1,619 totalEPSS avg 51.6%

KEVKnown Exploited Vulnerabilities

CISA’s actively-exploited catalogue · refreshed weekly · authored by Adam Lundqvist

Showing 1,619 of 1,619 · page 6 of 33

CVEVendor / ProductTitleKEV addedEPSS
CVE-2024-0769D-Link / DIR-859 Router D-Link DIR-859 Router Path Traversal Vulnerability2025-06-25
82.7%
CVE-2024-54085AMI / MegaRAC SPxAMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability2025-06-25
61.2%
CVE-2023-0386Linux / KernelLinux Kernel Improper Ownership Management Vulnerability2025-06-17
7.9%
CVE-2023-33538TP-Link / Multiple RoutersTP-Link Multiple Routers Command Injection Vulnerability2025-06-16
42.6%
CVE-2025-43200Apple / Multiple ProductsApple Multiple Products Unspecified Vulnerability2025-06-16
1.0%
CVE-2025-24016Wazuh / Wazuh ServerWazuh Server Deserialization of Untrusted Data Vulnerability2025-06-10
92.6%
CVE-2025-33053Microsoft / Windows Microsoft Windows External Control of File Name or Path Vulnerability2025-06-10
81.6%
CVE-2024-42009Roundcube / WebmailRoundCube Webmail Cross-Site Scripting Vulnerability2025-06-09
82.9%
CVE-2025-32433Erlang / Erlang/OTPErlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vul…2025-06-09
97.7%
CVE-2025-5419Google / Chromium V8Google Chromium V8 Out-of-Bounds Read and Write Vulnerability2025-06-05
6.5%
CVE-2025-21479Qualcomm / Multiple ChipsetsQualcomm Multiple Chipsets Incorrect Authorization Vulnerability2025-06-03
0.7%
CVE-2025-21480Qualcomm / Multiple ChipsetsQualcomm Multiple Chipsets Incorrect Authorization Vulnerability2025-06-03
0.4%
CVE-2025-27038Qualcomm / Multiple ChipsetsQualcomm Multiple Chipsets Use-After-Free Vulnerability2025-06-03
0.8%
CVE-2021-32030ASUS / RoutersASUS Routers Improper Authentication Vulnerability2025-06-02
99.4%
CVE-2023-39780ASUS / RT-AX55 RoutersASUS RT-AX55 Routers OS Command Injection Vulnerability2025-06-02
32.2%
CVE-2024-56145Craft CMS / Craft CMSCraft CMS Code Injection Vulnerability2025-06-02
97.4%
CVE-2025-35939Craft CMS / Craft CMSCraft CMS External Control of Assumed-Immutable Web Parameter Vulnerability2025-06-02
1.1%
CVE-2025-3935ConnectWise / ScreenConnectConnectWise ScreenConnect Improper Authentication Vulnerability2025-06-02
3.3%
CVE-2025-4632Samsung / MagicINFO 9 ServerSamsung MagicINFO 9 Server Path Traversal Vulnerability2025-05-22
23.2%
CVE-2023-38950ZKTeco / BioTimeZKTeco BioTime Path Traversal Vulnerability2025-05-19
84.9%
CVE-2024-11182MDaemon / Email ServerMDaemon Email Server Cross-Site Scripting (XSS) Vulnerability2025-05-19
16.3%
CVE-2024-27443Synacor / Zimbra Collaboration Suite (ZCS)Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerabi…2025-05-19
19.7%
CVE-2025-27920Srimax / Output MessengerSrimax Output Messenger Directory Traversal Vulnerability2025-05-19
1.8%
CVE-2025-4427Ivanti / Endpoint Manager Mobile (EPMM)Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability2025-05-19
99.6%
CVE-2025-4428Ivanti / Endpoint Manager Mobile (EPMM)Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability2025-05-19
86.9%
CVE-2024-12987DrayTek / Vigor RoutersDrayTek Vigor Routers OS Command Injection Vulnerability2025-05-15
98.1%
CVE-2025-42999SAP / NetWeaverSAP NetWeaver Deserialization Vulnerability2025-05-15
10.8%
CVE-2025-32756Fortinet / Multiple ProductsFortinet Multiple Products Stack-Based Buffer Overflow Vulnerability2025-05-14
30.1%
CVE-2025-30397Microsoft / WindowsMicrosoft Windows Scripting Engine Type Confusion Vulnerability2025-05-13
20.9%
CVE-2025-30400Microsoft / WindowsMicrosoft Windows DWM Core Library Use-After-Free Vulnerability2025-05-13
1.7%
CVE-2025-32701Microsoft / WindowsMicrosoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnera…2025-05-13
1.2%
CVE-2025-32706Microsoft / WindowsMicrosoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Over…2025-05-13
1.9%
CVE-2025-32709Microsoft / WindowsMicrosoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulner…2025-05-13
1.6%
CVE-2025-47729TeleMessage / TM SGNLTeleMessage TM SGNL Hidden Functionality Vulnerability2025-05-12
0.4%
CVE-2024-11120GeoVision / Multiple DevicesGeoVision Devices OS Command Injection Vulnerability2025-05-07
28.6%
CVE-2024-6047GeoVision / Multiple DevicesGeoVision Devices OS Command Injection Vulnerability2025-05-07
10.0%
CVE-2025-27363FreeType / FreeTypeFreeType Out-of-Bounds Write Vulnerability2025-05-06
23.4%
CVE-2025-3248Langflow / LangflowLangflow Missing Authentication Vulnerability2025-05-05
100.0%
CVE-2024-58136Yiiframework / YiiYiiframework Yii Improper Protection of Alternate Path Vulnerability2025-05-02
87.7%
CVE-2025-34028Commvault / Command CenterCommvault Command Center Path Traversal Vulnerability2025-05-02
97.1%
CVE-2023-44221SonicWall / SMA100 AppliancesSonicWall SMA100 Appliances OS Command Injection Vulnerability2025-05-01
75.1%
CVE-2024-38475Apache / HTTP ServerApache HTTP Server Improper Escaping of Output Vulnerability2025-05-01
100.0%
CVE-2025-31324SAP / NetWeaverSAP NetWeaver Unrestricted File Upload Vulnerability2025-04-29
99.3%
CVE-2025-1976Broadcom / Brocade Fabric OSBroadcom Brocade Fabric OS Code Injection Vulnerability2025-04-28
0.7%
CVE-2025-3928Commvault / Web ServerCommvault Web Server Unspecified Vulnerability2025-04-28
1.9%
CVE-2025-42599Qualitia / Active! MailQualitia Active! Mail Stack-Based Buffer Overflow Vulnerability2025-04-28
3.0%
CVE-2025-24054Microsoft / WindowsMicrosoft Windows NTLM Hash Disclosure Spoofing Vulnerability2025-04-17
59.0%
CVE-2025-31200Apple / Multiple ProductsApple Multiple Products Memory Corruption Vulnerability2025-04-17
21.3%
CVE-2025-31201Apple / Multiple ProductsApple Multiple Products Arbitrary Read and Write Vulnerability2025-04-17
12.4%
CVE-2021-20035SonicWall / SMA100 AppliancesSonicWall SMA100 Appliances OS Command Injection Vulnerability2025-04-16
3.9%
Sourced from CISA Known Exploited Vulnerabilities — current weekly refresh. EPSS scores from FIRST.org via epss.cyentia.com. Curated by Adam Lundqvist, Founder at SQUR.