Known Exploited Vulnerabilities

Focus on What Matters

There are 297,489 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2009-1308	Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary...	Mozilla	Firefox, Thunderbird, SeaMonkey	2009-04-22 18:00:00 UTC	CVE
CVE-2009-0556	Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute...	Microsoft	Office PowerPoint	2009-04-03 18:00:00 UTC	CVE
CVE-2009-1054	Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 2008, Lite2, and Ichitaro viewer 5.1.5.0 and earlier allows remote attackers to...	JustSystems	Ichitaro	2009-03-24 14:00:00 UTC	CVE
CVE-2009-0238	Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word,...	Microsoft	Office Excel	2009-02-25 16:00:00 UTC	CVE
CVE-2009-0658	Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF...	Adobe	Reader	2009-02-20 19:00:00 UTC	CVE
CVE-2009-0259	The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute...	OpenOffice.org	OpenOffice	2009-01-22 23:00:00 UTC	CVE
CVE-2008-4844	Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1,...	Microsoft	Internet Explorer	2008-12-11 15:00:00 UTC	CVE
CVE-2008-4841	The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute...	Microsoft	Windows	2008-12-10 13:33:00 UTC	CVE
CVE-2008-5227	Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion...	PHPCow	PHPCow	2008-11-25 23:00:00 UTC	CVE
CVE-2008-4250	The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows...	Microsoft	Windows	2008-10-23 21:00:00 UTC	CVE
CVE-2008-3919	Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document,...	JustSystems	Ichitaro	2008-09-04 18:00:00 UTC	CVE
CVE-2008-3873	The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a...	Adobe	Flash Player	2008-08-29 17:00:00 UTC	CVE
CVE-2008-3704	Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft...	Microsoft	Visual Studio	2008-08-18 19:00:00 UTC	CVE
CVE-2008-3648	nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone...	Microsoft	Windows XP SP2	2008-08-12 23:00:00 UTC	CVE
CVE-2008-2244	Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the...	Microsoft	Office Word 2002 SP3	2008-07-09 22:00:00 UTC	CVE
CVE-2008-1841	SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier...	Coppermine	Photo Gallery	2008-04-16 17:00:00 UTC	CVE
CVE-2008-1092	Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted...	Microsoft	Jet Database Engine	2008-03-25 16:00:00 UTC	CVE
CVE-2008-0647	Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld...	Ourgame	GLWorld	2008-02-07 20:00:00 UTC	CVE
CVE-2007-6436	Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary...	JustSystems	Ichitaro	2007-12-18 20:00:00 UTC	CVE
CVE-2007-5807	Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via...	SSReader	Ultra Star Reader ActiveX control	2007-11-05 17:00:00 UTC	CVE
CVE-2007-5722	Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly...	Ourgame	GLWorld	2007-10-30 21:00:00 UTC	CVE
CVE-2007-4429	Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long...	Skype	Skype	2007-08-20 19:00:00 UTC	CVE
CVE-2007-4428	Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip...	n/a	Lhaz	2007-08-20 19:00:00 UTC	CVE
CVE-2007-4246	Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code...	Justsystem	Ichitaro	2007-08-08 23:00:00 UTC	CVE
CVE-2006-4326	Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and...	Justsystem	Ichitaro	2006-08-24 01:00:00 UTC	CVE

Displaying vulnerabilities 1826 - 1850 of 1850 in total