Known Exploited Vulnerabilities

Focus on What Matters

There are 298,186 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-2021	PAN-OS: Authentication Bypass in SAML Authentication	Palo Alto Networks	PAN-OS	2022-03-25 00:00:00 UTC	CISA
CVE-2020-2506	improper access control vulnerability in Helpdesk	QNAP Systems Inc.	Helpdesk	2022-03-25 00:00:00 UTC	CISA
CVE-2020-25223	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2020-5410	Directory Traversal with spring-cloud-config-server	Spring by VMware	Spring Cloud Config	2022-03-25 00:00:00 UTC	CISA
CVE-2020-7247	smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2020-9054	ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi	ZyXEL	NAS326, NAS520, NAS540, NAS542, NSA210, NSA220, NSA220+, NSA221, NSA310, NSA320, NSA320S, NSA325, NSA325v2	2022-03-25 00:00:00 UTC	CISA
CVE-2020-9377	D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2021-22941	Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise...	n/a	Citrix ShareFile storage zones controller	2022-03-25 00:00:00 UTC	CISA
CVE-2021-42237	Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2019-6340	Drupal core - Highly critical - Remote Code Execution	Drupal	Drupal Core	2022-03-25 00:00:00 UTC	CISA
CVE-2005-2773	HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node...	HP	OpenView Network Node Manager	2022-03-25 00:00:00 UTC	CISA
CVE-2009-0927	Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute...	Adobe	Reader and Acrobat	2022-03-25 00:00:00 UTC	CISA
CVE-2009-1151	Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject...	phpMyAdmin	phpMyAdmin	2022-03-25 00:00:00 UTC	CISA
CVE-2009-2055	Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid...	Cisco	IOS XR	2022-03-25 00:00:00 UTC	CISA
CVE-2010-2861	Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read...	Adobe	ColdFusion	2022-03-25 00:00:00 UTC	CISA
CVE-2010-3035	Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers...	Cisco	IOS XR	2022-03-25 00:00:00 UTC	CISA
CVE-2010-4344	Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an...	Exim	Exim	2022-03-25 00:00:00 UTC	CISA
CVE-2010-4345	Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate...	Exim	Exim	2022-03-25 00:00:00 UTC	CISA
CVE-2012-1823	sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query...	PHP	PHP	2022-03-25 00:00:00 UTC	CISA
CVE-2013-2251	Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2)...	Apache Software Foundation	Struts	2022-03-25 00:00:00 UTC	CISA
CVE-2013-4810	HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote...	HP	ProCurve Manager	2022-03-25 00:00:00 UTC	CISA
CVE-2013-5223	Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web...	D-Link	DSL-2760U Gateway	2022-03-25 00:00:00 UTC	CISA
CVE-2014-0130	Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before...	Ruby on Rails	Ruby on Rails	2022-03-25 00:00:00 UTC	CISA
CVE-2014-3120	The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL...	Elastic	Elasticsearch	2022-03-25 00:00:00 UTC	CISA
CVE-2014-6287	The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to...	Rejetto	HTTP File Server	2022-03-25 00:00:00 UTC	CISA

Displaying vulnerabilities 1151 - 1175 of 1857 in total