KEV Overviewinfo

CISA provides the so called Known Exploited Vulnerabilities Catalog (KEV) which contains information about security issues, that have been exploited in the wild and does therefore enhance the exploitability status of a vulnerability. Our custom view shows the same data with enhanced details and quality.

Type

Not Defined350
Operating System316
Web Browser151
Smartphone Operating System100
Router Operating System89

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Vendor

Microsoft362
Oracle236
Apple234
Not Defined124
Google79

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Language

Python75
Ruby37
C++13
Ruby/Metasploit12
ANSI C10

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

Remediation

Official fix1481
Temporary fix0
Workaround46
Not available2
Not defined228

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

CVSSv3 Base

≤10
≤20
≤31
≤47
≤541
≤6120
≤7242
≤8606
≤9447
≤10293

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤47
≤543
≤6134
≤7276
≤8637
≤9384
≤10275

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k35
<2k253
<5k235
<10k149
<25k452
<50k260
<100k343
≥100k30

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1175
<2k64
<5k105
<10k86
<25k314
<50k12
<100k1
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

AddedDueVulnerabilityURL0dayTodayEPSSCTICouCVE
06/25/202507/16/2025AMI MegaRAC-SPx Redfish Host Interface authentication spoofing
 
$0-$5k$0-$5k0.485860.08Official fixCVE-2024-54085
06/25/202507/16/2025D-Link DIR-859 HTTP POST Request hedwig.cgi path traversalLink$5k-$25k$0-$5k0.820911.09Not definedCVE-2024-0769
06/25/202507/16/2025Fortinet FortiOS Configuration Backup hard-coded credentials
 
$0-$5k$0-$5k0.764930.10Not definedCVE-2019-6693
06/17/202507/08/2025Linux Kernel OverlayFS Subsystem copy_up.c ovl_copy_up_one improper ownership managementLink$0-$5k$0-$5k0.576280.02Official fixCVE-2023-0386
06/16/202507/07/2025Apple visionOS iCloud Link Remote Code Execution
 
$5k-$25k$0-$5k0.007590.00Official fixCVE-2025-43200
06/16/202507/07/2025Apple watchOS iCloud Link Remote Code Execution
 
$0-$5k$0-$5k0.007590.02Official fixCVE-2025-43200
06/16/202507/07/2025Apple macOS iCloud Link Remote Code Execution
 
$5k-$25k$0-$5k0.007590.02Official fixCVE-2025-43200
06/16/202507/07/2025Apple iOS/iPadOS iCloud Link Remote Code Execution
 
$25k-$100k$5k-$25k0.007590.02Official fixCVE-2025-43200
06/16/202507/07/2025TP-LINK TL-WR940N/TL-WR841N/TL-WR740N WlanNetworkRpm command injection
 
$0-$5k$0-$5k0.906300.02Not definedCVE-2023-33538
06/10/202507/01/2025Microsoft Windows Web Distributed Authoring/Versioning file inclusion
 
$25k-$100k$25k-$100k0.150080.06Official fixCVE-2025-33053
06/10/202507/01/2025Wazuh common.py as_wazuh_object deserialization
 
$0-$5k$0-$5k0.918550.00Official fixCVE-2025-24016
06/09/202506/30/2025Erlang OTP SSH Server improper authentication
 
$0-$5k$0-$5k0.553760.04Official fixCVE-2025-32433
06/09/202506/30/2025RoundCube E-Mail Message show.php message_body cross site scripting
 
$0-$5k$0-$5k0.884580.00Official fixCVE-2024-42009
06/05/202506/26/2025Google Chrome V8 out-of-bounds write
 
$25k-$100k$5k-$25k0.005370.04Official fixCVE-2025-5419
06/03/202506/24/2025Qualcomm Snapdragon CCW GPU Micronode authorization
 
$5k-$25k$0-$5k0.032880.02Official fixCVE-2025-21479
06/03/202506/24/2025Qualcomm Snapdragon Connectivity Chrome use after free
 
$25k-$100k$5k-$25k0.027750.03Official fixCVE-2025-27038
06/03/202506/24/2025Qualcomm Snapdragon CCW authorization
 
$5k-$25k$0-$5k0.032880.00Official fixCVE-2025-21480
06/02/202506/23/2025Craft CMS Response Header external control of assumed-immutable web parameter
 
$0-$5k$0-$5k0.439700.00Official fixCVE-2025-35939
06/02/202506/23/2025ConnectWise ScreenConnect ASP.NET Web Forms code injection
 
