LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE · CISA KEV

Known Exploited
Vulnerabilities.

Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.

CVE-2012-0391 added 2022-01-21
Apache Struts 2 Improper Input Validation Vulnerability
Apache Struts 2
CVE-2018-8453 added 2022-01-21 RANSOMWARE
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k
CVE-2021-35247 added 2022-01-21
SolarWinds Serv-U Improper Input Validation Vulnerability
SolarWinds Serv-U
CVE-2021-32648 added 2022-01-18
October CMS Improper Authentication
October CMS October CMS
CVE-2021-25296 added 2022-01-18
Nagios XI OS Command Injection
Nagios Nagios XI
CVE-2021-25297 added 2022-01-18
Nagios XI OS Command Injection
Nagios Nagios XI
CVE-2021-25298 added 2022-01-18
Nagios XI OS Command Injection
Nagios Nagios XI
CVE-2021-40870 added 2022-01-18
Aviatrix Controller Unrestricted Upload of File
Aviatrix Aviatrix Controller
CVE-2021-33766 added 2022-01-18
Microsoft Exchange Server Information Disclosure
Microsoft Exchange Server
CVE-2021-21975 added 2022-01-18 RANSOMWARE
VMware Server Side Request Forgery in vRealize Operations Manager API
VMware vRealize Operations Manager API
CVE-2021-21315 added 2022-01-18
System Information Library for Node.JS Command Injection
Npm package System Information Library for Node.JS
CVE-2021-22991 added 2022-01-18
F5 BIG-IP Traffic Management Microkernel Buffer Overflow
F5 BIG-IP Traffic Management Microkernel
CVE-2020-14864 added 2022-01-18
Oracle Business Intelligence Enterprise Edition Path Transversal
Oracle Intelligence Enterprise Edition
CVE-2020-13671 added 2022-01-18
Drupal core Un-restricted Upload of File
Drupal Drupal core
CVE-2020-11978 added 2022-01-18
Apache Airflow Command Injection
Apache Airflow
CVE-2020-13927 added 2022-01-18
Apache Airflow's Experimental API Authentication Bypass
Apache Airflow's Experimental API
CVE-2021-22017 added 2022-01-10
VMware vCenter Server Improper Access Control
VMware vCenter Server
CVE-2021-36260 added 2022-01-10
Hikvision Improper Input Validation
Hikvision Security cameras web server
CVE-2020-6572 added 2022-01-10
Google Chrome Media Use-After-Free Vulnerability
Google Chrome Media
CVE-2019-1458 added 2022-01-10 RANSOMWARE
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k
CVE-2013-3900 added 2022-01-10
Microsoft WinVerifyTrust function Remote Code Execution
Microsoft WinVerifyTrust function
CVE-2019-2725 added 2022-01-10 RANSOMWARE
Oracle WebLogic Server, Injection
Oracle WebLogic Server
CVE-2019-9670 added 2022-01-10
Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2018-13382 added 2022-01-10 RANSOMWARE
Fortinet FortiOS and FortiProxy Improper Authorization
Fortinet FortiOS and FortiProxy
CVE-2018-13383 added 2022-01-10 RANSOMWARE
Fortinet FortiOS and FortiProxy Out-of-bounds Write
Fortinet FortiOS and FortiProxy
CVE-2019-1579 added 2022-01-10 RANSOMWARE
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Palo Alto Networks PAN-OS
CVE-2019-10149 added 2022-01-10
Exim Mail Transfer Agent (MTA) Improper Input Validation
Exim Mail Transfer Agent (MTA)
CVE-2015-7450 added 2022-01-10
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
IBM WebSphere Application Server and Server Hypervisor Edition
CVE-2017-1000486 added 2022-01-10
Primetek Primefaces Remote Code Execution Vulnerability
Primetek Primefaces Application
CVE-2019-7609 added 2022-01-10
Kibana Arbitrary Code Execution
Elastic Kibana
CVE-2021-27860 added 2022-01-10
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
FatPipe WARP, IPVPN, and MPVPN software
CVE-2021-43890 added 2021-12-15 RANSOMWARE
Microsoft Windows AppX Installer Spoofing Vulnerability
Microsoft Windows
CVE-2021-4102 added 2021-12-15
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8
CVE-2021-44515 added 2021-12-10
Zoho Desktop Central Authentication Bypass Vulnerability
Zoho Desktop Central
CVE-2019-13272 added 2021-12-10
Linux Kernel Improper Privilege Management Vulnerability
Linux Kernel
CVE-2021-35394 added 2021-12-10
Realtek Jungle SDK Remote Code Execution Vulnerability
Realtek Jungle Software Development Kit (SDK)
CVE-2019-7238 added 2021-12-10
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
Sonatype Nexus Repository Manager
CVE-2019-0193 added 2021-12-10
Apache Solr DataImportHandler Code Injection Vulnerability
Apache Solr
CVE-2021-44168 added 2021-12-10
Fortinet FortiOS Arbitrary File Download
Fortinet FortiOS
CVE-2017-17562 added 2021-12-10
Embedthis GoAhead Remote Code Execution Vulnerability
Embedthis GoAhead
CVE-2017-12149 added 2021-12-10 RANSOMWARE
Red Hat JBoss Application Server Remote Code Execution Vulnerability
Red Hat JBoss Application Server
CVE-2010-1871 added 2021-12-10
Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
Red Hat JBoss Seam 2
CVE-2020-17463 added 2021-12-10
Fuel CMS SQL Injection Vulnerability
Fuel CMS Fuel CMS
CVE-2020-8816 added 2021-12-10
Pi-Hole AdminLTE Remote Code Execution Vulnerability
Pi-hole AdminLTE
CVE-2019-10758 added 2021-12-10
MongoDB mongo-express Remote Code Execution Vulnerability
MongoDB mongo-express
CVE-2021-44228 added 2021-12-10 RANSOMWARE
Apache Log4j2 Remote Code Execution Vulnerability
Apache Log4j2
CVE-2020-11261 added 2021-12-01
Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2018-14847 added 2021-12-01
MikroTik Router OS Directory Traversal Vulnerability
MikroTik RouterOS
CVE-2021-37415 added 2021-12-01
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP)
CVE-2021-40438 added 2021-12-01
Apache HTTP Server-Side Request Forgery (SSRF)
Apache Apache
CVE-2021-44077 added 2021-12-01
Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus
CVE-2021-22204 added 2021-11-17
ExifTool Remote Code Execution Vulnerability
Perl Exiftool
CVE-2021-40449 added 2021-11-17 RANSOMWARE
Microsoft Windows Win32k Privilege Escalation Vulnerability
Microsoft Windows
CVE-2021-42321 added 2021-11-17 RANSOMWARE
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange
CVE-2021-42292 added 2021-11-17
Microsoft Excel Security Feature Bypass
Microsoft Office
CVE-2021-27104 added 2021-11-03 RANSOMWARE
Accellion FTA OS Command Injection Vulnerability
Accellion FTA
CVE-2021-27102 added 2021-11-03 RANSOMWARE
Accellion FTA OS Command Injection Vulnerability
Accellion FTA
CVE-2021-27101 added 2021-11-03 RANSOMWARE
Accellion FTA SQL Injection Vulnerability
Accellion FTA
CVE-2021-27103 added 2021-11-03 RANSOMWARE
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability
Accellion FTA
CVE-2021-21017 added 2021-11-03
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Adobe Acrobat and Reader
← Prev Page 22 of 27 Next →
Scroll to Top