1,619 totalEPSS avg 51.6%

KEVKnown Exploited Vulnerabilities

CISA’s actively-exploited catalogue · refreshed weekly · authored by Adam Lundqvist

VendorEPSS ≥0%Since

Showing 1,619 of 1,619 · page 8 of 33

CVE	Vendor / Product	Title	KEV added	EPSS
CVE-2025-24200	Apple / iOS and iPadOS	Apple iOS and iPadOS Incorrect Authorization Vulnerability	2025-02-12	4.9%
CVE-2024-40890	Zyxel / DSL CPE Devices	Zyxel DSL CPE OS Command Injection Vulnerability	2025-02-11	19.3%
CVE-2024-40891	Zyxel / DSL CPE Devices	Zyxel DSL CPE OS Command Injection Vulnerability	2025-02-11	20.5%
CVE-2025-21391	Microsoft / Windows	Microsoft Windows Storage Link Following Vulnerability	2025-02-11	2.1%
CVE-2025-21418	Microsoft / Windows	Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Ove…	2025-02-11	1.5%
CVE-2025-0994	Trimble / Cityworks	Trimble Cityworks Deserialization Vulnerability	2025-02-07	27.4%
CVE-2020-15069	Sophos / XG Firewall	Sophos XG Firewall Buffer Overflow Vulnerability	2025-02-06	10.7%
CVE-2020-29574	Sophos / CyberoamOS	CyberoamOS (CROS) SQL Injection Vulnerability	2025-02-06	4.7%
CVE-2022-23748	Audinate / Dante Discovery	Dante Discovery Process Control Vulnerability	2025-02-06	9.1%
CVE-2024-21413	Microsoft / Office Outlook	Microsoft Outlook Improper Input Validation Vulnerability	2025-02-06	94.7%
CVE-2025-0411	7-Zip / 7-Zip	7-Zip Mark of the Web Bypass Vulnerability	2025-02-06	65.9%
CVE-2024-53104	Linux / Kernel	Linux Kernel Out-of-Bounds Write Vulnerability	2025-02-05	3.3%
CVE-2018-19410	Paessler / PRTG Network Monitor	Paessler PRTG Network Monitor Local File Inclusion Vulnerability	2025-02-04	85.7%
CVE-2018-9276	Paessler / PRTG Network Monitor	Paessler PRTG Network Monitor OS Command Injection Vulnerability	2025-02-04	86.9%
CVE-2024-29059	Microsoft / .NET Framework	Microsoft .NET Framework Information Disclosure Vulnerability	2025-02-04	98.8%
CVE-2024-45195	Apache / OFBiz	Apache OFBiz Forced Browsing Vulnerability	2025-02-04	100.0%
CVE-2025-24085	Apple / Multiple Products	Apple Multiple Products Use-After-Free Vulnerability	2025-01-29	19.7%
CVE-2025-23006	SonicWall / SMA1000 Appliances	SonicWall SMA1000 Appliances Deserialization Vulnerability	2025-01-24	22.3%
CVE-2020-11023	JQuery / JQuery	JQuery Cross-Site Scripting (XSS) Vulnerability	2025-01-23	83.8%
CVE-2024-50603	Aviatrix / Controllers	Aviatrix Controllers OS Command Injection Vulnerability	2025-01-16	98.5%
CVE-2024-55591	Fortinet / FortiOS and FortiProxy	Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability	2025-01-14	98.2%
CVE-2025-21333	Microsoft / Windows	Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflo…	2025-01-14	9.8%
CVE-2025-21334	Microsoft / Windows	Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability	2025-01-14	1.5%
CVE-2025-21335	Microsoft / Windows	Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability	2025-01-14	1.4%
CVE-2023-48365	Qlik / Sense	Qlik Sense HTTP Tunneling Vulnerability	2025-01-13	24.7%
CVE-2024-12686	BeyondTrust / Privileged Remote Access (PRA) and Remote Support (RS)	BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command…	2025-01-13	13.8%
CVE-2025-0282	Ivanti / Connect Secure, Policy Secure, and ZTA Gateways	Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Ove…	2025-01-08	100.0%
CVE-2020-2883	Oracle / WebLogic Server	Oracle WebLogic Server Unspecified Vulnerability	2025-01-07	94.9%
CVE-2024-41713	Mitel / MiCollab	Mitel MiCollab Path Traversal Vulnerability	2025-01-07	98.1%
CVE-2024-55550	Mitel / MiCollab	Mitel MiCollab Path Traversal Vulnerability	2025-01-07	37.5%
CVE-2024-3393	Palo Alto Networks / PAN-OS	Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability	2024-12-30	26.6%
CVE-2021-44207	Acclaim Systems / USAHERDS	Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability	2024-12-23	17.6%
CVE-2024-12356	BeyondTrust / Privileged Remote Access (PRA) and Remote Support (RS)	BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command In…	2024-12-19	88.0%
CVE-2018-14933	NUUO / NVRmini Devices	NUUO NVRmini Devices OS Command Injection Vulnerability	2024-12-18	93.7%
CVE-2019-11001	Reolink / Multiple IP Cameras	Reolink Multiple IP Cameras OS Command Injection Vulnerability	2024-12-18	38.4%
CVE-2021-40407	Reolink / RLC-410W IP Camera	Reolink RLC-410W IP Camera OS Command Injection Vulnerability	2024-12-18	47.9%
CVE-2022-23227	NUUO / NVRmini2 Devices	NUUO NVRmini2 Devices Missing Authentication Vulnerability	2024-12-18	49.4%
CVE-2024-55956	Cleo / Multiple Products	Cleo Multiple Products Unauthenticated File Upload Vulnerability	2024-12-17	93.8%
CVE-2024-20767	Adobe / ColdFusion	Adobe ColdFusion Improper Access Control Vulnerability	2024-12-16	98.5%
CVE-2024-35250	Microsoft / Windows	Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerabil…	2024-12-16	25.2%
CVE-2024-50623	Cleo / Multiple Products	Cleo Multiple Products Unrestricted File Upload Vulnerability	2024-12-13	98.5%
CVE-2024-49138	Microsoft / Windows	Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Over…	2024-12-10	25.4%
CVE-2024-51378	CyberPersons / CyberPanel	CyberPanel Incorrect Default Permissions Vulnerability	2024-12-04	94.9%
CVE-2023-45727	North Grid / Proself	North Grid Proself Improper Restriction of XML External Entity (XXE) Referenc…	2024-12-03	3.5%
CVE-2024-11667	Zyxel / Multiple Firewalls	Zyxel Multiple Firewalls Path Traversal Vulnerability	2024-12-03	3.0%
CVE-2024-11680	ProjectSend / ProjectSend	ProjectSend Improper Authentication Vulnerability	2024-12-03	91.6%
CVE-2023-28461	Array Networks / AG/vxAG ArrayOS	Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Functi…	2024-11-25	67.6%
CVE-2024-21287	Oracle / Agile Product Lifecycle Management (PLM)	Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulne…	2024-11-21	1.5%
CVE-2024-44308	Apple / Multiple Products	Apple Multiple Products Code Execution Vulnerability	2024-11-21	9.2%
CVE-2024-44309	Apple / Multiple Products	Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability	2024-11-21	21.0%

Sourced from CISA Known Exploited Vulnerabilities — current weekly refresh. EPSS scores from FIRST.org via epss.cyentia.com. Curated by Adam Lundqvist, Founder at SQUR.