Known Exploited Vulnerabilities

Focus on What Matters

There are 297,721 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-49897	An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this...	FXC Inc.	AE1021PE, AE1021	2023-12-21 00:00:00 UTC	CISA
CVE-2023-6448	Unitronics VisiLogic uses a default administrative password	Unitronics	VisiLogic	2023-12-11 00:00:00 UTC	CISA
CVE-2023-50428	In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code...	n/a	n/a	2023-12-09 00:00:00 UTC	CVE
CVE-2023-41266	A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and...	n/a	n/a	2023-12-07 00:00:00 UTC	CISA
CVE-2023-41265	An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7...	n/a	n/a	2023-12-07 00:00:00 UTC	CISA
CVE-2022-22071	Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto,...	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music	2023-12-05 00:00:00 UTC	CISA
CVE-2023-33063	Use After Free in DSP Services	Qualcomm, Inc.	Snapdragon	2023-12-05 00:00:00 UTC	CISA
CVE-2023-33106	Use of Out-of-range Pointer Offset in Graphics	Qualcomm, Inc.	Snapdragon	2023-12-05 00:00:00 UTC	CISA
CVE-2023-33107	Integer Overflow or Wraparound in Graphics Linux	Qualcomm, Inc.	Snapdragon	2023-12-05 00:00:00 UTC	CISA
CVE-2023-42917	A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,...	Apple	Safari, macOS, iOS and iPadOS	2023-12-04 00:00:00 UTC	CISA
CVE-2023-42916	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,...	Apple	Safari, macOS, iOS and iPadOS	2023-12-04 00:00:00 UTC	CISA
CVE-2023-6345	Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially...	Google	Chrome	2023-11-30 00:00:00 UTC	CISA
CVE-2023-49103	An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party...	n/a	n/a	2023-11-30 00:00:00 UTC	CISA
CVE-2023-4911	Glibc: buffer overflow in ld.so leading to privilege escalation	, Red Hat	, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7	2023-11-21 00:00:00 UTC	CISA
CVE-2023-36584	Windows Mark of the Web Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-11-16 00:00:00 UTC	CISA
CVE-2020-2551	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are...	Oracle Corporation	WebLogic Server	2023-11-16 00:00:00 UTC	CISA
CVE-2023-1671	A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of...	Sophos	Sophos Web Appliance	2023-11-16 00:00:00 UTC	CISA
CVE-2023-47630	Attacker can cause Kyverno user to unintentionally consume insecure image	kyverno	kyverno	2023-11-14 20:59:46 UTC	CVE
CVE-2023-36033	Windows DWM Core Library Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)	2023-11-14 00:00:00 UTC	CISA
CVE-2023-36036	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2	2023-11-14 00:00:00 UTC	CISA
CVE-2023-36025	Windows SmartScreen Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-11-14 00:00:00 UTC	CISA
CVE-2023-42813	Denial of service from malicious manifest in kyverno	kyverno	kyverno	2023-11-13 20:34:23 UTC	CVE
CVE-2023-42814	Denial of service from malicious image manifest in kyverno	kyverno	kyverno	2023-11-13 20:34:05 UTC	CVE
CVE-2023-42815	Denial of service from malicious image manifest in kyverno	kyverno	kyverno	2023-11-13 20:33:24 UTC	CVE
CVE-2023-42816	Denial of service from malicious signature in kyverno	kyverno	kyverno	2023-11-13 20:23:16 UTC	CVE

Displaying vulnerabilities 601 - 625 of 1853 in total