KEV CATALOG (Known Exploited Vulnerability to Catalog) 2026 2026 2025
FEBRUARY
CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability
CVE-2026-21385 Qualcomm Multiple Chipsets Memory Corruption Vulnerability
CVE-2026-22719 Broadcom VMware Aria Operations Command Injection Vulnerability
CVE-2026-25108 Soliton Systems K.K. FileZen OS Command Injection Vulnerability
CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability
CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
CVE-2025-49113 RoundCube Webmail Deserialization of Untrusted Data Vulnerability
CVE-2025-68461 RoundCube Webmail Cross-site Scripting Vulnerability
CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability
CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
CVE-2008-0015 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
CVE-2020-7796 Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-2441 Google Chromium CSS Use-After-Free Vulnerability
CVE-2024-43468 Microsoft Configuration Manager SQL Injection Vulnerability
CVE-2025-15556 Notepad++ Download of Code Without Integrity Check Vulnerability
CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability
CVE-2026-20700 Apple Multiple Buffer Overflow Vulnerability
CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability
CVE-2026-24423 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
CVE-2026-21510 Microsoft Windows Shell Protection Mechanism Failure Vulnerability
CVE-2026-21513 Microsoft MSHTML Framework Security Feature Bypass Vulnerability
CVE-2026-21514 Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
CVE-2026-21519 Microsoft Windows Type Confusion Vulnerability
CVE-2026-21525 Microsoft Windows NULL Pointer Dereference Vulnerability
CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2025-11953 React Native Community CLI OS Command Injection Vulnerability
CVE-2026-24423 SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
CVE-2019-19006 Sangoma FreePBX Improper Authentication Vulnerability
CVE-2021-39935 GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-40551 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
CVE-2025-64328 Sangoma FreePBX OS Command Injection Vulnerability
JANUARY
CVE-2026-1281 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
CVE-2026-24858 Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability
CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
CVE-2026-23760 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
CVE-2026-24061 GNU InetUtils Argument Injection Vulnerability
CVE-2024-37079 Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability
CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability
CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability
CVE-2025-54313 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
CVE-2026-20045 Cisco Unified Communications Products Code Injection Vulnerability
CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability
CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability
CVE-2025-54313 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
CVE-2025-8110 Gogs Path Traversal Vulnerability
CVE-2026-20805 Microsoft Windows Information Disclosure Vulnerability
CVE-2009-0556 Microsoft Office PowerPoint Code Injection Vulnerability
CVE-2025-37164 HPE OneView Code Injection Vulnerability