Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| Critical | CVE-2026-35273 Explained | Oracle PeopleSoft Enterprise PeopleTools — Oracle PeopleSoft Enterprise People... | Oracle | 2026-06-12 |
| High | CVE-2026-10520 Explained | Ivanti Sentry — Ivanti Sentry OS Command Injection Vulnerability | Ivanti | 2026-06-11 |
| High | CVE-2026-20245 Explained | Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Improper Encodin... | Cisco | 2026-06-09 |
| High | CVE-2026-7473 Explained | Arista Extensible Operating System — Arista Extensible Operating System Incomp... | Arista | 2026-06-09 |
| High | CVE-2026-11645 Explained | Google Chromium V8 — Google Chromium V8 Out-of-Bounds Read and Write Vulnerabi... | 2026-06-09 | |
| Critical | CVE-2026-50751 ↗ | Check Point Security Gateway — Check Point Security Gateway Improper Authentic... | Check Point | 2026-06-08 |
| High | CVE-2026-50751 Explained | Check Point Security Gateway — Check Point Security Gateway Improper Authentic... | Check Point | 2026-06-08 |
| High | CVE-2026-42271 Explained | BerriAI LiteLLM — BerriAI LiteLLM Command Injection Vulnerability | BerriAI | 2026-06-08 |
| High | CVE-2026-28318 Explained | SolarWinds Serv-U — SolarWinds Serv-U Uncontrolled Resource Consumption Vulner... | SolarWinds | 2026-06-05 |
| High | CVE-2026-45247 ↗ | Mirasvit Mirasvit Full Page Cache Warmer — Mirasvit Full Page Cache Warmer Des... | Mirasvit | 2026-06-03 |
| High | CVE-2025-48595 Explained | Android Framework — Android Framework Integer Overflow Vulnerability | Android | 2026-06-02 |
| High | CVE-2022-0492 Explained | Linux Kernel — Linux Kernel Improper Authentication Vulnerability | Linux | 2026-06-02 |
| High | CVE-2024-21182 Explained | Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability | Oracle | 2026-06-01 |
| High | CVE-2026-0257 Explained | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Authentication Bypass Vu... | Palo Alto Networks | 2026-05-29 |
| High | CVE-2026-8398 ↗ | Daemon Daemon Tools Lite — Daemon Tools Lite Embedded Malicious Code Vulnerabi... | Daemon | 2026-05-27 |
| Critical | CVE-2026-45321 Explained | TanStack TanStack — TanStack Unspecified Vulnerability | TanStack | 2026-05-27 |
| Critical | CVE-2026-48027 Explained | Nx Nx Console — Nx Console Embedded Malicious Code Vulnerability | Nx | 2026-05-27 |
| High | CVE-2026-48172 Explained | LiteSpeed cPanel Plugin — LiteSpeed cPanel Plugin Privilege Escalation Vulnera... | LiteSpeed | 2026-05-26 |
| High | CVE-2026-9082 Explained | Drupal Core — Drupal Core SQL Injection Vulnerability | Drupal | 2026-05-22 |
| High | CVE-2026-34926 Explained | Trend Micro Apex One — Trend Micro Apex One (On-Premise) Directory Traversal V... | Trend Micro | 2026-05-21 |
| High | CVE-2025-34291 Explained | Langflow Langflow — Langflow Origin Validation Error Vulnerability | Langflow | 2026-05-21 |
| High | CVE-2026-45498 ↗ | Microsoft Defender — Microsoft Defender Denial of Service Vulnerability | Microsoft | 2026-05-20 |
| High | CVE-2026-41091 ↗ | Microsoft Defender — Microsoft Defender Link Following Vulnerability | Microsoft | 2026-05-20 |
| High | CVE-2010-0806 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Use-After-Free Vulne... | Microsoft | 2026-05-20 |
| High | CVE-2010-0249 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Use-After-Free Vulne... | Microsoft | 2026-05-20 |
