CISA · government feed
Known Exploited Vulnerabilities
Vulnerabilities under active exploitation, mandated by CISA for federal patching.
1,583 total matches · showing 200
| CVE | Vendor / Product | Status | ||
|---|---|---|---|---|
| CVE-2024-57726 | SimpleHelp SimpleHelp | SimpleHelp Missing Authorization Vulnerability | 2026-04-24 | Active |
| CVE-2024-57728 | SimpleHelp SimpleHelp | SimpleHelp Path Traversal Vulnerability | 2026-04-24 | Active |
| CVE-2024-7399 | Samsung MagicINFO 9 Server | Samsung MagicINFO 9 Server Path Traversal Vulnerability | 2026-04-24 | Active |
| CVE-2025-29635 | D-Link DIR-823X | D-Link DIR-823X Command Injection Vulnerability | 2026-04-24 | Active |
| CVE-2026-39987 | Marimo Marimo | Marimo Remote Code Execution Vulnerability | 2026-04-23 | Active |
| CVE-2026-33825 | Microsoft Defender | Microsoft Defender Insufficient Granularity of Access Control Vulnerability | 2026-04-22 | Active |
| CVE-2024-27199 | JetBrains TeamCity | JetBrains TeamCity Relative Path Traversal Vulnerability | 2026-04-20 | Ransomware |
| CVE-2025-32975 | Quest KACE Systems Management Appliance (SMA) | Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability | 2026-04-20 | Active |
| CVE-2026-20128 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability | 2026-04-20 | Active |
| CVE-2025-48700 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | 2026-04-20 | Active |
| CVE-2023-27351 | PaperCut NG/MF | PaperCut NG/MF Improper Authentication Vulnerability | 2026-04-20 | Ransomware |
| CVE-2025-2749 | Kentico Kentico Xperience | Kentico Xperience Path Traversal Vulnerability | 2026-04-20 | Active |
| CVE-2026-20133 | Cisco Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability | 2026-04-20 | Active |
| CVE-2026-20122 | Cisco Catalyst SD-WAN Manger | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability | 2026-04-20 | Active |
| CVE-2026-34197 | Apache ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | 2026-04-16 | Active |
| CVE-2026-32201 | Microsoft SharePoint Server | Microsoft SharePoint Server Improper Input Validation Vulnerability | 2026-04-14 | Active |
| CVE-2009-0238 | Microsoft Office | Microsoft Office Remote Code Execution | 2026-04-14 | Active |
| CVE-2026-34621 | Adobe Acrobat and Reader | Adobe Acrobat and Reader Prototype Pollution Vulnerability | 2026-04-13 | Active |
| CVE-2026-21643 | Fortinet FortiClient EMS | Fortinet FortiClient EMS SQL Injection Vulnerability | 2026-04-13 | Active |
| CVE-2020-9715 | Adobe Acrobat | Adobe Acrobat Use-After-Free Vulnerability | 2026-04-13 | Active |
| CVE-2023-36424 | Microsoft Windows | Microsoft Windows Out-of-Bounds Read Vulnerability | 2026-04-13 | Active |
| CVE-2023-21529 | Microsoft Exchange Server | Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability | 2026-04-13 | Ransomware |
| CVE-2025-60710 | Microsoft Windows | Microsoft Windows Link Following Vulnerability | 2026-04-13 | Active |
| CVE-2012-1854 | Microsoft Visual Basic for Applications (VBA) | Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability | 2026-04-13 | Active |
| CVE-2026-1340 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | 2026-04-08 | Active |
| CVE-2026-35616 | Fortinet FortiClient EMS | Fortinet FortiClient EMS Improper Access Control Vulnerability | 2026-04-06 | Active |
| CVE-2026-3502 | TrueConf Client | TrueConf Client Download of Code Without Integrity Check Vulnerability | 2026-04-02 | Active |
| CVE-2026-5281 | Google Dawn | Google Dawn Use-After-Free Vulnerability | 2026-04-01 | Active |
| CVE-2026-3055 | Citrix NetScaler | Citrix NetScaler Out-of-Bounds Read Vulnerability | 2026-03-30 | Active |
| CVE-2025-53521 | F5 BIG-IP | F5 BIG-IP Stack-Based Buffer Overflow Vulnerability | 2026-03-27 | Active |
| CVE-2026-33634 | Aquasecurity Trivy | Aquasecurity Trivy Embedded Malicious Code Vulnerability | 2026-03-26 | Active |
| CVE-2026-33017 | Langflow Langflow | Langflow Code Injection Vulnerability | 2026-03-25 | Active |
| CVE-2025-31277 | Apple Multiple Products | Apple Multiple Products Buffer Overflow Vulnerability | 2026-03-20 | Active |
| CVE-2025-43520 | Apple Multiple Products | Apple Multiple Products Classic Buffer Overflow Vulnerability | 2026-03-20 | Active |
| CVE-2025-43510 | Apple Multiple Products | Apple Multiple Products Improper Locking Vulnerability | 2026-03-20 | Active |
| CVE-2025-54068 | Laravel Livewire | Laravel Livewire Code Injection Vulnerability | 2026-03-20 | Active |
| CVE-2025-32432 | Craft CMS Craft CMS | Craft CMS Code Injection Vulnerability | 2026-03-20 | Active |
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability | 2026-03-19 | Ransomware |
| CVE-2026-20963 | Microsoft SharePoint | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | 2026-03-18 | Active |
| CVE-2025-66376 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability | 2026-03-18 | Active |
| CVE-2025-47813 | Wing FTP Server Wing FTP Server | Wing FTP Server Information Disclosure Vulnerability | 2026-03-16 | Active |
| CVE-2026-3909 | Google Skia | Google Skia Out-of-Bounds Write Vulnerability | 2026-03-13 | Active |
| CVE-2026-3910 | Google Chromium V8 | Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability | 2026-03-13 | Active |
| CVE-2025-68613 | n8n n8n | n8n Improper Control of Dynamically-Managed Code Resources Vulnerability | 2026-03-11 | Active |
| CVE-2026-1603 | Ivanti Endpoint Manager (EPM) | Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability | 2026-03-09 | Active |
| CVE-2025-26399 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | 2026-03-09 | Active |
| CVE-2021-22054 | Omnissa Workspace One UEM | Omnissa Workspace ONE Server-Side Request Forgery | 2026-03-09 | Active |
| CVE-2023-41974 | Apple iOS and iPadOS | Apple iOS and iPadOS Use-After-Free Vulnerability | 2026-03-05 | Active |
| CVE-2021-30952 | Apple Multiple Products | Apple Multiple Products Integer Overflow or Wraparound Vulnerability | 2026-03-05 | Active |
| CVE-2023-43000 | Apple Multiple Products | Apple Multiple products Use-After-Free Vulnerability | 2026-03-05 | Active |
| CVE-2021-22681 | Rockwell Multiple Products | Rockwell Multiple Products Insufficient Protected Credentials Vulnerability | 2026-03-05 | Active |
| CVE-2017-7921 | Hikvision Multiple Products | Hikvision Multiple Products Improper Authentication Vulnerability | 2026-03-05 | Active |
| CVE-2026-21385 | Qualcomm Multiple Chipsets | Qualcomm Multiple Chipsets Memory Corruption Vulnerability | 2026-03-03 | Active |
| CVE-2026-22719 | Broadcom VMware Aria Operations | Broadcom VMware Aria Operations Command Injection Vulnerability | 2026-03-03 | Active |
| CVE-2026-20127 | Cisco Catalyst SD-WAN Controller and Manager | Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability | 2026-02-25 | Active |
| CVE-2022-20775 | Cisco SD-WAN | Cisco SD-WAN Path Traversal Vulnerability | 2026-02-25 | Active |
| CVE-2026-25108 | Soliton Systems K.K FileZen | Soliton Systems K.K FileZen OS Command Injection Vulnerability | 2026-02-24 | Active |
| CVE-2025-68461 | Roundcube Webmail | RoundCube Webmail Cross-site Scripting Vulnerability | 2026-02-20 | Active |
| CVE-2025-49113 | Roundcube Webmail | RoundCube Webmail Deserialization of Untrusted Data Vulnerability | 2026-02-20 | Active |
| CVE-2026-22769 | Dell RecoverPoint for Virtual Machines (RP4VMs) | Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability | 2026-02-18 | Active |
| CVE-2021-22175 | GitLab GitLab | GitLab Server-Side Request Forgery (SSRF) Vulnerability | 2026-02-18 | Active |
| CVE-2026-2441 | Google Chromium | Google Chromium CSS Use-After-Free Vulnerability | 2026-02-17 | Active |
| CVE-2008-0015 | Microsoft Windows | Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability | 2026-02-17 | Active |
| CVE-2024-7694 | TeamT5 ThreatSonar Anti-Ransomware | TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability | 2026-02-17 | Active |
| CVE-2020-7796 | Synacor Zimbra Collaboration Suite | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability | 2026-02-17 | Active |
| CVE-2026-1731 | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability | 2026-02-13 | Ransomware |
