CISA Known Exploited Vulnerabilities (KEV)
156 vulnerabilities confirmed by CISA to be actively exploited in the wild. These require immediate attention β they are not theoretical risks, attackers are using them right now.
This CVE describes a code injection vulnerability in DELMIA Apriso manufacturing software that allows attackers to execute arbitrary code on affected ...
Added to KEV: Oct 28, 2025A missing authorization vulnerability in DELMIA Apriso allows attackers to bypass authentication and gain privileged access to the application. This a...
Added to KEV: Oct 28, 2025CVE-2025-59287 is a critical deserialization vulnerability in Windows Server Update Service (WSUS) that allows unauthenticated remote attackers to exe...
Added to KEV: Oct 24, 2025CVE-2025-54236 is an improper input validation vulnerability in Adobe Commerce (Magento) that allows unauthenticated attackers to achieve session take...
Added to KEV: Oct 24, 2025CVE-2025-61932 is a critical vulnerability in Lanscope Endpoint Manager (On-Premises) that allows unauthenticated remote attackers to execute arbitrar...
Added to KEV: Oct 22, 2025An authentication bypass vulnerability in Kentico Xperience's Staging Sync Server allows attackers to bypass digest authentication by exploiting empty...
Added to KEV: Oct 20, 2025CVE-2025-33073 is an improper access control vulnerability in Windows SMB that allows authenticated attackers to elevate privileges over a network. Th...
Added to KEV: Oct 20, 2025This is a path traversal vulnerability (CWE-22) in Oracle Configurator within Oracle E-Business Suite that allows unauthenticated attackers to access ...
Added to KEV: Oct 20, 2025CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that allows unauthenticated attackers to execute arbitra...
Added to KEV: Oct 15, 2025This vulnerability allows attackers to bypass Secure Boot protection in IGEL OS by exploiting improper cryptographic signature verification in the ige...
Added to KEV: Oct 14, 2025This CVE describes an elevation of privilege vulnerability in the Agere Modem driver (ltmdm64.sys) that ships with Windows. Attackers could exploit th...
Added to KEV: Oct 14, 2025This stored XSS vulnerability in Zimbra Collaboration allows attackers to inject malicious JavaScript via ICS calendar files in emails. When victims v...
Added to KEV: Oct 7, 2025This critical vulnerability in Oracle E-Business Suite's Concurrent Processing component allows unauthenticated attackers to remotely execute arbitrar...
Added to KEV: Oct 6, 2025A critical deserialization vulnerability in Fortra's GoAnywhere MFT License Servlet allows attackers with forged license signatures to execute arbitra...
Added to KEV: Sep 29, 2025This vulnerability in Sudo allows local users to escalate privileges to root by exploiting the --chroot option to load a malicious /etc/nsswitch.conf ...
Added to KEV: Sep 29, 2025This critical vulnerability in Cisco ASA and FTD VPN web servers allows authenticated remote attackers to execute arbitrary code as root. Attackers wi...
Added to KEV: Sep 25, 2025A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap corruption by tricking the browser into misinterpreti...
Added to KEV: Sep 23, 2025CVE-2025-5086 is a deserialization vulnerability in Dassault Systèmes DELMIA Apriso that allows remote attackers to execute arbitrary code by sending...
Added to KEV: Sep 11, 2025This CVE describes a deserialization vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) that allows attackers to inject an...
Added to KEV: Sep 4, 2025This CVE describes a use-after-free vulnerability in Android's Chrome sandbox that allows local attackers to escape the sandbox and attack the system_...
Added to KEV: Sep 4, 2025This WhatsApp vulnerability allows unauthorized users to trigger processing of arbitrary URLs on a target's device through linked device synchronizati...
Added to KEV: Sep 2, 2025CVE-2025-57819 is a critical vulnerability in FreePBX that allows unauthenticated attackers to bypass authentication, gain administrator access, manip...
Added to KEV: Aug 29, 2025A memory overflow vulnerability in NetScaler ADC and NetScaler Gateway allows remote attackers to execute arbitrary code or cause denial of service. A...
Added to KEV: Aug 26, 2025A critical vulnerability in Trend Micro Apex One (on-premise) management console allows unauthenticated remote attackers to upload malicious code and ...
Added to KEV: Aug 18, 2025CVE-2025-8876 is an OS command injection vulnerability in N-able N-central management software caused by improper input validation. Attackers can exec...
Added to KEV: Aug 13, 2025An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers to execute arbitrary commands as root without cre...
Added to KEV: Jul 28, 2025An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC allows attackers to execute arbitrary commands as root without credent...
