Known Exploited Vulnerabilities

Focus on What Matters

There are 297,722 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-21762	A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0...	Fortinet	FortiProxy, FortiOS	2024-02-09 00:00:00 UTC	CISA
CVE-2024-23660	The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and...	n/a	n/a	2024-02-08 00:00:00 UTC	CVE
CVE-2023-4762	Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page....	Google	Chrome	2024-02-06 00:00:00 UTC	CISA
CVE-2024-21893	A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and...	Ivanti	ICS, IPS	2024-01-31 00:00:00 UTC	CISA
CVE-2022-48618	The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An...	Apple	tvOS, macOS, iOS and iPadOS, watchOS	2024-01-31 00:00:00 UTC	CISA
CVE-2023-22527	A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an...	Atlassian	Confluence Data Center, Confluence Server	2024-01-24 00:00:00 UTC	CISA
CVE-2024-23222	A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3....	Apple	iOS and iPadOS, tvOS, macOS	2024-01-23 00:00:00 UTC	CISA
CVE-2023-34048	VMware vCenter Server Out-of-Bounds Write Vulnerability	VMware	VMware vCenter Server, VMware Cloud Foundation (VMware vCenter Server)	2024-01-22 00:00:00 UTC	CISA
CVE-2023-35082	An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of...	Ivanti	EPMM	2024-01-18 00:00:00 UTC	CISA
CVE-2024-0519	Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2024-01-17 00:00:00 UTC	CISA
CVE-2023-6548	Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or...	Cloud Software Group	NetScaler ADC , NetScaler Gateway	2024-01-17 00:00:00 UTC	CISA
CVE-2023-6549	Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of...	Cloud Software Group	NetScaler ADC	2024-01-17 00:00:00 UTC	CISA
CVE-2018-15133	In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially...	Laravel	Laravel Framework	2024-01-16 00:00:00 UTC	CISA
CVE-2024-21887	A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an...	Ivanti	ICS, IPS	2024-01-10 00:00:00 UTC	CISA
CVE-2023-46805	An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access...	Ivanti	ICS, IPS	2024-01-10 00:00:00 UTC	CISA
CVE-2023-29357	Microsoft SharePoint Server Elevation of Privilege Vulnerability	Microsoft	Microsoft SharePoint Server 2019	2024-01-10 00:00:00 UTC	CISA
CVE-2016-20017	D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in...	D-Link	DSL-2750B	2024-01-08 00:00:00 UTC	CISA
CVE-2023-23752	[20230201] - Core - Improper access check in webservice endpoints	Joomla! Project	Joomla! CMS	2024-01-08 00:00:00 UTC	CISA
CVE-2023-41990	The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS...	Apple	iOS and iPadOS, tvOS, macOS, watchOS	2024-01-08 00:00:00 UTC	CISA
CVE-2023-38203	Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE	Adobe	ColdFusion	2024-01-08 00:00:00 UTC	CISA
CVE-2023-27524	Apache Superset: Session validation vulnerability when using provided default SECRET_KEY	Apache Software Foundation	Apache Superset	2024-01-08 00:00:00 UTC	CISA
CVE-2023-29300	Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution	Adobe	ColdFusion	2024-01-08 00:00:00 UTC	CISA
CVE-2023-7024	Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2024-01-02 00:00:00 UTC	CISA
CVE-2023-7101	Arbitrary Code Execution (ACE) Vulnerability	Douglas Wilson	Spreadsheet::ParseExcel	2024-01-02 00:00:00 UTC	CISA
CVE-2023-47565	Legacy VioStor NVR	QNAP Systems Inc.	VioStor NVR	2023-12-21 00:00:00 UTC	CISA

Displaying vulnerabilities 576 - 600 of 1853 in total