Skip to main content

What is the CISA KEV Catalogue?

The CISA Known Exploited Vulnerabilities (KEV) catalogue is the authoritative source of CVEs that have been confirmed exploited in the wild against real-world targets. Maintained by the U.S. Cybersecurity and Infrastructure Security Agency, it's the gold standard for vulnerability prioritisation — if a CVE is in the KEV catalogue, attackers are actively using it.

Federal civilian agencies are required to remediate KEV entries within tight deadlines. Private sector organisations should treat KEV entries with the same urgency. Vuln Brief focuses on Critical and High-severity entries (CVSS 7.0+), providing the technical depth needed to understand what each vulnerability actually does and how to remediate it effectively.

Source: CISA KEV Catalogue →

Total Analysed 192
Critical Severity 113
High Severity 79
Patches Available 185
Severity: 192 entries

All Covered KEV Entries

CISA KEV source →
CVE ID Title Vendor Product Severity CVSS Patch Published Analysis
CVE-2026-25089 CVE-2026-25089: Fortinet FortiSandbox — Unauthenticated OS Command Injection Fortinet FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS Critical 9.8 Yes Read →
CVE-2026-39808 CVE-2026-39808: Fortinet FortiSandbox — Second Unauthenticated Command Injection Fortinet FortiSandbox Critical 9.8 Yes Read →
CVE-2026-58644 CVE-2026-58644: Microsoft SharePoint — Unauthenticated Deserialization RCE Microsoft Microsoft SharePoint Server Critical 9.8 Yes Read →
CVE-2023-4346 CVE-2023-4346: KNX Protocol — BCU Key Lockout Enables Permanent Building Automation Denial of Service KNX Association KNX Protocol High 7.5 No Read →
CVE-2026-46817 CVE-2026-46817: Oracle E-Business Suite Payments — Unauthenticated Remote Code Execution Oracle E-Business Suite (EBS) 12.2 Critical 9.8 Yes Read →
CVE-2026-15409 CVE-2026-15409: SonicWall SMA1000 WorkPlace — Unauthenticated SSRF (CVSS 10.0) SonicWall SMA1000 Appliance Critical 10 Yes Read →
CVE-2026-15410 CVE-2026-15410: SonicWall SMA1000 AMC — Code Injection Remote Code Execution SonicWall SMA1000 Appliance High 7.2 Yes Read →
CVE-2026-56155 CVE-2026-56155: Microsoft Active Directory Federation Services — Local Privilege Escalation Microsoft Active Directory Federation Services High 7.8 Yes Read →
CVE-2026-56164 CVE-2026-56164: Microsoft SharePoint Server — Missing Authentication Privilege Escalation Microsoft SharePoint Server Critical 9.8 Yes Read →
CVE-2026-48939 CVE-2026-48939: iCagenda -- Dual-Path File Upload RCE and Access Control Bypass iCagenda iCagenda (Joomla component) Critical 9.8 Yes Read →
CVE-2026-56291 CVE-2026-56291: Balbooa Forms -- Unauthenticated File Upload RCE in Joomla Balbooa Balbooa Forms (Joomla extension) Critical 9.8 Yes Read →
CVE-2026-48282 CVE-2026-48282: Adobe ColdFusion RDS FILEIO Path Traversal to Unauthenticated RCE Adobe ColdFusion Critical 10 Yes Read →
CVE-2026-48908 CVE-2026-48908: JoomShaper SP Page Builder Unauthenticated File Upload to RCE JoomShaper SP Page Builder Critical 10 Yes Read →
CVE-2026-55255 CVE-2026-55255: Langflow IDOR in /api/v1/responses Allows Authenticated Attackers to Execute Arbitrary User Flows DataStax / Langflow Langflow Critical 9.9 Yes Read →
CVE-2026-56290 CVE-2026-56290: Joomlack Page Builder CK Unauthenticated File Upload to RCE Joomlack Page Builder CK Critical 9.8 Yes Read →
CVE-2026-45659 CVE-2026-45659: Microsoft SharePoint Server -- Deserialization RCE Microsoft SharePoint Server High 8.8 Yes Read →
CVE-2026-48558 CVE-2026-48558: SimpleHelp — OIDC Authentication Bypass via Unsigned Token Acceptance SimpleHelp SimpleHelp Critical 10 Yes Read →
