CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    7.5

    HIGH
    CVE-2026-20128 - Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability -

    Action Due Apr 23, 2026 ( 1 days left ) Target Vendor : Cisco

    Description :Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.

    Action :Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128

    Alert Date: Apr 20, 2026 | 1 days ago

    7.3

    HIGH
    CVE-2024-27199 - JetBrains TeamCity Relative Path Traversal Vulnerability -

    Action Due May 04, 2026 ( 12 days left ) Target Vendor : JetBrains

    Description :JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199

    Alert Date: Apr 20, 2026 | 1 days ago

    10.0

    CRITICAL
    CVE-2025-32975 - Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability -

    Action Due May 04, 2026 ( 12 days left ) Target Vendor : Quest

    Description :Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975

    Alert Date: Apr 20, 2026 | 1 days ago

    6.1

    MEDIUM
    CVE-2025-48700 - Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability -

    Action Due Apr 23, 2026 ( 1 days left ) Target Vendor : Synacor

    Description :Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700

    Alert Date: Apr 20, 2026 | 1 days ago

    7.2

    HIGH
    CVE-2025-2749 - Kentico Xperience Path Traversal Vulnerability -

    Action Due May 04, 2026 ( 12 days left ) Target Vendor : Kentico

    Description :Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749

    Alert Date: Apr 20, 2026 | 1 days ago

    7.5

    HIGH
    CVE-2026-20133 - Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability -

    Action Due Apr 23, 2026 ( 1 days left ) Target Vendor : Cisco

    Description :Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.

    Action :Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133

    Alert Date: Apr 20, 2026 | 1 days ago

    8.2

    HIGH
    CVE-2023-27351 - PaperCut NG/MF Improper Authentication Vulnerability -

    Action Due May 04, 2026 ( 12 days left ) Target Vendor : PaperCut

    Description :PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351

    Alert Date: Apr 20, 2026 | 1 days ago

    5.4

    MEDIUM
    CVE-2026-20122 - Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability -

    Action Due Apr 23, 2026 ( 1 days left ) Target Vendor : Cisco

    Description :Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

    Action :Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122

    Alert Date: Apr 20, 2026 | 1 days ago

    8.8

    HIGH
    CVE-2026-34197 - Apache ActiveMQ Improper Input Validation Vulnerability -

    Action Due Apr 30, 2026 ( 8 days left ) Target Vendor : Apache

    Description :Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt ; https://nvd.nist.gov/vuln/detail/CVE-2026-34197

    Alert Date: Apr 16, 2026 | 5 days ago

    6.5

    MEDIUM
    CVE-2026-32201 - Microsoft SharePoint Server Improper Input Validation Vulnerability -

    Action Due Apr 28, 2026 ( 6 days left ) Target Vendor : Microsoft

    Description :Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32201 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32201

    Alert Date: Apr 14, 2026 | 7 days ago

    9.3

    HIGH
    CVE-2009-0238 - Microsoft Office Remote Code Execution -

    Action Due Apr 28, 2026 ( 6 days left ) Target Vendor : Microsoft

    Description :Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-009 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0238

    Alert Date: Apr 14, 2026 | 7 days ago

    8.8

    HIGH
    CVE-2023-21529 - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability -

    Action Due Apr 27, 2026 ( 5 days left ) Target Vendor : Microsoft

    Description :Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529

    Alert Date: Apr 13, 2026 | 8 days ago

    9.8

    CRITICAL
    CVE-2026-21643 - Fortinet FortiClient EMS SQL Injection Vulnerability -

    Action Due Apr 16, 2026 Target Vendor : Fortinet

    Description :Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643

    Alert Date: Apr 13, 2026 | 8 days ago

    9.3

    HIGH
    CVE-2020-9715 - Adobe Acrobat Use-After-Free Vulnerability -

    Action Due Apr 27, 2026 ( 5 days left ) Target Vendor : Adobe

    Description :Adobe Acrobat contains a use-after-free vulnerability that allows for code execution

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715

    Alert Date: Apr 13, 2026 | 8 days ago

    7.8

    HIGH
    CVE-2023-36424 - Microsoft Windows Out-of-Bounds Read Vulnerability -

    Action Due Apr 27, 2026 ( 5 days left ) Target Vendor : Microsoft

    Description :Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424

    Alert Date: Apr 13, 2026 | 8 days ago

    7.8

    HIGH
    CVE-2025-60710 - Microsoft Windows Link Following Vulnerability -

    Action Due Apr 27, 2026 ( 5 days left ) Target Vendor : Microsoft

    Description :Microsoft Windows contains a link following vulnerability that allows for privilege escalation

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710

    Alert Date: Apr 13, 2026 | 8 days ago

    7.8

    HIGH
    CVE-2012-1854 - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability -

    Action Due Apr 27, 2026 ( 5 days left ) Target Vendor : Microsoft

    Description :Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854

    Alert Date: Apr 13, 2026 | 8 days ago

    9.6

    CRITICAL
    CVE-2026-34621 - Adobe Acrobat and Reader Prototype Pollution Vulnerability -

    Action Due Apr 27, 2026 ( 5 days left ) Target Vendor : Adobe

    Description :Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621

    Alert Date: Apr 13, 2026 | 8 days ago

    9.8

    CRITICAL
    CVE-2026-1340 - Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability -

    Action Due Apr 11, 2026 Target Vendor : Ivanti

    Description :Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as possible. For more information please see: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0S-5.noarch.rpm ; https://support.mobileiron.com/mi/vsp/AB1786671/ivanti-security-update-1761642-1.1.0L-5.noarch.rpm ; https://nvd.nist.gov/vuln/detail/CVE-2026-1340

    Alert Date: Apr 08, 2026 | 13 days ago

    9.8

    CRITICAL
    CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability -

    Action Due Apr 09, 2026 Target Vendor : Fortinet

    Description :Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

    Action :Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-099 ; https://nvd.nist.gov/vuln/detail/CVE-2026-35616

    Alert Date: Apr 06, 2026 | 15 days ago
Showing 20 of 1581 Results

Filters