1,619 totalEPSS avg 51.6%

KEVKnown Exploited Vulnerabilities

CISA’s actively-exploited catalogue · refreshed weekly · authored by Adam Lundqvist

VendorEPSS ≥0%Since

Showing 1,619 of 1,619 · page 3 of 33

CVE	Vendor / Product	Title	KEV added	EPSS
CVE-2026-2441	Google / Chromium	Google Chromium CSS Use-After-Free Vulnerability	2026-02-17	22.0%
CVE-2026-1731	BeyondTrust / Remote Support (RS) and Privileged Remote Access (PRA)	BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command…	2026-02-13	86.1%
CVE-2024-43468	Microsoft / Configuration Manager	Microsoft Configuration Manager SQL Injection Vulnerability	2026-02-12	60.7%
CVE-2025-15556	Notepad++ / Notepad++	Notepad++ Download of Code Without Integrity Check Vulnerability	2026-02-12	1.3%
CVE-2025-40536	SolarWinds / Web Help Desk	SolarWinds Web Help Desk Security Control Bypass Vulnerability	2026-02-12	81.6%
CVE-2026-20700	Apple / Multiple Products	Apple Multiple Buffer Overflow Vulnerability	2026-02-12	1.3%
CVE-2026-21510	Microsoft / Windows	Microsoft Windows Shell Protection Mechanism Failure Vulnerability	2026-02-10	25.8%
CVE-2026-21513	Microsoft / Windows	Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability	2026-02-10	15.4%
CVE-2026-21514	Microsoft / Office	Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vul…	2026-02-10	1.5%
CVE-2026-21519	Microsoft / Windows	Microsoft Windows Type Confusion Vulnerability	2026-02-10	2.4%
CVE-2026-21525	Microsoft / Windows	Microsoft Windows NULL Pointer Dereference Vulnerability	2026-02-10	5.0%
CVE-2026-21533	Microsoft / Windows	Microsoft Windows Improper Privilege Management Vulnerability	2026-02-10	3.8%
CVE-2025-11953	React Native Community / CLI	React Native Community CLI OS Command Injection Vulnerability	2026-02-05	61.9%
CVE-2026-24423	SmarterTools / SmarterMail	SmarterTools SmarterMail Missing Authentication for Critical Function Vulnera…	2026-02-05	87.7%
CVE-2019-19006	sangoma / freepbx	CVE-2019-19006	2026-02-03	35.8%
CVE-2021-39935	GitLab / Community and Enterprise Editions	GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) V…	2026-02-03	30.5%
CVE-2025-40551	SolarWinds / Web Help Desk	SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability	2026-02-03	84.1%
CVE-2025-64328	Sangoma / FreePBX	Sangoma FreePBX OS Command Injection Vulnerability	2026-02-03	84.1%
CVE-2026-1281	Ivanti / Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability	2026-01-29	81.2%
CVE-2026-24858	Fortinet / Multiple Products	Fortinet Multiple Products Authentication Bypass Using an Alternate Path or C…	2026-01-27	55.1%
CVE-2018-14634	Linux / Kernel	Linux Kernel Integer Overflow Vulnerability	2026-01-26	14.8%
CVE-2025-52691	SmarterTools / SmarterMail	SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vuln…	2026-01-26	85.5%
CVE-2026-21509	Microsoft / Office	Microsoft Office Security Feature Bypass Vulnerability	2026-01-26	72.2%
CVE-2026-23760	SmarterTools / SmarterMail	SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Cha…	2026-01-26	96.3%
CVE-2026-24061	GNU / InetUtils	GNU InetUtils Argument Injection Vulnerability	2026-01-26	98.9%
CVE-2024-37079	Broadcom / VMware vCenter Server	Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability	2026-01-23	22.4%
CVE-2025-31125	Vite / Vitejs	Vite Vitejs Improper Access Control Vulnerability	2026-01-22	59.6%
CVE-2025-34026	Versa / Concerto	Versa Concerto Improper Authentication Vulnerability	2026-01-22	83.4%
CVE-2025-54313	Prettier / eslint-config-prettier	Prettier eslint-config-prettier Embedded Malicious Code Vulnerability	2026-01-22	4.1%
CVE-2025-68645	Synacor / Zimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability	2026-01-22	31.8%
CVE-2026-20045	Cisco / Unified Communications Manager	Cisco Unified Communications Products Code Injection Vulnerability	2026-01-21	4.3%
CVE-2026-20805	Microsoft / Windows	Microsoft Windows Information Disclosure Vulnerability	2026-01-13	5.0%
CVE-2025-8110	Gogs / Gogs	Gogs Path Traversal Vulnerability	2026-01-12	76.9%
CVE-2009-0556	Microsoft / Office	Microsoft Office PowerPoint Code Injection Vulnerability	2026-01-07	67.5%
CVE-2025-37164	Hewlett Packard Enterprise (HPE) / OneView	Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability	2026-01-07	89.7%
CVE-2025-14847	MongoDB / MongoDB and MongoDB Server	MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistenc…	2025-12-29	83.0%
CVE-2023-52163	Digiever / DS-2105 Pro	Digiever DS-2105 Pro Missing Authorization Vulnerability	2025-12-22	96.3%
CVE-2025-14733	WatchGuard / Firebox	WatchGuard Firebox Out of Bounds Write Vulnerability	2025-12-19	17.5%
CVE-2025-20393	Cisco / Multiple Products	Cisco Multiple Products Improper Input Validation Vulnerability	2025-12-17	29.1%
CVE-2025-40602	SonicWall / SMA1000 appliance	SonicWall SMA1000 Missing Authorization Vulnerability	2025-12-17	1.9%
CVE-2025-59374	ASUS / Live Update	ASUS Live Update Embedded Malicious Code Vulnerability	2025-12-17	1.1%
CVE-2025-59718	Fortinet / Multiple Products	Fortinet Multiple Products Improper Verification of Cryptographic Signature V…	2025-12-16	63.5%
CVE-2025-14611	Gladinet / CentreStack and Triofox	Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability	2025-12-15	50.9%
CVE-2025-43529	Apple / Multiple Products	Apple Multiple Products Use-After-Free WebKit Vulnerability	2025-12-15	8.0%
CVE-2018-4063	Sierra Wireless / AirLink ALEOS	Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type…	2025-12-12	28.1%
CVE-2025-14174	Google / Chromium	Google Chromium Out of Bounds Memory Access Vulnerability	2025-12-12	22.2%
CVE-2025-58360	OSGeo / GeoServer	OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnera…	2025-12-11	66.8%
CVE-2025-6218	RARLAB / WinRAR	RARLAB WinRAR Path Traversal Vulnerability	2025-12-09	81.5%
CVE-2025-62221	Microsoft / Windows	Microsoft Windows Use After Free Vulnerability	2025-12-09	2.3%
CVE-2022-37055	D-Link / Routers	D-Link Routers Buffer Overflow Vulnerability	2025-12-08	57.0%

Sourced from CISA Known Exploited Vulnerabilities — current weekly refresh. EPSS scores from FIRST.org via epss.cyentia.com. Curated by Adam Lundqvist, Founder at SQUR.