CVE-2026-12569 CVE-2026-12569: PTC Windchill — Unauthenticated Deserialization RCE PTC Windchill PDMLink / FlexPLM Critical 9.3 Yes Read →
CVE-2026-20230 CVE-2026-20230: Cisco Unified CM — SSRF to Root via Webshell Cisco Unified Communications Manager High 8.6 Yes Read →
CVE-2026-34909 CVE-2026-34909: Ubiquiti UniFi OS — Path Traversal Ubiquiti UniFi OS Server Critical 10 Yes Read →
CVE-2026-34910 CVE-2026-34910: Ubiquiti UniFi OS — Command Injection Ubiquiti UniFi OS Server Critical 10 Yes Read →
CVE-2025-67038 CVE-2025-67038: Lantronix EDS5000 -- OS Command Injection (Root) Lantronix EDS5000 Critical 9.8 Yes Read →
CVE-2026-34910 CVE-2026-34908/34909/34910: Ubiquiti UniFi OS — Unauthenticated Root RCE Chain Ubiquiti UniFi OS Critical 10 Yes Read →
CVE-2026-20253 CVE-2026-20253: Splunk Enterprise — Unauthenticated PostgreSQL Sidecar RCE Splunk Splunk Enterprise Critical 9.8 Yes Read →
CVE-2026-48907 CVE-2026-48907: Joomla Content Editor — Unauthenticated RCE via File Upload Widget Factory Joomla Content Editor (JCE) Critical 10 Yes Read →
CVE-2026-54420 CVE-2026-54420: LiteSpeed cPanel Plugin — UNIX Symlink Following Allows Container Escape on Shared Hosting LiteSpeed Technologies LiteSpeed cPanel Plugin High 8.5 Yes Read →
CVE-2026-10520 CVE-2026-10520: Ivanti Sentry — Pre-Authentication OS Command Injection (CVSS 10.0) Ivanti Sentry (formerly MobileIron Sentry) Critical 10 Yes Read →
CVE-2026-35273 CVE-2026-35273: Oracle PeopleSoft PeopleTools — Missing Authentication Enabling Unauthenticated Takeover Oracle PeopleSoft Enterprise PeopleTools Critical 9.8 Yes Read →
CVE-2026-11645 CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read/Write — Actively Exploited Browser RCE Google Chromium V8 High 8.8 Yes Read →
CVE-2026-20245 CVE-2026-20245: Cisco Catalyst SD-WAN Manager CLI Command Injection — Unpatched Root Privilege Escalation Cisco Catalyst SD-WAN Manager High 7.8 No Read →
CVE-2026-42271 CVE-2026-42271: LiteLLM Command Injection in MCP Endpoints Gives Any User Shell Access BerriAI LiteLLM High 8.8 Yes Read →
CVE-2026-50751 CVE-2026-50751: Check Point Security Gateway IKEv1 Authentication Bypass — Qilin Ransomware Exploiting in the Wild Check Point Security Gateway Critical 9.3 Yes Read →
CVE-2026-28318 CVE-2026-28318: SolarWinds Serv-U Unauthenticated DoS via Deflate Header SolarWinds Serv-U High 7.5 Yes Read →
CVE-2026-41089 CVE-2026-41089: Windows Netlogon Pre-Authentication RCE — Unauthenticated Domain Controller Takeover Microsoft Windows Netlogon (Windows Server) Critical 9.8 Yes Read →
CVE-2026-45247 CVE-2026-45247: Mirasvit Full Page Cache Warmer — Unauthenticated PHP Object Injection RCE Mirasvit Full Page Cache Warmer for Magento 2 Critical 9.8 Yes Read →
CVE-2022-0492 CVE-2022-0492: Linux Kernel cgroups v1 — Container Escape and Privilege Escalation Linux Kernel High 7.8 Yes Read →
CVE-2025-48595 CVE-2025-48595: Android Framework — Integer Overflow Enabling Local Privilege Escalation Android Framework High 8.4 Yes Read →
CVE-2024-21182 CVE-2024-21182: Oracle WebLogic Server -- Unauthenticated Information Disclosure via T3/IIOP Oracle WebLogic Server High 7.5 Yes Read →
CVE-2026-0257 CVE-2026-0257: Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass via Cookie Forgery Palo Alto Networks PAN-OS High 7.8 Yes Read →
CVE-2026-45321 CVE-2026-45321: TanStack npm Supply Chain Compromise -- Credential-Stealing Malware in 42 Packages TanStack TanStack Critical 9.6 Yes Read →
CVE-2026-48027 CVE-2026-48027: Nx Console VS Code Extension -- Supply Chain Compromise and Credential Theft Nx Nx Console Critical 9.8 Yes Read →
