Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,622 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| Critical | CVE-2018-8174 ↗ | Microsoft Windows — Microsoft Windows VBScript Engine Out-of-Bounds Write Vuln... | Microsoft | Feb 15, 2022 |
| Critical | CVE-2019-0752 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Type Confusion Vulne... | Microsoft | Feb 15, 2022 |
| High | CVE-2022-0609 ↗ | Google Chromium Animation — Google Chromium Animation Use-After-Free Vulnerabi... | Feb 15, 2022 | |
| High | CVE-2022-24086 ↗ | Adobe Commerce and Magento Open Source — Adobe Commerce and Magento Open Sourc... | Adobe | Feb 15, 2022 |
| High | CVE-2022-22620 ↗ | Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Webkit Use-After-F... | Apple | Feb 11, 2022 |
| High | CVE-2014-4404 ↗ | Apple OS X — Apple OS X Heap-Based Buffer Overflow Vulnerability | Apple | Feb 10, 2022 |
| High | CVE-2015-1130 ↗ | Apple OS X — Apple OS X Authentication Bypass Vulnerability | Apple | Feb 10, 2022 |
| High | CVE-2015-1635 ↗ | Microsoft HTTP.sys — Microsoft HTTP.sys Remote Code Execution Vulnerability | Microsoft | Feb 10, 2022 |
| High | CVE-2015-2051 ↗ | D-Link DIR-645 Router — D-Link DIR-645 Router Remote Code Execution Vulnerabil... | D-Link | Feb 10, 2022 |
| High | CVE-2016-3088 ↗ | Apache ActiveMQ — Apache ActiveMQ Improper Input Validation Vulnerability | Apache | Feb 10, 2022 |
| Critical | CVE-2017-0144 ↗ | Microsoft SMBv1 — Microsoft SMBv1 Remote Code Execution Vulnerability | Microsoft | Feb 10, 2022 |
| Critical | CVE-2017-0145 ↗ | Microsoft SMBv1 — Microsoft SMBv1 Remote Code Execution Vulnerability | Microsoft | Feb 10, 2022 |
| High | CVE-2017-0262 ↗ | Microsoft Office — Microsoft Office Remote Code Execution Vulnerability | Microsoft | Feb 10, 2022 |
| High | CVE-2017-0263 ↗ | Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability | Microsoft | Feb 10, 2022 |
| Critical | CVE-2017-10271 ↗ | Oracle WebLogic Server — Oracle Corporation WebLogic Server Remote Code Execut... | Oracle | Feb 10, 2022 |
| High | CVE-2017-8464 ↗ | Microsoft Windows — Microsoft Windows Shell (.lnk) Remote Code Execution Vulne... | Microsoft | Feb 10, 2022 |
| High | CVE-2017-9791 ↗ | Apache Struts 1 — Apache Struts 1 Improper Input Validation Vulnerability | Apache | Feb 10, 2022 |
| High | CVE-2018-1000861 ↗ | Jenkins Jenkins Stapler Web Framework — Jenkins Stapler Web Framework Deserial... | Jenkins | Feb 10, 2022 |
| Critical | CVE-2020-0796 ↗ | Microsoft SMBv3 — Microsoft SMBv3 Remote Code Execution Vulnerability | Microsoft | Feb 10, 2022 |
| High | CVE-2021-36934 ↗ | Microsoft Windows — Microsoft Windows SAM Local Privilege Escalation Vulnerabi... | Microsoft | Feb 10, 2022 |
| High | CVE-2022-21882 ↗ | Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability | Microsoft | Feb 4, 2022 |
| High | CVE-2014-7169 ↗ | GNU Bourne-Again Shell (Bash) — GNU Bourne-Again Shell (Bash) Arbitrary Code E... | GNU | Jan 28, 2022 |
| High | CVE-2014-6271 ↗ | GNU Bourne-Again Shell (Bash) — GNU Bourne-Again Shell (Bash) Arbitrary Code E... | GNU | Jan 28, 2022 |
| High | CVE-2014-1776 ↗ | Microsoft Internet Explorer — Microsoft Internet Explorer Memory Corruption Vu... | Microsoft | Jan 28, 2022 |
