Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,620 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2024-7694 ↗ | TeamT5 ThreatSonar Anti-Ransomware — TeamT5 ThreatSonar Anti-Ransomware Unrest... | TeamT5 | 2026-02-17 |
| High | CVE-2020-7796 ↗ | Synacor Zimbra Collaboration Suite — Synacor Zimbra Collaboration Suite (ZCS)... | Synacor | 2026-02-17 |
| Critical | CVE-2026-1731 ↗ | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) — BeyondTru... | BeyondTrust | 2026-02-13 |
| High | CVE-2025-40536 ↗ | SolarWinds Web Help Desk — SolarWinds Web Help Desk Security Control Bypass Vu... | SolarWinds | 2026-02-12 |
| High | CVE-2025-15556 ↗ | Notepad++ Notepad++ — Notepad++ Download of Code Without Integrity Check Vulne... | Notepad++ | 2026-02-12 |
| High | CVE-2024-43468 ↗ | Microsoft Configuration Manager — Microsoft Configuration Manager SQL Injectio... | Microsoft | 2026-02-12 |
| High | CVE-2026-20700 ↗ | Apple Multiple Products — Apple Multiple Buffer Overflow Vulnerability | Apple | 2026-02-12 |
| High | CVE-2026-21514 ↗ | Microsoft Office — Microsoft Office Word Reliance on Untrusted Inputs in a Sec... | Microsoft | 2026-02-10 |
| High | CVE-2026-21519 ↗ | Microsoft Windows — Microsoft Windows Type Confusion Vulnerability | Microsoft | 2026-02-10 |
| High | CVE-2026-21533 ↗ | Microsoft Windows — Microsoft Windows Improper Privilege Management Vulnerabil... | Microsoft | 2026-02-10 |
| High | CVE-2026-21510 ↗ | Microsoft Windows — Microsoft Windows Shell Protection Mechanism Failure Vulne... | Microsoft | 2026-02-10 |
| High | CVE-2026-21525 ↗ | Microsoft Windows — Microsoft Windows NULL Pointer Dereference Vulnerability | Microsoft | 2026-02-10 |
| High | CVE-2026-21513 ↗ | Microsoft Windows — Microsoft MSHTML Framework Protection Mechanism Failure Vu... | Microsoft | 2026-02-10 |
| Critical | CVE-2026-24423 ↗ | SmarterTools SmarterMail — SmarterTools SmarterMail Missing Authentication for... | SmarterTools | 2026-02-05 |
| High | CVE-2025-11953 ↗ | React Native Community CLI — React Native Community CLI OS Command Injection V... | React Native Community | 2026-02-05 |
| High | CVE-2025-40551 ↗ | SolarWinds Web Help Desk — SolarWinds Web Help Desk Deserialization of Untrust... | SolarWinds | 2026-02-03 |
| High | CVE-2019-19006 ↗ | Sangoma FreePBX — Sangoma FreePBX Improper Authentication Vulnerability | Sangoma | 2026-02-03 |
| High | CVE-2025-64328 ↗ | Sangoma FreePBX — Sangoma FreePBX OS Command Injection Vulnerability | Sangoma | 2026-02-03 |
| High | CVE-2021-39935 ↗ | GitLab Community and Enterprise Editions — GitLab Community and Enterprise Edi... | GitLab | 2026-02-03 |
| High | CVE-2026-1281 ↗ | Ivanti Endpoint Manager Mobile (EPMM) — Ivanti Endpoint Manager Mobile (EPMM)... | Ivanti | 2026-01-29 |
| High | CVE-2026-24858 ↗ | Fortinet Multiple Products — Fortinet Multiple Products Authentication Bypass... | Fortinet | 2026-01-27 |
| High | CVE-2026-21509 ↗ | Microsoft Office — Microsoft Office Security Feature Bypass Vulnerability | Microsoft | 2026-01-26 |
| High | CVE-2026-24061 ↗ | GNU InetUtils — GNU InetUtils Argument Injection Vulnerability | GNU | 2026-01-26 |
| Critical | CVE-2026-23760 ↗ | SmarterTools SmarterMail — SmarterTools SmarterMail Authentication Bypass Usin... | SmarterTools | 2026-01-26 |