$0-$5k$0-$5k0.194670.02Official fixCVE-2025-3935
06/02/202506/23/2025Craft CMS Configuration php.ini code injection
 
$0-$5k$0-$5k0.940290.02Official fixCVE-2024-56145
06/02/202506/23/2025Asus RT-AX55 command injection
 
$0-$5k$0-$5k0.667500.08Not definedCVE-2023-39780
06/02/202506/23/2025ASUS GT-AC2900 httpd.c handle_request improper authentication
 
$0-$5k$0-$5k0.942150.03Official fixCVE-2021-32030
05/22/202506/12/2025Samsung Electronics MagicINFO 9 Server path traversal
 
$0-$5k$0-$5k0.466630.02Official fixCVE-2025-4632
05/19/202506/09/2025Ivanti Endpoint Manager Mobile API authentication bypass
 
$0-$5k$0-$5k0.810490.02Official fixCVE-2025-4427
05/19/202506/09/2025Ivanti Endpoint Manager Mobile API Request code injection
 
$0-$5k$0-$5k0.211160.03Official fixCVE-2025-4428
05/19/202506/09/2025Output Messenger path traversal
 
$0-$5k$0-$5k0.589670.00Official fixCVE-2025-27920
05/19/202506/09/2025MDaemon Email Server HTML E-Mail Message HTML injection
 
$0-$5k$0-$5k0.267880.00Official fixCVE-2024-11182
05/19/202506/09/2025Zimbra Collaboration Suite CalendarInvite cross site scripting
 
$0-$5k$0-$5k0.207820.04Official fixCVE-2024-27443
05/19/202506/09/2025ZKTeco BioTime iclock API path traversal
 
$0-$5k$0-$5k0.860790.02Not definedCVE-2023-38950
05/15/202506/05/2025Google Chrome Loader Remote Code Execution
 
$25k-$100k$5k-$25k0.000130.02Official fixCVE-2025-4664
05/15/202506/05/2025SAP NetWeaver Visual Composer Metadata Uploader deserialization
 
$5k-$25k$0-$5k0.181350.05Official fixCVE-2025-42999
05/15/202506/05/2025DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injectionLink$0-$5k$0-$5k0.842990.07Official fixCVE-2024-12987
05/14/202506/04/2025Fortinet FortiVoice Hash Cookie stack-based overflow
 
$0-$5k$0-$5k0.107360.02Official fixCVE-2025-32756
05/13/202506/03/2025Microsoft Windows Ancillary Function Driver for WinSock use after free
 
$25k-$100k$5k-$25k0.042300.08Official fixCVE-2025-32709
05/13/202506/03/2025Microsoft Windows Common Log File System Driver input validation
 
$25k-$100k$5k-$25k0.120620.00Official fixCVE-2025-32706
05/13/202506/03/2025Microsoft Windows Common Log File System Driver use after free
 
$25k-$100k$5k-$25k0.041920.02Official fixCVE-2025-32701
05/13/202506/03/2025Microsoft Windows DWM Core Library use after free
 
$25k-$100k$5k-$25k0.036970.07Official fixCVE-2025-30400
05/13/202506/03/2025Microsoft Windows Scripting Engine type confusionLink$25k-$100k$0-$5k0.164130.02Official fixCVE-2025-30397
05/12/202506/02/2025TeleMessage Archiving Backend wild backdoor
 
$0-$5k$0-$5k0.072600.00Not definedCVE-2025-47729
05/07/202505/28/2025GeoVision GV-VS12/GV-VS11/GV-DSP_LPR_V3/GVLX 4 V2/GVLX 4 V3 os command injection
 
$0-$5k$0-$5k0.545550.00WorkaroundCVE-2024-11120
05/07/202505/28/2025GeoVision GVLX 4 V3 os command injection
 
$0-$5k$0-$5k0.754030.03Not definedCVE-2024-6047
05/06/202505/27/2025FreeType out-of-bounds write
 
$0-$5k$0-$5k0.684230.00Not definedCVE-2025-27363
05/05/202505/26/2025langflow-ai langflow HTTP Request code missing authenticationLink$0-$5k$0-$5k0.923880.02Official fixCVE-2025-3248
05/02/202505/23/2025Commvault Command Center Innovation ZIP File Upload path traversal
 
$0-$5k$0-$5k0.631700.02Not definedCVE-2025-34028
05/02/202505/23/2025Yii2 improper protection of alternate path
 
$0-$5k$0-$5k0.359000.00Official fixCVE-2024-58136
05/01/202505/22/2025Apache HTTP Server mod_rewrite access controlLink$25k-$100k$0-$5k0.935500.02Official fixCVE-2024-38475
05/01/202505/22/2025SonicWall SMA100/SMA 200/SMA 210/SMA 400/SMA 410/SMA 500v SSL-VPN Management Interface os command injection
 
