Browse all
Known Exploited Vulnerabilities (CISA KEV) — all
The full CISA KEV catalog of vulnerabilities confirmed exploited in the wild — filter and search by year, ransomware use, and date added.
1,621 results
| Urgency | CVE | Name / product | Vendor | KEV added |
|---|---|---|---|---|
| High | CVE-2024-44309 ↗ | Apple Multiple Products — Apple Multiple Products Cross-Site Scripting (XSS) V... | Apple | Nov 21, 2024 |
| High | CVE-2024-21287 ↗ | Oracle Agile Product Lifecycle Management (PLM) — Oracle Agile Product Lifecyc... | Oracle | Nov 21, 2024 |
| High | CVE-2024-38812 ↗ | VMware vCenter Server — VMware vCenter Server Heap-Based Buffer Overflow Vulne... | VMware | Nov 20, 2024 |
| High | CVE-2024-38813 ↗ | VMware vCenter Server — VMware vCenter Server Privilege Escalation Vulnerabili... | VMware | Nov 20, 2024 |
| High | CVE-2024-1212 ↗ | Progress Kemp LoadMaster — Progress Kemp LoadMaster OS Command Injection Vulne... | Progress | Nov 18, 2024 |
| Critical | CVE-2024-0012 ↗ | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Management Interface Aut... | Palo Alto Networks | Nov 18, 2024 |
| Critical | CVE-2024-9474 ↗ | Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Management Interface OS... | Palo Alto Networks | Nov 18, 2024 |
| High | CVE-2024-9463 ↗ | Palo Alto Networks Expedition — Palo Alto Networks Expedition OS Command Injec... | Palo Alto Networks | Nov 14, 2024 |
| High | CVE-2024-9465 ↗ | Palo Alto Networks Expedition — Palo Alto Networks Expedition SQL Injection Vu... | Palo Alto Networks | Nov 14, 2024 |
| Critical | CVE-2024-49039 ↗ | Microsoft Windows — Microsoft Windows Task Scheduler Privilege Escalation Vuln... | Microsoft | Nov 12, 2024 |
| High | CVE-2024-43451 ↗ | Microsoft Windows — Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerab... | Microsoft | Nov 12, 2024 |
| High | CVE-2021-41277 ↗ | Metabase Metabase — Metabase GeoJSON API Local File Inclusion Vulnerability | Metabase | Nov 12, 2024 |
| High | CVE-2014-2120 ↗ | Cisco Adaptive Security Appliance (ASA) — Cisco Adaptive Security Appliance (A... | Cisco | Nov 12, 2024 |
| High | CVE-2021-26086 ↗ | Atlassian Jira Server and Data Center — Atlassian Jira Server and Data Center... | Atlassian | Nov 12, 2024 |
| High | CVE-2024-5910 ↗ | Palo Alto Networks Expedition — Palo Alto Networks Expedition Missing Authenti... | Palo Alto Networks | Nov 7, 2024 |
| High | CVE-2024-43093 ↗ | Android Framework — Android Framework Privilege Escalation Vulnerability | Android | Nov 7, 2024 |
| Critical | CVE-2024-51567 ↗ | CyberPersons CyberPanel — CyberPanel Incorrect Default Permissions Vulnerabili... | CyberPersons | Nov 7, 2024 |
| High | CVE-2019-16278 ↗ | Nostromo nhttpd — Nostromo nhttpd Directory Traversal Vulnerability | Nostromo | Nov 7, 2024 |
| High | CVE-2024-8957 ↗ | PTZOptics PT30X-SDI/NDI Cameras — PTZOptics PT30X-SDI/NDI Cameras OS Command I... | PTZOptics | Nov 4, 2024 |
| High | CVE-2024-8956 ↗ | PTZOptics PT30X-SDI/NDI Cameras — PTZOptics PT30X-SDI/NDI Cameras Authenticati... | PTZOptics | Nov 4, 2024 |
| High | CVE-2024-20481 ↗ | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — C... | Cisco | Oct 24, 2024 |
| High | CVE-2024-37383 ↗ | Roundcube Webmail — RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability | Roundcube | Oct 24, 2024 |
| High | CVE-2024-47575 ↗ | Fortinet FortiManager — Fortinet FortiManager Missing Authentication Vulnerabi... | Fortinet | Oct 23, 2024 |
| Critical | CVE-2024-38094 ↗ | Microsoft SharePoint — Microsoft SharePoint Deserialization Vulnerability | Microsoft | Oct 22, 2024 |
