1478KEV entries tracked
10High-EPSS not in KEV
18New KEV in last 30 days
Trending PoCs
Recent GitHub movement (last 4 days, sorted by stars)| Stars | Updated | Name | Description |
|---|---|---|---|
| Loading trending PoCs… | |||
Latest KEV additions
Last 30 days| CVE | Vendor | Product | EPSS | Percentile | Date Added | Due |
|---|---|---|---|---|---|---|
| CVE-2025-59718 | Fortinet | Multiple Products | 0.000 | 0th | 2025-12-16 | 2025-12-23 |
| CVE-2025-14611 | Gladinet | CentreStack and Triofox | 0.000 | 0th | 2025-12-15 | 2026-01-05 |
| CVE-2025-43529 | Apple | Multiple Products | 0.000 | 0th | 2025-12-15 | 2026-01-05 |
| CVE-2018-4063 | Sierra Wireless | AirLink ALEOS | 0.000 | 0th | 2025-12-12 | 2026-01-02 |
| CVE-2025-14174 | Chromium | 0.000 | 0th | 2025-12-12 | 2026-01-02 | |
| CVE-2025-58360 | OSGeo | GeoServer | 0.000 | 0th | 2025-12-11 | 2026-01-01 |
| CVE-2025-6218 | RARLAB | WinRAR | 0.000 | 0th | 2025-12-09 | 2025-12-30 |
| CVE-2025-62221 | Microsoft | Windows | 0.000 | 0th | 2025-12-09 | 2025-12-30 |
| CVE-2022-37055 | D-Link | Routers | 0.000 | 0th | 2025-12-08 | 2025-12-29 |
| CVE-2025-66644 | Array Networks | ArrayOS AG | 0.000 | 0th | 2025-12-08 | 2025-12-29 |
| CVE-2025-55182 | Meta | React Server Components | 0.000 | 0th | 2025-12-05 | 2025-12-12 |
| CVE-2021-26828 | OpenPLC | ScadaBR | 0.000 | 0th | 2025-12-03 | 2025-12-24 |
| CVE-2025-48572 | Android | Framework | 0.000 | 0th | 2025-12-02 | 2025-12-23 |
| CVE-2025-48633 | Android | Framework | 0.000 | 0th | 2025-12-02 | 2025-12-23 |
| CVE-2021-26829 | OpenPLC | ScadaBR | 0.000 | 0th | 2025-11-28 | 2025-12-19 |
| CVE-2025-61757 | Oracle | Fusion Middleware | 0.000 | 0th | 2025-11-21 | 2025-12-12 |
| CVE-2025-13223 | Chromium V8 | 0.000 | 0th | 2025-11-19 | 2025-12-10 | |
| CVE-2025-58034 | Fortinet | FortiWeb | 0.000 | 0th | 2025-11-18 | 2025-11-25 |
High EPSS not in KEV
Sorted by score| CVE | EPSS | Percentile | PoCs | Summary |
|---|---|---|---|---|
| CVE-2025-9316 | 0.787 | 99th | 0 | No public description yet. |
| CVE-2025-8943 | 0.658 | 98th | 1 | The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro... |
| CVE-2025-8489 | 0.433 | 97th | 0 | No public description yet. |
| CVE-2025-8426 | 0.394 | 97th | 0 | No public description yet. |
| CVE-2025-8518 | 0.339 | 97th | 1 | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l... |
| CVE-2025-8868 | 0.171 | 95th | 0 | No public description yet. |
| CVE-2025-8730 | 0.119 | 93th | 2 | A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c... |
| CVE-2025-7795 | 0.096 | 93th | 3 | A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa... |
| CVE-2025-9090 | 0.083 | 92th | 4 | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible... |
| CVE-2025-8085 | 0.078 | 92th | 1 | The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. |