$0-$5k$0-$5k0.407980.06Not definedCVE-2023-44221
04/29/202505/20/2025SAP NetWeaver unrestricted upload
 
$5k-$25k$5k-$25k0.635200.04Official fixCVE-2025-31324
04/28/202505/19/2025Commvault Web Server Remote Code Execution
 
$0-$5k$0-$5k0.127310.04Official fixCVE-2025-3928
04/28/202505/19/2025Brocade Fabric OS code injection
 
$0-$5k$0-$5k0.020540.03Not definedCVE-2025-1976
04/28/202505/19/2025QUALITIA Active Mail Request stack-based overflow
 
$0-$5k$0-$5k0.110230.02Not definedCVE-2025-42599
04/17/202505/08/2025Apple macOS improper authentication
 
$5k-$25k$0-$5k0.002680.14Official fixCVE-2025-31201
04/17/202505/08/2025Apple tvOS improper authentication
 
$0-$5k$0-$5k0.002680.03Official fixCVE-2025-31201
04/17/202505/08/2025Apple iOS/iPadOS improper authentication
 
$25k-$100k$5k-$25k0.002680.04Official fixCVE-2025-31201
04/17/202505/08/2025Apple visionOS improper authentication
 
$5k-$25k$0-$5k0.002680.05Official fixCVE-2025-31201
04/17/202505/08/2025Apple macOS Media File memory corruption
 
$5k-$25k$0-$5k0.002850.00Official fixCVE-2025-31200
04/17/202505/08/2025Apple tvOS Media File memory corruption
 
$5k-$25k$0-$5k0.002850.08Official fixCVE-2025-31200
04/17/202505/08/2025Apple iOS/iPadOS Media File memory corruption
 
$100k and more$5k-$25k0.002850.02Official fixCVE-2025-31200
04/17/202505/08/2025Apple visionOS Media File memory corruption
 
$5k-$25k$0-$5k0.002850.02Official fixCVE-2025-31200
04/17/202505/08/2025Microsoft Windows NTLM Hash file inclusionLink$25k-$100k$0-$5k0.354450.04Official fixCVE-2025-24054
04/16/202505/07/2025SonicWALL SMA100 Management Interface os command injection
 
$0-$5k$0-$5k0.140070.07Not definedCVE-2021-20035
04/09/202504/30/2025Linux Kernel usb-audio usb_get_configuration out-of-bounds
 
$0-$5k$0-$5k0.002000.17Official fixCVE-2024-53197
04/09/202504/30/2025Linux Kernel usb-audio out-of-bounds
 
$0-$5k$0-$5k0.001580.08Official fixCVE-2024-53150
04/08/202504/29/2025Microsoft Windows Common Log File System Driver use after free
 
$25k-$100k$5k-$25k0.026900.04Official fixCVE-2025-29824
04/08/202504/29/2025Gladinet CentreStack Portal web.config hard-coded key
 
$0-$5k$0-$5k0.845950.05Official fixCVE-2025-30406
04/07/202504/28/2025CrushFTP HTTP Component login_user_pass authentication bypassLink$0-$5k$0-$5k0.832740.02Official fixCVE-2025-31161
04/04/202504/11/2025Ivanti Connect Secure stack-based overflow
 
$0-$5k$0-$5k0.264660.04Official fixCVE-2025-22457
04/01/202504/22/2025Apache Tomcat Partial PUT path equivalenceLink$5k-$25k$0-$5k0.938050.07Official fixCVE-2025-24813
03/31/202504/21/2025Cisco Smart License Utility backdoor
 
$5k-$25k$5k-$25k0.888770.08Official fixCVE-2024-20439
03/27/202504/17/2025Google Chrome Mojo Remote Code Execution
 
$25k-$100k$5k-$25k0.054640.07Official fixCVE-2025-2783
03/26/202504/16/2025Sitecore CMS CSRF Module deserialization
 
$0-$5k$0-$5k0.118880.11Not definedCVE-2019-9875
03/26/202504/16/2025Sitecore CMS/XP Sitecore.Security.AntiCSRF deserialization
 
$0-$5k$0-$5k0.183930.07Not definedCVE-2019-9874
03/24/202504/14/2025reviewdog action-setup malicious code
 
$0-$5k$0-$5k0.386360.08Not definedCVE-2025-30154
03/19/202504/09/2025Edimax IC-7100 IP Camera Requests os command injection
 
