Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 9, 2026 | CVE-2026-20245 | Cisco Catalyst SD-WAN Manager |
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local att…
|
7.8 | 0.4% |
| Jun 9, 2026 | CVE-2026-7473 | Arista Extensible Operating System |
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected…
|
5.8 | 27.2% |
| Jun 8, 2026 |
CVE-2026-50751
Ransomware |
Check Point Security Gateway |
Check Point Security Gateway Improper Authentication Vulnerability
Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authenticat…
|
9.3 | 11.8% |
| May 29, 2026 | CVE-2026-0257 | Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
|
— | 58.8% |
| May 14, 2026 | CVE-2026-20182 | Cisco Catalyst SD-WAN |
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain admin…
|
— | 83.8% |
| May 6, 2026 | CVE-2026-0300 | Palo Alto Networks PAN-OS |
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacke…
|
— | 6.1% |
| Apr 24, 2026 | CVE-2025-29635 | D-Link DIR-823X |
D-Link DIR-823X Command Injection Vulnerability
D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/…
|
— | 19.9% |
| Apr 20, 2026 | CVE-2026-20122 | Cisco Catalyst SD-WAN Manger |
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker coul…
|
— | 1.4% |
| Apr 20, 2026 | CVE-2026-20128 | Cisco Catalyst SD-WAN Manager |
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by access…
|
— | 0.1% |
| Apr 20, 2026 | CVE-2026-20133 | Cisco Catalyst SD-WAN Manager |
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information …
|
— | 2.0% |
| Apr 13, 2026 | CVE-2026-21643 | Fortinet FortiClient EMS |
Fortinet FortiClient EMS SQL Injection Vulnerability
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP r…
|
— | 70.9% |
| Apr 6, 2026 | CVE-2026-35616 | Fortinet FortiClient EMS |
Fortinet FortiClient EMS Improper Access Control Vulnerability
Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
|
— | 35.7% |
| Mar 27, 2026 | CVE-2025-53521 | F5 BIG-IP |
F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.
|
— | 8.8% |
| Mar 19, 2026 |
CVE-2026-20131
Ransomware |
Cisco Secure Firewall Management Center (FMC) |
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Manage…
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the …
|
— | 1.7% |
| Feb 25, 2026 | CVE-2022-20775 | Cisco SD-WAN |
Cisco SD-WAN Path Traversal Vulnerability
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands with…
|
— | 0.4% |
| Feb 25, 2026 | CVE-2026-20127 | Cisco Catalyst SD-WAN Controller and Manager |
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an…
|
— | 59.0% |
| Jan 27, 2026 | CVE-2026-24858 | Fortinet Multiple Products |
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud ac…
|
— | 4.0% |
| Jan 21, 2026 | CVE-2026-20045 | Cisco Unified Communications Manager |
Cisco Unified Communications Products Code Injection Vulnerability
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Pres…
|
— | 3.6% |
| Dec 19, 2025 | CVE-2025-14733 | WatchGuard Firebox |
WatchGuard Firebox Out of Bounds Write Vulnerability
WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute…
|
— | 27.8% |
| Dec 17, 2025 | CVE-2025-20393 | Cisco Multiple Products |
Cisco Multiple Products Improper Input Validation Vulnerability
Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arb…
|
— | 6.5% |
| Dec 17, 2025 | CVE-2025-40602 | SonicWall SMA1000 appliance |
SonicWall SMA1000 Missing Authorization Vulnerability
SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
|
— | 0.4% |
| Dec 16, 2025 | CVE-2025-59718 | Fortinet Multiple Products |
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker …
|
— | 12.1% |
| Dec 8, 2025 | CVE-2022-37055 | D-Link Routers |
D-Link Routers Buffer Overflow Vulnerability
D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) an…
|
— | 81.9% |
| Nov 18, 2025 | CVE-2025-58034 | Fortinet FortiWeb |
Fortinet FortiWeb OS Command Injection Vulnerability
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP re…
|
— | 45.7% |
| Nov 14, 2025 | CVE-2025-64446 | Fortinet FortiWeb |
Fortinet FortiWeb Path Traversal Vulnerability
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or …
|
— | 93.0% |
| Nov 12, 2025 | CVE-2025-9242 | WatchGuard Firebox |
WatchGuard Firebox Out-of-Bounds Write Vulnerability
WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code.
|
— | 78.6% |
| Oct 2, 2025 | CVE-2015-7755 | Juniper ScreenOS |
Juniper ScreenOS Improper Authentication Vulnerability
Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device.
|
— | 85.8% |
| Sep 29, 2025 | CVE-2025-20352 | Cisco IOS and IOS XE |
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remo…
|
— | 3.2% |
| Sep 25, 2025 | CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense |
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overf…
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for re…
|
— | 24.7% |
| Sep 25, 2025 | CVE-2025-20362 | Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense |
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Auth…
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulner…
|
— | 50.9% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.