KEV Tracker

Critical and High-severity (CVSS 7.0+) entries from the CISA Known Exploited Vulnerabilities catalogue covered by Vuln Brief — the highest-risk confirmed exploits, sorted by analysis date.

What is the CISA KEV Catalogue?

The CISA Known Exploited Vulnerabilities (KEV) catalogue is the authoritative source of CVEs that have been confirmed exploited in the wild against real-world targets. Maintained by the U.S. Cybersecurity and Infrastructure Security Agency, it's the gold standard for vulnerability prioritisation — if a CVE is in the KEV catalogue, attackers are actively using it.

Federal civilian agencies are required to remediate KEV entries within tight deadlines. Private sector organisations should treat KEV entries with the same urgency. Vuln Brief focuses on Critical and High-severity entries (CVSS 7.0+), providing the technical depth needed to understand what each vulnerability actually does and how to remediate it effectively.

Source: CISA KEV Catalogue →

Total Analysed 38
Critical Severity 27
High Severity 11
Patches Available 38
Severity: 38 entries

All Covered KEV Entries

CISA KEV source →
CVE ID Title Vendor Product Severity CVSS Patch Published Analysis
CVE-2024-1708 CVE-2024-1708: ConnectWise ScreenConnect Path Traversal — RMM Tools as Attack Vectors ConnectWise ScreenConnect Critical 9.8 Yes Read →
CVE-2026-0300 CVE-2026-0300: Palo Alto PAN-OS Out-of-Bounds Write Leads to Root RCE on Firewalls Palo Alto Networks PAN-OS Critical 9.8 Yes Read →
CVE-2026-20182 CVE-2026-20182: Cisco Catalyst SD-WAN Authentication Bypass — Unauthenticated Admin Access Cisco Catalyst SD-WAN Controller & Manager Critical 9.8 Yes Read →
CVE-2026-31431 CVE-2026-31431: Linux Kernel Privilege Escalation via Incorrect Resource Transfer Linux Linux Kernel High 7.8 Yes Read →
CVE-2026-41940 CVE-2026-41940: cPanel & WHM Authentication Bypass — Unauthenticated Control Panel Access WebPros cPanel & WHM Critical 9.8 Yes Read →
CVE-2026-42208 CVE-2026-42208: SQL Injection in BerriAI LiteLLM Exposes AI Proxy Credentials BerriAI LiteLLM High 8.1 Yes Read →
CVE-2026-42897 CVE-2026-42897: Microsoft Exchange Server XSS in Outlook Web Access Microsoft Exchange Server High 8 Yes Read →
CVE-2026-6973 CVE-2026-6973: Ivanti EPMM Improper Input Validation Enables Authenticated RCE Ivanti Endpoint Manager Mobile (EPMM) High 7.2 Yes Read →
CVE-2024-38094 CVE-2024-38094: Microsoft SharePoint Server — Remote Code Execution Microsoft SharePoint Server High 7.2 Yes Read →
CVE-2025-29824 CVE-2025-29824: Windows CLFS — Zero-Day Privilege Escalation Microsoft Windows (CLFS Driver) High 7.8 Yes Read →
CVE-2024-50623 CVE-2024-50623: Cleo Harmony/VLTrader — Unrestricted File Upload and Download RCE Cleo Harmony / VLTrader / LexiCom High 8.8 Yes Read →
CVE-2025-0282 CVE-2025-0282: Ivanti Connect Secure — Stack Overflow Zero-Day RCE Ivanti Connect Secure / Policy Secure / Neurons for ZTA Critical 9 Yes Read →
CVE-2024-55956 CVE-2024-55956: Cleo MFT — Unrestricted File Upload to RCE Cleo Harmony / VLTrader / LexiCom Critical 9.8 Yes Read →
CVE-2023-49103 CVE-2023-49103: ownCloud graphapi — Sensitive Information Disclosure (CVSS 10.0) ownCloud ownCloud (graphapi app) Critical 10 Yes Read →