| High | CVE-2017-5689 ↗ | Intel Active Management Technology (AMT), Small Business Technology (SBT), and... | Intel | Jan 28, 2022 |
| Critical | CVE-2020-0787 ↗ | Microsoft Windows — Microsoft Windows Background Intelligent Transfer Service... | Microsoft | Jan 28, 2022 |
| High | CVE-2020-5722 ↗ | Grandstream UCM6200 — Grandstream Networks UCM6200 Series SQL Injection Vulner... | Grandstream | Jan 28, 2022 |
| Critical | CVE-2021-20038 ↗ | SonicWall SMA 100 Appliances — SonicWall SMA 100 Appliances Stack-Based Buffer... | SonicWall | Jan 28, 2022 |
| High | CVE-2022-22587 ↗ | Apple iOS and macOS — Apple Memory Corruption Vulnerability | Apple | Jan 28, 2022 |
| High | CVE-2021-35247 ↗ | SolarWinds Serv-U — SolarWinds Serv-U Improper Input Validation Vulnerability | SolarWinds | Jan 21, 2022 |
| Critical | CVE-2018-8453 ↗ | Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability | Microsoft | Jan 21, 2022 |
| High | CVE-2012-0391 ↗ | Apache Struts 2 — Apache Struts 2 Improper Input Validation Vulnerability | Apache | Jan 21, 2022 |
| High | CVE-2006-1547 ↗ | Apache Struts 1 — Apache Struts 1 ActionForm Denial-of-Service Vulnerability | Apache | Jan 21, 2022 |
| High | CVE-2020-13927 ↗ | Apache Airflow's Experimental API — Apache Airflow's Experimental API Authenti... | Apache | Jan 18, 2022 |
| High | CVE-2020-11978 ↗ | Apache Airflow — Apache Airflow Command Injection | Apache | Jan 18, 2022 |
| High | CVE-2020-13671 ↗ | Drupal Drupal core — Drupal core Un-restricted Upload of File | Drupal | Jan 18, 2022 |
| High | CVE-2020-14864 ↗ | Oracle Intelligence Enterprise Edition — Oracle Business Intelligence Enterpri... | Oracle | Jan 18, 2022 |
| High | CVE-2021-22991 ↗ | F5 BIG-IP Traffic Management Microkernel — F5 BIG-IP Traffic Management Microk... | F5 | Jan 18, 2022 |
| High | CVE-2021-21315 ↗ | Npm package System Information Library for Node.JS — System Information Librar... | Npm package | Jan 18, 2022 |
| Critical | CVE-2021-21975 ↗ | VMware vRealize Operations Manager API — VMware Server Side Request Forgery in... | VMware | Jan 18, 2022 |
| High | CVE-2021-33766 ↗ | Microsoft Exchange Server — Microsoft Exchange Server Information Disclosure | Microsoft | Jan 18, 2022 |
| High | CVE-2021-40870 ↗ | Aviatrix Aviatrix Controller — Aviatrix Controller Unrestricted Upload of File | Aviatrix | Jan 18, 2022 |
| High | CVE-2021-25298 ↗ | Nagios Nagios XI — Nagios XI OS Command Injection | Nagios | Jan 18, 2022 |
| High | CVE-2021-25297 ↗ | Nagios Nagios XI — Nagios XI OS Command Injection | Nagios | Jan 18, 2022 |
| High | CVE-2021-25296 ↗ | Nagios Nagios XI — Nagios XI OS Command Injection | Nagios | Jan 18, 2022 |
| High | CVE-2021-32648 ↗ | October CMS October CMS — October CMS Improper Authentication | October CMS | Jan 18, 2022 |
| High | CVE-2021-27860 ↗ | FatPipe WARP, IPVPN, and MPVPN software — FatPipe WARP, IPVPN, and MPVPN Confi... | FatPipe | Jan 10, 2022 |
| High | CVE-2019-7609 ↗ | Elastic Kibana — Kibana Arbitrary Code Execution | Elastic | Jan 10, 2022 |
| High | CVE-2017-1000486 ↗ | Primetek Primefaces Application — Primetek Primefaces Remote Code Execution Vu... | Primetek | Jan 10, 2022 |
| High | CVE-2015-7450 ↗ | IBM WebSphere Application Server and Server Hypervisor Edition — IBM WebSphere... | IBM | Jan 10, 2022 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.