$0-$5k$0-$5k0.781870.00Not definedCVE-2025-1316
03/19/202504/09/2025NAKIVO Backup & Replication Director router absolute path traversal
 
$0-$5k$0-$5k0.935290.05Official fixCVE-2024-48248
03/19/202504/09/2025SAP NetWeaver AS JAVA Query String UIUtilJavaScriptJS path traversal
 
$5k-$25k$0-$5k0.919380.02WorkaroundCVE-2017-12637
03/18/202504/08/2025tj-actions changed-files malicious code
 
$0-$5k$0-$5k0.745910.05Not definedCVE-2025-30066
03/18/202504/08/2025Fortinet FortiOS/FortiProxy CSF Proxy Request authentication bypass
 
$0-$5k$0-$5k0.072650.02Official fixCVE-2025-24472
03/13/202504/03/2025Juniper Junos OS Kernel improper isolation or compartmentalization
 
$0-$5k$0-$5k0.009630.03Official fixCVE-2025-21590
03/13/202504/03/2025Apple visionOS Web out-of-bounds write
 
$5k-$25k$0-$5k0.000490.03Official fixCVE-2025-24201
03/13/202504/03/2025Apple macOS Web out-of-bounds write
 
$5k-$25k$0-$5k0.000490.03Official fixCVE-2025-24201
03/13/202504/03/2025Apple iOS/iPadOS Web out-of-bounds write
 
$100k and more$5k-$25k0.000490.00Official fixCVE-2025-24201
03/11/202504/01/2025Microsoft Windows Management Console neutralization
 
$25k-$100k$5k-$25k0.047540.08Official fixCVE-2025-26633
03/11/202504/01/2025Microsoft Windows NTFS heap-based overflow
 
$25k-$100k$5k-$25k0.055000.02Official fixCVE-2025-24993
03/11/202504/01/2025Microsoft Windows NTFS out-of-bounds
 
$5k-$25k$0-$5k0.030880.14Official fixCVE-2025-24991
03/11/202504/01/2025Microsoft Windows Fast FAT File System Driver integer overflow
 
$25k-$100k$5k-$25k0.011830.04Official fixCVE-2025-24985
03/11/202504/01/2025Microsoft Windows NTFS log file
 
$0-$5k$0-$5k0.187210.00Official fixCVE-2025-24984
03/11/202504/01/2025Microsoft Windows Win32 Kernel Subsystem use after free
 
$25k-$100k$5k-$25k0.016640.00Official fixCVE-2025-24983
03/10/202503/31/2025Advantive VeraCore timeoutWarning.asp sql injection
 
$0-$5k$0-$5k0.658570.06Not definedCVE-2025-25181
03/10/202503/31/2025Advantive VeraCore upload.aspx unrestricted upload
 
$0-$5k$0-$5k0.097550.06Official fixCVE-2024-57968
03/10/202503/31/2025Ivanti Endpoint Manager absolute path traversal
 
$0-$5k$0-$5k0.921380.00Official fixCVE-2024-13161
03/10/202503/31/2025Ivanti Endpoint Manager absolute path traversal
 
$0-$5k$0-$5k0.941210.00Official fixCVE-2024-13159
03/10/202503/31/2025Ivanti Endpoint Manager absolute path traversal
 
$0-$5k$0-$5k0.935130.00Official fixCVE-2024-13160
03/04/202503/25/2025VMware ESXi VMX Process access control
 
$5k-$25k$0-$5k0.046990.07Official fixCVE-2025-22225
03/04/202503/25/2025VMware ESXi VMX Process out-of-bounds write
 
$5k-$25k$0-$5k0.336640.02Official fixCVE-2025-22224
03/04/202503/25/2025VMware ESXi HGFS out-of-bounds
 
$0-$5k$0-$5k0.049150.08Official fixCVE-2025-22226
03/04/202503/25/2025Linux Kernel initialization
 
$5k-$25k$0-$5k0.002130.05Official fixCVE-2024-50302
03/03/202503/24/2025Progress WhatsUp Gold path traversalLink$0-$5k$0-$5k0.942780.11Official fixCVE-2024-4885
03/03/202503/24/2025Cisco RV016/RV042/RV042G/RV082/RV320/RV325 HTTP command injection
 
$5k-$25k$0-$5k0.043690.05Official fixCVE-2023-20118
03/03/202503/24/2025Hitachi Vantara Pentaho Business Analytics Server non-canonical url paths for authorization decisionsLink$0-$5k$0-$5k0.866770.02Official fixCVE-2022-43939

1657 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 1,657 results.

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!