Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2017-9805	The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for...	Apache Software Foundation	Apache Struts	2021-11-03 00:00:00 UTC	CISA
CVE-2020-0069	In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and...	Mediatek	Android	2021-11-03 00:00:00 UTC	CISA
CVE-2020-0041	In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of...	Google	Android	2021-11-03 00:00:00 UTC	CISA
CVE-2019-2215	A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit...	Google	Android	2021-11-03 00:00:00 UTC	CISA
CVE-2020-5735	Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to...	Amcrest	Amcrest	2021-11-03 00:00:00 UTC	CISA
CVE-2018-4878	A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the...	Adobe	Adobe Flash Player before 28.0.0.161	2021-11-03 00:00:00 UTC	CISA
CVE-2018-15961	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload...	Adobe	ColdFusion	2021-11-03 00:00:00 UTC	CISA
CVE-2018-4939	Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data...	Adobe	Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions	2021-11-03 00:00:00 UTC	CISA
CVE-2021-28550	Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution	Adobe	Acrobat Reader	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21017	Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution	Adobe	Acrobat Reader	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27103	Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27101	Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is...	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27102	Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27104	Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is...	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21166	Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-15999	Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8655	An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user...	EyesOfNetwork	EyesOfNetwork	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16010	Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2018-13379	An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to...	Fortinet	Fortinet FortiOS, FortiProxy	2021-11-03 00:00:00 UTC	CISA
CVE-2020-12812	An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in...	Fortinet	Fortinet FortiOS	2021-11-03 00:00:00 UTC	CISA
CVE-2019-5591	A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by...	Fortinet	Fortinet FortiOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-35464	ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does...	ForgeRock	AM server	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22986	On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd...	F5	BIG-IP; BIG-IQ	2021-11-03 00:00:00 UTC	CISA
CVE-2020-5902	In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface...	F5	BIG-IP	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22205	An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were...	GitLab	GitLab	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 3251 - 3275 of 3822 in total