The labs
CISA Known Exploited Vulnerabilities
The full KEV catalog. Entries marked Validated have been confirmed exploitable by ExploitSynth.
1606
CVEs in catalog
107
Validated
10
Public
PHPMailer Command Injection Vulnerability
PHP · PHPMailer
Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability
Craft CMS · Craft CMS
PHP-CGI OS Command Injection Vulnerability
PHP Group · PHP
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab · GitLab CE/EE
Laravel Deserialization of Untrusted Data Vulnerability
Laravel · Laravel Framework
Grafana Authentication Bypass Vulnerability
Grafana Labs · Grafana
Red Hat JBoss Authentication Bypass Vulnerability
Red Hat · JBoss
Exim Mail Transfer Agent (MTA) Improper Input Validation
Exim · Mail Transfer Agent (MTA)
Apache HTTP Server Privilege Escalation Vulnerability
Apache · HTTP Server
SaltStack Salt Authentication Bypass Vulnerability
SaltStack · Salt
Laravel Livewire Code Injection Vulnerability
Laravel · Livewire
RoundCube Webmail Cross-site Scripting Vulnerability
Roundcube · Webmail
GitLab Server-Side Request Forgery (SSRF) Vulnerability
GitLab · GitLab
Sangoma FreePBX OS Command Injection Vulnerability
Sangoma · FreePBX
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
Synacor · Zimbra Collaboration Suite (ZCS)
Gogs Path Traversal Vulnerability
Gogs · Gogs
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability
MongoDB · MongoDB and MongoDB Server
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
OSGeo · GeoServer