Known Exploited Vulnerabilities

Focus on What Matters

There are 297,496 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-17049	NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.	NETGEAR	SRX5308	2019-09-30 18:37:21 UTC	CVE
CVE-2018-18472	Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the...	Western Digital	WD My Book Live, WD My Book Live Duo	2019-06-19 15:44:20 UTC	CVE
CVE-2018-18852	Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use...	Cerio	DT-300N	2019-06-18 15:00:32 UTC	CVE
CVE-2019-6703	Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows...	Calmar Webmedia	Total Donations plugin for WordPress	2019-01-25 12:23:06 UTC	Wordfence
CVE-2018-19207	The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because...	Van Ons	WP GDPR Compliance	2018-11-12 17:00:00 UTC	CVE
CVE-2018-18956	The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault...	Suricata	Suricata	2018-11-05 21:00:00 UTC	CVE
CVE-2018-11687	An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the...	Bitcoin Red	Bitcoin Red (BTCR)	2018-08-15 17:00:00 UTC	CVE
CVE-2018-11529	VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV...	VideoLAN	VLC media player	2018-07-11 16:00:00 UTC	CVE
CVE-2018-11329	The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's...	n/a	Ether Cartel	2018-05-22 05:00:00 UTC	CVE
CVE-2018-11239	An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to...	n/a	Hexagon (HXG) ERC20 Token	2018-05-19 18:00:00 UTC	CVE
CVE-2018-10831	Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a...	n/a	Z-NOMP	2018-05-09 05:00:00 UTC	CVE
CVE-2018-10657	Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable,...	Matrix.org	Synapse	2018-05-02 16:00:00 UTC	CVE
CVE-2018-10468	The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal...	n/a	Useless Ethereum Token (UET)	2018-04-28 13:00:00 UTC	CVE
CVE-2018-10376	An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows...	SmartMesh	SmartMesh	2018-04-25 09:00:00 UTC	CVE
CVE-2018-10299	An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used...	Beauty Chain	Beauty Ecosystem Coin (BEC)	2018-04-23 04:00:00 UTC	CVE
CVE-2017-2404	An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote...	Apple	iOS	2017-04-02 01:36:00 UTC	CVE
CVE-2016-6195	SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows...	vBulletin	vBulletin	2016-08-30 19:00:00 UTC	CVE
CVE-2016-1409	The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS...	Cisco	IOS XE, IOS XR, NX-OS	2016-05-29 22:00:00 UTC	CVE
CVE-2015-8562	Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP...	Joomla!	Joomla!	2015-12-16 21:00:00 UTC	CVE
CVE-2015-2945	mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP...	Hajime Fujimoto	mt-phpincgi	2015-05-25 17:00:00 UTC	CVE
CVE-2015-1494	The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site...	WordPress	FancyBox for WordPress plugin	2015-02-17 15:00:00 UTC	CVE
CVE-2014-7235	htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before...	FreePBX	ARI Framework module/Asterisk Recording Interface (ARI)	2014-10-07 14:00:00 UTC	CVE
CVE-2014-6293	SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands...	TYPO3	ke_stats extension for TYPO3	2014-10-03 14:00:00 UTC	CVE
CVE-2014-1815	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...	Microsoft	Internet Explorer	2014-05-14 10:00:00 UTC	CVE
CVE-2014-1809	The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to...	Microsoft	Office	2014-05-14 10:00:00 UTC	CVE

Displaying vulnerabilities 1726 - 1750 of 1850 in total