Critical Threat Feed
Showing vulnerabilities with a CRITICAL rating or those confirmed to be actively exploited by CISA.
CVE-2026-39399
Target: NuGet Gallery - Backend Job
CVE-2026-33824
Target: Windows - IKE Extension
CVE-2026-26149
Target: Microsoft Power Apps
CVE-2026-39813
Target: FortiSandbox - File Directory Service
CVE-2026-39808
Target: FortiSandbox - OS Command Handler
CVE-2009-0238
Actively ExploitedTarget: Microsoft Office - Excel
CVE-2023-36424
Actively ExploitedTarget: Windows - Common Log File System Driver
CVE-2023-21529
Actively ExploitedTarget: Microsoft Exchange Server - Microsoft Exchange Server
CVE-2012-1854
Actively ExploitedTarget: Microsoft Office - VBE6.dll
CVE-2026-34621
Actively ExploitedTarget: Acrobat & Reader DC (Continuous/Classic)
CVE-2026-34387
Target: Fleet - Software Installer Pipeline
CVE-2026-32186
Target: Microsoft Bing - Search Service
CVE-2026-21671
Target: Veeam Backup & Replication - Backup Administrator
CVE-2026-27825
Target: MCP Atlassian - MCP Server
CVE-2026-21622
Target: hexpm - Elixir.Hexpm.Accounts.PasswordReset
CVE-2026-25130
Target: Cybersecurity AI (CAI) - Framework
CVE-2025-14237
Target: Canon Laser Printers and Small Office Multifunctional Printers - XPS Font Parse Processing
CVE-2025-14236
Target: Canon - Address Book attribute tag processing
CVE-2025-14235
Target: Canon Laser Printers and Small Office Multifunction Printers - XPS Font FPGM Data Processing
CVE-2025-14234
Target: Canon Printers - CPCA list processing
CVE-2025-14233
Target: Canon Printers - CPCA file deletion processing
CVE-2025-14232
Target: Canon Laser Printers and Small Office Multifunction Printers - XML Processing
CVE-2025-14231
Target: Canon - Print Job Processing by WSD
CVE-2025-11250
Target: ManageEngine ADSelfService Plus - Authentication Module
CVE-2025-40604
Target: SonicWall Email Security - Appliance Root Filesystem
CVE-2025-8324
Target: ManageEngine Analytics Plus - Analytics Plus Service
CVE-2025-48983
Target: Veeam Backup & Replication - Mount service
CVE-2025-58447
Target: rAthena - Login Server
CVE-2025-50901
Target: JEEWMS - Web Application
CVE-2025-54950
Target: PyTorch - ExecuTorch
CVE-2025-45006
Target: Rocket Chip - RISC-V Processor
CVE-2025-3835
Target: ManageEngine Exchange Reporter Plus - Content Search module
CVE-2025-2146
Target: Canon Printers - WebService Authentication
CVE-2025-47928
Target: Spotipy - Python Library for Spotify Web API
CVE-2025-47154
Target: Ladybird - LibJS
CVE-2024-24421
Target: Magma - nas_message_decode function
CVE-2024-53915
Target: Veritas Enterprise Vault - Server
CVE-2024-53914
Target: Veritas Enterprise Vault - Server
CVE-2024-53913
Target: Veritas Enterprise Vault - Server
CVE-2024-53912
Target: Veritas Enterprise Vault - Server
CVE-2024-53911
Target: Veritas Enterprise Vault - Server
CVE-2024-53910
Target: Veritas Enterprise Vault - Server
CVE-2024-53909
Target: Veritas Enterprise Vault - Server
CVE-2024-45971
Target: MZ Automation LibIEC61850 - MMS Client
CVE-2024-49400
Target: Tacquito - Authorization Service