CVE-2024-21893 CVE-2024-21893: Ivanti Connect Secure — SSRF to Authentication Bypass Ivanti Connect Secure / Policy Secure High 8.2 Yes Read →
CVE-2023-7028 CVE-2023-7028: GitLab — Account Takeover via Email Reset GitLab GitLab CE/EE Critical 10 Yes Read →
CVE-2022-26134 CVE-2022-26134: Atlassian Confluence — OGNL Injection RCE Atlassian Confluence Server / Data Center Critical 9.8 Yes Read →
CVE-2024-29824 CVE-2024-29824: Ivanti EPM — SQL Injection to RCE Ivanti Endpoint Manager (EPM) Critical 9.6 Yes Read →
CVE-2023-42793 CVE-2023-42793: JetBrains TeamCity — Pre-Auth Authentication Bypass JetBrains TeamCity Critical 9.8 Yes Read →
CVE-2023-0669 CVE-2023-0669: GoAnywhere MFT — Pre-Auth Remote Code Execution Fortra (formerly HelpSystems) GoAnywhere MFT High 7.2 Yes Read →
CVE-2022-47986 CVE-2022-47986: IBM Aspera Faspex — YAML Deserialization RCE IBM Aspera Faspex Critical 9.8 Yes Read →
CVE-2024-4577 CVE-2024-4577: PHP CGI — Argument Injection RCE on Windows PHP Group PHP (CGI mode on Windows) Critical 9.8 Yes Read →
CVE-2023-48788 CVE-2023-48788: Fortinet FortiClientEMS — SQL Injection to RCE Fortinet FortiClientEMS Critical 9.8 Yes Read →
CVE-2024-23113 CVE-2024-23113: Fortinet FortiOS — Format String RCE Fortinet FortiOS / FortiProxy / FortiPAM / FortiWeb Critical 9.8 Yes Read →
CVE-2023-20198 CVE-2023-20198: Cisco IOS XE Web UI — Zero-Day Privilege Escalation (CVSS 10.0) Cisco IOS XE Critical 10 Yes Read →
CVE-2022-1388 CVE-2022-1388: F5 BIG-IP iControl REST — Authentication Bypass to RCE F5 BIG-IP Critical 9.8 Yes Read →
CVE-2021-44228 CVE-2021-44228: Log4Shell — Apache Log4j Remote Code Execution Apache Software Foundation Log4j 2 Critical 10 Yes Read →
CVE-2024-6387 CVE-2024-6387: OpenSSH regreSSHion — Unauthenticated RCE in sshd OpenSSH OpenSSH (sshd) High 8.1 Yes Read →
CVE-2023-34362 CVE-2023-34362: MOVEit Transfer — SQL Injection to RCE Progress Software MOVEit Transfer Critical 9.8 Yes Read →
CVE-2023-4966 CVE-2023-4966: Citrix NetScaler Bleed — Session Token Leak Citrix NetScaler ADC / NetScaler Gateway Critical 9.4 Yes Read →
CVE-2023-27997 CVE-2023-27997: Fortinet FortiGate SSL-VPN — Pre-Auth Heap Overflow RCE Fortinet FortiOS / FortiProxy Critical 9.8 Yes Read →
CVE-2023-22515 CVE-2023-22515: Atlassian Confluence — Privilege Escalation to Admin Atlassian Confluence Data Center and Server Critical 10 Yes Read →
CVE-2024-21762 CVE-2024-21762: Fortinet FortiOS SSL VPN — Out-of-Bounds Write RCE Fortinet FortiOS Critical 9.6 Yes Read →
CVE-2023-46805 CVE-2023-46805: Ivanti Connect Secure — Authentication Bypass via Path Traversal Ivanti Connect Secure / Policy Secure High 8.2 Yes Read →
CVE-2024-1709 CVE-2024-1709: ConnectWise ScreenConnect — Authentication Bypass (CVSS 10.0) ConnectWise ScreenConnect Critical 10 Yes Read →
CVE-2024-27198 CVE-2024-27198: JetBrains TeamCity — Authentication Bypass to RCE JetBrains TeamCity Critical 9.8 Yes Read →
CVE-2024-3400 CVE-2024-3400: Palo Alto PAN-OS GlobalProtect — Zero-Day Command Injection Palo Alto Networks PAN-OS Critical 10 Yes Read →
CVE-2024-21887 CVE-2024-21887: Ivanti Connect Secure — Authenticated Command Injection Ivanti Connect Secure / Policy Secure Critical 9.1 Yes Read →

No entries match your search.