Vulnerabilities
LIVE
13:34:46 UTC
CISA KEV CATALOG
Known Exploited Vulnerabilities that CISA mandates federal agencies to remediate. These are actively exploited in the wild.
1542 of 1542 vulnerabilities
Total KEV Entries
1,542
Ransomware Associated
312
Overdue Remediation
1,529
Sort by:
CVE ID
Vendor / Product
Vulnerability
Added
Due Date
Status
CVE-2026-3909
Google — Skia
Google Skia Out-of-Bounds Write Vulnerability
Mar 13, 2026
Mar 27, 2026
12d
CVE-2026-3910
Google — Chromium V8
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Mar 13, 2026
Mar 27, 2026
12d
CVE-2025-68613
n8n — n8n
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
Mar 11, 2026
Mar 25, 2026
10d
CVE-2026-1603
Ivanti — Endpoint Manager (EPM)
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Mar 9, 2026
Mar 23, 2026
8d
CVE-2025-26399
SolarWinds — Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Mar 9, 2026
Mar 12, 2026
OVERDUE
CVE-2021-22054
Omnissa — Workspace One UEM
Omnissa Workspace ONE Server-Side Request Forgery
Mar 9, 2026
Mar 23, 2026
8d
CVE-2017-7921
Hikvision — Multiple Products
Hikvision Multiple Products Improper Authentication Vulnerability
Mar 5, 2026
Mar 26, 2026
11d
CVE-2023-41974
Apple — iOS and iPadOS
Apple iOS and iPadOS Use-After-Free Vulnerability
Mar 5, 2026
Mar 26, 2026
11d
CVE-2021-30952
Apple — Multiple Products
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Mar 5, 2026
Mar 26, 2026
11d
CVE-2023-43000
Apple — Multiple Products
Apple Multiple products Use-After-Free Vulnerability
Mar 5, 2026
Mar 26, 2026
11d
CVE-2021-22681
Rockwell — Multiple Products
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Mar 5, 2026
Mar 26, 2026
11d
CVE-2026-21385
Qualcomm — Multiple Chipsets
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Mar 3, 2026
Mar 24, 2026
9d
CVE-2026-22719
Broadcom — VMware Aria Operations
Broadcom VMware Aria Operations Command Injection Vulnerability
Mar 3, 2026
Mar 24, 2026
9d
CVE-2026-20127
Cisco — Catalyst SD-WAN Controller and Manager
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Feb 25, 2026
Feb 27, 2026
OVERDUE
CVE-2022-20775
Cisco — SD-WAN
Cisco SD-WAN Path Traversal Vulnerability
Feb 25, 2026
Feb 27, 2026
OVERDUE
CVE-2026-25108
Soliton Systems K.K — FileZen
Soliton Systems K.K FileZen OS Command Injection Vulnerability
Feb 24, 2026
Mar 17, 2026
2d
CVE-2025-49113
Roundcube — Webmail
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
Feb 20, 2026
Mar 13, 2026
OVERDUE
CVE-2025-68461
Roundcube — Webmail
RoundCube Webmail Cross-site Scripting Vulnerability
Feb 20, 2026
Mar 13, 2026
OVERDUE
CVE-2026-22769
Dell — RecoverPoint for Virtual Machines (RP4VMs)
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
Feb 18, 2026
Feb 21, 2026
OVERDUE
CVE-2021-22175
GitLab — GitLab
GitLab Server-Side Request Forgery (SSRF) Vulnerability
Feb 18, 2026
Mar 11, 2026
OVERDUE
CVE-2026-2441
Google — Chromium
Google Chromium CSS Use-After-Free Vulnerability
Feb 17, 2026
Mar 10, 2026
OVERDUE
CVE-2008-0015
Microsoft — Windows
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
Feb 17, 2026
Mar 10, 2026
OVERDUE
CVE-2024-7694
TeamT5 — ThreatSonar Anti-Ransomware
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
Feb 17, 2026
Mar 10, 2026
OVERDUE
CVE-2020-7796
Synacor — Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
Feb 17, 2026
Mar 10, 2026
OVERDUE
CVE-2026-1731RW
