Known Exploited Vulnerabilities

Focus on What Matters

There are 297,561 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-14750	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...	Oracle Corporation	WebLogic Server	2021-11-03 00:00:00 UTC	CISA
CVE-2015-4852	The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary...	Oracle	WebLogic Server	2021-11-03 00:00:00 UTC	CISA
CVE-2020-14871	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected...	Oracle Corporation	Solaris Operating System	2021-11-03 00:00:00 UTC	CISA
CVE-2012-3152	Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote...	Oracle	Fusion Middleware	2021-11-03 00:00:00 UTC	CISA
CVE-2020-2555	Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are...	Oracle Corporation	WebCenter Portal, Utilities Framework	2021-11-03 00:00:00 UTC	CISA
CVE-2019-19356	Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been...	Netis	WF2419	2021-11-03 00:00:00 UTC	CISA
CVE-2020-26919	NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2019-15949	Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the...	Nagios	XI	2021-11-03 00:00:00 UTC	CISA
CVE-2019-17026	Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks...	Mozilla	Firefox ESR, Thunderbird, Firefox	2021-11-03 00:00:00 UTC	CISA
CVE-2020-6820	Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild...	Mozilla	Thunderbird, Firefox, Firefox ESR	2021-11-03 00:00:00 UTC	CISA
CVE-2020-6819	Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in...	Mozilla	Thunderbird, Firefox, Firefox ESR	2021-11-03 00:00:00 UTC	CISA
CVE-2021-38648	Open Management Infrastructure Elevation of Privilege Vulnerability	Microsoft	Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub	2021-11-03 00:00:00 UTC	CISA
CVE-2021-36955	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2021-11-03 00:00:00 UTC	CISA
CVE-2019-0863	An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3235	Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which...	Microsoft	Visio	2021-11-03 00:00:00 UTC	CISA
CVE-2019-1214	An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2021-11-03 00:00:00 UTC	CISA
CVE-2020-1147	A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source...	Microsoft	Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server, Microsoft Visual Studio 2019, Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5), Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8), Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3), .NET Core, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation), Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server 2016, Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation), Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems, Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems, Microsoft .NET Framework 4.8 on Windows RT 8.1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012, Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012 R2, Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.6, Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systems	2021-11-03 00:00:00 UTC	CISA
CVE-2021-26857	Microsoft Exchange Server Remote Code Execution Vulnerability	Microsoft	Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11	2021-11-03 00:00:00 UTC	CISA
CVE-2019-0808	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...	Microsoft	Windows, Windows Server	2021-11-03 00:00:00 UTC	CISA
CVE-2020-0646	A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code...	Microsoft	Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation), Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 4.8 on Windows Server 2016, Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation), Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems, Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems, Microsoft .NET Framework 4.8 on Windows RT 8.1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1, Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012, Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation), Microsoft .NET Framework 4.8 on Windows Server 2012 R2, Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation), Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation), Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems, Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016	2021-11-03 00:00:00 UTC	CISA
CVE-2019-0604	A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package,...	Microsoft	Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server	2021-11-03 00:00:00 UTC	CISA
CVE-2020-0601	A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909 for ARM64-based Systems	2021-11-03 00:00:00 UTC	CISA
CVE-2021-34448	Scripting Engine Memory Corruption Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2	2021-11-03 00:00:00 UTC	CISA
CVE-2021-1675	Windows Print Spooler Remote Code Execution Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2021-11-03 00:00:00 UTC	CISA
CVE-2020-1054	An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka...	Microsoft	Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1626 - 1650 of 1850 in total