Known Exploited Vulnerabilities

Focus on What Matters

There are 304,048 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-1631	Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services	Juniper Networks	Junos OS	2022-03-25 00:00:00 UTC	CISA
CVE-2020-1956	Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user...	Apache	Kylin	2022-03-25 00:00:00 UTC	CISA
CVE-2020-2021	PAN-OS: Authentication Bypass in SAML Authentication	Palo Alto Networks	PAN-OS	2022-03-25 00:00:00 UTC	CISA
CVE-2020-2506	improper access control vulnerability in Helpdesk	QNAP Systems Inc.	Helpdesk	2022-03-25 00:00:00 UTC	CISA
CVE-2020-25223	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2020-5410	Directory Traversal with spring-cloud-config-server	Spring by VMware	Spring Cloud Config	2022-03-25 00:00:00 UTC	CISA
CVE-2020-7247	smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2020-9054	ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi	ZyXEL	NAS326, NAS520, NAS540, NAS542, NSA210, NSA220, NSA220+, NSA221, NSA310, NSA320, NSA320S, NSA325, NSA325v2	2022-03-25 00:00:00 UTC	CISA
CVE-2020-9377	D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2021-22941	Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise...	n/a	Citrix ShareFile storage zones controller	2022-03-25 00:00:00 UTC	CISA
CVE-2021-42237	Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2022-21999	Windows Print Spooler Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-03-25 00:00:00 UTC	CISA
CVE-2022-26143	The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2022-26318	On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2019-16920	Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the...	D-Link	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2019-15107	An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.	Webmin	Webmin	2022-03-25 00:00:00 UTC	CISA
CVE-2019-12991	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).	Citrix	SD-WAN	2022-03-25 00:00:00 UTC	CISA
CVE-2019-12989	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.	Citrix	SD-WAN	2022-03-25 00:00:00 UTC	CISA
CVE-2019-11043	Underflow in PHP-FPM can lead to RCE	PHP	PHP	2022-03-25 00:00:00 UTC	CISA
CVE-2019-10068	An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to...	Kentico	Kentico CMS	2022-03-25 00:00:00 UTC	CISA
CVE-2019-1003030	A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml,...	Jenkins project	Jenkins Pipeline: Groovy Plugin	2022-03-25 00:00:00 UTC	CISA
CVE-2019-1132	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...	Microsoft	Windows, Windows Server	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1069	Task Scheduler Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803 (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1064	Windows Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803 (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-0841	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...	Microsoft	Windows, Windows Server	2022-03-15 00:00:00 UTC	CISA

Displaying vulnerabilities 1326 - 1350 of 2008 in total