Known Exploited Vulnerabilities

Focus on What Matters

There are 304,517 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-24200	An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical...	Apple	iPadOS, iOS and iPadOS	2025-02-12 00:00:00 UTC	CISA
CVE-2025-21391	Windows Storage Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2025-02-11 00:00:00 UTC	CISA
CVE-2025-21418	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-02-11 00:00:00 UTC	CISA
CVE-2024-40890	UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A...	Zyxel	VMG4325-B10A firmware	2025-02-11 00:00:00 UTC	CISA
CVE-2024-40891	UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel...	Zyxel	VMG4325-B10A firmware	2025-02-11 00:00:00 UTC	CISA
CVE-2025-0994	Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization...	Trimble	Cityworks, Cityworks (with office companion)	2025-02-07 00:00:00 UTC	CISA
CVE-2020-15069	Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless...	n/a	n/a	2025-02-06 00:00:00 UTC	CISA
CVE-2025-0411	7-Zip Mark-of-the-Web Bypass Vulnerability	7-Zip	7-Zip	2025-02-06 00:00:00 UTC	CISA
CVE-2022-23748	mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what...	n/a	Audinate Dante Application Library for Windows	2025-02-06 00:00:00 UTC	CISA
CVE-2024-21413	Microsoft Outlook Remote Code Execution Vulnerability	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016	2025-02-06 00:00:00 UTC	CISA
CVE-2020-29574	An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL...	n/a	n/a	2025-02-06 00:00:00 UTC	CISA
CVE-2024-53104	media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format	Linux	Linux	2025-02-05 00:00:00 UTC	CISA
CVE-2018-9276	An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with...	Paessler AG	PRTG Network Monitor	2025-02-04 00:00:00 UTC	CISA
CVE-2018-19410	PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including...	Paessler	PRTG Network Monitor	2025-02-04 00:00:00 UTC	CISA
CVE-2024-29059	.NET Framework Information Disclosure Vulnerability	Microsoft	Microsoft .NET Framework 4.8, Microsoft .NET Framework 3.5 AND 4.8, Microsoft .NET Framework 3.5 AND 4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5 AND 4.8.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.2, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1	2025-02-04 00:00:00 UTC	CISA
CVE-2024-45195	Apache OFBiz: Confused controller-view authorization logic (forced browsing)	Apache Software Foundation	Apache OFBiz	2025-02-04 00:00:00 UTC	CISA
CVE-2025-24085	A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia...	Apple	visionOS, tvOS, macOS, watchOS, iOS and iPadOS	2025-01-29 00:00:00 UTC	CISA
CVE-2025-23006	Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and...	SonicWall	SMA1000	2025-01-24 00:00:00 UTC	CISA
CVE-2020-11023	Potential XSS vulnerability in jQuery	jquery	jQuery	2025-01-23 00:00:00 UTC	CISA
CVE-2024-50603	An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements...	Aviatrix	Controller	2025-01-16 00:00:00 UTC	CISA
CVE-2025-21334	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025	2025-01-14 00:00:00 UTC	CISA
CVE-2025-21335	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025	2025-01-14 00:00:00 UTC	CISA
CVE-2025-21333	Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025	2025-01-14 00:00:00 UTC	CISA
CVE-2024-55591	An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and...	Fortinet	FortiOS, FortiProxy	2025-01-14 00:00:00 UTC	CISA
CVE-2024-12686	Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)	BeyondTrust	Remote Support(RS) & Privileged Remote Access(PRA)	2025-01-13 00:00:00 UTC	CISA

Displaying vulnerabilities 526 - 550 of 2010 in total