BeyondTrust — Remote Support (RS) and Privileged Remote Access (PRA)
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
Feb 13, 2026
Feb 16, 2026
RWOVERDUE
CVE-2024-43468
Microsoft — Configuration Manager
Microsoft Configuration Manager SQL Injection Vulnerability
Feb 12, 2026
Mar 5, 2026
OVERDUE
CVE-2025-40536
SolarWinds — Web Help Desk
SolarWinds Web Help Desk Security Control Bypass Vulnerability
Feb 12, 2026
Feb 15, 2026
OVERDUE
CVE-2026-20700
Apple — Multiple Products
Apple Multiple Buffer Overflow Vulnerability
Feb 12, 2026
Mar 5, 2026
OVERDUE
CVE-2025-15556
Notepad++ — Notepad++
Notepad++ Download of Code Without Integrity Check Vulnerability
Feb 12, 2026
Mar 5, 2026
OVERDUE
CVE-2026-21513
Microsoft — Windows
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Feb 10, 2026
Mar 3, 2026
OVERDUE
CVE-2026-21525
Microsoft — Windows
Microsoft Windows NULL Pointer Dereference Vulnerability
Feb 10, 2026
Mar 3, 2026
OVERDUE
CVE-2026-21510
Microsoft — Windows
Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Feb 10, 2026
Mar 3, 2026
OVERDUE
CVE-2026-21533
Microsoft — Windows
Microsoft Windows Improper Privilege Management Vulnerability
Feb 10, 2026
Mar 3, 2026
OVERDUE
CVE-2026-21519
Microsoft — Windows
Microsoft Windows Type Confusion Vulnerability
Feb 10, 2026
Mar 3, 2026
OVERDUE
CVE-2026-21514
Microsoft — Office
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Feb 10, 2026
Mar 3, 2026
OVERDUE
CVE-2026-24423RW
SmarterTools — SmarterMail
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
Feb 5, 2026
Feb 26, 2026
RWOVERDUE
CVE-2025-11953
React Native Community — CLI
React Native Community CLI OS Command Injection Vulnerability
Feb 5, 2026
Feb 26, 2026
OVERDUE
CVE-2021-39935
GitLab — Community and Enterprise Editions
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
Feb 3, 2026
Feb 24, 2026
OVERDUE
CVE-2025-40551
SolarWinds — Web Help Desk
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Feb 3, 2026
Feb 6, 2026
OVERDUE
CVE-2019-19006
Sangoma — FreePBX
Sangoma FreePBX Improper Authentication Vulnerability
Feb 3, 2026
Feb 24, 2026
OVERDUE
CVE-2025-64328
Sangoma — FreePBX
Sangoma FreePBX OS Command Injection Vulnerability
Feb 3, 2026
Feb 24, 2026
OVERDUE
CVE-2026-1281
Ivanti — Endpoint Manager Mobile (EPMM)
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Jan 29, 2026
Feb 1, 2026
OVERDUE
CVE-2026-24858
Fortinet — Multiple Products
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Jan 27, 2026
Jan 30, 2026
OVERDUE
CVE-2026-21509
Microsoft — Office
Microsoft Office Security Feature Bypass Vulnerability
Jan 26, 2026
Feb 16, 2026
OVERDUE
CVE-2025-52691
SmarterTools — SmarterMail
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
Jan 26, 2026
Feb 16, 2026
OVERDUE
CVE-2026-23760RW
SmarterTools — SmarterMail
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
Jan 26, 2026
Feb 16, 2026
RWOVERDUE
CVE-2026-24061
GNU — InetUtils
GNU InetUtils Argument Injection Vulnerability
Jan 26, 2026
Feb 16, 2026
OVERDUE
CVE-2018-14634
Linux — Kernal
Linux Kernel Integer Overflow Vulnerability
Jan 26, 2026
Feb 16, 2026
OVERDUE
CVE-2024-37079
Broadcom — VMware vCenter Server
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
Jan 23, 2026
Feb 13, 2026
OVERDUE
CVE-2025-54313
Prettier — eslint-config-prettier
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
Jan 22, 2026
Feb 12, 2026
OVERDUE
Showing 1–50 of 1542