Known Exploited Vulnerabilities

Focus on What Matters

There are 303,381 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2017-1000486	Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution	Primetek	Primefaces	2022-01-10 00:00:00 UTC	CISA
CVE-2019-7609	Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the...	Elastic	Kibana	2022-01-10 00:00:00 UTC	CISA
CVE-2013-3900	WinVerifyTrust Signature Validation Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-01-10 00:00:00 UTC	CISA
CVE-2020-6572	Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.	Google	Chrome	2022-01-10 00:00:00 UTC	CISA
CVE-2019-1458	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...	Microsoft	Windows, Windows Server	2022-01-10 00:00:00 UTC	CISA
CVE-2019-2725	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are...	Oracle Corporation	Tape Library ACSLS	2022-01-10 00:00:00 UTC	CISA
CVE-2021-22017	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network...	n/a	VMware vCenter Server, VMware Cloud Foundation	2022-01-10 00:00:00 UTC	CISA
CVE-2021-27860	Arbitrary file upload vulnerability in FatPipe software	FatPipe	WARP, IPVPN, MPVPN	2022-01-10 00:00:00 UTC	CISA
CVE-2021-45461	FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute...	n/a	n/a	2021-12-22 18:25:54 UTC	CVE
CVE-2021-43890	Windows AppX Installer Spoofing Vulnerability	Microsoft	App Installer	2021-12-15 00:00:00 UTC	CISA
CVE-2021-4102	Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-12-15 00:00:00 UTC	CISA
CVE-2020-17463	FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.	n/a	n/a	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44515	Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild...	n/a	n/a	2021-12-10 00:00:00 UTC	CISA
CVE-2019-13272	In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...	Linux	kernel	2021-12-10 00:00:00 UTC	CISA
CVE-2021-35394	Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The...	n/a	n/a	2021-12-10 00:00:00 UTC	CISA
CVE-2019-7238	Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.	Sonatype	Nexus Repository Manager	2021-12-10 00:00:00 UTC	CISA
CVE-2019-0193	In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the...	Apache	Apache Solr	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44168	A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local...	Fortinet	Fortinet FortiOS	2021-12-10 00:00:00 UTC	CISA
CVE-2017-17562	Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of...	Embedthis	GoAhead	2021-12-10 00:00:00 UTC	CISA
CVE-2017-12149	In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the...	Red Hat, Inc.	jbossas	2021-12-10 00:00:00 UTC	CISA
CVE-2010-1871	JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...	Red Hat	JBoss Enterprise Application Platform	2021-12-10 00:00:00 UTC	CISA
CVE-2020-8816	Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.	n/a	n/a	2021-12-10 00:00:00 UTC	CISA
CVE-2019-10758	mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to...	mongo-express	mongo-express	2021-12-10 00:00:00 UTC	CISA
CVE-2021-44228	Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints	Apache Software Foundation	Apache Log4j2	2021-12-10 00:00:00 UTC	CISA
CVE-2021-40438	mod_proxy SSRF	Apache Software Foundation	Apache HTTP Server	2021-12-01 00:00:00 UTC	CISA

Displaying vulnerabilities 1526 - 1550 of 1998 in total