Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2026-20122 ↗ | Cisco Catalyst SD-WAN Manger — Cisco Catalyst SD-WAN Manager Incorrect Use of... | Cisco | 2026-04-20 |
| High | CVE-2026-34197 ↗ | Apache ActiveMQ — Apache ActiveMQ Improper Input Validation Vulnerability | Apache | 2026-04-16 |
| High | CVE-2026-32201 ↗ | Microsoft SharePoint Server — Microsoft SharePoint Server Improper Input Valid... | Microsoft | 2026-04-14 |
| High | CVE-2009-0238 ↗ | Microsoft Office — Microsoft Office Remote Code Execution | Microsoft | 2026-04-14 |
| High | CVE-2026-34621 ↗ | Adobe Acrobat and Reader — Adobe Acrobat and Reader Prototype Pollution Vulner... | Adobe | 2026-04-13 |
| High | CVE-2026-21643 ↗ | Fortinet FortiClient EMS — Fortinet FortiClient EMS SQL Injection Vulnerabilit... | Fortinet | 2026-04-13 |
| High | CVE-2020-9715 ↗ | Adobe Acrobat — Adobe Acrobat Use-After-Free Vulnerability | Adobe | 2026-04-13 |
| High | CVE-2023-36424 ↗ | Microsoft Windows — Microsoft Windows Out-of-Bounds Read Vulnerability | Microsoft | 2026-04-13 |
| Critical | CVE-2023-21529 ↗ | Microsoft Exchange Server — Microsoft Exchange Server Deserialization of Untru... | Microsoft | 2026-04-13 |
| High | CVE-2025-60710 ↗ | Microsoft Windows — Microsoft Windows Link Following Vulnerability | Microsoft | 2026-04-13 |
| High | CVE-2012-1854 ↗ | Microsoft Visual Basic for Applications (VBA) — Microsoft Visual Basic for App... | Microsoft | 2026-04-13 |
| High | CVE-2026-1340 ↗ | Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM)... | Ivanti | 2026-04-08 |
| High | CVE-2026-35616 ↗ | Fortinet FortiClient EMS — Fortinet FortiClient EMS Improper Access Control Vu... | Fortinet | 2026-04-06 |
| High | CVE-2026-3502 ↗ | TrueConf Client — TrueConf Client Download of Code Without Integrity Check Vul... | TrueConf | 2026-04-02 |
| High | CVE-2026-5281 ↗ | Google Dawn — Google Dawn Use-After-Free Vulnerability | 2026-04-01 | |
| High | CVE-2026-3055 ↗ | Citrix NetScaler — Citrix NetScaler Out-of-Bounds Read Vulnerability | Citrix | 2026-03-30 |
| High | CVE-2025-53521 ↗ | F5 BIG-IP — F5 BIG-IP Stack-Based Buffer Overflow Vulnerability | F5 | 2026-03-27 |
| High | CVE-2026-33634 ↗ | Aquasecurity Trivy — Aquasecurity Trivy Embedded Malicious Code Vulnerability | Aquasecurity | 2026-03-26 |
| High | CVE-2026-33017 ↗ | Langflow Langflow — Langflow Code Injection Vulnerability | Langflow | 2026-03-25 |
| High | CVE-2025-31277 ↗ | Apple Multiple Products — Apple Multiple Products Buffer Overflow Vulnerabilit... | Apple | 2026-03-20 |
| High | CVE-2025-43520 ↗ | Apple Multiple Products — Apple Multiple Products Classic Buffer Overflow Vuln... | Apple | 2026-03-20 |
| High | CVE-2025-43510 ↗ | Apple Multiple Products — Apple Multiple Products Improper Locking Vulnerabili... | Apple | 2026-03-20 |
| High | CVE-2025-54068 ↗ | Laravel Livewire — Laravel Livewire Code Injection Vulnerability | Laravel | 2026-03-20 |
| High | CVE-2025-32432 ↗ | Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability | Craft CMS | 2026-03-20 |
| Critical | CVE-2026-20131 ↗ | Cisco Secure Firewall Management Center (FMC) — Cisco Secure Firewall Manageme... | Cisco | 2026-03-19 |
