Known Exploited Vulnerabilities

Focus on What Matters

There are 297,781 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2015-2590	Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect...	Oracle	Java SE	2022-03-03 00:00:00 UTC	CISA
CVE-2015-3043	Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2015-4902	Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to...	Oracle	Java SE	2022-03-03 00:00:00 UTC	CISA
CVE-2015-5119	Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2015-7645	Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2016-0099	The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2016-1019	Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2016-4117	Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2016-5195	Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling...	Linux	Linux Kernel	2022-03-03 00:00:00 UTC	CISA
CVE-2016-7193	Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility...	Microsoft	Word	2022-03-03 00:00:00 UTC	CISA
CVE-2016-7262	Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow...	Microsoft	Excel	2022-03-03 00:00:00 UTC	CISA
CVE-2016-7855	Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2016-8562	A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special...	Siemens	SIMATIC CP 1543-1, SIPLUS NET CP 1543-1	2022-03-03 00:00:00 UTC	CISA
CVE-2017-0001	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server...	Microsoft	Windows GDI	2022-03-03 00:00:00 UTC	CISA
CVE-2017-0261	Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle...	Microsoft	Microsoft Office	2022-03-03 00:00:00 UTC	CISA
CVE-2017-11292	Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in...	Adobe	Adobe Flash Player version 27.0.0.159 and earlier	2022-03-03 00:00:00 UTC	CISA
CVE-2017-11826	Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word...	Microsoft	Microsoft Office	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12231	A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12232	A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12233	Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12234	Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12235	A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12237	A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12238	A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2017-12240	The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated,...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1251 - 1275 of 1853 in total