Added to CISA KEV since 2026-02-18. actively exploited, patch priority.
Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
Linux Kernel Improper Authentication Vulnerability
Android Framework Integer Overflow Vulnerability
Oracle WebLogic Server Unspecified Vulnerability
KEV
CVE-2026-0257
Palo Alto Networks
added 2026-05-29 · due 2026-06-01
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
KEV
CVE-2026-45321
ransomware
TanStack
added 2026-05-27 · due 2026-06-10
TanStack Unspecified Vulnerability
Nx Console Embedded Malicious Code Vulnerability
Daemon Tools Lite Embedded Malicious Code Vulnerability
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
Drupal Core SQL Injection Vulnerability
Langflow Origin Validation Error Vulnerability
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Microsoft Windows Buffer Overflow Vulnerability
Microsoft DirectX NULL Byte Overwrite Vulnerability
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Defender Link Following Vulnerability
Microsoft Defender Denial of Service Vulnerability
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
BerriAI LiteLLM SQL Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
KEV
CVE-2026-0300
Palo Alto Networks
added 2026-05-06 · due 2026-05-09
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
KEV
CVE-2026-41940
ransomware
WebPros
added 2026-04-30 · due 2026-05-03
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
KEV
CVE-2024-1708
ransomware
ConnectWise
added 2026-04-28 · due 2026-05-12
ConnectWise ScreenConnect Path Traversal Vulnerability
Microsoft Windows Protection Mechanism Failure Vulnerability
KEV
CVE-2024-57726
ransomware
SimpleHelp
added 2026-04-24 · due 2026-05-08
SimpleHelp Missing Authorization Vulnerability
KEV
CVE-2024-57728
ransomware
SimpleHelp
added 2026-04-24 · due 2026-05-08
SimpleHelp Path Traversal Vulnerability
Samsung MagicINFO 9 Server Path Traversal Vulnerability
D-Link DIR-823X Command Injection Vulnerability
Marimo Remote Code Execution Vulnerability
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
KEV
CVE-2023-27351
ransomware
PaperCut
added 2026-04-20 · due 2026-05-04
PaperCut NG/MF Improper Authentication Vulnerability
KEV
CVE-2024-27199
ransomware
JetBrains
added 2026-04-20 · due 2026-05-04
JetBrains TeamCity Relative Path Traversal Vulnerability
Kentico Xperience Path Traversal Vulnerability
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Apache ActiveMQ Improper Input Validation Vulnerability
Microsoft Office Remote Code Execution
Microsoft SharePoint Server Improper Input Validation Vulnerability
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
Adobe Acrobat Use-After-Free Vulnerability
KEV
CVE-2023-21529
ransomware
Microsoft
added 2026-04-13 · due 2026-04-27
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Microsoft Windows Out-of-Bounds Read Vulnerability
Microsoft Windows Link Following Vulnerability
Fortinet FortiClient EMS SQL Injection Vulnerability
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Fortinet FortiClient EMS Improper Access Control Vulnerability
TrueConf Client Download of Code Without Integrity Check Vulnerability
Google Dawn Use-After-Free Vulnerability
Citrix NetScaler Out-of-Bounds Read Vulnerability
F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
Aquasecurity Trivy Embedded Malicious Code Vulnerability
Langflow Code Injection Vulnerability
Apple Multiple Products Buffer Overflow Vulnerability
Craft CMS Code Injection Vulnerability
Apple Multiple Products Improper Locking Vulnerability
Apple Multiple Products Classic Buffer Overflow Vulnerability
Laravel Livewire Code Injection Vulnerability
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Wing FTP Server Information Disclosure Vulnerability
Google Skia Out-of-Bounds Write Vulnerability
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
Omnissa Workspace ONE Server-Side Request Forgery
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Hikvision Multiple Products Improper Authentication Vulnerability
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Apple iOS and iPadOS Use-After-Free Vulnerability
Apple Multiple products Use-After-Free Vulnerability
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Broadcom VMware Aria Operations Command Injection Vulnerability
Cisco SD-WAN Path Traversal Vulnerability
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
KEV
CVE-2026-25108
Soliton Systems K.K
added 2026-02-24 · due 2026-03-17
Soliton Systems K.K FileZen OS Command Injection Vulnerability
RoundCube Webmail Deserialization of Untrusted Data Vulnerability
RoundCube Webmail Cross-site Scripting Vulnerability
GitLab Server-Side Request Forgery (SSRF) Vulnerability
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability