Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,622 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2019-5786 ↗ | Google Chrome Blink — Google Chrome Blink Use-After-Free Vulnerability | May 23, 2022 | |
| High | CVE-2019-0676 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Information Disclosu... | Microsoft | May 23, 2022 |
| High | CVE-2019-7287 ↗ | Apple iOS — Apple iOS Memory Corruption Vulnerability | Apple | May 23, 2022 |
| High | CVE-2019-7286 ↗ | Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerabil... | Apple | May 23, 2022 |
| Critical | CVE-2020-0638 ↗ | Microsoft Update Notification Manager — Microsoft Update Notification Manager... | Microsoft | May 23, 2022 |
| High | CVE-2020-1027 ↗ | Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerabilit... | Microsoft | May 23, 2022 |
| High | CVE-2021-30883 ↗ | Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerabil... | Apple | May 23, 2022 |
| High | CVE-2021-0920 ↗ | Android Kernel — Android Kernel Race Condition Vulnerability | Android | May 23, 2022 |
| High | CVE-2021-1048 ↗ | Android Kernel — Android Kernel Use-After-Free Vulnerability | Android | May 23, 2022 |
| High | CVE-2022-20821 ↗ | Cisco IOS XR — Cisco IOS XR Open Port Vulnerability | Cisco | May 23, 2022 |
| High | CVE-2022-22947 ↗ | VMware Spring Cloud Gateway — VMware Spring Cloud Gateway Code Injection Vulne... | VMware | May 16, 2022 |
| High | CVE-2022-30525 ↗ | Zyxel Multiple Firewalls — Zyxel Multiple Firewalls OS Command Injection Vulne... | Zyxel | May 16, 2022 |
| Critical | CVE-2022-1388 ↗ | F5 BIG-IP — F5 BIG-IP Missing Authentication Vulnerability | F5 | May 10, 2022 |
| High | CVE-2014-0160 ↗ | OpenSSL OpenSSL — OpenSSL Information Disclosure Vulnerability | OpenSSL | May 4, 2022 |
| High | CVE-2014-0322 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Use-After-Free Vulne... | Microsoft | May 4, 2022 |
| High | CVE-2014-4113 ↗ | Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability | Microsoft | May 4, 2022 |
| High | CVE-2019-8506 ↗ | Apple Multiple Products — Apple Multiple Products Type Confusion Vulnerability | Apple | May 4, 2022 |
| High | CVE-2021-1789 ↗ | Apple Multiple Products — Apple Multiple Products Type Confusion Vulnerability | Apple | May 4, 2022 |
| High | CVE-2019-1003029 ↗ | Jenkins Script Security Plugin — Jenkins Script Security Plugin Sandbox Bypass... | Jenkins | Apr 25, 2022 |
| High | CVE-2021-40450 ↗ | Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability | Microsoft | Apr 25, 2022 |
| High | CVE-2021-41357 ↗ | Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability | Microsoft | Apr 25, 2022 |
| High | CVE-2022-0847 ↗ | Linux Kernel — Linux Kernel Privilege Escalation Vulnerability | Linux | Apr 25, 2022 |
| High | CVE-2022-21919 ↗ | Microsoft Windows — Microsoft Windows User Profile Service Privilege Escalatio... | Microsoft | Apr 25, 2022 |
| High | CVE-2022-26904 ↗ | Microsoft Windows — Microsoft Windows User Profile Service Privilege Escalatio... | Microsoft | Apr 25, 2022 |
| Critical | CVE-2022-29464 ↗ | WSO2 Multiple Products — WSO2 Multiple Products Unrestrictive Upload of File V... | WSO2 | Apr 25, 2022 |
