Known Exploited Vulnerabilities

Focus on What Matters

There are 297,779 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-3079	Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2023-06-07 00:00:00 UTC	CISA
CVE-2023-33009	A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series...	Zyxel	ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware	2023-06-05 00:00:00 UTC	CISA
CVE-2023-33010	A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series...	Zyxel	ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware	2023-06-05 00:00:00 UTC	CISA
CVE-2023-34362	In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL...	n/a	n/a	2023-06-02 00:00:00 UTC	CISA
CVE-2023-27640	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the...	n/a	n/a	2023-06-01 00:00:00 UTC	CVE
CVE-2023-27639	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the...	n/a	n/a	2023-06-01 00:00:00 UTC	CVE
CVE-2023-28771	Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG...	Zyxel	ZyWALL/USG series firmware, VPN series firmware, USG FLEX series firmware, ATP series firmware	2023-05-31 00:00:00 UTC	CISA
CVE-2023-2868	Remote Code injection in Barracuda Email Security Gateway	Barracuda	Barracuda Email Security Gateway	2023-05-26 00:00:00 UTC	CISA
CVE-2023-32373	A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6...	Apple	macOS, Safari, watchOS, iOS and iPadOS, tvOS	2023-05-22 00:00:00 UTC	CISA
CVE-2023-28204	An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6...	Apple	macOS, Safari, watchOS, iOS and iPadOS, tvOS	2023-05-22 00:00:00 UTC	CISA
CVE-2023-32409	The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS...	Apple	macOS, Safari, watchOS, iOS and iPadOS, tvOS	2023-05-22 00:00:00 UTC	CISA
CVE-2023-33297	Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the...	n/a	n/a	2023-05-22 00:00:00 UTC	CVE
CVE-2004-1464	Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP...	Cisco	IOS	2023-05-19 00:00:00 UTC	CISA
CVE-2023-21492	Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.	Samsung Mobile	Samsung Mobile Devices	2023-05-19 00:00:00 UTC	CISA
CVE-2016-6415	The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x,...	Cisco	IOS, IOS XE, IOS XR, PIX	2023-05-19 00:00:00 UTC	CISA
CVE-2023-32243	WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation	WPDeveloper	Essential Addons for Elementor	2023-05-17 09:33:52 UTC	Wordfence
CVE-2023-25717	Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a...	n/a	n/a	2023-05-12 00:00:00 UTC	CISA
CVE-2015-5317	The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name...	Jenkins	Jenkins	2023-05-12 00:00:00 UTC	CISA
CVE-2010-3904	The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36...	Linux	Linux Kernel	2023-05-12 00:00:00 UTC	CISA
CVE-2016-3427	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect...	Oracle	Java SE	2023-05-12 00:00:00 UTC	CISA
CVE-2014-0196	The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO &...	Linux	Linux Kernel	2023-05-12 00:00:00 UTC	CISA
CVE-2016-8735	Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before...	Apache Software Foundation	Apache Tomcat	2023-05-12 00:00:00 UTC	CISA
CVE-2021-3560	It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the...	n/a	polkit	2023-05-12 00:00:00 UTC	CISA
CVE-2023-24932	Secure Boot Security Feature Bypass Vulnerability	Microsoft	Windows Server 2025 (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-05-09 17:03:07 UTC	CVE
CVE-2023-29336	Win32k Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-05-09 00:00:00 UTC	CISA

Displaying vulnerabilities 726 - 750 of 1853 in total