| CVE-2025-40536 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Security Control Bypass Vulnerability | 2026-02-12 | Active |
| CVE-2025-15556 | Notepad++ Notepad++ | Notepad++ Download of Code Without Integrity Check Vulnerability | 2026-02-12 | Active |
| CVE-2024-43468 | Microsoft Configuration Manager | Microsoft Configuration Manager SQL Injection Vulnerability | 2026-02-12 | Active |
| CVE-2026-20700 | Apple Multiple Products | Apple Multiple Buffer Overflow Vulnerability | 2026-02-12 | Active |
| CVE-2026-21514 | Microsoft Office | Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability | 2026-02-10 | Active |
| CVE-2026-21519 | Microsoft Windows | Microsoft Windows Type Confusion Vulnerability | 2026-02-10 | Active |
| CVE-2026-21533 | Microsoft Windows | Microsoft Windows Improper Privilege Management Vulnerability | 2026-02-10 | Active |
| CVE-2026-21510 | Microsoft Windows | Microsoft Windows Shell Protection Mechanism Failure Vulnerability | 2026-02-10 | Active |
| CVE-2026-21525 | Microsoft Windows | Microsoft Windows NULL Pointer Dereference Vulnerability | 2026-02-10 | Active |
| CVE-2026-21513 | Microsoft Windows | Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability | 2026-02-10 | Active |
| CVE-2026-24423 | SmarterTools SmarterMail | SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability | 2026-02-05 | Ransomware |
| CVE-2025-11953 | React Native Community CLI | React Native Community CLI OS Command Injection Vulnerability | 2026-02-05 | Active |
| CVE-2025-40551 | SolarWinds Web Help Desk | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | 2026-02-03 | Active |
| CVE-2019-19006 | Sangoma FreePBX | Sangoma FreePBX Improper Authentication Vulnerability | 2026-02-03 | Active |
| CVE-2025-64328 | Sangoma FreePBX | Sangoma FreePBX OS Command Injection Vulnerability | 2026-02-03 | Active |
| CVE-2021-39935 | GitLab Community and Enterprise Editions | GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability | 2026-02-03 | Active |
| CVE-2026-1281 | Ivanti Endpoint Manager Mobile (EPMM) | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | 2026-01-29 | Active |
| CVE-2026-24858 | Fortinet Multiple Products | Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability | 2026-01-27 | Active |
| CVE-2026-21509 | Microsoft Office | Microsoft Office Security Feature Bypass Vulnerability | 2026-01-26 | Active |
| CVE-2026-24061 | GNU InetUtils | GNU InetUtils Argument Injection Vulnerability | 2026-01-26 | Active |
| CVE-2026-23760 | SmarterTools SmarterMail | SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability | 2026-01-26 | Ransomware |
| CVE-2025-52691 | SmarterTools SmarterMail | SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability | 2026-01-26 | Ransomware |
| CVE-2018-14634 | Linux Kernel | Linux Kernel Integer Overflow Vulnerability | 2026-01-26 | Active |
| CVE-2024-37079 | Broadcom VMware vCenter Server | Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability | 2026-01-23 | Active |
| CVE-2025-54313 | Prettier eslint-config-prettier | Prettier eslint-config-prettier Embedded Malicious Code Vulnerability | 2026-01-22 | Active |
| CVE-2025-31125 | Vite Vitejs | Vite Vitejs Improper Access Control Vulnerability | 2026-01-22 | Active |
| CVE-2025-34026 | Versa Concerto | Versa Concerto Improper Authentication Vulnerability | 2026-01-22 | Active |
| CVE-2025-68645 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability | 2026-01-22 | Active |
| CVE-2026-20045 | Cisco Unified Communications Manager | Cisco Unified Communications Products Code Injection Vulnerability | 2026-01-21 | Active |
| CVE-2026-20805 | Microsoft Windows | Microsoft Windows Information Disclosure Vulnerability | 2026-01-13 | Active |
| CVE-2025-8110 | Gogs Gogs | Gogs Path Traversal Vulnerability | 2026-01-12 | Active |
| CVE-2025-37164 | Hewlett Packard Enterprise (HPE) OneView | Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability | 2026-01-07 | Active |
| CVE-2009-0556 | Microsoft Office | Microsoft Office PowerPoint Code Injection Vulnerability | 2026-01-07 | Active |