| High | CVE-2022-22718 ↗ | Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulne... | Microsoft | Apr 19, 2022 |
| High | CVE-2019-3568 ↗ | Meta Platforms WhatsApp — WhatsApp VOIP Stack Buffer Overflow Vulnerability | Meta Platforms | Apr 19, 2022 |
| Critical | CVE-2018-6882 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | Apr 19, 2022 |
| High | CVE-2007-3010 ↗ | Alcatel OmniPCX Enterprise — Alcatel OmniPCX Enterprise Remote Code Execution... | Alcatel | Apr 15, 2022 |
| High | CVE-2010-5330 ↗ | Ubiquiti AirOS — Ubiquiti AirOS Command Injection Vulnerability | Ubiquiti | Apr 15, 2022 |
| High | CVE-2014-0780 ↗ | InduSoft Web Studio — InduSoft Web Studio NTWebServer Directory Traversal Vuln... | InduSoft | Apr 15, 2022 |
| High | CVE-2016-4523 ↗ | Trihedral VTScada (formerly VTS) — Trihedral VTScada (formerly VTS) Denial-of-... | Trihedral | Apr 15, 2022 |
| High | CVE-2018-7841 ↗ | Schneider Electric U.motion Builder — Schneider Electric U.motion Builder SQL... | Schneider Electric | Apr 15, 2022 |
| Critical | CVE-2019-16057 ↗ | D-Link DNS-320 Storage Device — D-Link DNS-320 Remote Code Execution Vulnerabi... | D-Link | Apr 15, 2022 |
| High | CVE-2019-3929 ↗ | Crestron Multiple Products — Crestron Multiple Products Command Injection Vuln... | Crestron | Apr 15, 2022 |
| High | CVE-2022-1364 ↗ | Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability | Apr 15, 2022 | |
| High | CVE-2022-22960 ↗ | VMware Multiple Products — VMware Multiple Products Privilege Escalation Vulne... | VMware | Apr 15, 2022 |
| Critical | CVE-2022-22954 ↗ | VMware Workspace ONE Access and Identity Manager — VMware Workspace ONE Access... | VMware | Apr 14, 2022 |
| High | CVE-2014-9163 ↗ | Adobe Flash Player — Adobe Flash Player Stack-Based Buffer Overflow Vulnerabil... | Adobe | Apr 13, 2022 |
| High | CVE-2015-0311 ↗ | Adobe Flash Player — Adobe Flash Player Remote Code Execution Vulnerability | Adobe | Apr 13, 2022 |
| High | CVE-2015-0313 ↗ | Adobe Flash Player — Adobe Flash Player Use-After-Free Vulnerability | Adobe | Apr 13, 2022 |
| High | CVE-2015-2502 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Memory Corruption Vu... | Microsoft | Apr 13, 2022 |
| High | CVE-2015-3113 ↗ | Adobe Flash Player — Adobe Flash Player Heap-Based Buffer Overflow Vulnerabili... | Adobe | Apr 13, 2022 |
| High | CVE-2015-5122 ↗ | Adobe Flash Player — Adobe Flash Player Use-After-Free Vulnerability | Adobe | Apr 13, 2022 |
| High | CVE-2015-5123 ↗ | Adobe Flash Player — Adobe Flash Player Use-After-Free Vulnerability | Adobe | Apr 13, 2022 |
| Critical | CVE-2018-20753 ↗ | Kaseya Virtual System/Server Administrator (VSA) — Kaseya VSA Remote Code Exec... | Kaseya | Apr 13, 2022 |
| Critical | CVE-2018-7602 ↗ | Drupal Core — Drupal Core Remote Code Execution Vulnerability | Drupal | Apr 13, 2022 |
| Critical | CVE-2022-24521 ↗ | Microsoft Windows — Microsoft Windows CLFS Driver Privilege Escalation Vulnera... | Microsoft | Apr 13, 2022 |
| High | CVE-2017-11317 ↗ | Telerik User Interface (UI) for ASP.NET AJAX — Telerik UI for ASP.NET AJAX Unr... | Telerik | Apr 11, 2022 |
| High | CVE-2020-2509 ↗ | QNAP QNAP Network-Attached Storage (NAS) — QNAP Network-Attached Storage (NAS)... | QNAP | Apr 11, 2022 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.