CVE DATABASE · CISA KEV
Known Exploited
Vulnerabilities.
Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.
CVE-2026-3910
added 2026-03-13
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Google Chromium V8
CVE-2026-3909
added 2026-03-13
Google Skia Out-of-Bounds Write Vulnerability
Google Skia
CVE-2025-68613
added 2026-03-11
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
n8n n8n
CVE-2021-22054
added 2026-03-09
Omnissa Workspace ONE Server-Side Request Forgery
Omnissa Workspace One UEM
CVE-2025-26399
added 2026-03-09
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk
CVE-2026-1603
added 2026-03-09
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager (EPM)
CVE-2017-7921
added 2026-03-05
Hikvision Multiple Products Improper Authentication Vulnerability
Hikvision Multiple Products
CVE-2021-22681
added 2026-03-05
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Rockwell Multiple Products
CVE-2023-43000
added 2026-03-05
Apple Multiple products Use-After-Free Vulnerability
Apple Multiple Products
CVE-2021-30952
added 2026-03-05
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Apple Multiple Products
CVE-2023-41974
added 2026-03-05
Apple iOS and iPadOS Use-After-Free Vulnerability
Apple iOS and iPadOS
CVE-2026-22719
added 2026-03-03
Broadcom VMware Aria Operations Command Injection Vulnerability
Broadcom VMware Aria Operations
CVE-2026-21385
added 2026-03-03
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Qualcomm Multiple Chipsets
CVE-2022-20775
added 2026-02-25
Cisco SD-WAN Path Traversal Vulnerability
Cisco SD-WAN
CVE-2026-20127
added 2026-02-25
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN Controller and Manager
CVE-2026-25108
added 2026-02-24
Soliton Systems K.K FileZen OS Command Injection Vulnerability
Soliton Systems K.K FileZen
CVE-2025-49113
added 2026-02-20
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
Roundcube Webmail
CVE-2025-68461
added 2026-02-20
RoundCube Webmail Cross-site Scripting Vulnerability
Roundcube Webmail
CVE-2021-22175
added 2026-02-18
GitLab Server-Side Request Forgery (SSRF) Vulnerability
GitLab GitLab
CVE-2026-22769
added 2026-02-18
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
Dell RecoverPoint for Virtual Machines (RP4VMs)
CVE-2020-7796
added 2026-02-17
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
Synacor Zimbra Collaboration Suite
CVE-2024-7694
added 2026-02-17
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
TeamT5 ThreatSonar Anti-Ransomware
CVE-2008-0015
added 2026-02-17
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
Microsoft Windows
CVE-2026-2441
added 2026-02-17
Google Chromium CSS Use-After-Free Vulnerability
Google Chromium
CVE-2026-1731
added 2026-02-13
RANSOMWARE
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
CVE-2026-20700
added 2026-02-12
Apple Multiple Buffer Overflow Vulnerability
Apple Multiple Products
CVE-2024-43468
added 2026-02-12
Microsoft Configuration Manager SQL Injection Vulnerability
Microsoft Configuration Manager
CVE-2025-15556
added 2026-02-12
Notepad++ Download of Code Without Integrity Check Vulnerability
Notepad++ Notepad++
CVE-2025-40536
added 2026-02-12
SolarWinds Web Help Desk Security Control Bypass Vulnerability
SolarWinds Web Help Desk
CVE-2026-21513
added 2026-02-10
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Microsoft Windows
CVE-2026-21525
added 2026-02-10
Microsoft Windows NULL Pointer Dereference Vulnerability
Microsoft Windows
CVE-2026-21510
added 2026-02-10
Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Microsoft Windows
CVE-2026-21533
added 2026-02-10
Microsoft Windows Improper Privilege Management Vulnerability
Microsoft Windows
CVE-2026-21519
added 2026-02-10
Microsoft Windows Type Confusion Vulnerability
Microsoft Windows
CVE-2026-21514
added 2026-02-10
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Microsoft Office
CVE-2025-11953
added 2026-02-05
React Native Community CLI OS Command Injection Vulnerability
React Native Community CLI
CVE-2026-24423
added 2026-02-05
RANSOMWARE
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
SmarterTools SmarterMail
CVE-2021-39935
added 2026-02-03
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
GitLab Community and Enterprise Editions
CVE-2025-64328
added 2026-02-03
Sangoma FreePBX OS Command Injection Vulnerability
Sangoma FreePBX
CVE-2019-19006
added 2026-02-03
Sangoma FreePBX Improper Authentication Vulnerability
Sangoma FreePBX
CVE-2025-40551
added 2026-02-03
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk
CVE-2026-1281
added 2026-01-29
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-24858
added 2026-01-27
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Fortinet Multiple Products
CVE-2018-14634
added 2026-01-26
Linux Kernel Integer Overflow Vulnerability
Linux Kernel
CVE-2025-52691
added 2026-01-26
RANSOMWARE
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
SmarterTools SmarterMail
CVE-2026-23760
added 2026-01-26
RANSOMWARE
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
SmarterTools SmarterMail
CVE-2026-24061
added 2026-01-26
GNU InetUtils Argument Injection Vulnerability
GNU InetUtils
CVE-2026-21509
added 2026-01-26
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office
CVE-2024-37079
added 2026-01-23
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
Broadcom VMware vCenter Server
CVE-2025-68645
added 2026-01-22
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2025-34026
added 2026-01-22
Versa Concerto Improper Authentication Vulnerability
Versa Concerto
CVE-2025-31125
added 2026-01-22
Vite Vitejs Improper Access Control Vulnerability
Vite Vitejs
CVE-2025-54313
added 2026-01-22
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
Prettier eslint-config-prettier
CVE-2026-20045
added 2026-01-21
Cisco Unified Communications Products Code Injection Vulnerability
Cisco Unified Communications Manager
CVE-2026-20805
added 2026-01-13
Microsoft Windows Information Disclosure Vulnerability
Microsoft Windows
CVE-2025-8110
added 2026-01-12
Gogs Path Traversal Vulnerability
Gogs Gogs
CVE-2009-0556
added 2026-01-07
Microsoft Office PowerPoint Code Injection Vulnerability
Microsoft Office
CVE-2025-37164
added 2026-01-07
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability
Hewlett Packard Enterprise (HPE) OneView
CVE-2025-14847
added 2025-12-29
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
MongoDB MongoDB and MongoDB Server
CVE-2023-52163
added 2025-12-22
Digiever DS-2105 Pro Missing Authorization Vulnerability
Digiever DS-2105 Pro