Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-4102	Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-12-15 00:00:00 UTC	CISA
CVE-2017-12149	In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the...	Red Hat, Inc.	jbossas	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44515	Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild...	Zoho	ManageEngine Desktop Central	2021-12-10 00:00:00 UTC	CISA
CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...	Linux	kernel	2021-12-10 00:00:00 UTC	CISA
CVE-2021-35394	Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The...	Realtek	Jungle SDK	2021-12-10 00:00:00 UTC	CISA
CVE-2019-7238	Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.	Sonatype	Nexus Repository Manager	2021-12-10 00:00:00 UTC	CISA
CVE-2020-8816	Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.	Pi-hole	Pi-hole Web	2021-12-10 00:00:00 UTC	CISA
CVE-2020-17463	FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.	daylightstudio	FUEL CMS	2021-12-10 00:00:00 UTC	CISA
CVE-2010-1871	JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...	Red Hat	JBoss Enterprise Application Platform	2021-12-10 00:00:00 UTC	CISA
CVE-2017-12149	In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the...	Red Hat, Inc.	jbossas	2021-12-10 00:00:00 UTC	CISA
CVE-2017-17562	Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of...	Embedthis	GoAhead	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44168	A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local...	Fortinet	Fortinet FortiOS	2021-12-10 00:00:00 UTC	CISA
CVE-2019-0193	In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the...	Apache	Apache Solr	2021-12-10 00:00:00 UTC	CISA
CVE-2019-7238	Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.	Sonatype	Nexus Repository Manager	2021-12-10 00:00:00 UTC	CISA
CVE-2021-35394	Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The...	Realtek	Jungle SDK	2021-12-10 00:00:00 UTC	CISA
CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...	Linux	kernel	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44515	Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild...	Zoho	ManageEngine Desktop Central	2021-12-10 00:00:00 UTC	CISA
CVE-2019-10758	mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to...	mongo-express	mongo-express	2021-12-10 00:00:00 UTC	CISA
CVE-2020-8816	Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.	Pi-hole	Pi-hole Web	2021-12-10 00:00:00 UTC	CISA
CVE-2020-17463	FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.	daylightstudio	FUEL CMS	2021-12-10 00:00:00 UTC	CISA
CVE-2010-1871	JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...	Red Hat	JBoss Enterprise Application Platform	2021-12-10 00:00:00 UTC	CISA
CVE-2019-0193	In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the...	Apache	Apache Solr	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44168	A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local...	Fortinet	Fortinet FortiOS	2021-12-10 00:00:00 UTC	CISA
CVE-2017-17562	Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of...	Embedthis	GoAhead	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44228	Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints	Apache Software Foundation	Apache Log4j2	2021-12-10 00:00:00 UTC	CISA

Displaying vulnerabilities 3051 - 3075 of 3822 in total