| Critical | CVE-2025-52691 ↗ | SmarterTools SmarterMail — SmarterTools SmarterMail Unrestricted Upload of Fil... | SmarterTools | 2026-01-26 |
| High | CVE-2018-14634 ↗ | Linux Kernel — Linux Kernel Integer Overflow Vulnerability | Linux | 2026-01-26 |
| High | CVE-2024-37079 ↗ | Broadcom VMware vCenter Server — Broadcom VMware vCenter Server Out-of-bounds... | Broadcom | 2026-01-23 |
| High | CVE-2025-54313 ↗ | Prettier eslint-config-prettier — Prettier eslint-config-prettier Embedded Mal... | Prettier | 2026-01-22 |
| High | CVE-2025-31125 ↗ | Vite Vitejs — Vite Vitejs Improper Access Control Vulnerability | Vite | 2026-01-22 |
| High | CVE-2025-34026 ↗ | Versa Concerto — Versa Concerto Improper Authentication Vulnerability | Versa | 2026-01-22 |
| High | CVE-2025-68645 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | 2026-01-22 |
| High | CVE-2026-20045 ↗ | Cisco Unified Communications Manager — Cisco Unified Communications Products C... | Cisco | 2026-01-21 |
| High | CVE-2026-20805 ↗ | Microsoft Windows — Microsoft Windows Information Disclosure Vulnerability | Microsoft | 2026-01-13 |
| High | CVE-2025-8110 ↗ | Gogs Gogs — Gogs Path Traversal Vulnerability | Gogs | 2026-01-12 |
| High | CVE-2025-37164 ↗ | Hewlett Packard Enterprise (HPE) OneView — Hewlett Packard Enterprise (HPE) On... | Hewlett Packard Enterprise... | 2026-01-07 |
| High | CVE-2009-0556 ↗ | Microsoft Office — Microsoft Office PowerPoint Code Injection Vulnerability | Microsoft | 2026-01-07 |
| High | CVE-2025-14847 ↗ | MongoDB MongoDB and MongoDB Server — MongoDB and MongoDB Server Improper Handl... | MongoDB | 2025-12-29 |
| High | CVE-2023-52163 ↗ | Digiever DS-2105 Pro — Digiever DS-2105 Pro Missing Authorization Vulnerabilit... | Digiever | 2025-12-22 |
| High | CVE-2025-14733 ↗ | WatchGuard Firebox — WatchGuard Firebox Out of Bounds Write Vulnerability | WatchGuard | 2025-12-19 |
| High | CVE-2025-20393 ↗ | Cisco Multiple Products — Cisco Multiple Products Improper Input Validation Vu... | Cisco | 2025-12-17 |
| High | CVE-2025-40602 ↗ | SonicWall SMA1000 appliance — SonicWall SMA1000 Missing Authorization Vulnerab... | SonicWall | 2025-12-17 |
| High | CVE-2025-59374 ↗ | ASUS Live Update — ASUS Live Update Embedded Malicious Code Vulnerability | ASUS | 2025-12-17 |
| High | CVE-2025-59718 ↗ | Fortinet Multiple Products — Fortinet Multiple Products Improper Verification... | Fortinet | 2025-12-16 |
| High | CVE-2025-43529 ↗ | Apple Multiple Products — Apple Multiple Products Use-After-Free WebKit Vulner... | Apple | 2025-12-15 |
| High | CVE-2025-14611 ↗ | Gladinet CentreStack and Triofox — Gladinet CentreStack and Triofox Hard Coded... | Gladinet | 2025-12-15 |
| High | CVE-2025-14174 ↗ | Google Chromium — Google Chromium Out of Bounds Memory Access Vulnerability | 2025-12-12 | |
| High | CVE-2018-4063 ↗ | Sierra Wireless AirLink ALEOS — Sierra Wireless AirLink ALEOS Unrestricted Upl... | Sierra Wireless | 2025-12-12 |
| High | CVE-2025-58360 ↗ | OSGeo GeoServer — OSGeo GeoServer Improper Restriction of XML External Entity... | OSGeo | 2025-12-11 |
| High | CVE-2025-62221 ↗ | Microsoft Windows — Microsoft Windows Use After Free Vulnerability | Microsoft | 2025-12-09 |
| High | CVE-2025-6218 ↗ | RARLAB WinRAR — RARLAB WinRAR Path Traversal Vulnerability | RARLAB | 2025-12-09 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.