Known Exploited Vulnerabilities

Focus on What Matters

There are 298,191 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2016-7200	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...	Microsoft	Edge	2022-03-28 00:00:00 UTC	CISA
CVE-2016-7201	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...	Microsoft	Edge	2022-03-28 00:00:00 UTC	CISA
CVE-2017-0037	Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the...	Microsoft	Internet Browser	2022-03-28 00:00:00 UTC	CISA
CVE-2017-0059	Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka...	Microsoft	Internet Explorer	2022-03-28 00:00:00 UTC	CISA
CVE-2017-0213	Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2,...	Microsoft	Windows COM	2022-03-28 00:00:00 UTC	CISA
CVE-2018-8405	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX...	Microsoft	Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers	2022-03-28 00:00:00 UTC	CISA
CVE-2018-8406	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX...	Microsoft	Windows Server 2016, Windows 10, Windows 10 Servers	2022-03-28 00:00:00 UTC	CISA
CVE-2018-8440	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC...	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	2022-03-28 00:00:00 UTC	CISA
CVE-2019-7483	In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of...	SonicWall	SMA100	2022-03-28 00:00:00 UTC	CISA
CVE-2021-20028	Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products,...	SonicWall	SonicWall SRA/SMA100	2022-03-28 00:00:00 UTC	CISA
CVE-2016-0151	The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2012-2539	Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow...	Microsoft	["Word 2003 SP3", "Word 2007 SP2", "Word 2007 SP3", "Word 2010 SP1", "Word Viewer", "Office Compatibility Pack SP2", "Office Compatibility Pack SP3", "Office Web Apps 2010 SP1"]	2022-03-28 00:00:00 UTC	CISA
CVE-2016-0040	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2015-2426	Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2015-2419	JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory...	Microsoft	Internet Explorer	2022-03-28 00:00:00 UTC	CISA
CVE-2015-1770	Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office...	Microsoft	Office 2013	2022-03-28 00:00:00 UTC	CISA
CVE-2013-3660	The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2013-2729	Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary...	Adobe	Reader and Acrobat	2022-03-28 00:00:00 UTC	CISA
CVE-2013-2551	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site...	Microsoft	Internet Explorer	2022-03-28 00:00:00 UTC	CISA
CVE-2013-2465	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and...	Oracle	Java SE	2022-03-28 00:00:00 UTC	CISA
CVE-2013-1690	Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly...	Mozilla	Firefox, Firefox ESR, Thunderbird, Thunderbird ESR	2022-03-28 00:00:00 UTC	CISA
CVE-2012-5076	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to...	Oracle	Java SE	2022-03-28 00:00:00 UTC	CISA
CVE-2021-34486	Windows Event Tracing Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2	2022-03-28 00:00:00 UTC	CISA
CVE-2021-38646	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2013 Service Pack 1	2022-03-28 00:00:00 UTC	CISA
CVE-2022-0543	It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which...	Debian	redis	2022-03-28 00:00:00 UTC	CISA

Displaying vulnerabilities 1101 - 1125 of 1856 in total