CVE-2026-8398 CVE-2026-8398: DAEMON Tools Lite -- Official Installer Backdoored with Signed Malware Daemon Daemon Tools Lite Critical 9.8 Yes Read →
CVE-2026-48172 CVE-2026-48172: LiteSpeed cPanel Plugin -- Root Privilege Escalation via redisAble API LiteSpeed Technologies LiteSpeed cPanel Plugin Critical 10 Yes Read →
CVE-2026-20122 CVE-2026-20122/20128/20133: Cisco Catalyst SD-WAN Manager Exploitation Chain Cisco Catalyst SD-WAN Manager High 7.5 Yes Read →
CVE-2026-21643 CVE-2026-21643: Fortinet FortiClient EMS Unauthenticated SQL Injection Fortinet FortiClient EMS Critical 9.8 Yes Read →
CVE-2026-9082 CVE-2026-9082: Drupal Core SQL Injection via PostgreSQL Database Abstraction API Drupal Association Drupal Core High 8.1 Yes Read →
CVE-2025-34291 CVE-2025-34291: Langflow -- Origin Validation Error Enabling Unauthenticated RCE Langflow (DataStax) Langflow Critical 9.8 Yes Read →
CVE-2026-34926 CVE-2026-34926: Trend Micro Apex One -- Directory Traversal Enabling Arbitrary File Read/Write Trend Micro Apex One (On-Premise) High 7.5 Yes Read →
CVE-2009-3459 CVE-2009-3459: Adobe Acrobat and Reader -- Heap-Based Buffer Overflow via Malicious PDF Adobe Systems Adobe Acrobat and Reader Critical 9.3 Yes Read →
CVE-2009-1537 CVE-2009-1537: Microsoft DirectX -- MPEG2 Null Byte Overwrite via quartz.dll Microsoft Microsoft DirectX (quartz.dll) Critical 9.3 Yes Read →
CVE-2008-4250 CVE-2008-4250: MS08-067 -- Windows Server Service RPC Buffer Overflow (Conficker) Microsoft Microsoft Windows (Server Service) Critical 10 Yes Read →
CVE-2010-0249 CVE-2010-0249: Internet Explorer -- Operation Aurora Use-After-Free (IE6/IE7 RCE) Microsoft Microsoft Internet Explorer Critical 9.3 Yes Read →
CVE-2010-0806 CVE-2010-0806: Internet Explorer -- DHTML Peering Use-After-Free (Drive-By RCE) Microsoft Microsoft Internet Explorer Critical 9.3 Yes Read →
CVE-2026-41091 CVE-2026-41091: Microsoft Defender Symlink Following -- Low-Privilege to SYSTEM via Malware Protection Engine Microsoft Defender (Microsoft Malware Protection Engine) High 7.8 Yes Read →
CVE-2026-45498 CVE-2026-45498: Microsoft Defender -- Denial of Service via Malformed Input Microsoft Microsoft Defender Antivirus High 7 Yes Read →
CVE-2026-42897 CVE-2026-42897: Microsoft Exchange Server XSS in Outlook Web Access Microsoft Exchange Server High 8 Yes Read →
CVE-2026-20182 CVE-2026-20182: Cisco Catalyst SD-WAN Authentication Bypass -- Unauthenticated Admin Access Cisco Catalyst SD-WAN Controller & Manager Critical 9.8 Yes Read →
CVE-2026-42208 CVE-2026-42208: SQL Injection in BerriAI LiteLLM Exposes AI Proxy Credentials BerriAI LiteLLM High 8.1 Yes Read →
CVE-2026-6973 CVE-2026-6973: Ivanti EPMM Improper Input Validation Enables Authenticated RCE Ivanti Endpoint Manager Mobile (EPMM) High 7.2 Yes Read →
CVE-2026-0300 CVE-2026-0300: Palo Alto PAN-OS Out-of-Bounds Write Leads to Root RCE on Firewalls Palo Alto Networks PAN-OS Critical 9.8 Yes Read →
CVE-2026-31431 CVE-2026-31431: Linux Kernel Privilege Escalation via Incorrect Resource Transfer Linux Linux Kernel High 7.8 Yes Read →
CVE-2026-41940 CVE-2026-41940: cPanel & WHM Authentication Bypass -- Unauthenticated Control Panel Access WebPros cPanel & WHM Critical 9.8 Yes Read →
CVE-2024-1708 CVE-2024-1708: ConnectWise ScreenConnect Path Traversal -- RMM Tools as Attack Vectors ConnectWise ScreenConnect Critical 9.8 Yes Read →
CVE-2024-57726 CVE-2024-57726: SimpleHelp Missing Authorization -- Privilege Escalation via API Keys SimpleHelp SimpleHelp Remote Support High 7.8 Yes Read →
