Known Exploited Vulnerabilities

Focus on What Matters

There are 297,582 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-21413	Microsoft Outlook Remote Code Execution Vulnerability	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016	2025-02-06 00:00:00 UTC	CISA
CVE-2020-29574	An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL...	n/a	n/a	2025-02-06 00:00:00 UTC	CISA
CVE-2024-53104	media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format	Linux	Linux	2025-02-05 00:00:00 UTC	CISA
CVE-2018-9276	An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with...	Paessler AG	PRTG Network Monitor	2025-02-04 00:00:00 UTC	CISA
CVE-2018-19410	PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including...	Paessler	PRTG Network Monitor	2025-02-04 00:00:00 UTC	CISA
CVE-2024-29059	.NET Framework Information Disclosure Vulnerability	Microsoft	Microsoft .NET Framework 4.8, Microsoft .NET Framework 3.5 AND 4.8, Microsoft .NET Framework 3.5 AND 4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5 AND 4.8.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.2, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1	2025-02-04 00:00:00 UTC	CISA
CVE-2024-45195	Apache OFBiz: Confused controller-view authorization logic (forced browsing)	Apache Software Foundation	Apache OFBiz	2025-02-04 00:00:00 UTC	CISA
CVE-2025-24085	A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia...	Apple	visionOS, tvOS, macOS, watchOS, iOS and iPadOS	2025-01-29 00:00:00 UTC	CISA
CVE-2025-23006	Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and...	SonicWall	SMA1000	2025-01-24 00:00:00 UTC	CISA
CVE-2020-11023	Potential XSS vulnerability in jQuery	jquery	jQuery	2025-01-23 00:00:00 UTC	CISA
CVE-2024-50603	An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements...	Aviatrix	Controller	2025-01-16 00:00:00 UTC	CISA
CVE-2025-21334	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025	2025-01-14 00:00:00 UTC	CISA
CVE-2025-21335	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025	2025-01-14 00:00:00 UTC	CISA
CVE-2025-21333	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025	2025-01-14 00:00:00 UTC	CISA
CVE-2024-55591	An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy...	Fortinet	FortiOS, FortiProxy	2025-01-14 00:00:00 UTC	CISA
CVE-2024-12686	Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)	BeyondTrust	Remote Support(RS) & Privileged Remote Access(PRA)	2025-01-13 00:00:00 UTC	CISA
CVE-2023-48365	Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation...	n/a	n/a	2025-01-13 00:00:00 UTC	CISA
CVE-2024-12847	NETGEAR DGN setup.cgi OS Command Injection	NETGEAR	DGN1000	2025-01-10 19:36:36 UTC	CVE
CVE-2025-0282	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons...	Ivanti	Connect Secure, Policy Secure, Neurons for ZTA gateways	2025-01-08 00:00:00 UTC	CISA
CVE-2020-2883	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are...	Oracle Corporation	WebLogic Server	2025-01-07 00:00:00 UTC	CISA
CVE-2024-41713	A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated...	n/a	n/a	2025-01-07 00:00:00 UTC	CISA
CVE-2024-55550	Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to...	n/a	n/a	2025-01-07 00:00:00 UTC	CISA
CVE-2024-3393	PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet	Palo Alto Networks	Cloud NGFW, PAN-OS	2024-12-30 00:00:00 UTC	CISA
CVE-2021-44207	Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.	n/a	n/a	2024-12-23 00:00:00 UTC	CISA
CVE-2024-12356	Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)	BeyondTrust	Remote Support, Privileged Remote Access	2024-12-19 00:00:00 UTC	CISA

Displaying vulnerabilities 376 - 400 of 1851 in total