Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-30657	A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A...	Apple	macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30665	A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS...	Apple	macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30663	An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3,...	Apple	macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30761	A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web...	Apple	iOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30869	A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2,...	Apple	iOS and iPadOS, macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2020-9859	A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5...	Apple	iOS, macOS, tvOS, watchOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20090	A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <=...	Buffalo	Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27562	In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when...	Arm	Trusted Firmware M	2021-11-03 00:00:00 UTC	CISA
CVE-2021-28664	The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve...	Arm	Mali GPU kernel driver	2021-11-03 00:00:00 UTC	CISA
CVE-2021-28663	The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a...	Arm	Mali GPU kernel driver	2021-11-03 00:00:00 UTC	CISA
CVE-2019-3398	Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission...	Atlassian	Confluence	2021-11-03 00:00:00 UTC	CISA
CVE-2021-26084	In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to...	Atlassian	Confluence Server, Confluence Data Center	2021-11-03 00:00:00 UTC	CISA
CVE-2019-11580	Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send...	Atlassian	Crowd	2021-11-03 00:00:00 UTC	CISA
CVE-2019-3396	The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3...	Atlassian	Confluence Server	2021-11-03 00:00:00 UTC	CISA
CVE-2021-42258	BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild...	BQE	BillQuick Web Suite	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3452	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability	Cisco	Cisco Adaptive Security Appliance (ASA) Software	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3580	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities	Cisco	Cisco Adaptive Security Appliance (ASA) Software	2021-11-03 00:00:00 UTC	CISA
CVE-2021-1497	Cisco HyperFlex HX Command Injection Vulnerabilities	Cisco	Cisco HyperFlex HX Data Platform	2021-11-03 00:00:00 UTC	CISA
CVE-2021-1498	Cisco HyperFlex HX Command Injection Vulnerabilities	Cisco	Cisco HyperFlex HX Data Platform	2021-11-03 00:00:00 UTC	CISA
CVE-2018-0171	A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to...	Cisco	Cisco IOS and IOS XE	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3118	Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability	Cisco	Cisco IOS XR Software	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3566	Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability	Cisco	Cisco IOS XR Software	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3569	Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities	Cisco	Cisco IOS XR Software	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3161	Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability	Cisco	Cisco IP phone	2021-11-03 00:00:00 UTC	CISA
CVE-2019-1653	Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability	Cisco	Cisco Small Business RV Series Router Firmware	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 3576 - 3600 of 3822 in total