CISA KEV Gaps — Exploited CVEs Missing from KEV

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,363 CVEs tracked 53,626 with exploits 4,858 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,288 vendors 43,844 researchers
607 results Clear all
CVE-2023-20867 3.9 LOW KEV RANSOMWARE EPSS 0.03
Vmware Tools < 12.2.5 - Authentication Bypass
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
CWE-287 Jun 13, 2023
CVE-2023-33010 9.8 CRITICAL KEV EPSS 0.06
Zyxel Atp100 Firmware < 5.36 - Buffer Overflow
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CWE-120 May 24, 2023
CVE-2023-33009 9.8 CRITICAL KEV EPSS 0.06
Zyxel Atp100 Firmware < 5.36 - Buffer Overflow
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CWE-120 May 24, 2023
CVE-2023-32409 8.6 HIGH KEV EPSS 0.00
Apple Safari < 16.5 - Denial of Service
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
Jun 23, 2023
CVE-2023-32373 8.8 HIGH KEV EPSS 0.00
Apple Safari < 16.5 - Use After Free
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CWE-416 Jun 23, 2023
CVE-2023-28204 6.5 MEDIUM KEV EPSS 0.00
Apple Safari < 16.5 - Out-of-Bounds Read
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
CWE-125 Jun 23, 2023
CVE-2023-21492 4.4 MEDIUM KEV EPSS 0.01
Samsung Android - Log Information Exposure
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
CWE-532 May 04, 2023
CVE-2023-25717 9.8 CRITICAL KEV NUCLEI EPSS 0.94
Ruckuswireless Ruckus Wireless Admin < 10.4 - Code Injection
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
CWE-94 Feb 13, 2023
CVE-2023-2136 9.6 CRITICAL KEV EPSS 0.01
Google Chrome <112.0.5615.137 - Sandbox Escape
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CWE-190 Apr 19, 2023
CVE-2023-29492 9.8 CRITICAL KEV EPSS 0.16
3rdmill Novi Survey < 8.9.43676 - Code Injection
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
CWE-94 Apr 11, 2023
CVE-2023-26083 3.3 LOW KEV EPSS 0.05
Mali GPU Kernel Driver <r32p0 - Memory Leak
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
CWE-401 Apr 06, 2023
CVE-2023-24880 4.4 MEDIUM KEV RANSOMWARE EPSS 0.73
Windows SmartScreen - Privilege Escalation
Windows SmartScreen Security Feature Bypass Vulnerability
CWE-863 Mar 14, 2023
CVE-2023-23529 8.8 HIGH KEV EPSS 0.00
Apple Safari < 16.3 - Type Confusion
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CWE-843 Feb 27, 2023
CVE-2023-23376 7.8 HIGH KEV RANSOMWARE EPSS 0.21
Microsoft Windows 10 1507 < 10.0.10240.19747 - Out-of-Bounds Write
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CWE-122 Feb 14, 2023
CVE-2023-21715 7.3 HIGH KEV EPSS 0.01
Microsoft Publisher - Privilege Escalation
Microsoft Publisher Security Feature Bypass Vulnerability
CWE-863 Feb 14, 2023
CVE-2022-37055 9.8 CRITICAL KEV EPSS 0.83
Dlink Go-rt-ac750 Firmware - Buffer Overflow
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,
CWE-120 Aug 28, 2022
CVE-2022-48503 8.8 HIGH KEV EPSS 0.00
Apple Safari < 15.6 - Improper Array Index Validation
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
CWE-129 Aug 14, 2023
CVE-2022-23748 7.8 HIGH KEV EPSS 0.12
mDNSResponder.exe - DLL Sideloading
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
CWE-114 Nov 17, 2022
CVE-2022-23227 9.8 CRITICAL KEV 1 Writeup EPSS 0.53
Nuuo Nvrmini2 Firmware < 3.11.0 - Missing Authentication
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CWE-306 Jan 14, 2022
CVE-2022-38028 7.8 HIGH KEV EPSS 0.05
Windows Print Spooler - Privilege Escalation
Windows Print Spooler Elevation of Privilege Vulnerability
Oct 11, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation