Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,621 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2024-23222 ↗ | Apple Multiple Products — Apple Multiple Products WebKit Type Confusion Vulner... | Apple | Jan 23, 2024 |
| High | CVE-2023-34048 ↗ | VMware vCenter Server — VMware vCenter Server Out-of-Bounds Write Vulnerabilit... | VMware | Jan 22, 2024 |
| Critical | CVE-2023-35082 ↗ | Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core — Ivanti Endpoint Ma... | Ivanti | Jan 18, 2024 |
| High | CVE-2023-6548 ↗ | Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScale... | Citrix | Jan 17, 2024 |
| High | CVE-2023-6549 ↗ | Citrix NetScaler ADC and NetScaler Gateway — Citrix NetScaler ADC and NetScale... | Citrix | Jan 17, 2024 |
| High | CVE-2024-0519 ↗ | Google Chromium V8 — Google Chromium V8 Out-of-Bounds Memory Access Vulnerabil... | Jan 17, 2024 | |
| High | CVE-2018-15133 ↗ | Laravel Laravel Framework — Laravel Deserialization of Untrusted Data Vulnerab... | Laravel | Jan 16, 2024 |
| Critical | CVE-2024-21887 ↗ | Ivanti Connect Secure and Policy Secure — Ivanti Connect Secure and Policy Sec... | Ivanti | Jan 10, 2024 |
| Critical | CVE-2023-46805 ↗ | Ivanti Connect Secure and Policy Secure — Ivanti Connect Secure and Policy Sec... | Ivanti | Jan 10, 2024 |
| Critical | CVE-2023-29357 ↗ | Microsoft SharePoint Server — Microsoft SharePoint Server Privilege Escalation... | Microsoft | Jan 10, 2024 |
| Critical | CVE-2023-38203 ↗ | Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerab... | Adobe | Jan 8, 2024 |
| Critical | CVE-2023-29300 ↗ | Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerab... | Adobe | Jan 8, 2024 |
| High | CVE-2023-27524 ↗ | Apache Superset — Apache Superset Insecure Default Initialization of Resource... | Apache | Jan 8, 2024 |
| High | CVE-2023-41990 ↗ | Apple Multiple Products — Apple Multiple Products Code Execution Vulnerability | Apple | Jan 8, 2024 |
| High | CVE-2016-20017 ↗ | D-Link DSL-2750B Devices — D-Link DSL-2750B Devices Command Injection Vulnerab... | D-Link | Jan 8, 2024 |
| High | CVE-2023-23752 ↗ | Joomla! Joomla! — Joomla! Improper Access Control Vulnerability | Joomla! | Jan 8, 2024 |
| High | CVE-2023-7024 ↗ | Google Chromium WebRTC — Google Chromium WebRTC Heap Buffer Overflow Vulnerabi... | Jan 2, 2024 | |
| High | CVE-2023-7101 ↗ | Spreadsheet::ParseExcel Spreadsheet::ParseExcel — Spreadsheet::ParseExcel Remo... | Spreadsheet::ParseExcel | Jan 2, 2024 |
| High | CVE-2023-47565 ↗ | QNAP VioStor NVR — QNAP VioStor NVR OS Command Injection Vulnerability | QNAP | Dec 21, 2023 |
| High | CVE-2023-49897 ↗ | FXC AE1021, AE1021PE — FXC AE1021, AE1021PE OS Command Injection Vulnerability | FXC | Dec 21, 2023 |
| High | CVE-2023-6448 ↗ | Unitronics Vision PLC and HMI — Unitronics Vision PLC and HMI Insecure Default... | Unitronics | Dec 11, 2023 |
| Critical | CVE-2023-41265 ↗ | Qlik Sense — Qlik Sense HTTP Tunneling Vulnerability | Qlik | Dec 7, 2023 |
| Critical | CVE-2023-41266 ↗ | Qlik Sense — Qlik Sense Path Traversal Vulnerability | Qlik | Dec 7, 2023 |
| High | CVE-2022-22071 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnera... | Qualcomm | Dec 5, 2023 |
| High | CVE-2023-33063 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnera... | Qualcomm | Dec 5, 2023 |
| High | CVE-2023-33106 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use of Out-of-Range Po... | Qualcomm | Dec 5, 2023 |
| High | CVE-2023-33107 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Integer Overflow Vulne... | Qualcomm | Dec 5, 2023 |
| High | CVE-2023-42916 ↗ | Apple Multiple Products — Apple Multiple Products WebKit Out-of-Bounds Read Vu... | Apple | Dec 4, 2023 |
| High | CVE-2023-42917 ↗ | Apple Multiple Products — Apple Multiple Products WebKit Memory Corruption Vul... | Apple | Dec 4, 2023 |
| High | CVE-2023-49103 ↗ | ownCloud ownCloud graphapi — ownCloud graphapi Information Disclosure Vulnerab... | ownCloud | Nov 30, 2023 |
| High | CVE-2023-6345 ↗ | Google Chromium Skia — Google Skia Integer Overflow Vulnerability | Nov 30, 2023 | |
| High | CVE-2023-4911 ↗ | GNU GNU C Library — GNU C Library Buffer Overflow Vulnerability | GNU | Nov 21, 2023 |
| High | CVE-2020-2551 ↗ | Oracle Fusion Middleware — Oracle Fusion Middleware Unspecified Vulnerability | Oracle | Nov 16, 2023 |
| High | CVE-2023-1671 ↗ | Sophos Web Appliance — Sophos Web Appliance Command Injection Vulnerability | Sophos | Nov 16, 2023 |
| High | CVE-2023-36584 ↗ | Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Security Feature... | Microsoft | Nov 16, 2023 |
| High | CVE-2023-36036 ↗ | Microsoft Windows — Microsoft Windows Cloud Files Mini Filter Driver Privilege... | Microsoft | Nov 14, 2023 |
| High | CVE-2023-36025 ↗ | Microsoft Windows — Microsoft Windows SmartScreen Security Feature Bypass Vuln... | Microsoft | Nov 14, 2023 |
| High | CVE-2023-36033 ↗ | Microsoft Windows — Microsoft Windows Desktop Window Manager (DWM) Core Librar... | Microsoft | Nov 14, 2023 |
| High | CVE-2023-36851 ↗ | Juniper Junos OS — Juniper Junos OS SRX Series Missing Authentication for Crit... | Juniper | Nov 13, 2023 |
| High | CVE-2023-36847 ↗ | Juniper Junos OS — Juniper Junos OS EX Series Missing Authentication for Criti... | Juniper | Nov 13, 2023 |
| High | CVE-2023-36846 ↗ | Juniper Junos OS — Juniper Junos OS SRX Series Missing Authentication for Crit... | Juniper | Nov 13, 2023 |
| High | CVE-2023-36845 ↗ | Juniper Junos OS — Juniper Junos OS EX Series and SRX Series PHP External Vari... | Juniper | Nov 13, 2023 |
| High | CVE-2023-36844 ↗ | Juniper Junos OS — Juniper Junos OS EX Series PHP External Variable Modificati... | Juniper | Nov 13, 2023 |
| Critical | CVE-2023-47246 ↗ | SysAid SysAid Server — SysAid Server Path Traversal Vulnerability | SysAid | Nov 13, 2023 |
| High | CVE-2023-29552 ↗ | IETF Service Location Protocol (SLP) — Service Location Protocol (SLP) Denial-... | IETF | Nov 8, 2023 |
| Critical | CVE-2023-22518 ↗ | Atlassian Confluence Data Center and Server — Atlassian Confluence Data Center... | Atlassian | Nov 7, 2023 |
| Critical | CVE-2023-46604 ↗ | Apache ActiveMQ — Apache ActiveMQ Deserialization of Untrusted Data Vulnerabil... | Apache | Nov 2, 2023 |
| Critical | CVE-2023-46747 ↗ | F5 BIG-IP Configuration Utility — F5 BIG-IP Configuration Utility Authenticati... | F5 | Oct 31, 2023 |
| High | CVE-2023-46748 ↗ | F5 BIG-IP Configuration Utility — F5 BIG-IP Configuration Utility SQL Injectio... | F5 | Oct 31, 2023 |
| High | CVE-2023-5631 ↗ | Roundcube Webmail — Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vu... | Roundcube | Oct 26, 2023 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.