Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2018-6789	An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may...	Exim	Exim	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8657	An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API...	EyesOfNetwork	EyesOfNetwork	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8468	Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape...	Trend Micro	Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)	2021-11-03 00:00:00 UTC	CISA
CVE-2020-24557	A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a...	Trend Micro	Trend Micro Apex One, Trend Micro Worry-Free Business Security	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8599	Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an...	Trend Micro	Trend Micro OfficeScan, Trend Micro Apex One	2021-11-03 00:00:00 UTC	CISA
CVE-2021-36742	A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1...	Trend Micro	Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security	2021-11-03 00:00:00 UTC	CISA
CVE-2021-36741	An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1...	Trend Micro	Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security	2021-11-03 00:00:00 UTC	CISA
CVE-2019-20085	TVT NVMS-1000 devices allow GET /.. Directory Traversal	TVT	NVMS-1000	2021-11-03 00:00:00 UTC	CISA
CVE-2020-5849	Unraid 6.8.0 allows authentication bypass.	Limetech	Unraid	2021-11-03 00:00:00 UTC	CISA
CVE-2020-5847	Unraid through 6.8.0 allows Remote Code Execution.	Lime Technology	Unraid	2021-11-03 00:00:00 UTC	CISA
CVE-2019-16759	vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.	vBulletin	vBulletin	2021-11-03 00:00:00 UTC	CISA
CVE-2020-17496	vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel...	vBulletin	vBulletin	2021-11-03 00:00:00 UTC	CISA
CVE-2019-5544	OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...	VMware	ESXi and Horizon DaaS	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3992	OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a...	VMware	VMware ESXi	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3950	VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before...	VMware	VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22005	The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on...	VMware	VMware vCenter Server, VMware Cloud Foundation	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3952	Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does...	VMware	VMware vCenter Server	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21972	The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port...	VMware	VMware vCenter Server, VMware Cloud Foundation	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21985	The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in...	VMware	VMware vCenter Server and VMware Cloud Foundation	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4006	VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.	VMware	VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2020-25213	The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it...	WordPress	File Manager plugin	2021-11-03 00:00:00 UTC	CISA
CVE-2020-11738	The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file...	Snap Creek	Duplicator	2021-11-03 00:00:00 UTC	CISA
CVE-2019-9978	The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as...	Warfare Plugins	Social Warfare	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27561	Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.	Yealink	Device Management	2021-11-03 00:00:00 UTC	CISA
CVE-2021-40539	Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.	Zoho	ManageEngine ADSelfService Plus	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 3276 - 3300 of 3822 in total