CVE-2024-57728 CVE-2024-57728: SimpleHelp Path Traversal (Zip Slip) -- Arbitrary File Write via Admin Upload SimpleHelp SimpleHelp Remote Support Critical 9.1 Yes Read →
CVE-2024-7399 CVE-2024-7399: Samsung MagicINFO 9 Server Unauthenticated File Write Leading to RCE Samsung MagicINFO 9 Server Critical 9.8 Yes Read →
CVE-2025-29635 CVE-2025-29635: D-Link DIR-823X Command Injection -- End-of-Life Device with No Fix D-Link DIR-823X High 7.2 No Read →
CVE-2026-39987 CVE-2026-39987: Marimo Unauthenticated WebSocket PTY Shell Exposes Full RCE Marimo / CoreWeave Marimo Critical 9.8 Yes Read →
CVE-2026-33825 CVE-2026-33825: Microsoft Defender Insufficient Access Control -- Local Privilege Escalation Microsoft Defender High 7.8 Yes Read →
CVE-2023-27351 CVE-2023-27351: PaperCut NG/MF Improper Authentication -- SecurityRequestFilter Bypass PaperCut PaperCut NG / MF Critical 9.8 Yes Read →
CVE-2024-27199 CVE-2024-27199: JetBrains TeamCity Unauthenticated Path Traversal Enables Admin Actions JetBrains TeamCity High 7.3 Yes Read →
CVE-2025-2749 CVE-2025-2749: Kentico Xperience Path Traversal -- Authenticated Staging Sync File Write Kentico Kentico Xperience High 7.5 Yes Read →
CVE-2025-32975 CVE-2025-32975: Quest KACE Systems Management Appliance Improper Authentication Quest KACE Systems Management Appliance (SMA) Critical 9.8 Yes Read →
CVE-2026-34197 CVE-2026-34197: Apache ActiveMQ RCE via Jolokia JMX-HTTP Bridge Apache ActiveMQ High 8.8 Yes Read →
CVE-2023-21529 CVE-2023-21529: Microsoft Exchange Server Deserialization -- Authenticated RCE Microsoft Exchange Server High 8.8 Yes Read →
CVE-2026-1340 CVE-2026-1340: Ivanti EPMM Unauthenticated Code Injection Enables Full RCE Ivanti Endpoint Manager Mobile (EPMM) Critical 9.8 Yes Read →
CVE-2026-35616 CVE-2026-35616: Fortinet FortiClient EMS Improper Access Control -- Unauthenticated RCE Fortinet FortiClient EMS Critical 9.8 Yes Read →
CVE-2026-3055 CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read -- SAML IDP Memory Disclosure Citrix NetScaler ADC / Gateway High 8.8 Yes Read →
CVE-2025-53521 CVE-2025-53521: F5 BIG-IP APM Stack-Based Buffer Overflow -- RCE F5 BIG-IP APM High 8.8 Yes Read →
CVE-2026-33634 CVE-2026-33634: Aqua Security Trivy Supply Chain Attack -- Embedded Malicious Code Aqua Security Trivy Critical 9.5 Yes Read →
CVE-2026-33017 CVE-2026-33017: Langflow Code Injection -- Unauthenticated RCE via Public Flows Langflow Langflow Critical 9.8 Yes Read →
CVE-2025-32432 CVE-2025-32432: Craft CMS Code Injection -- Remote Code Execution Craft CMS Craft CMS Critical 9.8 Yes Read →
CVE-2026-20131 CVE-2026-20131: Cisco FMC Deserialization -- Unauthenticated RCE as Root Cisco Secure Firewall Management Center (FMC) / Security Cloud Control Critical 9.8 Yes Read →
CVE-2026-20963 CVE-2026-20963: Microsoft SharePoint Deserialization -- Unauthenticated Network RCE Microsoft SharePoint Server Critical 9.8 Yes Read →
CVE-2026-3910 CVE-2026-3910: Google Chromium V8 Memory Buffer -- Sandbox RCE via Crafted HTML Google Chromium / Chrome High 8.8 Yes Read →
CVE-2025-68613 CVE-2025-68613: n8n Workflow Automation RCE -- Expression Evaluation Code Injection n8n n8n Workflow Automation Critical 9.8 Yes Read →
CVE-2025-26399 CVE-2025-26399: SolarWinds Web Help Desk Deserialization -- RCE via AjaxProxy SolarWinds Web Help Desk Critical 9.8 Yes Read →
CVE-2026-1603 CVE-2026-1603: Ivanti EPM Auth Bypass -- Unauthenticated Credential Data Leak Ivanti Endpoint Manager (EPM) Critical 9.8 Yes Read →
CVE-2026-22719 CVE-2026-22719: VMware Aria Operations Command Injection -- Unauthenticated RCE via Migration Broadcom VMware Aria Operations (vRealize Operations) Critical 9.8 Yes Read →
