CISA KEV Gaps — Exploited CVEs Missing from KEV

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

357,183 CVEs tracked 54,424 with exploits 5,027 exploited in wild 1,619 CISA KEV 4,187 Nuclei templates 55,153 vendors 47,495 researchers
602 results Clear all
CVE-2023-32409 8.6 HIGH KEV SSVC ACTIVE EPSS 0.00
Safari < 16.5 - Remote Sandbox Escape via Improved Bounds Checks
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
Jun 23, 2023 STIX 2.1
CVE-2023-32373 8.8 HIGH KEV SSVC ACTIVE EPSS 0.00
Safari < 16.5 - Use-After-Free via Maliciously Crafted Web Content
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CWE-416 Jun 23, 2023 STIX 2.1
CVE-2023-28204 6.5 MEDIUM KEV SSVC ACTIVE EPSS 0.00
Safari < 16.5 - Out-of-bounds Read via Web Content Processing
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
CWE-125 Jun 23, 2023 STIX 2.1
CVE-2023-21492 4.4 MEDIUM KEV SSVC ACTIVE EPSS 0.00
Samsung Android - Kernel Pointer Disclosure in Log File
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
CWE-532 May 04, 2023 STIX 2.1
CVE-2023-25717 9.8 CRITICAL KEV SSVC ACTIVE NUCLEI EPSS 0.94
Ruckus Wireless Admin < 10.4 - Unauthenticated Remote Code Execution via HTTP GET Request
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
CWE-94 Feb 13, 2023 STIX 2.1
CVE-2023-2136 9.6 CRITICAL KEV SSVC ACTIVE EPSS 0.00
Google Chrome <112.0.5615.137 - Sandbox Escape
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE-190 Apr 19, 2023 STIX 2.1
CVE-2023-29492 9.8 CRITICAL KEV SSVC ACTIVE EPSS 0.18
novi_survey < 8.9.43676 - Remote Code Execution
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
CWE-94 Apr 11, 2023 STIX 2.1
CVE-2023-24880 4.4 MEDIUM KEV SSVC ACTIVE RANSOMWARE EPSS 0.75
Windows SmartScreen - Privilege Escalation
Windows SmartScreen Security Feature Bypass Vulnerability
CWE-863 Mar 14, 2023 STIX 2.1
CVE-2023-23529 8.8 HIGH KEV SSVC ACTIVE EPSS 0.00
Safari < 16.3 - Remote Code Execution via Type Confusion
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CWE-843 Feb 27, 2023 STIX 2.1
CVE-2023-23376 7.8 HIGH KEV SSVC ACTIVE RANSOMWARE EPSS 0.15
Windows Common Log File System Driver - Elevation of Privilege via Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CWE-122 Feb 14, 2023 STIX 2.1
CVE-2023-21715 7.3 HIGH KEV SSVC ACTIVE EPSS 0.00
Microsoft Publisher - Privilege Escalation
Microsoft Publisher Security Feature Bypass Vulnerability
CWE-863 Feb 14, 2023 STIX 2.1
CVE-2022-37055 9.8 CRITICAL KEV SSVC ACTIVE EPSS 0.82
D-Link Go-RT-AC750 Firmware - Buffer Overflow via cgibin hnap_main
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
CWE-120 Aug 28, 2022 STIX 2.1
CVE-2022-48503 8.8 HIGH KEV SSVC ACTIVE EPSS 0.00
Safari < 15.6 - Remote Code Execution via Array Index Validation Issue
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
CWE-129 Aug 14, 2023 STIX 2.1
CVE-2022-23748 7.8 HIGH KEV SSVC ACTIVE EPSS 0.10
mDNSResponder.exe - DLL Sideloading
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
CWE-114 Nov 17, 2022 STIX 2.1
CVE-2022-23227 9.8 CRITICAL KEV SSVC ACTIVE 1 Writeup EPSS 0.54
NUUO NVRmini2 < 3.11.0 - Unauthenticated Arbitrary User Creation via handle_import_user.php
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CWE-306 Jan 14, 2022 STIX 2.1
CVE-2022-38028 7.8 HIGH KEV SSVC ACTIVE EPSS 0.04
Windows Print Spooler - Privilege Escalation
Windows Print Spooler Elevation of Privilege Vulnerability
Oct 11, 2022 STIX 2.1
CVE-2022-48618 7.0 HIGH KEV SSVC ACTIVE EPSS 0.00
iPadOS < 16.2 - Time-of-check Time-of-use Race Condition
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
CWE-367 Jan 09, 2024 STIX 2.1
CVE-2022-22071 8.4 HIGH KEV SSVC ACTIVE EPSS 0.01
Qualcomm APQ8053 Firmware - Use-After-Free via IOCTL Munmap Call
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE-416 Jun 14, 2022 STIX 2.1
CVE-2022-22265 5.0 MEDIUM KEV SSVC ACTIVE EPSS 0.00
NPU driver <SMR Jan-2022 Release 1 - Memory Corruption
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
CWE-703 Jan 10, 2022 STIX 2.1
CVE-2022-27926 6.1 MEDIUM KEV SSVC ACTIVE NUCLEI EPSS 0.94
Zimbra Collaboration Suite 9.0 - Reflected XSS via /public/launchNewWindow.jsp
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
CWE-79 Apr 21, 2022 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content