Known Exploited Vulnerabilities

Focus on What Matters

There are 301,656 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2010-3654	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll...	Adobe	Flash Player	2010-10-29 18:00:00 UTC	CVE
CVE-2010-3765	Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before...	Mozilla	Firefox, Thunderbird, SeaMonkey	2010-10-27 22:00:00 UTC	CVE
CVE-2010-3653	The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of...	Adobe	Shockwave Player	2010-10-26 17:00:00 UTC	CVE
CVE-2010-3889	Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the...	Microsoft	Windows	2010-10-08 21:00:00 UTC	CVE
CVE-2010-3888	Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the...	Microsoft	Windows	2010-10-08 21:00:00 UTC	CVE
CVE-2010-3081	The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly...	Linux	Linux Kernel	2010-09-24 19:00:00 UTC	CVE
CVE-2010-2729	The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2,...	Microsoft	Windows	2010-09-15 18:00:00 UTC	CVE
CVE-2010-2884	Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and...	Adobe	Flash Player	2010-09-15 17:26:00 UTC	CVE
CVE-2010-1165	Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka...	Atlassian	JIRA	2010-04-20 15:00:00 UTC	CVE
CVE-2010-1164	Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or...	Atlassian	JIRA	2010-04-20 15:00:00 UTC	CVE
CVE-2010-0806	Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers...	Microsoft	Internet Explorer	2010-03-10 22:00:00 UTC	CVE
CVE-2010-0249	Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003...	Microsoft	Internet Explorer	2010-01-15 17:00:00 UTC	CVE
CVE-2009-3459	Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute...	Adobe	Reader and Acrobat	2009-10-13 10:00:00 UTC	CVE
CVE-2008-7168	Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and...	UUSee	UUUpgrade ActiveX control	2009-09-08 10:00:00 UTC	CVE
CVE-2009-3041	SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which...	SPIP	SPIP	2009-09-01 18:04:00 UTC	CVE
CVE-2009-0696	The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as...	ISC	BIND	2009-07-29 17:00:00 UTC	CVE
CVE-2009-1136	The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office...	Microsoft	Office Web Components	2009-07-15 15:00:00 UTC	CVE
CVE-2008-0015	Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest...	Microsoft	Windows	2009-07-07 23:00:00 UTC	CVE
CVE-2009-2265	Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories...	FCKeditor	FCKeditor	2009-07-05 16:00:00 UTC	CVE
CVE-2009-1391	Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly...	Compress::Raw::Zlib	Compress::Raw::Zlib Perl module	2009-06-16 23:00:00 UTC	CVE
CVE-2009-1537	Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000...	Microsoft	DirectX	2009-05-29 18:00:00 UTC	CVE
CVE-2009-1807	Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the...	Baofeng	Baofeng products	2009-05-28 20:14:00 UTC	CVE
CVE-2009-1800	Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote...	Chinagames	iGame	2009-05-28 14:00:00 UTC	CVE
CVE-2009-1612	Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute...	Baofeng	Storm	2009-05-11 20:00:00 UTC	CVE
CVE-2009-1481	SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the...	PuterJam	PJBlog3	2009-04-29 18:06:00 UTC	CVE

Displaying vulnerabilities 1901 - 1925 of 1951 in total