CISA KEV Gaps — Exploited CVEs Missing from KEV

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

357,183 CVEs tracked 54,424 with exploits 5,027 exploited in wild 1,619 CISA KEV 4,187 Nuclei templates 55,153 vendors 47,495 researchers
602 results Clear all
CVE-2023-20269 5.0 MEDIUM KEV SSVC ACTIVE RANSOMWARE EPSS 0.01
Cisco Adaptive Security Appliance Software - Authentication Bypass via Default Connection Profile
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.
CWE-288 Sep 06, 2023 STIX 2.1
CVE-2023-36761 6.5 MEDIUM KEV SSVC ACTIVE EPSS 0.06
Microsoft Word - Information Disclosure via Improper Input Validation
Microsoft Word Information Disclosure Vulnerability
CWE-20 Sep 12, 2023 STIX 2.1
CVE-2023-41061 7.8 HIGH KEV SSVC ACTIVE EPSS 0.01
watchOS <9.6.2-iPadOS <16.6.1 - RCE
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CWE-20 Sep 07, 2023 STIX 2.1
CVE-2023-26359 9.8 CRITICAL KEV SSVC ACTIVE EPSS 0.79
Adobe ColdFusion <2018 Update 15, 2021 Update 5 - Code Injection
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CWE-502 Mar 23, 2023 STIX 2.1
CVE-2023-38180 7.5 HIGH KEV SSVC ACTIVE EPSS 0.01
.NET 6.0.0-6.0.20 and ASP.NET Core 2.1-2.1.39 - Denial of Service
.NET and Visual Studio Denial of Service Vulnerability
CWE-400 Aug 08, 2023 STIX 2.1
CVE-2023-35081 7.2 HIGH KEV SSVC ACTIVE EPSS 0.91
Ivanti EPMM 11.8.0-11.8.1.1, 11.9.0-11.9.1.1, 11.10.0-11.10.0.2 - Authenticated Arbitrary File Write via Path Traversal
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
CWE-22 Aug 03, 2023 STIX 2.1
CVE-2023-37580 6.1 MEDIUM KEV SSVC ACTIVE NUCLEI EPSS 0.94
Zimbra Collaboration Suite 8.8.0-8.8.14 - Stored Cross-Site Scripting in Classic Web Client
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
CWE-79 Jul 31, 2023 STIX 2.1
CVE-2023-38606 5.5 MEDIUM KEV SSVC ACTIVE EPSS 0.00
iPadOS < 15.7.8 - Kernel State Manipulation
This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Jul 27, 2023 STIX 2.1
CVE-2023-38205 7.5 HIGH KEV SSVC ACTIVE NUCLEI EPSS 0.94
Adobe ColdFusion <2018u18,2021u8,2023u2 - Privilege Escalation
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
CWE-284 Sep 14, 2023 STIX 2.1
CVE-2023-29298 7.5 HIGH KEV SSVC ACTIVE NUCLEI EPSS 0.94
Adobe ColdFusion <2018u16, 2021u6, 2023.0.0.330468 - Security Featu...
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.
CWE-284 Jul 12, 2023 STIX 2.1
CVE-2023-37450 8.8 HIGH KEV SSVC ACTIVE EPSS 0.00
Safari < 16.5.2 - Remote Code Execution via Web Content Processing
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Jul 27, 2023 STIX 2.1
CVE-2023-35311 8.8 HIGH KEV SSVC ACTIVE EPSS 0.00
Microsoft 365 Apps and Outlook - Security Feature Bypass via TOCTOU Race Condition
Microsoft Outlook Security Feature Bypass Vulnerability
CWE-367 Jul 11, 2023 STIX 2.1
CVE-2023-32049 8.8 HIGH KEV SSVC ACTIVE EPSS 0.08
Windows SmartScreen - Privilege Escalation
Windows SmartScreen Security Feature Bypass Vulnerability
Jul 11, 2023 STIX 2.1
CVE-2023-32046 7.8 HIGH KEV SSVC ACTIVE EPSS 0.43
Windows MSHTML - Privilege Escalation
Windows MSHTML Platform Elevation of Privilege Vulnerability
Jul 11, 2023 STIX 2.1
CVE-2023-32439 8.8 HIGH KEV SSVC ACTIVE EPSS 0.01
Safari < 16.5.1 - Remote Code Execution via Type Confusion
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CWE-843 Jun 23, 2023 STIX 2.1
CVE-2023-32435 8.8 HIGH KEV SSVC ACTIVE EPSS 0.00
Safari < 16.4 - Remote Code Execution via Memory Corruption
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
CWE-787 Jun 23, 2023 STIX 2.1
CVE-2023-27992 9.8 CRITICAL KEV SSVC ACTIVE EPSS 0.88
Zyxel NAS326, NAS540, and NAS542 Firmware < 5.21 - Unauthenticated OS Command Injection via HTTP Request
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
CWE-78 Jun 19, 2023 STIX 2.1
CVE-2023-20867 3.9 LOW KEV SSVC ACTIVE RANSOMWARE EPSS 0.02
VMware Tools 10.3.0-12.2.5 - Improper Authentication
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
CWE-287 Jun 13, 2023 STIX 2.1
CVE-2023-33010 9.8 CRITICAL KEV SSVC ACTIVE EPSS 0.07
Zyxel ATP/USG FLEX/USG20/VPN/ZyWALL Firmware 4.25-5.36 - Unauthenticated Buffer Overflow in ID Processing Function
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CWE-120 May 24, 2023 STIX 2.1
CVE-2023-33009 9.8 CRITICAL KEV SSVC ACTIVE EPSS 0.06
Zyxel ATP/USG FLEX/USG20/VPN/ZyWALL Firmware 4.60-5.36 - Unauthenticated Buffer Overflow
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CWE-120 May 24, 2023 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content