CVE-2022-20775 CVE-2022-20775: Cisco SD-WAN CLI -- Path Traversal Privilege Escalation Cisco Cisco SD-WAN High 7.8 Yes Read →
CVE-2026-20127 CVE-2026-20127: Cisco Catalyst SD-WAN Auth Bypass -- Unauthenticated Admin Access Cisco Catalyst SD-WAN Controller and Manager Critical 9.8 Yes Read →
CVE-2026-25108 CVE-2026-25108: Soliton FileZen -- OS Command Injection via HTTP Request Soliton Systems K.K. FileZen High 8.8 Yes Read →
CVE-2025-49113 CVE-2025-49113: Roundcube Webmail Deserialization -- Authenticated RCE via upload.php Roundcube Roundcube Webmail High 8.8 Yes Read →
CVE-2026-22769 CVE-2026-22769: Dell RecoverPoint for VMs -- Hard-Coded Credentials Dell RecoverPoint for Virtual Machines (RP4VMs) Critical 9.8 Yes Read →
CVE-2020-7796 CVE-2020-7796: Synacor Zimbra Collaboration Suite -- SSRF via WebEx Zimlet Synacor Zimbra Collaboration Suite (ZCS) Critical 9.8 Yes Read →
CVE-2008-0015 CVE-2008-0015: Microsoft Windows Video ActiveX Control -- Remote Code Execution Microsoft Windows Video ActiveX Control Critical 9.3 Yes Read →
CVE-2024-7694 CVE-2024-7694: TeamT5 ThreatSonar Anti-Ransomware -- Unrestricted File Upload RCE TeamT5 ThreatSonar Anti-Ransomware High 7.2 Yes Read →
CVE-2026-2441 CVE-2026-2441: Google Chromium CSS -- Use-After-Free Heap Corruption Google Chromium / Chrome / Edge / Opera High 8.8 Yes Read →
CVE-2026-1731 CVE-2026-1731: BeyondTrust Remote Support OS Command Injection -- Unauthenticated RCE BeyondTrust Remote Support / Privileged Remote Access Critical 9.8 Yes Read →
CVE-2024-43468 CVE-2024-43468: Microsoft Configuration Manager -- Unauthenticated SQL Injection RCE Microsoft Microsoft Configuration Manager (SCCM/MEM) Critical 9.8 Yes Read →
CVE-2025-15556 CVE-2025-15556: Notepad++ WinGUp Updater -- Download Without Integrity Check Notepad++ Notepad++ (WinGUp updater) High 7.5 Yes Read →
CVE-2025-40536 CVE-2025-40536: SolarWinds Web Help Desk -- Security Control Bypass SolarWinds Web Help Desk Critical 9.1 Yes Read →
CVE-2026-20700 CVE-2026-20700: Apple Multiple Products -- Buffer Overflow RCE Apple iOS / macOS / tvOS / watchOS / visionOS High 8.8 Yes Read →
CVE-2026-21510 CVE-2026-21510: Microsoft Windows Shell -- Protection Mechanism Failure Microsoft Windows Shell High 8.1 Yes Read →
CVE-2026-21513 CVE-2026-21513: Microsoft Windows MSHTML -- Protection Mechanism Failure Microsoft Windows MSHTML High 8.1 Yes Read →
CVE-2026-21514 CVE-2026-21514: Microsoft Office Word -- Reliance on Untrusted Inputs Privilege Escalation Microsoft Microsoft Office Word High 7.8 Yes Read →
CVE-2026-21519 CVE-2026-21519: Microsoft Desktop Window Manager -- Type Confusion Privilege Escalation Microsoft Windows Desktop Window Manager (DWM) High 7.8 Yes Read →
CVE-2026-21533 CVE-2026-21533: Microsoft Windows Remote Desktop Services -- Privilege Escalation Microsoft Windows Remote Desktop Services High 7.8 Yes Read →
CVE-2025-11953 CVE-2025-11953: React Native Community CLI -- Metro Dev Server OS Command Injection React Native Community React Native CLI / Metro Development Server Critical 9.8 Yes Read →
CVE-2026-24423 CVE-2026-24423: SmarterTools SmarterMail -- Missing Authentication RCE via ConnectToHub SmarterTools SmarterMail Critical 9.8 Yes Read →
CVE-2019-19006 CVE-2019-19006: Sangoma FreePBX -- Improper Authentication Bypass Sangoma FreePBX Critical 9.8 Yes Read →
CVE-2025-40551 CVE-2025-40551: SolarWinds Web Help Desk -- Deserialization RCE SolarWinds Web Help Desk Critical 9.8 Yes Read →
