Known Exploited Vulnerabilities

Focus on What Matters

There are 297,540 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-31201	This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1,...	Apple	visionOS, iOS iOS and iPadOS, tvOS, macOS	2025-04-17 00:00:00 UTC	CISA
CVE-2025-24054	NTLM Hash Disclosure Spoofing Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-04-17 00:00:00 UTC	CISA
CVE-2021-20035	Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands...	SonicWall	SMA100	2025-04-16 00:00:00 UTC	CISA
CVE-2025-3248	Langflow Unauth RCE	langflow-ai	langflow	2025-04-13 00:00:00 UTC	CVE
CVE-2025-3102	SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation	brainstormforce	OttoKit: All-in-One Automation Platform (Formerly SureTriggers)	2025-04-11 00:00:00 UTC	TheHackerNews
CVE-2024-58136	Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the...	yiiframework	Yii	2025-04-10 00:00:00 UTC	CVE
CVE-2024-53197	ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices	Linux	Linux	2025-04-09 00:00:00 UTC	CISA
CVE-2024-53150	ALSA: usb-audio: Fix out of bounds reads when finding clock sources	Linux	Linux	2025-04-09 00:00:00 UTC	CISA
CVE-2025-30406	Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's...	Gladinet	CentreStack	2025-04-08 00:00:00 UTC	CISA
CVE-2025-29824	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-04-08 00:00:00 UTC	CISA
CVE-2025-31161	CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is...	CrushFTP	CrushFTP	2025-04-07 00:00:00 UTC	CISA
CVE-2025-22457	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA...	Ivanti	Connect Secure, Policy Secure, Neurons for ZTA gateways	2025-04-04 00:00:00 UTC	CISA
CVE-2025-24813	Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	Apache Software Foundation	Apache Tomcat	2025-04-01 00:00:00 UTC	CISA
CVE-2024-20439	A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a...	Cisco	Cisco Smart License Utility	2025-03-31 00:00:00 UTC	CISA
CVE-2025-30355	Synapse vulnerable to federation denial of service via malformed events	element-hq	synapse	2025-03-27 00:00:00 UTC	CVE
CVE-2025-2857	Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised...	Mozilla	Firefox, Firefox ESR	2025-03-27 00:00:00 UTC	CVE
CVE-2025-2783	Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to...	Google	Chrome	2025-03-27 00:00:00 UTC	CISA
CVE-2019-9874	Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2...	Sitecore	CMS	2025-03-26 00:00:00 UTC	CISA
CVE-2019-9875	Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by...	Sitecore	Sitecore CMS	2025-03-26 00:00:00 UTC	CISA
CVE-2025-30154	Multiple Reviewdog actions were compromised during a specific time period	reviewdog	reviewdog	2025-03-24 00:00:00 UTC	CISA
CVE-2025-30349	Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted...	Horde	IMP	2025-03-21 00:00:00 UTC	CVE
CVE-2025-30259	The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and...	Meta	WhatsApp cloud service	2025-03-20 00:00:00 UTC	CVE
CVE-2025-1316	Edimax IC-7100 IP Camera OS Command Injection	Edimax	IC-7100 IP Camera	2025-03-19 00:00:00 UTC	CISA
CVE-2024-48248	NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead...	NAKIVO	Backup & Replication Director	2025-03-19 00:00:00 UTC	CISA
CVE-2017-12637	Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote...	SAP	NetWeaver Application Server Java	2025-03-19 00:00:00 UTC	CISA

Displaying vulnerabilities 301 - 325 of 1850 in total