| High | CVE-2026-20963 ↗ | Microsoft SharePoint — Microsoft SharePoint Deserialization of Untrusted Data... | Microsoft | 2026-03-18 |
| High | CVE-2025-66376 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | 2026-03-18 |
| High | CVE-2025-47813 ↗ | Wing FTP Server Wing FTP Server — Wing FTP Server Information Disclosure Vulne... | Wing FTP Server | 2026-03-16 |
| High | CVE-2026-3909 ↗ | Google Skia — Google Skia Out-of-Bounds Write Vulnerability | 2026-03-13 | |
| High | CVE-2026-3910 ↗ | Google Chromium V8 — Google Chromium V8 Improper Restriction of Operations Wit... | 2026-03-13 | |
| High | CVE-2025-68613 ↗ | n8n n8n — n8n Improper Control of Dynamically-Managed Code Resources Vulnerabi... | n8n | 2026-03-11 |
| High | CVE-2026-1603 ↗ | Ivanti Endpoint Manager (EPM) — Ivanti Endpoint Manager (EPM) Authentication B... | Ivanti | 2026-03-09 |
| High | CVE-2025-26399 ↗ | SolarWinds Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrust... | SolarWinds | 2026-03-09 |
| High | CVE-2021-22054 ↗ | Omnissa Workspace One UEM — Omnissa Workspace ONE Server-Side Request Forgery | Omnissa | 2026-03-09 |
| High | CVE-2023-41974 ↗ | Apple iOS and iPadOS — Apple iOS and iPadOS Use-After-Free Vulnerability | Apple | 2026-03-05 |
| High | CVE-2021-30952 ↗ | Apple Multiple Products — Apple Multiple Products Integer Overflow or Wraparou... | Apple | 2026-03-05 |
| High | CVE-2023-43000 ↗ | Apple Multiple Products — Apple Multiple products Use-After-Free Vulnerability | Apple | 2026-03-05 |
| High | CVE-2021-22681 ↗ | Rockwell Multiple Products — Rockwell Multiple Products Insufficient Protected... | Rockwell | 2026-03-05 |
| High | CVE-2017-7921 ↗ | Hikvision Multiple Products — Hikvision Multiple Products Improper Authenticat... | Hikvision | 2026-03-05 |
| High | CVE-2026-21385 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Memory Corruption Vuln... | Qualcomm | 2026-03-03 |
| High | CVE-2026-22719 ↗ | Broadcom VMware Aria Operations — Broadcom VMware Aria Operations Command Inje... | Broadcom | 2026-03-03 |
| High | CVE-2026-20127 ↗ | Cisco Catalyst SD-WAN Controller and Manager — Cisco Catalyst SD-WAN Controlle... | Cisco | 2026-02-25 |
| High | CVE-2022-20775 ↗ | Cisco SD-WAN — Cisco SD-WAN Path Traversal Vulnerability | Cisco | 2026-02-25 |
| High | CVE-2026-25108 ↗ | Soliton Systems K.K FileZen — Soliton Systems K.K FileZen OS Command Injection... | Soliton Systems K.K | 2026-02-24 |
| High | CVE-2025-68461 ↗ | Roundcube Webmail — RoundCube Webmail Cross-site Scripting Vulnerability | Roundcube | 2026-02-20 |
| High | CVE-2025-49113 ↗ | Roundcube Webmail — RoundCube Webmail Deserialization of Untrusted Data Vulner... | Roundcube | 2026-02-20 |
| High | CVE-2026-22769 ↗ | Dell RecoverPoint for Virtual Machines (RP4VMs) — Dell RecoverPoint for Virtua... | Dell | 2026-02-18 |
| High | CVE-2021-22175 ↗ | GitLab GitLab — GitLab Server-Side Request Forgery (SSRF) Vulnerability | GitLab | 2026-02-18 |
| High | CVE-2026-2441 ↗ | Google Chromium — Google Chromium CSS Use-After-Free Vulnerability | 2026-02-17 | |
| High | CVE-2008-0015 ↗ | Microsoft Windows — Microsoft Windows Video ActiveX Control Remote Code Execu... | Microsoft | 2026-02-17 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.