Known Exploited Vulnerabilities

Focus on What Matters

There are 298,510 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2011-3192	The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of...	Apache Software Foundation	HTTP Server	2011-08-29 15:00:00 UTC	CVE
CVE-2011-1968	The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets...	Microsoft	Windows	2011-08-10 21:16:00 UTC	CVE
CVE-2011-2900	Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web...	n/a	["Mongoose", "yaSSL Embedded Web Server", "Simple HTTPD"]	2011-08-05 21:00:00 UTC	CVE
CVE-2011-0226	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and...	Apple	iOS	2011-07-19 22:00:00 UTC	CVE
CVE-2011-1331	JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro...	JustSystems	Ichitaro	2011-07-18 22:00:00 UTC	CVE
CVE-2011-2110	Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to...	Adobe	Flash Player	2011-06-16 23:00:00 UTC	CVE
CVE-2009-5076	CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator...	CRE Loaded	CRE Loaded	2011-06-08 10:00:00 UTC	CVE
CVE-2011-1752	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of...	Apache Software Foundation	Subversion	2011-06-06 19:00:00 UTC	CVE
CVE-2011-1950	plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as...	Plone	Plone	2011-06-06 19:00:00 UTC	CVE
CVE-2011-0627	Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute...	Adobe	Flash Player	2011-05-13 22:00:00 UTC	CVE
CVE-2011-1722	Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to...	TYPO3	WEC Discussion Forum	2011-04-19 19:00:00 UTC	CVE
CVE-2010-4270	Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for...	nBill	nBill	2010-11-16 23:00:00 UTC	CVE
CVE-2010-3962	Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to...	Microsoft	Internet Explorer	2010-11-05 16:28:00 UTC	CVE
CVE-2010-3654	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll...	Adobe	Flash Player	2010-10-29 18:00:00 UTC	CVE
CVE-2010-3765	Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before...	Mozilla	Firefox, Thunderbird, SeaMonkey	2010-10-27 22:00:00 UTC	CVE
CVE-2010-3653	The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of...	Adobe	Shockwave Player	2010-10-26 17:00:00 UTC	CVE
CVE-2010-3889	Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the...	Microsoft	Windows	2010-10-08 21:00:00 UTC	CVE
CVE-2010-3888	Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the...	Microsoft	Windows	2010-10-08 21:00:00 UTC	CVE
CVE-2010-3081	The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly...	Linux	Linux Kernel	2010-09-24 19:00:00 UTC	CVE
CVE-2010-2729	The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2,...	Microsoft	Windows	2010-09-15 18:00:00 UTC	CVE
CVE-2010-2884	Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and...	Adobe	Flash Player	2010-09-15 17:26:00 UTC	CVE
CVE-2010-1165	Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka...	Atlassian	JIRA	2010-04-20 15:00:00 UTC	CVE
CVE-2010-1164	Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or...	Atlassian	JIRA	2010-04-20 15:00:00 UTC	CVE
CVE-2010-0806	Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers...	Microsoft	Internet Explorer	2010-03-10 22:00:00 UTC	CVE
CVE-2010-0249	Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003...	Microsoft	Internet Explorer	2010-01-15 17:00:00 UTC	CVE

Displaying vulnerabilities 1801 - 1825 of 1864 in total