Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 5, 2026 | CVE-2021-22681 | Rockwell Multiple Products |
Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to v…
|
— | 20.4% |
| Apr 15, 2022 | CVE-2018-7841 | Schneider Electric U.motion Builder |
Schneider Electric U.motion Builder SQL Injection Vulnerability
A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.
|
— | 59.3% |
| Mar 3, 2022 | CVE-2016-8562 | Siemens SIMATIC CP |
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of servi…
|
— | 18.5% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.