Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,622 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2019-10149 ↗ | Exim Mail Transfer Agent (MTA) — Exim Mail Transfer Agent (MTA) Improper Input... | Exim | Jan 10, 2022 |
| Critical | CVE-2019-1579 ↗ | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Remote Code Execution Vu... | Palo Alto Networks | Jan 10, 2022 |
| Critical | CVE-2018-13383 ↗ | Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Out-of-bound... | Fortinet | Jan 10, 2022 |
| Critical | CVE-2018-13382 ↗ | Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Improper Aut... | Fortinet | Jan 10, 2022 |
| High | CVE-2019-9670 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | Jan 10, 2022 |
| Critical | CVE-2019-2725 ↗ | Oracle WebLogic Server — Oracle WebLogic Server, Injection | Oracle | Jan 10, 2022 |
| High | CVE-2013-3900 ↗ | Microsoft WinVerifyTrust function — Microsoft WinVerifyTrust function Remote C... | Microsoft | Jan 10, 2022 |
| Critical | CVE-2019-1458 ↗ | Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability | Microsoft | Jan 10, 2022 |
| High | CVE-2020-6572 ↗ | Google Chrome Media — Google Chrome Media Use-After-Free Vulnerability | Jan 10, 2022 | |
| High | CVE-2021-36260 ↗ | Hikvision Security cameras web server — Hikvision Improper Input Validation | Hikvision | Jan 10, 2022 |
| High | CVE-2021-22017 ↗ | VMware vCenter Server — VMware vCenter Server Improper Access Control | VMware | Jan 10, 2022 |
| High | CVE-2021-4102 ↗ | Google Chromium V8 — Google Chromium V8 Use-After-Free Vulnerability | Dec 15, 2021 | |
| Critical | CVE-2021-43890 ↗ | Microsoft Windows — Microsoft Windows AppX Installer Spoofing Vulnerability | Microsoft | Dec 15, 2021 |
| Critical | CVE-2021-44228 ↗ | Apache Log4j2 — Apache Log4j2 Remote Code Execution Vulnerability | Apache | Dec 10, 2021 |
| High | CVE-2019-10758 ↗ | MongoDB mongo-express — MongoDB mongo-express Remote Code Execution Vulnerabil... | MongoDB | Dec 10, 2021 |
| High | CVE-2020-8816 ↗ | Pi-hole AdminLTE — Pi-Hole AdminLTE Remote Code Execution Vulnerability | Pi-hole | Dec 10, 2021 |
| High | CVE-2020-17463 ↗ | Fuel CMS Fuel CMS — Fuel CMS SQL Injection Vulnerability | Fuel CMS | Dec 10, 2021 |
| High | CVE-2010-1871 ↗ | Red Hat JBoss Seam 2 — Red Hat Linux JBoss Seam 2 Remote Code Execution Vulner... | Red Hat | Dec 10, 2021 |
| Critical | CVE-2017-12149 ↗ | Red Hat JBoss Application Server — Red Hat JBoss Application Server Remote Cod... | Red Hat | Dec 10, 2021 |
| High | CVE-2017-17562 ↗ | Embedthis GoAhead — Embedthis GoAhead Remote Code Execution Vulnerability | Embedthis | Dec 10, 2021 |
| High | CVE-2021-44168 ↗ | Fortinet FortiOS — Fortinet FortiOS Arbitrary File Download | Fortinet | Dec 10, 2021 |
| High | CVE-2019-0193 ↗ | Apache Solr — Apache Solr DataImportHandler Code Injection Vulnerability | Apache | Dec 10, 2021 |
| High | CVE-2019-7238 ↗ | Sonatype Nexus Repository Manager — Sonatype Nexus Repository Manager Incorrec... | Sonatype | Dec 10, 2021 |
| High | CVE-2021-35394 ↗ | Realtek Jungle Software Development Kit (SDK) — Realtek Jungle SDK Remote Code... | Realtek | Dec 10, 2021 |
| High | CVE-2019-13272 ↗ | Linux Kernel — Linux Kernel Improper Privilege Management Vulnerability | Linux | Dec 10, 2021 |
