LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE · CISA KEV

Known Exploited
Vulnerabilities.

Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.

CVE-2020-2883 added 2025-01-07
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server
CVE-2024-55550 added 2025-01-07 RANSOMWARE
Mitel MiCollab Path Traversal Vulnerability
Mitel MiCollab
CVE-2024-41713 added 2025-01-07 RANSOMWARE
Mitel MiCollab Path Traversal Vulnerability
Mitel MiCollab
CVE-2024-3393 added 2024-12-30
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
Palo Alto Networks PAN-OS
CVE-2021-44207 added 2024-12-23
Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability
Acclaim Systems USAHERDS
CVE-2024-12356 added 2024-12-19
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)
CVE-2021-40407 added 2024-12-18
Reolink RLC-410W IP Camera OS Command Injection Vulnerability
Reolink RLC-410W IP Camera
CVE-2019-11001 added 2024-12-18
Reolink Multiple IP Cameras OS Command Injection Vulnerability
Reolink Multiple IP Cameras
CVE-2022-23227 added 2024-12-18
NUUO NVRmini2 Devices Missing Authentication Vulnerability
NUUO NVRmini2 Devices
CVE-2018-14933 added 2024-12-18
NUUO NVRmini Devices OS Command Injection Vulnerability
NUUO NVRmini Devices
CVE-2024-55956 added 2024-12-17 RANSOMWARE
Cleo Multiple Products Unauthenticated File Upload Vulnerability
Cleo Multiple Products
CVE-2024-35250 added 2024-12-16
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
Microsoft Windows
CVE-2024-20767 added 2024-12-16
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion
CVE-2024-50623 added 2024-12-13 RANSOMWARE
Cleo Multiple Products Unrestricted File Upload Vulnerability
Cleo Multiple Products
CVE-2024-49138 added 2024-12-10
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows
CVE-2024-51378 added 2024-12-04 RANSOMWARE
CyberPanel Incorrect Default Permissions Vulnerability
CyberPersons CyberPanel
CVE-2024-11667 added 2024-12-03 RANSOMWARE
Zyxel Multiple Firewalls Path Traversal Vulnerability
Zyxel Multiple Firewalls
CVE-2024-11680 added 2024-12-03
ProjectSend Improper Authentication Vulnerability
ProjectSend ProjectSend
CVE-2023-45727 added 2024-12-03
North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
North Grid Proself
CVE-2023-28461 added 2024-11-25 RANSOMWARE
Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability
Array Networks AG/vxAG ArrayOS
CVE-2024-21287 added 2024-11-21
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
Oracle Agile Product Lifecycle Management (PLM)
CVE-2024-44309 added 2024-11-21
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
Apple Multiple Products
CVE-2024-44308 added 2024-11-21
Apple Multiple Products Code Execution Vulnerability
Apple Multiple Products
CVE-2024-38813 added 2024-11-20
VMware vCenter Server Privilege Escalation Vulnerability
VMware vCenter Server
CVE-2024-38812 added 2024-11-20
VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
VMware vCenter Server
CVE-2024-9474 added 2024-11-18 RANSOMWARE
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Palo Alto Networks PAN-OS
CVE-2024-0012 added 2024-11-18 RANSOMWARE
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS
CVE-2024-1212 added 2024-11-18
Progress Kemp LoadMaster OS Command Injection Vulnerability
Progress Kemp LoadMaster
CVE-2024-9465 added 2024-11-14
Palo Alto Networks Expedition SQL Injection Vulnerability
Palo Alto Networks Expedition
CVE-2024-9463 added 2024-11-14
Palo Alto Networks Expedition OS Command Injection Vulnerability
Palo Alto Networks Expedition
CVE-2021-26086 added 2024-11-12
Atlassian Jira Server and Data Center Path Traversal Vulnerability
Atlassian Jira Server and Data Center
CVE-2014-2120 added 2024-11-12
Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
Cisco Adaptive Security Appliance (ASA)
CVE-2021-41277 added 2024-11-12
Metabase GeoJSON API Local File Inclusion Vulnerability
Metabase Metabase
CVE-2024-43451 added 2024-11-12
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Microsoft Windows
CVE-2024-49039 added 2024-11-12 RANSOMWARE
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Microsoft Windows
CVE-2019-16278 added 2024-11-07
Nostromo nhttpd Directory Traversal Vulnerability
Nostromo nhttpd
CVE-2024-51567 added 2024-11-07 RANSOMWARE
CyberPanel Incorrect Default Permissions Vulnerability
CyberPersons CyberPanel
CVE-2024-43093 added 2024-11-07
Android Framework Privilege Escalation Vulnerability
Android Framework
CVE-2024-5910 added 2024-11-07
Palo Alto Networks Expedition Missing Authentication Vulnerability
Palo Alto Networks Expedition
CVE-2024-8956 added 2024-11-04
PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability
PTZOptics PT30X-SDI/NDI Cameras
CVE-2024-8957 added 2024-11-04
PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
PTZOptics PT30X-SDI/NDI Cameras
CVE-2024-37383 added 2024-10-24
RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail
CVE-2024-20481 added 2024-10-24
Cisco ASA and FTD Denial-of-Service Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CVE-2024-47575 added 2024-10-23
Fortinet FortiManager Missing Authentication Vulnerability
Fortinet FortiManager
CVE-2024-38094 added 2024-10-22 RANSOMWARE
Microsoft SharePoint Deserialization Vulnerability
Microsoft SharePoint
CVE-2024-9537 added 2024-10-21
ScienceLogic SL1 Unspecified Vulnerability
ScienceLogic SL1
CVE-2024-40711 added 2024-10-17 RANSOMWARE
Veeam Backup and Replication Deserialization Vulnerability
Veeam Backup & Replication
CVE-2024-28987 added 2024-10-15
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
SolarWinds Web Help Desk
CVE-2024-9680 added 2024-10-15 RANSOMWARE
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox
CVE-2024-30088 added 2024-10-15 RANSOMWARE
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Microsoft Windows
CVE-2024-9380 added 2024-10-09
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Ivanti Cloud Services Appliance (CSA)
CVE-2024-9379 added 2024-10-09
Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability
Ivanti Cloud Services Appliance (CSA)
CVE-2024-23113 added 2024-10-09
Fortinet Multiple Products Format String Vulnerability
Fortinet Multiple Products
CVE-2024-43573 added 2024-10-08
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows
CVE-2024-43572 added 2024-10-08
Microsoft Windows Management Console Remote Code Execution Vulnerability
Microsoft Windows
CVE-2024-43047 added 2024-10-08
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Qualcomm Multiple Chipsets
CVE-2024-45519 added 2024-10-03
Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability
Synacor Zimbra Collaboration Suite (ZCS)
CVE-2024-29824 added 2024-10-02
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
Ivanti Endpoint Manager (EPM)
CVE-2019-0344 added 2024-09-30
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
SAP Commerce Cloud
CVE-2020-15415 added 2024-09-30
DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
DrayTek Multiple Vigor Routers
← Prev Page 7 of 27 Next →
Scroll to Top