Known Exploited Vulnerabilities

Focus on What Matters

There are 297,776 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-32315	Openfire administration console authentication bypass	igniterealtime	Openfire	2023-08-24 00:00:00 UTC	CISA
CVE-2023-27532	Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may...	n/a	Veeam Backup & Replication	2023-08-22 00:00:00 UTC	CISA
CVE-2023-38035	A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass...	Ivanti	MobileIron Sentry	2023-08-22 00:00:00 UTC	CISA
CVE-2023-26359	Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution	Adobe	ColdFusion	2023-08-21 00:00:00 UTC	CISA
CVE-2023-40711	Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to...	n/a	n/a	2023-08-20 00:00:00 UTC	CVE
CVE-2023-24489	A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated...	Citrix	Citrix ShareFile Storage Zones Controller	2023-08-16 00:00:00 UTC	CISA
CVE-2023-38180	.NET and Visual Studio Denial of Service Vulnerability	Microsoft	ASP.NET Core 2.1, .NET 6.0, .NET 7.0, Microsoft Visual Studio 2022 version 17.2, Microsoft Visual Studio 2022 version 17.4, Microsoft Visual Studio 2022 version 17.6	2023-08-09 00:00:00 UTC	CISA
CVE-2023-39910	The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an...	n/a	n/a	2023-08-09 00:00:00 UTC	CVE
CVE-2017-18368	The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the...	ZyXEL	P660HN-T1A v1 TCLinux Fw	2023-08-07 00:00:00 UTC	CISA
CVE-2023-3162	The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This...	webtoffee	Stripe Payment Plugin for WooCommerce	2023-08-01 07:50:22 UTC	Wordfence
CVE-2023-35081	A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated...	Ivanti	EPMM	2023-07-31 00:00:00 UTC	CISA
CVE-2023-37580	Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.	n/a	n/a	2023-07-27 00:00:00 UTC	CISA
CVE-2023-38606	This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and...	Apple	tvOS, iOS and iPadOS, macOS, watchOS	2023-07-26 00:00:00 UTC	CISA
CVE-2023-35078	An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application...	Ivanti	Endpoint Manager Mobile	2023-07-25 00:00:00 UTC	CISA
CVE-2023-38205	ColdFusion Bypass - Vulnerability disclosure in ColdFusion \| BYPASS CVE-2023-29298	Adobe	ColdFusion	2023-07-20 00:00:00 UTC	CISA
CVE-2023-29298	Adobe ColdFusion Improper Access Control Security feature bypass	Adobe	ColdFusion	2023-07-20 00:00:00 UTC	CISA
CVE-2023-3519	Unauthenticated remote code execution	Citrix	NetScaler ADC, NetScaler Gateway	2023-07-19 00:00:00 UTC	CISA
CVE-2023-28121	An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of...	n/a	WooCommerce Payments WordPress Plugin	2023-07-17 10:27:14 UTC	Wordfence
CVE-2023-36884	Windows Search Remote Code Execution Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-07-17 00:00:00 UTC	CISA
CVE-2022-29303	SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.	n/a	n/a	2023-07-13 00:00:00 UTC	CISA
CVE-2023-37450	The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5,...	Apple	Safari, tvOS, iOS and iPadOS, macOS, watchOS	2023-07-13 00:00:00 UTC	CISA
CVE-2023-38198	acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.	n/a	n/a	2023-07-13 00:00:00 UTC	CVE
CVE-2022-31199	Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor...	n/a	n/a	2023-07-11 00:00:00 UTC	CISA
CVE-2023-36874	Windows Error Reporting Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-07-11 00:00:00 UTC	CISA
CVE-2023-35311	Microsoft Outlook Security Feature Bypass Vulnerability	Microsoft	Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2019, Microsoft Outlook 2016, Microsoft Outlook 2013, Microsoft Outlook 2013 Service Pack 1	2023-07-11 00:00:00 UTC	CISA

Displaying vulnerabilities 676 - 700 of 1853 in total