CVE-2025-64328 CVE-2025-64328: Sangoma FreePBX Endpoint Manager -- Post-Auth OS Command Injection Sangoma FreePBX Endpoint Manager High 8.8 Yes Read →
CVE-2025-14847 CVE-2025-14847: MongoDB Server -- Zlib Compressed Protocol Heap Memory Disclosure MongoDB MongoDB Server High 7.5 Yes Read →
CVE-2023-52163 CVE-2023-52163: Digiever DS-2105 Pro -- Missing Authorization / Command Injection Digiever DS-2105 Pro NVR Critical 9.8 No Read →
CVE-2025-14733 CVE-2025-14733: WatchGuard Firebox -- Out-of-Bounds Write RCE via IKEv2 WatchGuard Firebox / Fireware OS Critical 9.8 Yes Read →
CVE-2025-20393 CVE-2025-20393: Cisco Secure Email -- OS Command Injection with Root Privileges Cisco Secure Email Gateway / AsyncOS / Web Manager High 8.8 Yes Read →
CVE-2025-40602 CVE-2025-40602: SonicWall SMA1000 -- Missing Authorization Privilege Escalation SonicWall SMA1000 Appliance High 8.8 Yes Read →
CVE-2025-59374 CVE-2025-59374: ASUS Live Update -- Embedded Malicious Code (Supply Chain) ASUS ASUS Live Update High 7.5 No Read →
CVE-2025-59718 CVE-2025-59718: Fortinet FortiOS/FortiProxy/FortiWeb -- SAML Authentication Bypass Fortinet FortiOS / FortiProxy / FortiSwitchMaster / FortiWeb Critical 9.8 Yes Read →
CVE-2025-14611 CVE-2025-14611: Gladinet CentreStack/Triofox -- Hardcoded Cryptographic Keys Gladinet CentreStack / Triofox Critical 9.1 Yes Read →
CVE-2025-43529 CVE-2025-43529: Apple Multiple Products WebKit -- Use-After-Free Memory Corruption Apple iOS/iPadOS/macOS/Safari High 8.8 Yes Read →
CVE-2018-4063 CVE-2018-4063: Sierra Wireless AirLink ALEOS -- Unrestricted File Upload RCE Sierra Wireless AirLink ALEOS High 8.8 No Read →
CVE-2025-14174 CVE-2025-14174: Google Chromium ANGLE -- Out-of-Bounds Memory Access Google Chromium / Chrome / Edge / Opera High 8.8 Yes Read →
CVE-2025-58360 CVE-2025-58360: OSGeo GeoServer -- XXE via WMS GetMap Endpoint OSGeo GeoServer High 7.5 Yes Read →
CVE-2025-6218 CVE-2025-6218: RARLAB WinRAR -- Path Traversal Code Execution RARLAB WinRAR High 7.8 Yes Read →
CVE-2025-62221 CVE-2025-62221: Microsoft Windows Cloud Files Mini Filter Driver -- Use-After-Free Privilege Escalation Microsoft Windows Cloud Files Mini Filter Driver High 7.8 Yes Read →
CVE-2022-37055 CVE-2022-37055: D-Link Routers -- Buffer Overflow RCE D-Link D-Link Routers Critical 9.8 No Read →
CVE-2025-66644 CVE-2025-66644: Array Networks ArrayOS AG -- OS Command Injection Array Networks ArrayOS AG Critical 9.8 Yes Read →
CVE-2025-55182 CVE-2025-55182: Meta React Server Components -- Unauthenticated RCE Meta React Server Components React Server Components Critical 9.8 Yes Read →
CVE-2021-26828 CVE-2021-26828: OpenPLC ScadaBR -- Unrestricted File Upload RCE OpenPLC ScadaBR ScadaBR High 8.8 Yes Read →
CVE-2025-48572 CVE-2025-48572: Android Framework -- Privilege Escalation Vulnerability Android Framework Android Framework High 7.8 Yes Read →
CVE-2025-29824 CVE-2025-29824: Windows CLFS -- Zero-Day Privilege Escalation Microsoft Windows (CLFS Driver) High 7.8 Yes Read →
CVE-2025-30065 CVE-2025-30065: Apache Parquet -- Remote Code Execution Apache Software Foundation Apache Parquet Critical 10 Yes Read →
CVE-2025-26633 CVE-2025-26633: Microsoft MMC -- Zero-Day Security Feature Bypass Microsoft Microsoft Management Console High 7 Yes Read →
CVE-2025-21418 CVE-2025-21418: Windows AFD Driver -- Privilege Escalation Microsoft Windows AFD Driver High 7.8 Yes Read →
CVE-2025-23006 CVE-2025-23006: SonicWall SMA 1000 -- Pre-Auth Deserialization RCE SonicWall SonicWall SMA 1000 Critical 9.8 Yes Read →
CVE-2025-0282 CVE-2025-0282: Ivanti Connect Secure -- Stack Overflow Zero-Day RCE Ivanti Connect Secure / Policy Secure / Neurons for ZTA Critical 9 Yes Read →
