Known Exploited Vulnerabilities

Focus on What Matters

There are 297,871 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2008-3431	The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and...	Sun	xVM VirtualBox	2022-03-03 00:00:00 UTC	CISA
CVE-2009-1123	The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2009-3129	Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel...	Microsoft	Office Excel	2022-03-03 00:00:00 UTC	CISA
CVE-2010-0188	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service...	Adobe	Reader and Acrobat	2022-03-03 00:00:00 UTC	CISA
CVE-2010-0232	The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2010-3333	Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac...	Microsoft	Office	2022-03-03 00:00:00 UTC	CISA
CVE-2011-0611	Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140;...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2011-1889	The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute...	Microsoft	Forefront Threat Management Gateway	2022-03-03 00:00:00 UTC	CISA
CVE-2011-3544	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote...	Oracle	Java SE	2022-03-03 00:00:00 UTC	CISA
CVE-2012-0507	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and...	Oracle	Java SE	2022-03-03 00:00:00 UTC	CISA
CVE-2012-1535	Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2012-1723	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5...	Oracle	Java SE	2022-03-03 00:00:00 UTC	CISA
CVE-2012-1856	The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2...	Microsoft	Office	2022-03-03 00:00:00 UTC	CISA
CVE-2012-4681	Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute...	Oracle	Java SE	2022-03-03 00:00:00 UTC	CISA
CVE-2013-0632	administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary...	Adobe	ColdFusion	2022-03-03 00:00:00 UTC	CISA
CVE-2013-0640	Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a...	Adobe	Reader and Acrobat	2022-03-03 00:00:00 UTC	CISA
CVE-2013-0641	Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute...	Adobe	Reader and Acrobat	2022-03-03 00:00:00 UTC	CISA
CVE-2013-1347	Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an...	Microsoft	Internet Explorer 8	2022-03-03 00:00:00 UTC	CISA
CVE-2013-1675	Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly...	Mozilla	Firefox, Firefox ESR, Thunderbird, Thunderbird ESR	2022-03-03 00:00:00 UTC	CISA
CVE-2013-3897	Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to...	Microsoft	Internet Explorer	2022-03-03 00:00:00 UTC	CISA
CVE-2013-5065	NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application,...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2014-0496	Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to...	Adobe	Reader and Acrobat	2022-03-03 00:00:00 UTC	CISA
CVE-2014-4114	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2015-1642	Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office...	Microsoft	Office	2022-03-03 00:00:00 UTC	CISA
CVE-2015-1701	Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1226 - 1250 of 1856 in total