6, 2025 | Oct. 27, 2025 | Overdue |
| CVE-2014-6278 | GNU | GNU Bash | GNU Bash OS Command Injection Vulnerability | Oct. 2, 2025 | Oct. 23, 2025 | Overdue |
| CVE-2017-1000353 | Jenkins | Jenkins | Jenkins Remote Code Execution Vulnerability | Oct. 2, 2025 | Oct. 23, 2025 | Overdue |
| CVE-2015-7755 | Juniper | ScreenOS | Juniper ScreenOS Improper Authentication Vulnerability | Oct. 2, 2025 | Oct. 23, 2025 | Overdue |
| CVE-2025-21043 | Samsung | Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | Oct. 2, 2025 | Oct. 23, 2025 | Overdue |
| CVE-2025-4008 | Smartbedded | Meteobridge | Smartbedded Meteobridge Command Injection Vulnerability | Oct. 2, 2025 | Oct. 23, 2025 | Overdue |
| CVE-2025-32463 | Sudo | Sudo | Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability | Sept. 29, 2025 | Oct. 20, 2025 | Overdue |
| CVE-2025-59689 | Libraesva | Email Security Gateway | Libraesva Email Security Gateway Command Injection Vulnerability | Sept. 29, 2025 | Oct. 20, 2025 | Overdue |
| CVE-2025-10035 | Fortra | GoAnywhere MFT | Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability | Sept. 29, 2025 | Oct. 20, 2025 | Overdue |
| CVE-2025-20352 | Cisco | IOS and IOS XE | Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability | Sept. 29, 2025 | Oct. 20, 2025 | Overdue |
| CVE-2021-21311 | Adminer | Adminer | Adminer Server-Side Request Forgery Vulnerability | Sept. 29, 2025 | Oct. 20, 2025 | Overdue |
| CVE-2025-20362 | Cisco | Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability | Sept. 25, 2025 | Sept. 26, 2025 | Overdue |
| CVE-2025-20333 | Cisco | Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability | Sept. 25, 2025 | Sept. 26, 2025 | Overdue |
| CVE-2025-10585 | Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | Sept. 23, 2025 | Oct. 14, 2025 | Overdue |
Page of