Known Exploited Vulnerabilities

Focus on What Matters

There are 304,517 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-34486	Windows Event Tracing Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2	2022-03-28 00:00:00 UTC	CISA
CVE-2021-26085	Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read...	Atlassian	Confluence Server, Confluence Data Center	2022-03-28 00:00:00 UTC	CISA
CVE-2021-20028	Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products,...	SonicWall	SonicWall SRA/SMA100	2022-03-28 00:00:00 UTC	CISA
CVE-2018-8406	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX...	Microsoft	Windows Server 2016, Windows 10, Windows 10 Servers	2022-03-28 00:00:00 UTC	CISA
CVE-2019-7483	In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of...	SonicWall	SMA100	2022-03-28 00:00:00 UTC	CISA
CVE-2018-8440	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC...	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	2022-03-28 00:00:00 UTC	CISA
CVE-2017-0059	Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka...	Microsoft Corporation	Internet Explorer	2022-03-28 00:00:00 UTC	CISA
CVE-2016-1555	(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and...	NETGEAR	WN604, WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, WNDAP660	2022-03-25 00:00:00 UTC	CISA
CVE-2022-26318	On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2022-26143	The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2022-21999	Windows Print Spooler Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-03-25 00:00:00 UTC	CISA
CVE-2021-42237	Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2021-22941	Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise...	n/a	Citrix ShareFile storage zones controller	2022-03-25 00:00:00 UTC	CISA
CVE-2020-9377	D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2020-9054	ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi	ZyXEL	NAS326, NAS520, NAS540, NAS542, NSA210, NSA220, NSA220+, NSA221, NSA310, NSA320, NSA320S, NSA325, NSA325v2	2022-03-25 00:00:00 UTC	CISA
CVE-2020-7247	smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2020-5410	Directory Traversal with spring-cloud-config-server	Spring by VMware	Spring Cloud Config	2022-03-25 00:00:00 UTC	CISA
CVE-2020-25223	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2020-2506	improper access control vulnerability in Helpdesk	QNAP Systems Inc.	Helpdesk	2022-03-25 00:00:00 UTC	CISA
CVE-2020-2021	PAN-OS: Authentication Bypass in SAML Authentication	Palo Alto Networks	PAN-OS	2022-03-25 00:00:00 UTC	CISA
CVE-2020-1956	Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user...	Apache	Kylin	2022-03-25 00:00:00 UTC	CISA
CVE-2020-1631	Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services	Juniper Networks	Junos OS	2022-03-25 00:00:00 UTC	CISA
CVE-2019-6340	Drupal core - Highly critical - Remote Code Execution	Drupal	Drupal Core	2022-03-25 00:00:00 UTC	CISA
CVE-2019-2616	Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported...	Oracle Corporation	BI Publisher (formerly XML Publisher)	2022-03-25 00:00:00 UTC	CISA
CVE-2019-16920	Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the...	D-Link	n/a	2022-03-25 00:00:00 UTC	CISA

Displaying vulnerabilities 1276 - 1300 of 2010 in total