Known Exploited Vulnerabilities

Focus on What Matters

There are 297,627 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-30666	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content...	Apple	iOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30713	A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to...	Apple	macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30657	A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A...	Apple	macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30665	A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS...	Apple	macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30663	An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3,...	Apple	macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30761	A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web...	Apple	iOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30869	A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2,...	Apple	iOS and iPadOS, macOS	2021-11-03 00:00:00 UTC	CISA
CVE-2020-9859	A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5...	Apple	iOS, macOS, tvOS, watchOS	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20090	A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24...	n/a	Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3	2021-11-03 00:00:00 UTC	CISA
CVE-2021-27562	In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-28664	The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-28663	The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2019-3398	Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission...	Atlassian	Confluence	2021-11-03 00:00:00 UTC	CISA
CVE-2021-26084	In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to...	Atlassian	Confluence Server, Confluence Data Center	2021-11-03 00:00:00 UTC	CISA
CVE-2019-11580	Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send...	Atlassian	Crowd	2021-11-03 00:00:00 UTC	CISA
CVE-2019-3396	The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3...	Atlassian	Confluence Server	2021-11-03 00:00:00 UTC	CISA
CVE-2021-42258	BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3452	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability	Cisco	Cisco Adaptive Security Appliance (ASA) Software	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3580	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities	Cisco	Cisco Adaptive Security Appliance (ASA) Software	2021-11-03 00:00:00 UTC	CISA
CVE-2021-1497	Cisco HyperFlex HX Command Injection Vulnerabilities	Cisco	Cisco HyperFlex HX Data Platform	2021-11-03 00:00:00 UTC	CISA
CVE-2021-1498	Cisco HyperFlex HX Command Injection Vulnerabilities	Cisco	Cisco HyperFlex HX Data Platform	2021-11-03 00:00:00 UTC	CISA
CVE-2018-0171	A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to...	Cisco	Cisco IOS and IOS XE	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3118	Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability	Cisco	Cisco IOS XR Software	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3566	Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability	Cisco	Cisco IOS XR Software	2021-11-03 00:00:00 UTC	CISA
CVE-2020-3569	Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities	Cisco	Cisco IOS XR Software	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1451 - 1475 of 1852 in total