CVE-2024-55956 CVE-2024-55956: Cleo MFT -- Unrestricted File Upload to RCE Cleo Harmony / VLTrader / LexiCom Critical 9.8 Yes Read →
CVE-2024-50623 CVE-2024-50623: Cleo Harmony/VLTrader -- Unrestricted File Upload and Download RCE Cleo Harmony / VLTrader / LexiCom High 8.8 Yes Read →
CVE-2024-43451 CVE-2024-43451: Windows -- NTLM Hash Disclosure Spoofing Microsoft Windows High 7.5 Yes Read →
CVE-2024-49039 CVE-2024-49039: Windows Task Scheduler -- Privilege Escalation Microsoft Windows Task Scheduler High 8.8 Yes Read →
CVE-2024-38094 CVE-2024-38094: Microsoft SharePoint Server -- Remote Code Execution Microsoft SharePoint Server High 7.2 Yes Read →
CVE-2024-23113 CVE-2024-23113: Fortinet FortiOS -- Format String RCE Fortinet FortiOS / FortiProxy / FortiPAM / FortiWeb Critical 9.8 Yes Read →
CVE-2024-29824 CVE-2024-29824: Ivanti EPM -- SQL Injection to RCE Ivanti Endpoint Manager (EPM) Critical 9.6 Yes Read →
CVE-2024-38193 CVE-2024-38193: Windows AFD Driver -- Privilege Escalation Microsoft Windows AFD Driver High 7.8 Yes Read →
CVE-2024-38112 CVE-2024-38112: Windows MSHTML -- Platform Spoofing Microsoft Windows MSHTML Platform High 7.5 Yes Read →
CVE-2024-6387 CVE-2024-6387: OpenSSH regreSSHion -- Unauthenticated RCE in sshd OpenSSH OpenSSH (sshd) High 8.1 Yes Read →
CVE-2024-26169 CVE-2024-26169: Windows Error Reporting -- Privilege Escalation Microsoft Windows Error Reporting Service High 7.8 Yes Read →
CVE-2024-4577 CVE-2024-4577: PHP CGI -- Argument Injection RCE on Windows PHP Group PHP (CGI mode on Windows) Critical 9.8 Yes Read →
CVE-2024-30080 CVE-2024-30080: Microsoft MSMQ -- Remote Code Execution Microsoft Microsoft Message Queuing Critical 9.8 Yes Read →
CVE-2024-30051 CVE-2024-30051: Windows DWM Core Library -- Privilege Escalation Microsoft Windows Desktop Window Manager High 7.8 Yes Read →
CVE-2023-7028 CVE-2023-7028: GitLab -- Account Takeover via Email Reset GitLab GitLab CE/EE Critical 10 Yes Read →
CVE-2024-20353 CVE-2024-20353: Cisco ASA/FTD -- ArcaneDoor DoS and Memory Leak Cisco Cisco ASA / Firepower Threat Defense High 8.6 Yes Read →
CVE-2024-3400 CVE-2024-3400: Palo Alto PAN-OS GlobalProtect -- Zero-Day Command Injection Palo Alto Networks PAN-OS Critical 10 Yes Read →
CVE-2023-48788 CVE-2023-48788: Fortinet FortiClientEMS -- SQL Injection to RCE Fortinet FortiClientEMS Critical 9.8 Yes Read →
CVE-2024-27198 CVE-2024-27198: JetBrains TeamCity -- Authentication Bypass to RCE JetBrains TeamCity Critical 9.8 Yes Read →
CVE-2024-21338 CVE-2024-21338: Windows Kernel -- Privilege Escalation Microsoft Windows Kernel High 7.8 Yes Read →
CVE-2024-1709 CVE-2024-1709: ConnectWise ScreenConnect -- Authentication Bypass (CVSS 10.0) ConnectWise ScreenConnect Critical 10 Yes Read →
CVE-2024-21762 CVE-2024-21762: Fortinet FortiOS SSL VPN -- Out-of-Bounds Write RCE Fortinet FortiOS Critical 9.6 Yes Read →
CVE-2024-21893 CVE-2024-21893: Ivanti Connect Secure -- SSRF to Authentication Bypass Ivanti Connect Secure / Policy Secure High 8.2 Yes Read →
CVE-2023-46805 CVE-2023-46805: Ivanti Connect Secure -- Authentication Bypass via Path Traversal Ivanti Connect Secure / Policy Secure High 8.2 Yes Read →
CVE-2024-21887 CVE-2024-21887: Ivanti Connect Secure -- Authenticated Command Injection Ivanti Connect Secure / Policy Secure Critical 9.1 Yes Read →
CVE-2023-49103 CVE-2023-49103: ownCloud graphapi -- Sensitive Information Disclosure (CVSS 10.0) ownCloud ownCloud (graphapi app) Critical 10 Yes Read →
