Known Exploited Vulnerabilities

Focus on What Matters

There are 298,223 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-3010	Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily...	Oracle Corporation	Solaris Operating System	2022-05-25 00:00:00 UTC	CISA
CVE-2016-3393	Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows...	Microsoft	Windows	2022-05-25 00:00:00 UTC	CISA
CVE-2016-7256	atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...	Microsoft	Windows	2022-05-25 00:00:00 UTC	CISA
CVE-2016-1010	Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on...	Adobe	Flash Player	2022-05-25 00:00:00 UTC	CISA
CVE-2016-0984	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before...	Adobe	Flash Player	2022-05-25 00:00:00 UTC	CISA
CVE-2016-0034	Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or...	Microsoft	Silverlight	2022-05-25 00:00:00 UTC	CISA
CVE-2015-0310	Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly...	Adobe	Flash Player	2022-05-25 00:00:00 UTC	CISA
CVE-2015-0016	Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2...	Microsoft	Windows	2022-05-25 00:00:00 UTC	CISA
CVE-2015-0071	Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet...	Microsoft	Internet Explorer	2022-05-25 00:00:00 UTC	CISA
CVE-2015-2360	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1,...	Microsoft	Windows	2022-05-25 00:00:00 UTC	CISA
CVE-2015-2425	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web...	Microsoft	Internet Explorer	2022-05-25 00:00:00 UTC	CISA
CVE-2015-1769	Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold...	Microsoft	Windows	2022-05-25 00:00:00 UTC	CISA
CVE-2015-4495	The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the...	Mozilla	Firefox	2022-05-25 00:00:00 UTC	CISA
CVE-2015-8651	Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux,...	Adobe	Flash Player	2022-05-25 00:00:00 UTC	CISA
CVE-2015-6175	The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of...	Microsoft	Windows 10	2022-05-25 00:00:00 UTC	CISA
CVE-2015-1671	The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2;...	Microsoft	Windows DirectWrite	2022-05-25 00:00:00 UTC	CISA
CVE-2014-4148	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...	Microsoft	Windows	2022-05-25 00:00:00 UTC	CISA
CVE-2014-8439	Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before...	Adobe	Flash Player	2022-05-25 00:00:00 UTC	CISA
CVE-2014-4123	Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of...	Microsoft	Internet Explorer	2022-05-25 00:00:00 UTC	CISA
CVE-2014-0546	Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and...	Adobe	Reader and Acrobat	2022-05-25 00:00:00 UTC	CISA
CVE-2017-18362	ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to...	ConnectWise	ManagedITSync integration for Kaseya VSA	2022-05-24 00:00:00 UTC	CISA
CVE-2017-8543	Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8,...	Microsoft	Microsoft Windows	2022-05-24 00:00:00 UTC	CISA
CVE-2017-8291	Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile...	Artifex	Ghostscript	2022-05-24 00:00:00 UTC	CISA
CVE-2017-0210	An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an...	Microsoft	Internet Explorer	2022-05-24 00:00:00 UTC	CISA
CVE-2017-0149	Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...	Microsoft	Internet Explorer	2022-05-24 00:00:00 UTC	CISA

Displaying vulnerabilities 976 - 1000 of 1857 in total