Known Exploited Vulnerabilities

Focus on What Matters

There are 303,579 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2011-3544	Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote...	Oracle	Java SE	2022-03-03 00:00:00 UTC	CISA
CVE-2011-1889	The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute...	Microsoft	Forefront Threat Management Gateway	2022-03-03 00:00:00 UTC	CISA
CVE-2011-0611	Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140;...	Adobe	Flash Player	2022-03-03 00:00:00 UTC	CISA
CVE-2010-3333	Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac...	Microsoft	Office	2022-03-03 00:00:00 UTC	CISA
CVE-2010-0232	The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2010-0188	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service...	Adobe	Reader and Acrobat	2022-03-03 00:00:00 UTC	CISA
CVE-2009-3129	Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel...	Microsoft	Office Excel	2022-03-03 00:00:00 UTC	CISA
CVE-2009-1123	The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2008-3431	The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and...	Sun	xVM VirtualBox	2022-03-03 00:00:00 UTC	CISA
CVE-2008-2992	Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that...	Adobe	Acrobat and Reader	2022-03-03 00:00:00 UTC	CISA
CVE-2004-0210	The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2002-0367	smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows...	Microsoft	Windows	2022-03-03 00:00:00 UTC	CISA
CVE-2017-0222	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption...	Microsoft Corporation	Internet Explorer	2022-02-25 00:00:00 UTC	CISA
CVE-2014-6352	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and...	Microsoft	Windows	2022-02-25 00:00:00 UTC	CISA
CVE-2017-8570	Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code...	Microsoft Corporation	Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016.	2022-02-25 00:00:00 UTC	CISA
CVE-2022-24682	An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild...	n/a	n/a	2022-02-25 00:00:00 UTC	CISA
CVE-2022-23134	Possible view of the setup pages by unauthenticated users if config file already exists	Zabbix	Frontend	2022-02-22 00:00:00 UTC	CISA
CVE-2022-23131	Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML	Zabbix	Frontend	2022-02-22 00:00:00 UTC	CISA
CVE-2022-25335	RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the...	n/a	n/a	2022-02-18 17:34:58 UTC	CVE
CVE-2014-1761	Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word...	Microsoft	Word	2022-02-15 00:00:00 UTC	CISA
CVE-2013-3906	GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync...	Microsoft	Windows, Office, Office Compatibility Pack, Lync	2022-02-15 00:00:00 UTC	CISA
CVE-2018-8174	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote...	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	2022-02-15 00:00:00 UTC	CISA
CVE-2022-24086	Adobe Commerce checkout improper input validation leads to remote code execution	Adobe	Magento Commerce	2022-02-15 00:00:00 UTC	CISA
CVE-2022-0609	Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome	2022-02-15 00:00:00 UTC	CISA
CVE-2019-0752	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting...	Microsoft	Internet Explorer 11, Internet Explorer 10	2022-02-15 00:00:00 UTC	CISA

Displaying vulnerabilities 1451 - 1475 of 2002 in total