| High | CVE-2009-3459 ↗ | Adobe Acrobat and Reader — Adobe Acrobat and Reader Heap-Based Buffer Overflow... | Adobe | 2026-05-20 |
| High | CVE-2009-1537 ↗ | Microsoft DirectX — Microsoft DirectX NULL Byte Overwrite Vulnerability | Microsoft | 2026-05-20 |
| High | CVE-2008-4250 ↗ | Microsoft Windows — Microsoft Windows Buffer Overflow Vulnerability | Microsoft | 2026-05-20 |
| High | CVE-2026-42897 Explained | Microsoft Microsoft — Microsoft Exchange Server Cross-Site Scripting Vulnerabi... | Microsoft | 2026-05-15 |
| High | CVE-2026-20182 Explained | Cisco Catalyst SD-WAN — Cisco Catalyst SD-WAN Controller Authentication Bypass... | Cisco | 2026-05-14 |
| High | CVE-2026-42208 Explained | BerriAI LiteLLM — BerriAI LiteLLM SQL Injection Vulnerability | BerriAI | 2026-05-08 |
| High | CVE-2026-6973 Explained | Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM)... | Ivanti | 2026-05-07 |
| High | CVE-2026-0300 Explained | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Out-of-bounds Write Vuln... | Palo Alto Networks | 2026-05-06 |
| High | CVE-2026-31431 Explained | Linux Kernel — Linux Kernel Incorrect Resource Transfer Between Spheres Vulner... | Linux | 2026-05-01 |
| Critical | CVE-2026-41940 Explained | WebPros cPanel & WHM and WP2 (WordPress Squared) — WebPros cPanel & WHM and WP... | WebPros | 2026-04-30 |
| High | CVE-2026-32202 ↗ | Microsoft Windows — Microsoft Windows Protection Mechanism Failure Vulnerabili... | Microsoft | 2026-04-28 |
| Critical | CVE-2024-1708 Explained | ConnectWise ScreenConnect — ConnectWise ScreenConnect Path Traversal Vulnerabi... | ConnectWise | 2026-04-28 |
| Critical | CVE-2024-57726 ↗ | SimpleHelp SimpleHelp — SimpleHelp Missing Authorization Vulnerability | SimpleHelp | 2026-04-24 |
| Critical | CVE-2024-57728 ↗ | SimpleHelp SimpleHelp — SimpleHelp Path Traversal Vulnerability | SimpleHelp | 2026-04-24 |
| High | CVE-2024-7399 ↗ | Samsung MagicINFO 9 Server — Samsung MagicINFO 9 Server Path Traversal Vulnera... | Samsung | 2026-04-24 |
| High | CVE-2025-29635 ↗ | D-Link DIR-823X — D-Link DIR-823X Command Injection Vulnerability | D-Link | 2026-04-24 |
| High | CVE-2026-39987 ↗ | Marimo Marimo — Marimo Remote Code Execution Vulnerability | Marimo | 2026-04-23 |
| High | CVE-2026-33825 ↗ | Microsoft Defender — Microsoft Defender Insufficient Granularity of Access Con... | Microsoft | 2026-04-22 |
| Critical | CVE-2024-27199 ↗ | JetBrains TeamCity — JetBrains TeamCity Relative Path Traversal Vulnerability | JetBrains | 2026-04-20 |
| High | CVE-2025-32975 ↗ | Quest KACE Systems Management Appliance (SMA) — Quest KACE Systems Management... | Quest | 2026-04-20 |
| High | CVE-2026-20128 ↗ | Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Storing Password... | Cisco | 2026-04-20 |
| High | CVE-2025-48700 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | 2026-04-20 |
| Critical | CVE-2023-27351 ↗ | PaperCut NG/MF — PaperCut NG/MF Improper Authentication Vulnerability | PaperCut | 2026-04-20 |
| High | CVE-2025-2749 ↗ | Kentico Kentico Xperience — Kentico Xperience Path Traversal Vulnerability | Kentico | 2026-04-20 |
| High | CVE-2026-20133 ↗ | Cisco Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Exposure of Sens... | Cisco | 2026-04-20 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.