Known Exploited Vulnerabilities

Focus on What Matters

There are 349,612 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2018-0296	A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an...	Cisco	Cisco Adaptive Security Appliance unknown	2021-11-03 00:00:00 UTC	CISA
CVE-2019-13608	Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.	Citrix	StoreFront Server	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8193	Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...	Citrix	Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8195	Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...	Citrix	Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8196	Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...	Citrix	Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP	2021-11-03 00:00:00 UTC	CISA
CVE-2019-19781	An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.	Citrix	Application Delivery Controller and Gateway	2021-11-03 00:00:00 UTC	CISA
CVE-2019-11634	Citrix Workspace App before 1904 for Windows has Incorrect Access Control.	Citrix	Workspace App	2021-11-03 00:00:00 UTC	CISA
CVE-2020-29557	An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to...	D-Link	DIR-825 R1	2021-11-03 00:00:00 UTC	CISA
CVE-2020-25506	D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code...	D-Link	DNS-320	2021-11-03 00:00:00 UTC	CISA
CVE-2018-15811	DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.	DNN	DotNetNuke	2021-11-03 00:00:00 UTC	CISA
CVE-2018-18325	DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an...	DNN Software	DNN Platform	2021-11-03 00:00:00 UTC	CISA
CVE-2017-9822	DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."	DotNetNuke	DotNetNuke CMS Fixed in 9.1.1	2021-11-03 00:00:00 UTC	CISA
CVE-2019-15752	Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file...	Docker	Docker Desktop Community Edition	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8515	DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as...	DrayTek	Vigor2960, Vigor3900, Vigor300B	2021-11-03 00:00:00 UTC	CISA
CVE-2018-7600	Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an...	Drupal	Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1	2021-11-03 00:00:00 UTC	CISA
CVE-2020-29583	Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account...	Zyxel	USG devices	2021-11-03 00:00:00 UTC	CISA
CVE-2019-8394	Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.	Zoho	ManageEngine ServiceDesk Plus	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10189	Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the...	Zoho	ManageEngine Desktop Central	2021-11-03 00:00:00 UTC	CISA
CVE-2021-40539	Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.	Zoho	ManageEngine ADSelfService Plus	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27561	Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.	Yealink	Device Management	2021-11-03 00:00:00 UTC	CISA
CVE-2019-9978	The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as...	Warfare Plugins	Social Warfare	2021-11-03 00:00:00 UTC	CISA
CVE-2020-11738	The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file...	Snap Creek	Duplicator	2021-11-03 00:00:00 UTC	CISA
CVE-2020-25213	The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it...	WordPress	File Manager plugin	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4006	VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.	VMware	VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21985	The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in...	VMware	VMware vCenter Server and VMware Cloud Foundation	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 3601 - 3625 of 3822 in total