EUVD KEV - Known Exploited Vulnerabilities Catalog

CVE-2025-25231 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2025-25231

Status: Confirmed

Exploited: Yes

Status Updated: 2025-09-09 00:00 UTC

Evidence Sources: 1

First Seen: 2025-09-09

Asserted: 2025-09-09

Scope Notes: Affected: Omnissa / Omnissa Workspace ONE UEM | Description: Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints | Origin source: CERT-PL | Notes: https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/

CVE-2025-6543 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2025-6543

Status: Confirmed

Exploited: Yes

Status Updated: 2025-07-18 00:00 UTC

Evidence Sources: 1

First Seen: 2025-07-18

Asserted: 2025-07-18

Scope Notes: Affected: Citrix / Citrix ADC and Citrix Gateway | Origin source: cnw

CVE-2011-4085 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2011-4085

Status: Confirmed

Exploited: Yes

Status Updated: 2025-07-14 00:00 UTC

Evidence Sources: 1

First Seen: 2025-07-14

Asserted: 2025-07-14

Scope Notes: Affected: Red Hat / JBoss Application Server | Description: some management interfaces remain accessible and lack effective access control mechanisms | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note

CVE-2010-0738 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2010-0738

Status: Confirmed

Exploited: Yes

Status Updated: 2025-07-14 00:00 UTC

Evidence Sources: 1

First Seen: 2025-07-14

Asserted: 2025-07-14

Scope Notes: Affected: Red Hat / JBoss Application Server | Description: this management interface allows administrative operations to be performed without adequate access controls allowing a remote attacker to interact with the system in an unauthorized manner | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note

CVE-2015-7501 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2015-7501

Status: Confirmed

Exploited: Yes

Status Updated: 2025-07-14 00:00 UTC

Evidence Sources: 1

First Seen: 2025-07-14

Asserted: 2025-07-14

Scope Notes: Affected: Apache / Commons Collections library | Description: the system accepts serialized objects without verifying their origin or reliability allowing an attacker to send specially crafted payloads that are then deserialized and executed | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note

CVE-2017-12149 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2017-12149

Status: Confirmed

Exploited: Yes

Status Updated: 2025-07-14 00:00 UTC

Evidence Sources: 1

First Seen: 2025-07-14

Asserted: 2025-07-14

Scope Notes: Affected: Red Hat / JBoss Application Server | Description: the servlet exposes an endpoint that allows you to invoke Java Management Extensions (JMX) operations without any authentication or access control | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note

CVE-2024-55591 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2024-55591

Status: Confirmed

Exploited: Yes

Status Updated: 2025-02-13 00:00 UTC

Evidence Sources: 1

First Seen: 2025-02-13

Asserted: 2025-02-13

Scope Notes: Affected: Fortinet / FortiOS/FortiProxy | Description: authentication bypass using an alternate path or channel vulnerability | Exploitation type: ransomware | CWEs: CWE-288 | Origin source: cnw

CVE-2023-46604 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2023-46604

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Apache / ActiveMQ | Exploitation type: ransomware | Origin source: cnw

CVE-2023-46747 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2023-46747

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: F5 / BIG-IP | Exploitation type: ransomware | Origin source: cnw

CVE-2020-1472 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2020-1472

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Microsoft / Netlogon (ZeroLogon) | Exploitation type: ransomware | Origin source: cnw

CVE-2023-48788 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2023-48788

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Fortinet / FortiClientEMS | Exploitation type: ransomware | Origin source: cnw

CVE-2023-22515 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2023-22515

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Atlassian / Confluence Server and Data Server | Exploitation type: ransomware | Origin source: cnw

CVE-2023-27997 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2023-27997

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Fortinet / FortiOS and FortiProxy | Exploitation type: ransomware | Origin source: cnw

CVE-2017-0144 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2017-0144

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Microsoft / Windows (SMBv1 - EternalBlue) | Exploitation type: ransomware | Origin source: cnw

CVE-2023-3519 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2023-3519

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Citrix / Citrix ADC and Citrix Gateway | Exploitation type: ransomware | Origin source: cnw

CVE-2020-0787 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2020-0787

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-23 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-23

Asserted: 2025-01-23

Scope Notes: Affected: Microsoft / Windows BITS26 | Exploitation type: ransomware | Origin source: cnw

CVE-2024-8190 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2024-8190

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-17 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-17

Asserted: 2025-01-17

Scope Notes: Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw

CVE-2024-9380 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2024-9380

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-17 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-17

Asserted: 2025-01-17

Scope Notes: Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw

CVE-2024-8963 - Confirmed Exploitation

2026-02-06T07:53:13.022031+00:00

CVE-2024-8963

Status: Confirmed

Exploited: Yes

Status Updated: 2025-01-17 00:00 UTC

Evidence Sources: 1

First Seen: 2025-01-17

Asserted: 2025-01-17

Scope Notes: Affected: Ivanti / CSA (Cloud Services Appliance) | Origin source: cnw