Known Exploited Vulnerabilities

Focus on What Matters

There are 297,776 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2013-3906	GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync...	Microsoft	Windows, Office, Office Compatibility Pack, Lync	2022-02-15 00:00:00 UTC	CISA
CVE-2014-1761	Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word...	Microsoft	Word	2022-02-15 00:00:00 UTC	CISA
CVE-2018-20250	In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in...	Check Point Software Technologies Ltd.	WinRAR	2022-02-15 00:00:00 UTC	CISA
CVE-2017-9841	Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data...	PHPUnit	PHPUnit	2022-02-15 00:00:00 UTC	CISA
CVE-2022-22620	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1,...	Apple	Safari (v and ), macOS	2022-02-11 00:00:00 UTC	CISA
CVE-2018-1000861	A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in...	Jenkins	Jenkins	2022-02-10 00:00:00 UTC	CISA
CVE-2014-4404	Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged...	Apple	iOS, Apple TV	2022-02-10 00:00:00 UTC	CISA
CVE-2015-1130	The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via...	Apple	OS X	2022-02-10 00:00:00 UTC	CISA
CVE-2015-1635	HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote...	Microsoft	Windows	2022-02-10 00:00:00 UTC	CISA
CVE-2015-2051	The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a...	D-Link	DIR-645 Wired/Wireless Router	2022-02-10 00:00:00 UTC	CISA
CVE-2016-3088	The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT...	Apache Software Foundation	ActiveMQ	2022-02-10 00:00:00 UTC	CISA
CVE-2017-0144	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...	Microsoft	Windows SMB	2022-02-10 00:00:00 UTC	CISA
CVE-2017-0145	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...	Microsoft	Windows SMB	2022-02-10 00:00:00 UTC	CISA
CVE-2017-0262	Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle...	Microsoft	Microsoft Office	2022-02-10 00:00:00 UTC	CISA
CVE-2017-0263	The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT...	Microsoft	Microsoft Windows	2022-02-10 00:00:00 UTC	CISA
CVE-2017-10271	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are...	Oracle Corporation	WebLogic Server	2022-02-10 00:00:00 UTC	CISA
CVE-2017-8464	Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT...	Microsoft	Windows Shell	2022-02-10 00:00:00 UTC	CISA
CVE-2017-9791	The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the...	Apache Software Foundation	Apache Struts	2022-02-10 00:00:00 UTC	CISA
CVE-2020-0796	A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests,...	Microsoft	Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation)	2022-02-10 00:00:00 UTC	CISA
CVE-2021-36934	Windows Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2	2022-02-10 00:00:00 UTC	CISA
CVE-2022-21882	Win32k Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2	2022-02-04 00:00:00 UTC	CISA
CVE-2022-23597	Remote program execution with user interaction	n/a	n/a	2022-02-01 11:49:40 UTC	CVE
CVE-2021-20038	A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated...	SonicWall	SonicWall SMA100	2022-01-28 00:00:00 UTC	CISA
CVE-2020-5722	The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker...	n/a	Grandstream UCM6200 Series	2022-01-28 00:00:00 UTC	CISA
CVE-2020-0787	An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links,...	Microsoft	Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-01-28 00:00:00 UTC	CISA

Displaying vulnerabilities 1326 - 1350 of 1853 in total