Known Exploited Vulnerabilities

Focus on What Matters

There are 304,014 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2022-20703	Cisco Small Business RV Series Routers Vulnerabilities	Cisco	Cisco Small Business RV Series Router Firmware	2022-03-03 00:00:00 UTC	CISA
CVE-2022-20701	Cisco Small Business RV Series Routers Vulnerabilities	Cisco	Cisco Small Business RV Series Router Firmware	2022-03-03 00:00:00 UTC	CISA
CVE-2022-20700	Cisco Small Business RV Series Routers Vulnerabilities	Cisco	Cisco Small Business RV Series Router Firmware	2022-03-03 00:00:00 UTC	CISA
CVE-2022-20699	Cisco Small Business RV Series Routers Vulnerabilities	Cisco	Cisco Small Business RV Series Router Firmware	2022-03-03 00:00:00 UTC	CISA
CVE-2021-41379	Windows Installer Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-03-03 00:00:00 UTC	CISA
CVE-2020-1938	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections...	Apache	Apache Tomcat	2022-03-03 00:00:00 UTC	CISA
CVE-2020-11899	The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.	n/a	n/a	2022-03-03 00:00:00 UTC	CISA
CVE-2019-16928	Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in...	Exim	Exim	2022-03-03 00:00:00 UTC	CISA
CVE-2019-1652	Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability	Cisco	Cisco Small Business RV Series Router Firmware	2022-03-03 00:00:00 UTC	CISA
CVE-2019-1297	A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka...	Microsoft	Microsoft Excel, Microsoft Office, Office 365 ProPlus	2022-03-03 00:00:00 UTC	CISA
CVE-2018-8581	An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."...	Microsoft	Microsoft Exchange Server	2022-03-03 00:00:00 UTC	CISA
CVE-2018-8298	A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine...	Microsoft	ChakraCore	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0180	Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0179	Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0175	Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR...	Cisco	Cisco IOS, IOS XE, and IOS XR	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0174	A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0173	A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0172	A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0167	Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and...	Cisco	Cisco IOS, IOS XE, and IOS XR	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0161	A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0159	A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0158	A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0156	A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0155	A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst...	Cisco	Cisco IOS and IOS XE	2022-03-03 00:00:00 UTC	CISA
CVE-2018-0154	A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an...	Cisco	Cisco IOS	2022-03-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1376 - 1400 of 2008 in total