| CVE-2025-14847 | MongoDB MongoDB and MongoDB Server | MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability | 2025-12-29 | Active |
| CVE-2023-52163 | Digiever DS-2105 Pro | Digiever DS-2105 Pro Missing Authorization Vulnerability | 2025-12-22 | Active |
| CVE-2025-14733 | WatchGuard Firebox | WatchGuard Firebox Out of Bounds Write Vulnerability | 2025-12-19 | Active |
| CVE-2025-20393 | Cisco Multiple Products | Cisco Multiple Products Improper Input Validation Vulnerability | 2025-12-17 | Active |
| CVE-2025-40602 | SonicWall SMA1000 appliance | SonicWall SMA1000 Missing Authorization Vulnerability | 2025-12-17 | Active |
| CVE-2025-59374 | ASUS Live Update | ASUS Live Update Embedded Malicious Code Vulnerability | 2025-12-17 | Active |
| CVE-2025-59718 | Fortinet Multiple Products | Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability | 2025-12-16 | Active |
| CVE-2025-43529 | Apple Multiple Products | Apple Multiple Products Use-After-Free WebKit Vulnerability | 2025-12-15 | Active |
| CVE-2025-14611 | Gladinet CentreStack and Triofox | Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability | 2025-12-15 | Active |
| CVE-2025-14174 | Google Chromium | Google Chromium Out of Bounds Memory Access Vulnerability | 2025-12-12 | Active |
| CVE-2018-4063 | Sierra Wireless AirLink ALEOS | Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability | 2025-12-12 | Active |
| CVE-2025-58360 | OSGeo GeoServer | OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability | 2025-12-11 | Active |
| CVE-2025-62221 | Microsoft Windows | Microsoft Windows Use After Free Vulnerability | 2025-12-09 | Active |
| CVE-2025-6218 | RARLAB WinRAR | RARLAB WinRAR Path Traversal Vulnerability | 2025-12-09 | Active |
| CVE-2025-66644 | Array Networks ArrayOS AG | Array Networks ArrayOS AG OS Command Injection Vulnerability | 2025-12-08 | Active |
| CVE-2022-37055 | D-Link Routers | D-Link Routers Buffer Overflow Vulnerability | 2025-12-08 | Active |
| CVE-2025-55182 | Meta React Server Components | Meta React Server Components Remote Code Execution Vulnerability | 2025-12-05 | Ransomware |
| CVE-2021-26828 | OpenPLC ScadaBR | OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability | 2025-12-03 | Active |
| CVE-2025-48572 | Android Framework | Android Framework Privilege Escalation Vulnerability | 2025-12-02 | Active |
| CVE-2025-48633 | Android Framework | Android Framework Information Disclosure Vulnerability | 2025-12-02 | Active |
| CVE-2021-26829 | OpenPLC ScadaBR | OpenPLC ScadaBR Cross-site Scripting Vulnerability | 2025-11-28 | Active |
| CVE-2025-61757 | Oracle Fusion Middleware | Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability | 2025-11-21 | Active |
| CVE-2025-13223 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | 2025-11-19 | Active |
| CVE-2025-58034 | Fortinet FortiWeb | Fortinet FortiWeb OS Command Injection Vulnerability | 2025-11-18 | Active |
| CVE-2025-64446 | Fortinet FortiWeb | Fortinet FortiWeb Path Traversal Vulnerability | 2025-11-14 | Active |
| CVE-2025-9242 | WatchGuard Firebox | WatchGuard Firebox Out-of-Bounds Write Vulnerability | 2025-11-12 | Active |
| CVE-2025-62215 | Microsoft Windows | Microsoft Windows Race Condition Vulnerability | 2025-11-12 | Active |
| CVE-2025-12480 | Gladinet Triofox | Gladinet Triofox Improper Access Control Vulnerability | 2025-11-12 | Active |
| CVE-2025-21042 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | 2025-11-10 | Active |
| CVE-2025-11371 | Gladinet CentreStack and Triofox | Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability | 2025-11-04 | Active |
| CVE-2025-48703 | CWP Control Web Panel | CWP Control Web Panel OS Command Injection Vulnerability | 2025-11-04 | Active |
| CVE-2025-24893 | XWiki Platform | XWiki Platform Eval Injection Vulnerability | 2025-10-30 | Active |
| CVE-2025-41244 | Broadcom VMware Aria Operations and VMware Tools | Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability | 2025-10-30 | Active |
| CVE-2025-6205 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability | 2025-10-28 | Active |
