Known Exploited Vulnerabilities

Focus on What Matters

There are 301,656 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-31955	Windows Kernel Information Disclosure Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2	2021-11-03 00:00:00 UTC	CISA
CVE-2020-0878	Microsoft Browser Memory Corruption Vulnerability	Microsoft	ChakraCore, Microsoft Edge (EdgeHTML-based), Internet Explorer 9, Internet Explorer 11	2021-11-03 00:00:00 UTC	CISA
CVE-2016-0167	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and...	Microsoft	Windows	2021-11-03 00:00:00 UTC	CISA
CVE-2021-38647	Open Management Infrastructure Remote Code Execution Vulnerability	Microsoft	Open Management Infrastructure, System Center Operations Manager (SCOM), Azure Automation State Configuration, DSC Extension, Azure Automation Update Management, Log Analytics Agent, Azure Diagnostics (LAD), Container Monitoring Solution, Azure Security Center, Azure Sentinel, Azure Stack Hub	2021-11-03 00:00:00 UTC	CISA
CVE-2014-1812	The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and...	Microsoft	Windows	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22502	Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be...	n/a	Operation Bridge Reporter.	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22506	Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0....	n/a	Access Manager.	2021-11-03 00:00:00 UTC	CISA
CVE-2021-23874	McAfee Total Protection (MTP) privilege escalation vulnerability	McAfee,LLC	McAfee Total Protection (MTP)	2021-11-03 00:00:00 UTC	CISA
CVE-2020-7961	Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30116	Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-15505	A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3,...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3718	The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery...	ImageMagick	ImageMagick	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.	ImageMagick	ImageMagick	2021-11-03 00:00:00 UTC	CISA
CVE-2019-4716	IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and...	IBM	Planning Analytics	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4428	IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM...	IBM	Data Risk Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4427	IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured...	IBM	Data Risk Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4430	IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker...	IBM	Data Risk Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30563	Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21220	Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21193	Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21224	Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-38003	Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-38000	Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21206	Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30554	Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1751 - 1775 of 1951 in total