Known Exploited Vulnerabilities

Focus on What Matters

There are 297,730 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2013-3900	WinVerifyTrust Signature Validation Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-01-10 00:00:00 UTC	CISA
CVE-2019-2725	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are...	Oracle Corporation	Tape Library ACSLS	2022-01-10 00:00:00 UTC	CISA
CVE-2019-9670	mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as...	Synacor	Zimbra Collaboration Suite	2022-01-10 00:00:00 UTC	CISA
CVE-2018-13382	An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to...	Fortinet	Fortinet FortiOS, FortiProxy	2022-01-10 00:00:00 UTC	CISA
CVE-2018-13383	A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy...	Fortinet	Fortinet FortiOS and FortiProxy	2022-01-10 00:00:00 UTC	CISA
CVE-2019-1579	Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or...	Palo Alto Networks	Palo Alto Networks GlobalProtect Portal/Gateway Interface	2022-01-10 00:00:00 UTC	CISA
CVE-2015-7450	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow...	IBM	n/a	2022-01-10 00:00:00 UTC	CISA
CVE-2021-22017	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network...	n/a	VMware vCenter Server, VMware Cloud Foundation	2022-01-10 00:00:00 UTC	CISA
CVE-2017-1000486	Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution	Primetek	Primefaces	2022-01-10 00:00:00 UTC	CISA
CVE-2019-10149	A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in...	exim	exim	2022-01-10 00:00:00 UTC	CISA
CVE-2021-36260	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the...	n/a	n/a	2022-01-10 00:00:00 UTC	CISA
CVE-2021-27860	Arbitrary file upload vulnerability in FatPipe software	FatPipe	WARP, IPVPN, MPVPN	2022-01-10 00:00:00 UTC	CISA
CVE-2019-7609	Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the...	Elastic	Kibana	2022-01-10 00:00:00 UTC	CISA
CVE-2021-45461	FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute...	n/a	n/a	2021-12-22 18:25:54 UTC	CVE
CVE-2021-4102	Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-12-15 00:00:00 UTC	CISA
CVE-2021-43890	Windows AppX Installer Spoofing Vulnerability	Microsoft	App Installer	2021-12-15 00:00:00 UTC	CISA
CVE-2010-1871	JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...	Red Hat	JBoss Enterprise Application Platform	2021-12-10 00:00:00 UTC	CISA
CVE-2017-12149	In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the...	Red Hat, Inc.	jbossas	2021-12-10 00:00:00 UTC	CISA
CVE-2017-17562	Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of...	Embedthis	GoAhead	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44168	A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local...	Fortinet	Fortinet FortiOS	2021-12-10 00:00:00 UTC	CISA
CVE-2019-0193	In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the...	Apache Software Foundation	Apache Solr	2021-12-10 00:00:00 UTC	CISA
CVE-2019-7238	Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.	Sonatype	Nexus Repository Manager	2021-12-10 00:00:00 UTC	CISA
CVE-2021-35394	Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The...	n/a	n/a	2021-12-10 00:00:00 UTC	CISA
CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...	Linux	kernel	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44515	Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild...	n/a	n/a	2021-12-10 00:00:00 UTC	CISA

Displaying vulnerabilities 1376 - 1400 of 1853 in total