Added to KEV: Jul 28, 2025SysAid On-Prem versions up to 23.3.40 contain an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality. This...
Added to KEV: Jul 22, 2025This CVE describes a code injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code over th...
Added to KEV: Jul 22, 2025CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that allows unauthorized attackers to perform spoofing attacks over...
Added to KEV: Jul 22, 2025This vulnerability in CrushFTP allows remote attackers to bypass AS2 validation and gain administrative access via HTTPS when the DMZ proxy feature is...
Added to KEV: Jul 22, 2025This vulnerability in Google Chrome's ANGLE and GPU components allows insufficient input validation, enabling a remote attacker to potentially escape ...
Added to KEV: Jul 22, 2025CVE-2025-53770 is a critical deserialization vulnerability in on-premises Microsoft SharePoint Server that allows unauthenticated attackers to execute...
Added to KEV: Jul 20, 2025This SQL injection vulnerability in Fortinet FortiWeb web application firewalls allows unauthenticated attackers to execute arbitrary SQL commands via...
Added to KEV: Jul 18, 2025CVE-2025-47812 is a critical remote code execution vulnerability in Wing FTP Server that allows attackers to inject arbitrary Lua code via null byte h...
Added to KEV: Jul 14, 2025CVE-2025-5777 (CitrixBleed 2) is a memory disclosure vulnerability in Citrix NetScaler ADC and Gateway appliances. Insufficient input validation allow...
Added to KEV: Jul 10, 2025This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows attackers to perform arbitrary memory read/write operations. ...
Added to KEV: Jul 2, 2025The TeleMessage service exposes a Spring Boot Actuator heap dump endpoint at /heapdump, allowing attackers to retrieve memory contents. This vulnerabi...
Added to KEV: Jul 1, 2025A critical memory overflow vulnerability in NetScaler ADC and NetScaler Gateway allows attackers to manipulate control flow and cause denial of servic...
Added to KEV: Jun 30, 2025CVE-2024-54085 is a critical authentication bypass vulnerability in AMI's SPx BMC firmware that allows remote attackers to gain unauthorized access th...
Added to KEV: Jun 25, 2025This vulnerability allows attackers to execute arbitrary code by exploiting external control of file names or paths in Internet Shortcut Files. Attack...
Added to KEV: Jun 10, 2025This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated remote code execution. Attackers can exploit a flaw...
Added to KEV: Jun 9, 2025This vulnerability allows memory corruption in Chrome's graphics rendering through Adreno GPU drivers, potentially enabling arbitrary code execution. ...
Added to KEV: Jun 3, 2025This vulnerability allows attackers to execute unauthorized commands on GPU micronodes, leading to memory corruption and potential system compromise. ...
Added to KEV: Jun 3, 2025CVE-2025-35939 is a session file injection vulnerability in Craft CMS where unauthenticated users can inject arbitrary content into server-side sessio...
Added to KEV: Jun 2, 2025CVE-2025-3935 is a ViewState code injection vulnerability affecting ScreenConnect versions 25.2.3 and earlier. Attackers with compromised machine keys...
Added to KEV: Jun 2, 2025This vulnerability allows attackers to write arbitrary files with system-level privileges on Samsung MagicINFO 9 Server by exploiting improper pathnam...
Added to KEV: May 22, 2025An authentication bypass vulnerability in Ivanti Endpoint Manager Mobile's API allows attackers to access protected resources without valid credential...
Added to KEV: May 19, 2025This vulnerability allows authenticated attackers to execute arbitrary code on Ivanti Endpoint Manager Mobile (EPMM) systems by sending specially craf...
Added to KEV: May 19, 2025CVE-2025-27920 is a directory traversal vulnerability in Output Messenger that allows attackers to access sensitive files outside intended directories...
Added to KEV: May 19, 2025What is the CISA KEV Catalog?
The CISA Known Exploited Vulnerabilities (KEV) catalog is a curated list maintained by the Cybersecurity and Infrastructure Security Agency (CISA). Every CVE in this catalog has been confirmed to be actively exploited by threat actors in real-world attacks.
Binding Operational Directive 22-01 requires all US federal agencies to remediate KEV vulnerabilities within specified timeframes. While non-federal organizations are not legally bound, CISA strongly recommends all organizations prioritize KEV entries for immediate patching.
Why KEV matters more than CVSS alone: A vulnerability with a "medium" CVSS score that appears in the KEV catalog is objectively more dangerous than a "critical" CVSS vulnerability that has never been exploited. KEV represents real, confirmed threat activity β not theoretical risk assessments.
Get Instant KEV Alerts
Be the first to know when a CVE affecting your systems gets added to CISA's KEV catalog.
Start Monitoring Free