Known Exploited Vulnerabilities

Focus on What Matters

There are 304,517 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2017-0037	Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the...	Microsoft Corporation	Internet Browser	2022-03-28 00:00:00 UTC	CISA
CVE-2016-7201	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...	Microsoft	Edge	2022-03-28 00:00:00 UTC	CISA
CVE-2016-7200	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...	Microsoft	Edge	2022-03-28 00:00:00 UTC	CISA
CVE-2016-0189	The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote...	Microsoft	Internet Explorer	2022-03-28 00:00:00 UTC	CISA
CVE-2016-0151	The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2016-0040	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2015-2426	Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2015-2419	JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory...	Microsoft	Internet Explorer	2022-03-28 00:00:00 UTC	CISA
CVE-2015-1770	Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office...	Microsoft	Office 2013	2022-03-28 00:00:00 UTC	CISA
CVE-2013-3660	The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2013-2729	Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary...	Adobe	Reader and Acrobat	2022-03-28 00:00:00 UTC	CISA
CVE-2013-2551	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site...	Microsoft	Internet Explorer	2022-03-28 00:00:00 UTC	CISA
CVE-2013-2465	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and...	Oracle	Java SE	2022-03-28 00:00:00 UTC	CISA
CVE-2013-1690	Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly...	Mozilla	Firefox, Firefox ESR, Thunderbird, Thunderbird ESR	2022-03-28 00:00:00 UTC	CISA
CVE-2012-5076	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to...	Oracle	Java SE	2022-03-28 00:00:00 UTC	CISA
CVE-2012-2539	Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow...	Microsoft	["Word 2003 SP3", "Word 2007 SP2", "Word 2007 SP3", "Word 2010 SP1", "Word Viewer", "Office Compatibility Pack SP2", "Office Compatibility Pack SP3", "Office Web Apps 2010 SP1"]	2022-03-28 00:00:00 UTC	CISA
CVE-2012-2034	Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on...	Adobe	Flash Player	2022-03-28 00:00:00 UTC	CISA
CVE-2012-0518	Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers...	Oracle	Fusion Middleware	2022-03-28 00:00:00 UTC	CISA
CVE-2011-2005	afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2018-8405	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX...	Microsoft	Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers	2022-03-28 00:00:00 UTC	CISA
CVE-2010-4398	Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,...	Microsoft	Windows	2022-03-28 00:00:00 UTC	CISA
CVE-2017-0213	Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2,...	Microsoft Corporation	Windows COM	2022-03-28 00:00:00 UTC	CISA
CVE-2022-1096	Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2022-03-28 00:00:00 UTC	CISA
CVE-2022-0543	It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which...	Debian	redis	2022-03-28 00:00:00 UTC	CISA
CVE-2021-38646	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office 2016, Microsoft Office 2013 Service Pack 1	2022-03-28 00:00:00 UTC	CISA

Displaying vulnerabilities 1251 - 1275 of 2010 in total