Known Exploited Vulnerabilities

Focus on What Matters

There are 303,019 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2013-1493	The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40...	Oracle	Java SE	2013-03-04 16:00:00 UTC	CVE
CVE-2013-0634	Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on...	Adobe	Flash Player	2013-02-08 11:00:00 UTC	CVE
CVE-2013-0633	Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before...	Adobe	Flash Player	2013-02-08 11:00:00 UTC	CVE
CVE-2012-6498	Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading...	Atomymaxsite	Atomymaxsite	2013-01-08 15:00:00 UTC	CVE
CVE-2012-6081	Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in...	MoinMoin	MoinMoin	2013-01-03 01:00:00 UTC	CVE
CVE-2012-6467	Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for...	Opera	Opera Browser	2013-01-02 11:00:00 UTC	CVE
CVE-2011-5148	Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote...	Joomla!	Simple File Upload	2012-08-31 21:00:00 UTC	CVE
CVE-2012-1854	Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for...	Microsoft	Office	2012-07-10 21:00:00 UTC	CVE
CVE-2012-2376	Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via...	PHP	PHP	2012-05-21 15:00:00 UTC	CVE
CVE-2012-0779	Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and...	Adobe	Flash Player	2012-05-04 19:00:00 UTC	CVE
CVE-2012-1795	webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter,...	Webglimpse	Webglimpse	2012-03-20 18:00:00 UTC	CVE
CVE-2012-1557	SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x...	Parallels	Plesk Panel	2012-03-12 19:00:00 UTC	CVE
CVE-2012-1071	SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL...	TYPO3	Kitchen recipe (mv_cooking) extension	2012-02-14 17:00:00 UTC	CVE
CVE-2011-4862	Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and...	FreeBSD	FreeBSD	2011-12-25 01:00:00 UTC	CVE
CVE-2011-4369	Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6...	Adobe	Reader and Acrobat	2011-12-16 19:00:00 UTC	CVE
CVE-2011-3402	Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows...	Microsoft	Windows	2011-11-04 21:00:00 UTC	CVE
CVE-2011-4075	The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby...	phpLDAPadmin	phpLDAPadmin	2011-11-02 17:00:00 UTC	CVE
CVE-2011-2444	Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7...	Adobe	Flash Player	2011-09-22 01:00:00 UTC	CVE
CVE-2011-3192	The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of...	Apache Software Foundation	HTTP Server	2011-08-29 15:00:00 UTC	CVE
CVE-2011-1968	The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets...	Microsoft	Windows	2011-08-10 21:16:00 UTC	CVE
CVE-2011-2900	Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web...	n/a	["Mongoose", "yaSSL Embedded Web Server", "Simple HTTPD"]	2011-08-05 21:00:00 UTC	CVE
CVE-2011-0226	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and...	Apple	iOS	2011-07-19 22:00:00 UTC	CVE
CVE-2011-1331	JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro...	JustSystems	Ichitaro	2011-07-18 22:00:00 UTC	CVE
CVE-2011-2110	Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to...	Adobe	Flash Player	2011-06-16 23:00:00 UTC	CVE
CVE-2009-5076	CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator...	CRE Loaded	CRE Loaded	2011-06-08 10:00:00 UTC	CVE

Displaying vulnerabilities 1901 - 1925 of 1982 in total