| High | CVE-2024-9537 ↗ | ScienceLogic SL1 — ScienceLogic SL1 Unspecified Vulnerability | ScienceLogic | Oct 21, 2024 |
| Critical | CVE-2024-40711 ↗ | Veeam Backup & Replication — Veeam Backup and Replication Deserialization Vuln... | Veeam | Oct 17, 2024 |
| Critical | CVE-2024-30088 ↗ | Microsoft Windows — Microsoft Windows Kernel TOCTOU Race Condition Vulnerabili... | Microsoft | Oct 15, 2024 |
| Critical | CVE-2024-9680 ↗ | Mozilla Firefox — Mozilla Firefox Use-After-Free Vulnerability | Mozilla | Oct 15, 2024 |
| High | CVE-2024-28987 ↗ | SolarWinds Web Help Desk — SolarWinds Web Help Desk Hardcoded Credential Vulne... | SolarWinds | Oct 15, 2024 |
| High | CVE-2024-23113 ↗ | Fortinet Multiple Products — Fortinet Multiple Products Format String Vulnerab... | Fortinet | Oct 9, 2024 |
| High | CVE-2024-9379 ↗ | Ivanti Cloud Services Appliance (CSA) — Ivanti Cloud Services Appliance (CSA)... | Ivanti | Oct 9, 2024 |
| High | CVE-2024-9380 ↗ | Ivanti Cloud Services Appliance (CSA) — Ivanti Cloud Services Appliance (CSA)... | Ivanti | Oct 9, 2024 |
| High | CVE-2024-43047 ↗ | Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnera... | Qualcomm | Oct 8, 2024 |
| High | CVE-2024-43572 ↗ | Microsoft Windows — Microsoft Windows Management Console Remote Code Execution... | Microsoft | Oct 8, 2024 |
| High | CVE-2024-43573 ↗ | Microsoft Windows — Microsoft Windows MSHTML Platform Spoofing Vulnerability | Microsoft | Oct 8, 2024 |
| High | CVE-2024-45519 ↗ | Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite... | Synacor | Oct 3, 2024 |
| High | CVE-2024-29824 ↗ | Ivanti Endpoint Manager (EPM) — Ivanti Endpoint Manager (EPM) SQL Injection Vu... | Ivanti | Oct 2, 2024 |
| High | CVE-2023-25280 ↗ | D-Link DIR-820 Router — D-Link DIR-820 Router OS Command Injection Vulnerabili... | D-Link | Sep 30, 2024 |
| High | CVE-2020-15415 ↗ | DrayTek Multiple Vigor Routers — DrayTek Multiple Vigor Routers OS Command Inj... | DrayTek | Sep 30, 2024 |
| High | CVE-2019-0344 ↗ | SAP Commerce Cloud — SAP Commerce Cloud Deserialization of Untrusted Data Vuln... | SAP | Sep 30, 2024 |
| High | CVE-2024-7593 ↗ | Ivanti Virtual Traffic Manager — Ivanti Virtual Traffic Manager Authentication... | Ivanti | Sep 24, 2024 |
| High | CVE-2024-8963 ↗ | Ivanti Cloud Services Appliance (CSA) — Ivanti Cloud Services Appliance (CSA)... | Ivanti | Sep 19, 2024 |
| High | CVE-2024-27348 ↗ | Apache HugeGraph-Server — Apache HugeGraph-Server Improper Access Control Vuln... | Apache | Sep 18, 2024 |
| High | CVE-2020-0618 ↗ | Microsoft SQL Server — Microsoft SQL Server Reporting Services Remote Code Exe... | Microsoft | Sep 18, 2024 |
| High | CVE-2022-21445 ↗ | Oracle ADF Faces — Oracle ADF Faces Deserialization of Untrusted Data Vulnerab... | Oracle | Sep 18, 2024 |
| High | CVE-2020-14644 ↗ | Oracle WebLogic Server — Oracle WebLogic Server Remote Code Execution Vulnerab... | Oracle | Sep 18, 2024 |
| High | CVE-2014-0497 ↗ | Adobe Flash Player — Adobe Flash Player Integer Underflow Vulnerablity | Adobe | Sep 17, 2024 |
| High | CVE-2013-0643 ↗ | Adobe Flash Player — Adobe Flash Player Incorrect Default Permissions Vulnerab... | Adobe | Sep 17, 2024 |
| High | CVE-2013-0648 ↗ | Adobe Flash Player — Adobe Flash Player Code Execution Vulnerability | Adobe | Sep 17, 2024 |
| High | CVE-2014-0502 ↗ | Adobe Flash Player — Adobe Flash Player Double Free Vulnerablity | Adobe | Sep 17, 2024 |
Source: official U.S. government open data. This is an organized index, not an official U.S. government site. "Explained" links to our summary page; otherwise links go to the official primary source.