KEV CATALOG
DECEMBER
CVE-2025-14174 Google Chromium Out-of-Bounds Memory Access Vulnerability
CVE-2018-4063 Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2025-58360 OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
CVE-2025-6218 RARLAB WinRAR Path Traversal Vulnerability
CVE-2025-62221 Microsoft Windows Use After Free Vulnerability
CVE-2022-37055 D-Link Routers Buffer Overflow Vulnerability
CVE-2025-66644 Array Networks ArrayOS AG OS Command Injection Vulnerability
CVE-2025-55182 Meta React Server Components Remote Code Execution Vulnerability
CVE-2025-48572 Android Framework Privilege Escalation Vulnerability
CVE-2025-48633 Android Framework Information Disclosure Vulnerability
CVE-2025-48572 Android Framework Privilege Escalation Vulnerability
CVE-2025-48633 Android Framework Information Disclosure Vulnerability
NOVEMBER
CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
CVE-2025-13223 Google Chromium V8 Type Confusion Vulnerability
CVE-2025-58034 Fortinet FortiWeb OS Command Code Injection Vulnerability
CVE-2025-64446 Fortinet FortiWeb Path Traversal Vulnerability
CVE-2025-9242 WatchGuard Firebox Out-of-Bounds Write Vulnerability
CVE-2025-12480 Gladinet Triofox Improper Access Control Vulnerability
CVE-2025-62215 Microsoft Windows Race Condition Vulnerability
CVE-2025-21042 Samsung Mobile Devices Out-of-Bounds Write Vulnerability
CVE-2025-11371 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
CVE-2025-48703 CWP Control Web Panel OS Command Injection Vulnerability
CVE-2025-24893 XWiki Platform Eval Injection Vulnerability
CVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
OCTOBER
CVE-2025-6204 Dassault Systèmes DELMIA Apriso Code Injection Vulnerability
CVE-2025-6205 Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability
CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability
CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
CVE-2025-61932 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-2746 Kentico Xperience Staging Sync Server Digest Password Authentication Bypass Vulnerability
CVE-2025-2747 Kentico Xperience Staging Sync Server None Password Type Authentication Bypass Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability
CVE-2010-3962 Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability
CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability
CVE-2021-22555 Linux Kernel Heap Out-of-Bounds Write Vulnerability
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-61882 Oracle E-Business Suite Unspecified Vulnerability
CVE-2014-6278 GNU Bash OS Command Injection Vulnerability
CVE-2015-7755 Juniper ScreenOS Improper Authentication Vulnerability
CVE-2017-1000353 Jenkins Remote Code Execution Vulnerability
CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability
CVE-2025-21043 Samsung Mobile Devices Out-of-Bounds Write Vulnerability
SEPTEMBER
CVE-2021-21311 Adminer Server-Side Request Forgery Vulnerability
CVE-2025-20352 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
CVE-2025-10035 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
CVE-2025-59689 Libraesva Email Security Gateway Command Injection Vulnerability
CVE-2025-32463 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability
CVE-2025-10585 Google Chromium V8 Type Confusion Vulnerability
CVE-2025-38352 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
CVE-2025-48543 Android Runtime Unspecified Vulnerability
CVE-2025-53690 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVE-2025-9377 TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
CVE-2020-24363 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
CVE-2025-55177 Meta Platforms WhatsApp Incorrect Authorization Vulnerability
AUGUST
CVE-2025-57819 Sangoma FreePBX Authentication Bypass Vulnerability
CVE-2025-7775 Citrix NetScaler Memory Overflow Vulnerability
AUGUSTUS 26