| High | CVE-2021-44515 ↗ | Zoho Desktop Central — Zoho Desktop Central Authentication Bypass Vulnerabilit... | Zoho | Dec 10, 2021 |
| High | CVE-2021-44077 ↗ | Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus — Zoho ManageEng... | Zoho | Dec 1, 2021 |
| High | CVE-2021-40438 ↗ | Apache Apache — Apache HTTP Server-Side Request Forgery (SSRF) | Apache | Dec 1, 2021 |
| High | CVE-2021-37415 ↗ | Zoho ManageEngine ServiceDesk Plus (SDP) — Zoho ManageEngine ServiceDesk Authe... | Zoho | Dec 1, 2021 |
| High | CVE-2018-14847 ↗ | MikroTik RouterOS — MikroTik Router OS Directory Traversal Vulnerability | MikroTik | Dec 1, 2021 |
| High | CVE-2020-11261 ↗ | Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdra... | Qualcomm | Dec 1, 2021 |
| High | CVE-2021-42292 ↗ | Microsoft Office — Microsoft Excel Security Feature Bypass | Microsoft | Nov 17, 2021 |
| Critical | CVE-2021-42321 ↗ | Microsoft Exchange — Microsoft Exchange Server Remote Code Execution Vulnerabi... | Microsoft | Nov 17, 2021 |
| Critical | CVE-2021-40449 ↗ | Microsoft Windows — Microsoft Windows Win32k Privilege Escalation Vulnerabilit... | Microsoft | Nov 17, 2021 |
| High | CVE-2021-22204 ↗ | Perl Exiftool — ExifTool Remote Code Execution Vulnerability | Perl | Nov 17, 2021 |
| High | CVE-2020-29583 ↗ | Zyxel Multiple Products — Zyxel Multiple Products Use of Hard-Coded Credential... | Zyxel | Nov 3, 2021 |
| High | CVE-2019-8394 ↗ | Zoho ManageEngine — Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulne... | Zoho | Nov 3, 2021 |
| High | CVE-2020-10189 ↗ | Zoho ManageEngine — Zoho ManageEngine Desktop Central File Upload Vulnerabilit... | Zoho | Nov 3, 2021 |
| Critical | CVE-2021-40539 ↗ | Zoho ManageEngine — Zoho ManageEngine ADSelfService Plus Authentication Bypass... | Zoho | Nov 3, 2021 |
| High | CVE-2021-27561 ↗ | Yealink Device Management — Yealink Device Management Server-Side Request Forg... | Yealink | Nov 3, 2021 |
| High | CVE-2019-9978 ↗ | WordPress Social Warfare Plugin — WordPress Social Warfare Plugin Cross-Site S... | WordPress | Nov 3, 2021 |
| High | CVE-2020-11738 ↗ | WordPress Snap Creek Duplicator Plugin — WordPress Snap Creek Duplicator Plugi... | WordPress | Nov 3, 2021 |
| High | CVE-2020-25213 ↗ | WordPress File Manager Plugin — WordPress File Manager Plugin Remote Code Exec... | WordPress | Nov 3, 2021 |
| High | CVE-2020-4006 ↗ | VMware Multiple Products — Multiple VMware Products Command Injection Vulnerab... | VMware | Nov 3, 2021 |
| Critical | CVE-2021-21985 ↗ | VMware vCenter Server — VMware vCenter Server Improper Input Validation Vulner... | VMware | Nov 3, 2021 |
| Critical | CVE-2021-21972 ↗ | VMware vCenter Server — VMware vCenter Server Remote Code Execution Vulnerabil... | VMware | Nov 3, 2021 |
| High | CVE-2020-3952 ↗ | VMware vCenter Server — VMware vCenter Server Information Disclosure Vulnerabi... | VMware | Nov 3, 2021 |
| Critical | CVE-2021-22005 ↗ | VMware vCenter Server — VMware vCenter Server File Upload Vulnerability | VMware | Nov 3, 2021 |
| High | CVE-2020-3950 ↗ | VMware Multiple Products — VMware Multiple Products Privilege Escalation Vulne... | VMware | Nov 3, 2021 |
| Critical | CVE-2020-3992 ↗ | VMware ESXi — VMware ESXi OpenSLP Use-After-Free Vulnerability | VMware | Nov 3, 2021 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.