CVE-2023-1671 CVE-2023-1671: Sophos Web Appliance -- Pre-Auth Command Injection Sophos Sophos Web Appliance Critical 9.8 Yes Read →
CVE-2023-36025 CVE-2023-36025: Windows SmartScreen -- Security Feature Bypass Microsoft Windows SmartScreen High 8.8 Yes Read →
CVE-2023-36844 CVE-2023-36844: Juniper SRX/EX -- PHP Environment Variable Injection Juniper Juniper SRX / EX Series Critical 9.8 Yes Read →
CVE-2023-20273 CVE-2023-20273: Cisco IOS XE Web UI -- Command Injection Cisco Cisco IOS XE High 7.2 Yes Read →
CVE-2023-4966 CVE-2023-4966: Citrix NetScaler Bleed -- Session Token Leak Citrix NetScaler ADC / NetScaler Gateway Critical 9.4 Yes Read →
CVE-2023-20198 CVE-2023-20198: Cisco IOS XE Web UI -- Zero-Day Privilege Escalation (CVSS 10.0) Cisco IOS XE Critical 10 Yes Read →
CVE-2023-22515 CVE-2023-22515: Atlassian Confluence -- Privilege Escalation to Admin Atlassian Confluence Data Center and Server Critical 10 Yes Read →
CVE-2023-40044 CVE-2023-40044: Progress WS_FTP Server -- Deserialization RCE Progress Software WS_FTP Server Critical 10 Yes Read →
CVE-2023-42793 CVE-2023-42793: JetBrains TeamCity -- Pre-Auth Authentication Bypass JetBrains TeamCity Critical 9.8 Yes Read →
CVE-2023-35078 CVE-2023-35078: Ivanti EPMM -- Unauthenticated API Access Ivanti Endpoint Manager Mobile (EPMM) Critical 10 Yes Read →
CVE-2023-27997 CVE-2023-27997: Fortinet FortiGate SSL-VPN -- Pre-Auth Heap Overflow RCE Fortinet FortiOS / FortiProxy Critical 9.8 Yes Read →
CVE-2023-34362 CVE-2023-34362: MOVEit Transfer -- SQL Injection to RCE Progress Software MOVEit Transfer Critical 9.8 Yes Read →
CVE-2023-28771 CVE-2023-28771: Zyxel Firewall -- Pre-Auth OS Command Injection Zyxel Zyxel Firewall Critical 9.8 Yes Read →
CVE-2023-27350 CVE-2023-27350: PaperCut MF/NG -- Authentication Bypass RCE PaperCut PaperCut MF/NG Critical 9.8 Yes Read →
CVE-2023-26360 CVE-2023-26360: Adobe ColdFusion -- Deserialization RCE Adobe ColdFusion High 8.6 Yes Read →
CVE-2022-47986 CVE-2022-47986: IBM Aspera Faspex -- YAML Deserialization RCE IBM Aspera Faspex Critical 9.8 Yes Read →
CVE-2023-0669 CVE-2023-0669: GoAnywhere MFT -- Pre-Auth Remote Code Execution Fortra (formerly HelpSystems) GoAnywhere MFT High 7.2 Yes Read →
CVE-2022-42475 CVE-2022-42475: Fortinet FortiOS -- Heap Overflow RCE Fortinet FortiOS Critical 9.3 Yes Read →
CVE-2022-27510 CVE-2022-27510: Citrix ADC/Gateway -- Authentication Bypass Citrix Citrix ADC / Citrix Gateway Critical 9.8 Yes Read →
CVE-2022-41040 CVE-2022-41040: Microsoft Exchange -- ProxyNotShell SSRF Microsoft Exchange Server High 8.8 Yes Read →
CVE-2022-3236 CVE-2022-3236: Sophos Firewall -- User Portal and Webadmin Code Injection Sophos Sophos Firewall Critical 9.8 Yes Read →
CVE-2022-26134 CVE-2022-26134: Atlassian Confluence -- OGNL Injection RCE Atlassian Confluence Server / Data Center Critical 9.8 Yes Read →
CVE-2022-30525 CVE-2022-30525: Zyxel Firewall -- OS Command Injection Zyxel Zyxel Firewall Critical 9.8 Yes Read →
CVE-2022-1388 CVE-2022-1388: F5 BIG-IP iControl REST -- Authentication Bypass to RCE F5 BIG-IP Critical 9.8 Yes Read →
CVE-2021-44228 CVE-2021-44228: Log4Shell -- Apache Log4j Remote Code Execution Apache Software Foundation Log4j 2 Critical 10 Yes Read →
CVE-2021-26855 CVE-2021-26855: Microsoft Exchange -- ProxyLogon SSRF Microsoft Exchange Server Critical 9.8 Yes Read →
CVE-2021-34473 CVE-2021-34473: Microsoft Exchange -- ProxyShell RCE Microsoft Exchange Server Critical 9.8 Yes Read →
CVE-2021-40539 CVE-2021-40539: Zoho ManageEngine ADSelfService Plus -- Unauthenticated RCE Zoho ManageEngine ADSelfService Plus Critical 9.8 Yes Read →

No entries match your search.