CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    8.8

    HIGH
    CVE-2026-34197 - Apache ActiveMQ Improper Input Validation Vulnerability -

    Action Due Apr 30, 2026 ( 12 days left ) Target Vendor : Apache

    Description :Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197

    Alert Date: Apr 16, 2026 | 1 days ago

    6.5

    MEDIUM
    CVE-2026-32201 - Microsoft SharePoint Server Improper Input Validation Vulnerability -

    Action Due Apr 28, 2026 ( 10 days left ) Target Vendor : Microsoft

    Description :Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201

    Alert Date: Apr 14, 2026 | 3 days ago

    9.3

    HIGH
    CVE-2009-0238 - Microsoft Office Remote Code Execution -

    Action Due Apr 28, 2026 ( 10 days left ) Target Vendor : Microsoft

    Description :Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238

    Alert Date: Apr 14, 2026 | 3 days ago

    9.6

    CRITICAL
    CVE-2026-34621 - Adobe Acrobat and Reader Prototype Pollution Vulnerability -

    Action Due Apr 27, 2026 ( 9 days left ) Target Vendor : Adobe

    Description :Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621

    Alert Date: Apr 13, 2026 | 4 days ago

    9.8

    CRITICAL
    CVE-2026-21643 - Fortinet FortiClient EMS SQL Injection Vulnerability -

    Action Due Apr 16, 2026 Target Vendor : Fortinet

    Description :Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643

    Alert Date: Apr 13, 2026 | 4 days ago

    9.3

    HIGH
    CVE-2020-9715 - Adobe Acrobat Use-After-Free Vulnerability -

    Action Due Apr 27, 2026 ( 9 days left ) Target Vendor : Adobe

    Description :Adobe Acrobat contains a use-after-free vulnerability that allows for code execution

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715

    Alert Date: Apr 13, 2026 | 4 days ago

    8.8

    HIGH
    CVE-2023-21529 - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability -

    Action Due Apr 27, 2026 ( 9 days left ) Target Vendor : Microsoft

    Description :Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529

    Alert Date: Apr 13, 2026 | 4 days ago

    7.8

    HIGH
    CVE-2023-36424 - Microsoft Windows Out-of-Bounds Read Vulnerability -

    Action Due Apr 27, 2026 ( 9 days left ) Target Vendor : Microsoft

    Description :Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424

    Alert Date: Apr 13, 2026 | 4 days ago

    7.8

    HIGH
    CVE-2012-1854 - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability -

    Action Due Apr 27, 2026 ( 9 days left ) Target Vendor : Microsoft

    Description :Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854

    Alert Date: Apr 13, 2026 | 4 days ago

    7.8

    HIGH
    CVE-2025-60710 - Microsoft Windows Link Following Vulnerability -

    Action Due Apr 27, 2026 ( 9 days left ) Target Vendor : Microsoft

    Description :Microsoft Windows contains a link following vulnerability that allows for privilege escalation

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710

    Alert Date: Apr 13, 2026 | 4 days ago

    9.8

    CRITICAL
    CVE-2026-1340 - Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability -

    Action Due Apr 11, 2026 Target Vendor : Ivanti

    Description :Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as possible. For more information please see: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0S-5.noarch.rpm ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0L-5.noarch.rpm ; https://nvd.nist.gov/vuln/detail/CVE-2026-1340

    Alert Date: Apr 08, 2026 | 9 days ago

    9.8

    CRITICAL
    CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability -

    Action Due Apr 09, 2026 Target Vendor : Fortinet

    Description :Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-099 ; https://nvd.nist.gov/vuln/detail/CVE-2026-35616

    Alert Date: Apr 06, 2026 | 11 days ago

    7.8

    HIGH
    CVE-2026-3502 - TrueConf Client Download of Code Without Integrity Check Vulnerability -

    Action Due Apr 16, 2026 Target Vendor : TrueConf

    Description :TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://trueconf.com/blog/update/trueconf-8-5 ; https://trueconf.com/downloads/windows.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3502

    Alert Date: Apr 02, 2026 | 15 days ago

    8.8

    HIGH
    CVE-2026-5281 - Google Dawn Use-After-Free Vulnerability -

    Action Due Apr 15, 2026 Target Vendor : Google

    Description :Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281

    Alert Date: Apr 01, 2026 | 16 days ago

    9.8

    CRITICAL
    CVE-2026-3055 - Citrix NetScaler Out-of-Bounds Read Vulnerability -

    Action Due Apr 02, 2026 Target Vendor : Citrix

    Description :Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300&articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2026_3055_and_CVE_2026_4368 ; https://nvd.nist.gov/vuln/detail/CVE-2026-3055

    Alert Date: Mar 30, 2026 | 18 days ago

    9.8

    CRITICAL
    CVE-2025-53521 - F5 BIG-IP Stack-Based Buffer Overflow Vulnerability -

    Action Due Mar 30, 2026 Target Vendor : F5

    Description :F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :Please adhere to F5’s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. For more information please see: https://my.f5.com/manage/s/article/K000156741 ; https://my.f5.com/manage/s/article/K000160486 ; https://my.f5.com/manage/s/article/K11438344 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53521

    Alert Date: Mar 27, 2026 | 21 days ago

    9.4

    CRITICAL
    CVE-2026-33634 - Aquasecurity Trivy Embedded Malicious Code Vulnerability -

    Action Due Apr 09, 2026 Target Vendor : Aquasecurity

    Description :Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :This vulnerability involves a supply‑chain compromise in a product that may be used across multiple products and environments. Additional vendor‑provided guidance must be followed to ensure full remediation. For more information, please see: https://github.com/advisories/GHSA-69fq-xp46-6x23 ; https://nvd.nist.gov/vuln/detail/CVE-2026-33634

    Alert Date: Mar 26, 2026 | 22 days ago

    9.8

    CRITICAL
    CVE-2026-33017 - Langflow Code Injection Vulnerability -

    Action Due Apr 08, 2026 Target Vendor : Langflow

    Description :Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx ; https://nvd.nist.gov/vuln/detail/CVE-2026-33017

    Alert Date: Mar 25, 2026 | 23 days ago

    8.8

    HIGH
    CVE-2025-31277 - Apple Multiple Products Buffer Overflow Vulnerability -

    Action Due Apr 03, 2026 Target Vendor : Apple

    Description :Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277

    Alert Date: Mar 20, 2026 | 28 days ago

    7.1

    HIGH
    CVE-2025-43520 - Apple Multiple Products Classic Buffer Overflow Vulnerability -

    Action Due Apr 03, 2026 Target Vendor : Apple

    Description :Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520

    Alert Date: Mar 20, 2026 | 28 days ago
Showing 20 of 1573 Results

Filters