LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE · CISA KEV

Known Exploited
Vulnerabilities.

Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.

CVE-2023-25280 added 2024-09-30
D-Link DIR-820 Router OS Command Injection Vulnerability
D-Link DIR-820 Router
CVE-2024-7593 added 2024-09-24
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
Ivanti Virtual Traffic Manager
CVE-2024-8963 added 2024-09-19
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
Ivanti Cloud Services Appliance (CSA)
CVE-2020-14644 added 2024-09-18
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server
CVE-2022-21445 added 2024-09-18
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Oracle ADF Faces
CVE-2020-0618 added 2024-09-18
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
Microsoft SQL Server
CVE-2024-27348 added 2024-09-18
Apache HugeGraph-Server Improper Access Control Vulnerability
Apache HugeGraph-Server
CVE-2014-0502 added 2024-09-17
Adobe Flash Player Double Free Vulnerablity
Adobe Flash Player
CVE-2013-0648 added 2024-09-17
Adobe Flash Player Code Execution Vulnerability
Adobe Flash Player
CVE-2013-0643 added 2024-09-17
Adobe Flash Player Incorrect Default Permissions Vulnerability
Adobe Flash Player
CVE-2014-0497 added 2024-09-17
Adobe Flash Player Integer Underflow Vulnerablity
Adobe Flash Player
CVE-2024-6670 added 2024-09-16 RANSOMWARE
Progress WhatsUp Gold SQL Injection Vulnerability
Progress WhatsUp Gold
CVE-2024-43461 added 2024-09-16
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows
CVE-2024-8190 added 2024-09-13
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Ivanti Cloud Services Appliance
CVE-2024-38217 added 2024-09-10
Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability
Microsoft Windows
CVE-2024-38014 added 2024-09-10
Microsoft Windows Installer Improper Privilege Management Vulnerability
Microsoft Windows
CVE-2024-38226 added 2024-09-10
Microsoft Publisher Protection Mechanism Failure Vulnerability
Microsoft Publisher
CVE-2024-40766 added 2024-09-09 RANSOMWARE
SonicWall SonicOS Improper Access Control Vulnerability
SonicWall SonicOS
CVE-2017-1000253 added 2024-09-09 RANSOMWARE
Linux Kernel PIE Stack Buffer Corruption Vulnerability
Linux Kernel
CVE-2016-3714 added 2024-09-09
ImageMagick Improper Input Validation Vulnerability
ImageMagick ImageMagick
CVE-2024-7262 added 2024-09-03
Kingsoft WPS Office Path Traversal Vulnerability
Kingsoft WPS Office
CVE-2021-20124 added 2024-09-03
Draytek VigorConnect Path Traversal Vulnerability
DrayTek VigorConnect
CVE-2021-20123 added 2024-09-03
Draytek VigorConnect Path Traversal Vulnerability
DrayTek VigorConnect
CVE-2024-7965 added 2024-08-28
Google Chromium V8 Inappropriate Implementation Vulnerability
Google Chromium V8
CVE-2024-38856 added 2024-08-27
Apache OFBiz Incorrect Authorization Vulnerability
Apache OFBiz
CVE-2024-7971 added 2024-08-26
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8
CVE-2024-39717 added 2024-08-23
Versa Director Dangerous File Type Upload Vulnerability
Versa Director
CVE-2021-31196 added 2024-08-21
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server
CVE-2022-0185 added 2024-08-21
Linux Kernel Heap-Based Buffer Overflow Vulnerability
Linux Kernel
CVE-2021-33045 added 2024-08-21
Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP Camera Firmware
CVE-2021-33044 added 2024-08-21
Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP Camera Firmware
CVE-2024-23897 added 2024-08-19 RANSOMWARE
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Jenkins Jenkins Command Line Interface (CLI)
CVE-2024-28986 added 2024-08-15
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk
CVE-2024-38107 added 2024-08-13
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
Microsoft Windows
CVE-2024-38106 added 2024-08-13
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows
CVE-2024-38193 added 2024-08-13
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
Microsoft Windows
CVE-2024-38213 added 2024-08-13
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows
CVE-2024-38178 added 2024-08-13
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows
CVE-2024-38189 added 2024-08-13
Microsoft Project Remote Code Execution Vulnerability
Microsoft Project
CVE-2024-32113 added 2024-08-07
Apache OFBiz Path Traversal Vulnerability
Apache OFBiz
CVE-2024-36971 added 2024-08-07
Android Kernel Remote Code Execution Vulnerability
Android Kernel
CVE-2018-0824 added 2024-08-05
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
Microsoft Windows
CVE-2024-37085 added 2024-07-30 RANSOMWARE
VMware ESXi Authentication Bypass Vulnerability
VMware ESXi
CVE-2023-45249 added 2024-07-29
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Acronis Cyber Infrastructure (ACI)
CVE-2024-5217 added 2024-07-29
ServiceNow Incomplete List of Disallowed Inputs Vulnerability
ServiceNow Utah, Vancouver, and Washington DC Now Platform
CVE-2024-4879 added 2024-07-29
ServiceNow Improper Input Validation Vulnerability
ServiceNow Utah, Vancouver, and Washington DC Now Platform
CVE-2024-39891 added 2024-07-23
Twilio Authy Information Disclosure Vulnerability
Twilio Authy
CVE-2012-4792 added 2024-07-23
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer
CVE-2022-22948 added 2024-07-17
VMware vCenter Server Incorrect Default File Permissions Vulnerability
VMware vCenter Server
CVE-2024-28995 added 2024-07-17
SolarWinds Serv-U Path Traversal Vulnerability
SolarWinds Serv-U
CVE-2024-34102 added 2024-07-17
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Adobe Commerce and Magento Open Source
CVE-2024-36401 added 2024-07-15
OSGeo GeoServer GeoTools Eval Injection Vulnerability
OSGeo GeoServer
CVE-2024-23692 added 2024-07-09
Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
Rejetto HTTP File Server
CVE-2024-38080 added 2024-07-09
Microsoft Windows Hyper-V Privilege Escalation Vulnerability
Microsoft Windows
CVE-2024-38112 added 2024-07-09
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows
CVE-2024-20399 added 2024-07-02
Cisco NX-OS Command Injection Vulnerability
Cisco NX-OS
CVE-2020-13965 added 2024-06-26
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail
CVE-2022-2586 added 2024-06-26
Linux Kernel Use-After-Free Vulnerability
Linux Kernel
CVE-2022-24816 added 2024-06-26
OSGeo GeoServer JAI-EXT Code Injection Vulnerability
OSGeo JAI-EXT
CVE-2024-4358 added 2024-06-13
Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
Progress Telerik Report Server
← Prev Page 8 of 27 Next →
Scroll to Top