| CVE-2025-6204 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Code Injection Vulnerability | 2025-10-28 | Active |
| CVE-2025-59287 | Microsoft Windows | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability | 2025-10-24 | Active |
| CVE-2025-54236 | Adobe Commerce and Magento | Adobe Commerce and Magento Improper Input Validation Vulnerability | 2025-10-24 | Active |
| CVE-2025-61932 | Motex LANSCOPE Endpoint Manager | Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability | 2025-10-22 | Active |
| CVE-2025-61884 | Oracle E-Business Suite | Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability | 2025-10-20 | Ransomware |
| CVE-2025-33073 | Microsoft Windows | Microsoft Windows SMB Client Improper Access Control Vulnerability | 2025-10-20 | Active |
| CVE-2025-2747 | Kentico Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | 2025-10-20 | Active |
| CVE-2025-2746 | Kentico Xperience CMS | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | 2025-10-20 | Active |
| CVE-2022-48503 | Apple Multiple Products | Apple Multiple Products Unspecified Vulnerability | 2025-10-20 | Active |
| CVE-2025-54253 | Adobe Experience Manager (AEM) Forms | Adobe Experience Manager Forms Code Execution Vulnerability | 2025-10-15 | Active |
| CVE-2016-7836 | SKYSEA Client View | SKYSEA Client View Improper Authentication Vulnerability | 2025-10-14 | Active |
| CVE-2025-59230 | Microsoft Windows | Microsoft Windows Improper Access Control Vulnerability | 2025-10-14 | Active |
| CVE-2025-24990 | Microsoft Windows | Microsoft Windows Untrusted Pointer Dereference Vulnerability | 2025-10-14 | Active |
| CVE-2025-47827 | IGEL IGEL OS | IGEL OS Use of a Key Past its Expiration Date Vulnerability | 2025-10-14 | Active |
| CVE-2021-43798 | Grafana Labs Grafana | Grafana Path Traversal Vulnerability | 2025-10-09 | Active |
| CVE-2025-27915 | Synacor Zimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | 2025-10-07 | Active |
| CVE-2025-61882 | Oracle E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | 2025-10-06 | Ransomware |
| CVE-2010-3765 | Mozilla Multiple Products | Mozilla Multiple Products Remote Code Execution Vulnerability | 2025-10-06 | Active |
| CVE-2011-3402 | Microsoft Windows | Microsoft Windows Remote Code Execution Vulnerability | 2025-10-06 | Active |
| CVE-2013-3918 | Microsoft Windows | Microsoft Windows Out-of-Bounds Write Vulnerability | 2025-10-06 | Active |
| CVE-2021-43226 | Microsoft Windows | Microsoft Windows Privilege Escalation Vulnerability | 2025-10-06 | Active |
| CVE-2010-3962 | Microsoft Internet Explorer | Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability | 2025-10-06 | Active |
| CVE-2021-22555 | Linux Kernel | Linux Kernel Heap Out-of-Bounds Write Vulnerability | 2025-10-06 | Active |
| CVE-2025-4008 | Smartbedded Meteobridge | Smartbedded Meteobridge Command Injection Vulnerability | 2025-10-02 | Active |
| CVE-2025-21043 | Samsung Mobile Devices | Samsung Mobile Devices Out-of-Bounds Write Vulnerability | 2025-10-02 | Active |
| CVE-2015-7755 | Juniper ScreenOS | Juniper ScreenOS Improper Authentication Vulnerability | 2025-10-02 | Active |
| CVE-2017-1000353 | Jenkins Jenkins | Jenkins Remote Code Execution Vulnerability | 2025-10-02 | Active |
| CVE-2014-6278 | GNU GNU Bash | GNU Bash OS Command Injection Vulnerability | 2025-10-02 | Active |
| CVE-2021-21311 | Adminer Adminer | Adminer Server-Side Request Forgery Vulnerability | 2025-09-29 | Active |
| CVE-2025-20352 | Cisco IOS and IOS XE | Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability | 2025-09-29 | Active |
| CVE-2025-10035 | Fortra GoAnywhere MFT | Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability | 2025-09-29 | Ransomware |
| CVE-2025-59689 | Libraesva Email Security Gateway | Libraesva Email Security Gateway Command Injection Vulnerability | 2025-09-29 | Active |
| CVE-2025-32463 | Sudo Sudo | Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability | 2025-09-29 | Active |
| CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability | 2025-09-25 | Active |