CVE-2024-32608
Target: HDF5 library
CVE-2024-46946
Target: LangChain Experimental - LLMSymbolicMathChain
CVE-2024-40568
Target: BTstack - Mesh Component
CVE-2024-40766
Actively ExploitedTarget: SonicWall SonicOS - Management Access
CVE-2024-38366
Target: CocoaPods - Trunk Server
CVE-2024-37899
Target: XWiki Platform - User Profile Service
CVE-2024-35344
Target: Anpviz IP Camera - Firmware
CVE-2024-35343
Target: Anpviz IP Cameras - Web Server
CVE-2024-33874
Target: HDF5 Library - H5Omtime.c
CVE-2024-32622
Target: HDF5 Library - H5FL
CVE-2024-32621
Target: HDF5 Library - H5HG
CVE-2024-32615
Target: HDF5 Library - H5Znbit.c
CVE-2024-32611
Target: HDF5 Library - H5Aint.c
CVE-2024-29164
Target: HDF5 - H5R__decode_heap
CVE-2024-29159
Target: HDF5 - H5Z__filter_scaleoffset
CVE-2024-29157
Target: HDF5 - H5HG_read
CVE-2024-33434
Target: CHAOS - Core Service
CVE-2024-28222
Target: NetBackup - BPCD process
CVE-2024-22394
Target: SonicOS - SSL-VPN
CVE-2026-35616
Target: FortiClientEMS - FortiClient
CVE-2026-28373
Target: Stackfield Desktop App
CVE-2026-33105
Target: Microsoft Azure Kubernetes Service - Azure Kubernetes
CVE-2026-20160
Target: Cisco Smart Software Manager On-Prem - SSM On-Prem
CVE-2026-20093
Target: Cisco Integrated Management Controller - IMC
CVE-2026-30302
Target: CodeRider-Kilo - Command Auto-Approval Module
CVE-2026-30303
Target: Axon Code - Command Auto-Approval Module
CVE-2026-30793
Target: RustDesk Client
CVE-2026-30790
Target: RustDesk Server Pro - RustDesk Server
CVE-2026-30789
Target: RustDesk Client
CVE-2026-30783
Target: RustDesk Client
CVE-2026-20131
Actively ExploitedTarget: Cisco Secure Firewall Management Center (FMC) Software
CVE-2026-32194
Target: Microsoft Bing Images - Search Engine
CVE-2026-32191
Target: Microsoft Bing Images - Search Engine
CVE-2023-54330
Target: Inbit Messenger - Network Handler
CVE-2023-38036
Target: Ivanti Avalanche - Manager
CVE-2023-40714
Target: FortiSIEM - GUI
CVE-2023-25610
Target: FortiOS - Administrative Interface
CVE-2023-37936
Target: FortiSwitch - Firmware
CVE-2023-34990
Target: FortiWLM - Web Interface
CVE-2023-20036
Target: Cisco IND - Web UI
CVE-2023-20154
Target: Cisco Modeling Labs - Web Interface
CVE-2023-45590
Target: FortiClient - Linux
CVE-2023-46808
Target: Ivanti Neurons for ITSM - File Upload Component
CVE-2023-48788
Actively ExploitedTarget: FortiClientEMS - FortiClientEMS
CVE-2023-47534
Target: FortiClientEMS - CSV Parser
CVE-2023-42789
Target: FortiOS - Firewall
CVE-2023-46241
Target: Discourse - Microsoft Auth Plugin
CVE-2023-31488
Target: Cisco Secure Email Gateway - Hyland Perceptive Filters
CVE-2023-51438
Target: SIMATIC IPC - maxView Storage Manager
CVE-2023-52174
Target: XnView Classic - xnview.exe
CVE-2023-52173
Target: XnView Classic - xnview.exe
CVE-2023-48654
Target: One Identity Password Manager - Kiosk Mode
CVE-2023-29487
Target: Heimdal Thor - Threat To Process Correlation
CVE-2023-29486
Target: Heimdal Thor - Next-Gen Antivirus
CVE-2023-29485
Target: Heimdal Thor - DarkLayer Guard