LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE · CISA KEV

Known Exploited
Vulnerabilities.

Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.

CVE-2026-9082 added 2026-05-22
Drupal Core SQL Injection Vulnerability
Drupal Core
CVE-2025-34291 added 2026-05-21
Langflow Origin Validation Error Vulnerability
Langflow Langflow
CVE-2026-34926 added 2026-05-21
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Trend Micro Apex One
CVE-2008-4250 added 2026-05-20
Microsoft Windows Buffer Overflow Vulnerability
Microsoft Windows
CVE-2009-1537 added 2026-05-20
Microsoft DirectX NULL Byte Overwrite Vulnerability
Microsoft DirectX
CVE-2009-3459 added 2026-05-20
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader
CVE-2010-0249 added 2026-05-20
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer
CVE-2010-0806 added 2026-05-20
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer
CVE-2026-41091 added 2026-05-20
Microsoft Defender Link Following Vulnerability
Microsoft Defender
CVE-2026-45498 added 2026-05-20
Microsoft Defender Denial of Service Vulnerability
Microsoft Defender
CVE-2026-42897 added 2026-05-15
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Microsoft Microsoft
CVE-2026-20182 added 2026-05-14
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN
CVE-2026-42208 added 2026-05-08
BerriAI LiteLLM SQL Injection Vulnerability
BerriAI LiteLLM
CVE-2026-6973 added 2026-05-07
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-0300 added 2026-05-06
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Palo Alto Networks PAN-OS
CVE-2026-31431 added 2026-05-01
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Linux Kernel
CVE-2026-41940 added 2026-04-30 RANSOMWARE
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
WebPros cPanel & WHM and WP2 (WordPress Squared)
CVE-2024-1708 added 2026-04-28 RANSOMWARE
ConnectWise ScreenConnect Path Traversal Vulnerability
ConnectWise ScreenConnect
CVE-2026-32202 added 2026-04-28
Microsoft Windows Protection Mechanism Failure Vulnerability
Microsoft Windows
CVE-2025-29635 added 2026-04-24
D-Link DIR-823X Command Injection Vulnerability
D-Link DIR-823X
CVE-2024-7399 added 2026-04-24
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server
CVE-2024-57728 added 2026-04-24 RANSOMWARE
SimpleHelp Path Traversal Vulnerability
SimpleHelp SimpleHelp
CVE-2024-57726 added 2026-04-24 RANSOMWARE
SimpleHelp Missing Authorization Vulnerability
SimpleHelp SimpleHelp
CVE-2026-39987 added 2026-04-23
Marimo Remote Code Execution Vulnerability
Marimo Marimo
CVE-2026-33825 added 2026-04-22
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Microsoft Defender
CVE-2026-20122 added 2026-04-20
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Cisco Catalyst SD-WAN Manger
CVE-2026-20133 added 2026-04-20
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Cisco Catalyst SD-WAN Manager
CVE-2025-2749 added 2026-04-20
Kentico Xperience Path Traversal Vulnerability
Kentico Kentico Xperience
CVE-2023-27351 added 2026-04-20 RANSOMWARE
PaperCut NG/MF Improper Authentication Vulnerability
PaperCut NG/MF
CVE-2025-48700 added 2026-04-20
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2026-20128 added 2026-04-20
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Cisco Catalyst SD-WAN Manager
CVE-2025-32975 added 2026-04-20
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Quest KACE Systems Management Appliance (SMA)
CVE-2024-27199 added 2026-04-20 RANSOMWARE
JetBrains TeamCity Relative Path Traversal Vulnerability
JetBrains TeamCity
CVE-2026-34197 added 2026-04-16
Apache ActiveMQ Improper Input Validation Vulnerability
Apache ActiveMQ
CVE-2009-0238 added 2026-04-14
Microsoft Office Remote Code Execution
Microsoft Office
CVE-2026-32201 added 2026-04-14
Microsoft SharePoint Server Improper Input Validation Vulnerability
Microsoft SharePoint Server
CVE-2012-1854 added 2026-04-13
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
Microsoft Visual Basic for Applications (VBA)
CVE-2025-60710 added 2026-04-13
Microsoft Windows Link Following Vulnerability
Microsoft Windows
CVE-2023-21529 added 2026-04-13 RANSOMWARE
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Microsoft Exchange Server
CVE-2023-36424 added 2026-04-13
Microsoft Windows Out-of-Bounds Read Vulnerability
Microsoft Windows
CVE-2020-9715 added 2026-04-13
Adobe Acrobat Use-After-Free Vulnerability
Adobe Acrobat
CVE-2026-21643 added 2026-04-13
Fortinet FortiClient EMS SQL Injection Vulnerability
Fortinet FortiClient EMS
CVE-2026-34621 added 2026-04-13
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Adobe Acrobat and Reader
CVE-2026-1340 added 2026-04-08
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-35616 added 2026-04-06
Fortinet FortiClient EMS Improper Access Control Vulnerability
Fortinet FortiClient EMS
CVE-2026-3502 added 2026-04-02
TrueConf Client Download of Code Without Integrity Check Vulnerability
TrueConf Client
CVE-2026-5281 added 2026-04-01
Google Dawn Use-After-Free Vulnerability
Google Dawn
CVE-2026-3055 added 2026-03-30
Citrix NetScaler Out-of-Bounds Read Vulnerability
Citrix NetScaler
CVE-2025-53521 added 2026-03-27
F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
F5 BIG-IP
CVE-2026-33634 added 2026-03-26
Aquasecurity Trivy Embedded Malicious Code Vulnerability
Aquasecurity Trivy
CVE-2026-33017 added 2026-03-25
Langflow Code Injection Vulnerability
Langflow Langflow
CVE-2025-32432 added 2026-03-20
Craft CMS Code Injection Vulnerability
Craft CMS Craft CMS
CVE-2025-54068 added 2026-03-20
Laravel Livewire Code Injection Vulnerability
Laravel Livewire
CVE-2025-43510 added 2026-03-20
Apple Multiple Products Improper Locking Vulnerability
Apple Multiple Products
CVE-2025-43520 added 2026-03-20
Apple Multiple Products Classic Buffer Overflow Vulnerability
Apple Multiple Products
CVE-2025-31277 added 2026-03-20
Apple Multiple Products Buffer Overflow Vulnerability
Apple Multiple Products
CVE-2026-20131 added 2026-03-19 RANSOMWARE
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Cisco Secure Firewall Management Center (FMC)
CVE-2025-66376 added 2026-03-18
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2026-20963 added 2026-03-18
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint
CVE-2025-47813 added 2026-03-16
Wing FTP Server Information Disclosure Vulnerability
Wing FTP Server Wing FTP Server
Page 1 of 27 Next →
Scroll to Top