Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-10189	Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the...	Zoho	ManageEngine Desktop Central	2021-11-03 00:00:00 UTC	CISA
CVE-2019-8394	Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.	Zoho	ManageEngine ServiceDesk Plus	2021-11-03 00:00:00 UTC	CISA
CVE-2020-29583	Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account...	Zyxel	USG devices	2021-11-03 00:00:00 UTC	CISA
CVE-2021-28663	The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a...	Arm	Mali GPU kernel driver	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20023	SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the...	SonicWall	Email Security	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20022	SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the...	SonicWall	Email Security	2021-11-03 00:00:00 UTC	CISA
CVE-2019-7481	Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100...	SonicWall	SMA100	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20021	A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP...	SonicWall	Email Security	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10199	Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3643	SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated...	SolarWinds	Virtualization Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2021-35211	Serv-U Remote Memory Escape Vulnerability	SolarWinds	Serv-U Managed File Transfer Server and Serv-U Secured FTP	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10148	SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands	SolarWinds	Orion Platform	2021-11-03 00:00:00 UTC	CISA
CVE-2019-16256	Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location...	Samsung	SIMalliance Toolbox Browser	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3976	Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot...	SAP	NetWeaver AS Java	2021-11-03 00:00:00 UTC	CISA
CVE-2020-6207	SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a...	SAP SE	SAP Solution Manager (User Experience Monitoring)	2021-11-03 00:00:00 UTC	CISA
CVE-2020-6287	SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an...	SAP SE	SAP NetWeaver AS JAVA (LM Configuration Wizard)	2021-11-03 00:00:00 UTC	CISA
CVE-2016-9563	BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the...	SAP	NetWeaver AS JAVA	2021-11-03 00:00:00 UTC	CISA
CVE-2010-5326	The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote...	SAP	NetWeaver Application Server Java	2021-11-03 00:00:00 UTC	CISA
CVE-2018-2380	SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus...	SAP SE	SAP CRM	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16846	An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in...	SaltStack	Salt	2021-11-03 00:00:00 UTC	CISA
CVE-2020-11651	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly...	SaltStack	Salt	2021-11-03 00:00:00 UTC	CISA
CVE-2020-11652	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some...	SaltStack	Salt	2021-11-03 00:00:00 UTC	CISA
CVE-2017-16651	Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem,...	Roundcube	Roundcube Webmail	2021-11-03 00:00:00 UTC	CISA
CVE-2021-35395	Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access...	Realtek	Jungle SDK	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10221	lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in...	rConfig	rConfig	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 3301 - 3325 of 3822 in total