Skip to main content
Updated Nightly

Known Exploited Vulnerabilities Database

A live mirror of the CISA Known Exploited Vulnerabilities (KEV) catalog — CVEs confirmed to be actively exploited in the wild, enriched nightly with CVSS scoring and AI-generated plain-English breakdowns.

1,635

Tracked CVEs

329

Linked to ransomware

4

Added in last 7 days

Today's Top Exploited Vulnerabilities

AI-generated breakdowns of the most recently catalogued, actively exploited vulnerabilities.

Latest Catalogued Vulnerabilities

Most recently added entries in the CISA KEV catalog, ordered by date added.

CVE IDVendor / Product
CVE-2026-56290

Joomlack Page Builder

Joomlack Page Builder Improper Access Control Vulnerability

Details
CVE-2026-55255

Langflow Langflow

Langflow Authorization Bypass Through User-Controlled Key Vulnerability

Details
CVE-2026-48908

JoomShaper SP Page Builder

JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability

Details
CVE-2026-48282

Adobe ColdFusion

Adobe ColdFusion Path Traversal Vulnerability

Details
CVE-2026-45659

Microsoft SharePoint Server

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Details
CVE-2026-48558

SimpleHelp SimpleHelp

SimpleHelp Authentication Bypass Vulnerability

Details
CVE-2026-20230

Cisco Unified Communications Manager

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

Details
CVE-2026-12569

PTC Windchill and FlexPLM

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

Details
CVE-2026-34910

Ubiquiti UniFi OS

Ubiquiti UniFi OS Improper Input Validation Vulnerability

Details
CVE-2026-34909

Ubiquiti UniFi OS

Ubiquiti UniFi OS Path Traversal Vulnerability

Details
CVE-2026-34908

Ubiquiti UniFi OS

Ubiquiti UniFi OS Improper Access Control Vulnerability

Details
CVE-2025-67038

Lantronix EDS5000

Lantronix EDS5000 Code Injection Vulnerability

Details
CVE-2026-20253

Splunk Enterprise

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Details
CVE-2026-48907

Widget Factory Joomla Content Editor

Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Details
CVE-2026-54420

LiteSpeed cPanel Plugin

LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

Details
CVE-2026-20262

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

Details
CVE-2026-35273 Ransomware

Oracle PeopleSoft Enterprise PeopleTools

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

Details
CVE-2026-10520

Ivanti Sentry

Ivanti Sentry OS Command Injection Vulnerability

Details
CVE-2026-7473

Arista Extensible Operating System

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

Details
CVE-2026-20245

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Details
CVE-2026-11645

Google Chromium V8

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Details
CVE-2026-50751 Ransomware

Check Point Security Gateway

Check Point Security Gateway Improper Authentication Vulnerability

Details
CVE-2026-42271

BerriAI LiteLLM

BerriAI LiteLLM Command Injection Vulnerability

Details
CVE-2026-28318

SolarWinds Serv-U

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

Details
CVE-2026-45247

Mirasvit Mirasvit Full Page Cache Warmer

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Details
CVE-2025-48595

Android Framework

Android Framework Integer Overflow Vulnerability

Details
CVE-2022-0492

Linux Kernel

Linux Kernel Improper Authentication Vulnerability

Details
CVE-2024-21182

Oracle WebLogic Server

Oracle WebLogic Server Unspecified Vulnerability

Details
CVE-2026-0257

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Details
CVE-2026-8398

Daemon Daemon Tools Lite

Daemon Tools Lite Embedded Malicious Code Vulnerability

Details
CVE-2026-48027 Ransomware

Nx Nx Console

Nx Console Embedded Malicious Code Vulnerability

Details
CVE-2026-45321 Ransomware

TanStack TanStack

TanStack Unspecified Vulnerability

Details
CVE-2026-48172

LiteSpeed cPanel Plugin

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

Details
CVE-2026-9082

Drupal Core

Drupal Core SQL Injection Vulnerability

Details
CVE-2026-34926

Trend Micro Apex One

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Details
CVE-2025-34291

Langflow Langflow

Langflow Origin Validation Error Vulnerability

Details
CVE-2026-45498

Microsoft Defender

Microsoft Defender Denial of Service Vulnerability

Details
CVE-2026-41091

Microsoft Defender

Microsoft Defender Link Following Vulnerability

Details
CVE-2010-0806

Microsoft Internet Explorer

Microsoft Internet Explorer Use-After-Free Vulnerability

Details
CVE-2010-0249

Microsoft Internet Explorer

Microsoft Internet Explorer Use-After-Free Vulnerability

Details
CVE-2009-3459

Adobe Acrobat and Reader

Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

Details
CVE-2009-1537

Microsoft DirectX

Microsoft DirectX NULL Byte Overwrite Vulnerability

Details
CVE-2008-4250

Microsoft Windows

Microsoft Windows Buffer Overflow Vulnerability

Details
CVE-2026-42897

Microsoft Microsoft

Microsoft Exchange Server Cross-Site Scripting Vulnerability

Details
CVE-2026-20182

Cisco Catalyst SD-WAN

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Details
CVE-2026-42208

BerriAI LiteLLM

BerriAI LiteLLM SQL Injection Vulnerability

Details
CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Details
CVE-2026-0300

Palo Alto Networks PAN-OS

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

Details
CVE-2026-31431

Linux Kernel

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Details
CVE-2026-41940 Ransomware

WebPros cPanel & WHM and WP2 (WordPress Squared)

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

Details
CVE-2026-32202

Microsoft Windows

Microsoft Windows Protection Mechanism Failure Vulnerability

Details
CVE-2024-1708 Ransomware

ConnectWise ScreenConnect

ConnectWise ScreenConnect Path Traversal Vulnerability

Details
CVE-2025-29635

D-Link DIR-823X

D-Link DIR-823X Command Injection Vulnerability

Details
CVE-2024-7399

Samsung MagicINFO 9 Server

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Details
CVE-2024-57728 Ransomware

SimpleHelp SimpleHelp

SimpleHelp Path Traversal Vulnerability

Details
CVE-2024-57726 Ransomware

SimpleHelp SimpleHelp

SimpleHelp Missing Authorization Vulnerability

Details
CVE-2026-39987

Marimo Marimo

Marimo Remote Code Execution Vulnerability

Details
CVE-2026-33825 Ransomware

Microsoft Defender

Microsoft Defender Insufficient Granularity of Access Control Vulnerability

Details
CVE-2026-20133

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Details
CVE-2026-20128

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability

Details

Sources & Methodology

This catalog mirrors the official CISA Known Exploited Vulnerabilities catalog via a nightly sync. Newly added entries are enriched with CVSS scoring from the NIST National Vulnerability Database and given an AI-generated summary, impact assessment, and recommended action. AI breakdowns are generated from the underlying CISA and NVD data and should be treated as a starting point, not a substitute for your own risk assessment.

Patch With Confidence

Know Which Vulnerabilities Actually Matter

A VAPT assessment tells you which of these actively exploited vulnerabilities exist in your own environment. CRS delivers continuous, compliance-grade penetration testing across Africa and North America.