Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-18187	Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files...	Trend Micro	Trend Micro OfficeScan	2021-11-03 00:00:00 UTC	CISA
CVE-2019-9082	ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via...	ThinkPHP	ThinkPHP	2021-11-03 00:00:00 UTC	CISA
CVE-2018-20062	An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of...	NoneCms	NoneCms	2021-11-03 00:00:00 UTC	CISA
CVE-2018-14558	An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through...	Tenda	AC7, AC9, AC10	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10987	The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the...	Tenda	AC15 AC1900	2021-11-03 00:00:00 UTC	CISA
CVE-2021-31755	An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows...	Tenda	AC11	2021-11-03 00:00:00 UTC	CISA
CVE-2017-9248	Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect...	Progress	Telerik UI for ASP.NET AJAX	2021-11-03 00:00:00 UTC	CISA
CVE-2019-18988	TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers'...	TeamViewer	TeamViewer Desktop	2021-11-03 00:00:00 UTC	CISA
CVE-2017-6327	The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual...	Symantec Corporation	Messaging Gateway	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10181	goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges...	Sumavision	Enhanced Multimedia Router (EMR)	2021-11-03 00:00:00 UTC	CISA
CVE-2020-12271	A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in...	Sophos	XG Firewall	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27104	Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is...	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27102	Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27101	Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is...	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27103	Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.	Accellion	FTA	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21017	Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution	Adobe	Acrobat Reader	2021-11-03 00:00:00 UTC	CISA
CVE-2021-28550	Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution	Adobe	Acrobat Reader	2021-11-03 00:00:00 UTC	CISA
CVE-2018-4939	Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data...	Adobe	Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions	2021-11-03 00:00:00 UTC	CISA
CVE-2018-15961	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload...	Adobe	ColdFusion	2021-11-03 00:00:00 UTC	CISA
CVE-2018-4878	A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the...	Adobe	Adobe Flash Player before 28.0.0.161	2021-11-03 00:00:00 UTC	CISA
CVE-2020-5735	Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to...	Amcrest	Amcrest	2021-11-03 00:00:00 UTC	CISA
CVE-2019-2215	A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit...	Google	Android	2021-11-03 00:00:00 UTC	CISA
CVE-2020-0041	In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of...	Google	Android	2021-11-03 00:00:00 UTC	CISA
CVE-2020-0069	In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and...	Mediatek	Android	2021-11-03 00:00:00 UTC	CISA
CVE-2017-9805	The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for...	Apache Software Foundation	Apache Struts	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 3526 - 3550 of 3822 in total