| CVE-2025-20362 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability | 2025-09-25 | Active |
| CVE-2025-10585 | Google Chromium V8 | Google Chromium V8 Type Confusion Vulnerability | 2025-09-23 | Active |
| CVE-2025-5086 | Dassault Systèmes DELMIA Apriso | Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability | 2025-09-11 | Active |
| CVE-2025-53690 | Sitecore Multiple Products | Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability | 2025-09-04 | Active |
| CVE-2025-48543 | Android Runtime | Android Runtime Use-After-Free Vulnerability | 2025-09-04 | Active |
| CVE-2025-38352 | Linux Kernel | Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability | 2025-09-04 | Active |
| CVE-2025-9377 | TP-Link Multiple Routers | TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability | 2025-09-03 | Active |
| CVE-2023-50224 | TP-Link TL-WR841N | TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability | 2025-09-03 | Active |
| CVE-2025-55177 | Meta Platforms WhatsApp | Meta Platforms WhatsApp Incorrect Authorization Vulnerability | 2025-09-02 | Active |
| CVE-2020-24363 | TP-Link TL-WA855RE | TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability | 2025-09-02 | Active |
| CVE-2025-57819 | Sangoma FreePBX | Sangoma FreePBX Authentication Bypass Vulnerability | 2025-08-29 | Active |
| CVE-2025-7775 | Citrix NetScaler | Citrix NetScaler Memory Overflow Vulnerability | 2025-08-26 | Active |
| CVE-2024-8069 | Citrix Session Recording | Citrix Session Recording Deserialization of Untrusted Data Vulnerability | 2025-08-25 | Active |
| CVE-2024-8068 | Citrix Session Recording | Citrix Session Recording Improper Privilege Management Vulnerability | 2025-08-25 | Active |
| CVE-2025-48384 | Git Git | Git Link Following Vulnerability | 2025-08-25 | Active |
| CVE-2025-43300 | Apple iOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | 2025-08-21 | Active |
| CVE-2025-54948 | Trend Micro Apex One | Trend Micro Apex One OS Command Injection Vulnerability | 2025-08-18 | Active |
| CVE-2025-8875 | N-able N-Central | N-able N-Central Insecure Deserialization Vulnerability | 2025-08-13 | Active |
| CVE-2025-8876 | N-able N-Central | N-able N-Central Command Injection Vulnerability | 2025-08-13 | Active |
| CVE-2013-3893 | Microsoft Internet Explorer | Microsoft Internet Explorer Resource Management Errors Vulnerability | 2025-08-12 | Active |
| CVE-2007-0671 | Microsoft Office | Microsoft Office Excel Remote Code Execution Vulnerability | 2025-08-12 | Active |
| CVE-2025-8088 | RARLAB WinRAR | RARLAB WinRAR Path Traversal Vulnerability | 2025-08-12 | Active |
| CVE-2022-40799 | D-Link DNR-322L | D-Link DNR-322L Download of Code Without Integrity Check Vulnerability | 2025-08-05 | Active |
| CVE-2020-25079 | D-Link DCS-2530L and DCS-2670L Devices | D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability | 2025-08-05 | Active |
| CVE-2020-25078 | D-Link DCS-2530L and DCS-2670L Devices | D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability | 2025-08-05 | Active |
| CVE-2025-20281 | Cisco Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability | 2025-07-28 | Active |
| CVE-2025-20337 | Cisco Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability | 2025-07-28 | Active |
| CVE-2023-2533 | PaperCut NG/MF | PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability | 2025-07-28 | Active |
| CVE-2025-49706 | Microsoft SharePoint | Microsoft SharePoint Improper Authentication Vulnerability | 2025-07-22 | Ransomware |
| CVE-2025-49704 | Microsoft SharePoint | Microsoft SharePoint Code Injection Vulnerability | 2025-07-22 | Ransomware |
| CVE-2025-54309 | CrushFTP CrushFTP | CrushFTP Unprotected Alternate Channel Vulnerability | 2025-07-22 | Active |
| CVE-2025-6558 | Google Chromium | Google Chromium ANGLE and GPU Improper Input Validation Vulnerability | 2025-07-22 | Active |
| CVE-2025-2776 | SysAid SysAid On-Prem | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability | 2025-07-22 | Active |
Feedback
How was this page?
Spotted something off, or have an idea? Let us know.