Known Exploited Vulnerabilities and counting....

A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.

Woman Looking at Computer Screen

CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.

Search Known Exploits

Search for CVEs by vendor to identify known exploited vulnerabilities in your environment

Loading vendors...

Upcoming Patch Due Dates

via Binding Operational Directive 22-01

(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.

Loading...

News Logo

Cyber Security News

You may have missed...

📌 Pinned

*

https:betanews.comMar 5

Inside a cyberattack: How hackers steal data

The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...

Read more →
https://www.ccn.comApr 2

Drift Protocol Hit by $285M Exploit: Crypto's Biggest Hack of 2026 Unfolds on April Fool's Day

Solana-based Drift Protocol suffered a $285 million exploit on April 1, 2026, the largest crypto hack of the year, using a fake token and compromised ...

Read more →
https://thehackernews.comApr 1

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Threat actors tracked as UAC-0255 impersonated Ukraine's CERT-UA on March 26-27, 2026, distributing AGEWHEEZE remote access trojan to state organizati...

Read more →
https://socradar.ioApr 2

Progress ShareFile Flaws CVE-2026-2699 & CVE-2026-2701 RCE

Newly disclosed Progress ShareFile pre-auth RCE chain allows attackers to move from unauthenticated access to server-side compromise affecting custome...

Read more →
https://www.bleepingcomputer.comApr 2

New Progress ShareFile flaws can be chained in pre-auth RCE attacks

Two vulnerabilities in Progress ShareFile (CVE-2026-2699 and CVE-2026-2701) can be chained to enable unauthenticated remote code execution on Storage ...

Read more →
https://www.bloomberg.comApr 3

FBI Calls Breach of Sensitive Agency Networks a 'Major Incident' - Bloomberg News

... ” signaling the severity of an intrusion that had already prompted the agency to launch a criminal probe and move to toughen cybersecurity.

Read more →
https://fortune.comApr 2

Mercor, a $10 billion AI startup, confirms it was the victim of a major cybersecurity breach

Mercor, a $10 billion AI training data startup serving OpenAI and Anthropic, confirmed a supply-chain attack via LiteLLM with Lapsus$ claiming to have...

Read more →
https://thehackernews.comApr 2

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Cisco Talos identified a large-scale credential harvesting operation exploiting the React2Shell vulnerability to steal database credentials, SSH keys,...

Read more →
https://thehackernews.comApr 1

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google patched 21 vulnerabilities including an actively exploited zero-day use-after-free bug in Dawn (CVE-2026-5281), marking the fourth Chrome zero-...

Read more →

Updated daily

TOP SITES

Cyber_Comply © 2021-25