Live CISA KEV Data
CVEs Actively Exploited
in the Wild
Every vulnerability below is confirmed actively exploited by threat actors. CISA mandates federal agencies patch these immediately — your business should too.
1,602Total KEV Entries
19Added Last 30 Days
323Known Ransomware Use
30 Most Recently Added Exploited CVEs
CVE-2026-9082High
Drupal Core SQL Injection Vulnerability
Drupal — Core
Added to KEV: May 22, 2026
Federal patch due: May 27, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2025-34291High
Langflow Origin Validation Error Vulnerability
Langflow — Langflow
Added to KEV: May 21, 2026
Federal patch due: Jun 4, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-34926High
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Trend Micro — Apex One
Added to KEV: May 21, 2026
Federal patch due: Jun 4, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2008-4250High
Microsoft Windows Buffer Overflow Vulnerability
Microsoft — Windows
Added to KEV: May 20, 2026
Federal patch due: Jun 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2009-1537High
Microsoft DirectX NULL Byte Overwrite Vulnerability
Microsoft — DirectX
Added to KEV: May 20, 2026
Federal patch due: Jun 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2009-3459High
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Adobe — Acrobat and Reader
Added to KEV: May 20, 2026
Federal patch due: Jun 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2010-0249High
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft — Internet Explorer
Added to KEV: May 20, 2026
Federal patch due: Jun 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2010-0806High
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft — Internet Explorer
Added to KEV: May 20, 2026
Federal patch due: Jun 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-41091High
Microsoft Defender Link Following Vulnerability
Microsoft — Defender
Added to KEV: May 20, 2026
Federal patch due: Jun 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-45498High
Microsoft Defender Denial of Service Vulnerability
Microsoft — Defender
Added to KEV: May 20, 2026
Federal patch due: Jun 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-42897High
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Microsoft — Microsoft
Added to KEV: May 15, 2026
Federal patch due: May 29, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-20182High
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Cisco — Catalyst SD-WAN
Added to KEV: May 14, 2026
Federal patch due: May 17, 2026
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
CVE-2026-42208High
BerriAI LiteLLM SQL Injection Vulnerability
BerriAI — LiteLLM
Added to KEV: May 8, 2026
Federal patch due: May 11, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-6973High
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti — Endpoint Manager Mobile (EPMM)
Added to KEV: May 7, 2026
Federal patch due: May 10, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-0300High
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Palo Alto Networks — PAN-OS
Added to KEV: May 6, 2026
Federal patch due: May 9, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required. 5/13/2026: Palo Alto has released a variety of patches. If these are relevant to your environment, please apply the designated patch.
CVE-2026-31431High
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Linux — Kernel
Added to KEV: May 1, 2026
Federal patch due: May 15, 2026
"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-41940Critical
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
WebPros — cPanel & WHM and WP2 (WordPress Squared)
Added to KEV: Apr 30, 2026
Federal patch due: May 3, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware campaign confirmed
CVE-2024-1708Critical
ConnectWise ScreenConnect Path Traversal Vulnerability
ConnectWise — ScreenConnect
Added to KEV: Apr 28, 2026
Federal patch due: May 12, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware campaign confirmed
CVE-2026-32202High
Microsoft Windows Protection Mechanism Failure Vulnerability
Microsoft — Windows
Added to KEV: Apr 28, 2026
Federal patch due: May 12, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2025-29635High
D-Link DIR-823X Command Injection Vulnerability
D-Link — DIR-823X
Added to KEV: Apr 24, 2026
Federal patch due: May 8, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2024-7399High
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung — MagicINFO 9 Server
Added to KEV: Apr 24, 2026
Federal patch due: May 8, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2024-57728Critical
SimpleHelp Path Traversal Vulnerability
SimpleHelp — SimpleHelp
Added to KEV: Apr 24, 2026
Federal patch due: May 8, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware campaign confirmed
CVE-2024-57726Critical
SimpleHelp Missing Authorization Vulnerability
SimpleHelp — SimpleHelp
Added to KEV: Apr 24, 2026
Federal patch due: May 8, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware campaign confirmed
CVE-2026-39987High
Marimo Remote Code Execution Vulnerability
Marimo — Marimo
Added to KEV: Apr 23, 2026
Federal patch due: May 7, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-33825High
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Microsoft — Defender
Added to KEV: Apr 22, 2026
Federal patch due: May 6, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2026-20122High
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Cisco — Catalyst SD-WAN Manger
Added to KEV: Apr 20, 2026
Federal patch due: Apr 23, 2026
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
CVE-2026-20133High
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Cisco — Catalyst SD-WAN Manager
Added to KEV: Apr 20, 2026
Federal patch due: Apr 23, 2026
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
CVE-2025-2749High
Kentico Xperience Path Traversal Vulnerability
Kentico — Kentico Xperience
Added to KEV: Apr 20, 2026
Federal patch due: May 4, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE-2023-27351Critical
PaperCut NG/MF Improper Authentication Vulnerability
PaperCut — NG/MF
Added to KEV: Apr 20, 2026
Federal patch due: May 4, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware campaign confirmed
CVE-2025-48700High
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Synacor — Zimbra Collaboration Suite (ZCS)
Added to KEV: Apr 20, 2026
Federal patch due: Apr 23, 2026
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Are these vulnerabilities patched in your environment?
Zero Day IT delivers continuous patch management and vulnerability remediation so your business stays ahead of active exploits — not behind them.
Talk to Us About Patch Management →