CVE DATABASE · CISA KEV
Known Exploited
Vulnerabilities.
Every CVE in CISA’s KEV catalog — 1602 vulnerabilities confirmed exploited in the wild. The authoritative “patch this first” list. Search any one with our CVE Lookup or KEV search tool.
CVE-2015-1770
added 2022-03-28
Microsoft Office Uninitialized Memory Use Vulnerability
Microsoft Office
CVE-2013-3660
added 2022-03-28
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k
CVE-2013-2729
added 2022-03-28
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Adobe Reader and Acrobat
CVE-2013-2551
added 2022-03-28
RANSOMWARE
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer
CVE-2013-2465
added 2022-03-28
RANSOMWARE
Oracle Java SE Unspecified Vulnerability
Oracle Java SE
CVE-2013-1690
added 2022-03-28
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
Mozilla Firefox and Thunderbird
CVE-2012-5076
added 2022-03-28
Oracle Java SE Sandbox Bypass Vulnerability
Oracle Java SE
CVE-2012-2539
added 2022-03-28
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word
CVE-2012-2034
added 2022-03-28
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player
CVE-2012-0518
added 2022-03-28
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware
CVE-2011-2005
added 2022-03-28
Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
Microsoft Ancillary Function Driver (afd.sys)
CVE-2010-4398
added 2022-03-28
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Microsoft Windows
CVE-2022-26318
added 2022-03-25
WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
WatchGuard Firebox and XTM Appliances
CVE-2022-26143
added 2022-03-25
MiCollab, MiVoice Business Express Access Control Vulnerability
Mitel MiCollab, MiVoice Business Express
CVE-2022-21999
added 2022-03-25
RANSOMWARE
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows
CVE-2021-42237
added 2022-03-25
RANSOMWARE
Sitecore XP Remote Command Execution Vulnerability
Sitecore XP
CVE-2021-22941
added 2022-03-25
RANSOMWARE
Citrix ShareFile Improper Access Control Vulnerability
Citrix ShareFile
CVE-2020-9377
added 2022-03-25
D-Link DIR-610 Devices Remote Command Execution
D-Link DIR-610 Devices
CVE-2020-9054
added 2022-03-25
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
Zyxel Multiple Network-Attached Storage (NAS) Devices
CVE-2020-7247
added 2022-03-25
OpenSMTPD Remote Code Execution Vulnerability
OpenBSD OpenSMTPD
CVE-2020-5410
added 2022-03-25
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
VMware Tanzu Spring Cloud Configuration (Config) Server
CVE-2020-25223
added 2022-03-25
Sophos SG UTM Remote Code Execution Vulnerability
Sophos SG UTM
CVE-2020-2506
added 2022-03-25
QNAP Helpdesk Improper Access Control Vulnerability
QNAP Systems Helpdesk
CVE-2020-2021
added 2022-03-25
RANSOMWARE
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS
CVE-2020-1956
added 2022-03-25
Apache Kylin OS Command Injection Vulnerability
Apache Kylin
CVE-2020-1631
added 2022-03-25
Juniper Junos OS Path Traversal Vulnerability
Juniper Junos OS
CVE-2019-6340
added 2022-03-25
Drupal Core Remote Code Execution Vulnerability
Drupal Core
CVE-2019-2616
added 2022-03-25
Oracle BI Publisher Unauthorized Access Vulnerability
Oracle BI Publisher (Formerly XML Publisher)
CVE-2019-16920
added 2022-03-25
D-Link Multiple Routers Command Injection Vulnerability
D-Link Multiple Routers
CVE-2019-15107
added 2022-03-25
RANSOMWARE
Webmin Command Injection Vulnerability
Webmin Webmin
CVE-2019-12991
added 2022-03-25
Citrix SD-WAN and NetScaler Command Injection Vulnerability
Citrix SD-WAN and NetScaler
CVE-2019-12989
added 2022-03-25
Citrix SD-WAN and NetScaler SQL Injection Vulnerability
Citrix SD-WAN and NetScaler
CVE-2019-11043
added 2022-03-25
RANSOMWARE
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
PHP FastCGI Process Manager (FPM)
CVE-2019-10068
added 2022-03-25
Kentico Xperience Deserialization of Untrusted Data Vulnerability
Kentico Xperience
CVE-2019-1003030
added 2022-03-25
Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
Jenkins Matrix Project Plugin
CVE-2019-0903
added 2022-03-25
Microsoft GDI Remote Code Execution Vulnerability
Microsoft Graphics Device Interface (GDI)
CVE-2018-8414
added 2022-03-25
Microsoft Windows Shell Remote Code Execution Vulnerability
Microsoft Windows
CVE-2018-8373
added 2022-03-25
Microsoft Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer Scripting Engine
CVE-2018-6961
added 2022-03-25
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
VMware SD-WAN Edge
CVE-2018-14839
added 2022-03-25
LG N1A1 NAS Remote Command Execution Vulnerability
LG N1A1 NAS
CVE-2018-1273
added 2022-03-25
RANSOMWARE
VMware Tanzu Spring Data Commons Property Binder Vulnerability
VMware Tanzu Spring Data Commons
CVE-2018-11138
added 2022-03-25
RANSOMWARE
Quest KACE System Management Appliance Remote Command Execution Vulnerability
Quest KACE System Management Appliance
CVE-2018-0147
added 2022-03-25
Cisco Secure Access Control System Java Deserialization Vulnerability
Cisco Secure Access Control System (ACS)
CVE-2018-0125
added 2022-03-25
Cisco VPN Routers Remote Code Execution Vulnerability
Cisco VPN Routers
CVE-2017-6334
added 2022-03-25
NETGEAR DGN2200 Devices OS Command Injection Vulnerability
NETGEAR DGN2200 Devices
CVE-2017-6316
added 2022-03-25
Citrix Multiple Products Remote Code Execution Vulnerability
Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server
CVE-2017-3881
added 2022-03-25
Cisco IOS and IOS XE Remote Code Execution Vulnerability
Cisco IOS and IOS XE
CVE-2017-12617
added 2022-03-25
Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat
CVE-2017-12615
added 2022-03-25
RANSOMWARE
Apache Tomcat on Windows Remote Code Execution Vulnerability
Apache Tomcat
CVE-2017-0146
added 2022-03-25
RANSOMWARE
Microsoft Windows SMB Remote Code Execution Vulnerability
Microsoft Windows
CVE-2016-7892
added 2022-03-25
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player
CVE-2016-4171
added 2022-03-25
Adobe Flash Player Remote Code Execution Vulnerability
Adobe Flash Player
CVE-2016-1555
added 2022-03-25
NETGEAR Multiple WAP Devices Command Injection Vulnerability
NETGEAR Wireless Access Point (WAP) Devices
CVE-2016-11021
added 2022-03-25
D-Link DCS-930L Devices OS Command Injection Vulnerability
D-Link DCS-930L Devices
CVE-2016-10174
added 2022-03-25
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
NETGEAR WNR2000v5 Router
CVE-2016-0752
added 2022-03-25
Ruby on Rails Directory Traversal Vulnerability
Rails Ruby on Rails
CVE-2015-4068
added 2022-03-25
Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability
Arcserve Unified Data Protection (UDP)
CVE-2015-3035
added 2022-03-25
TP-Link Multiple Archer Devices Directory Traversal Vulnerability
TP-Link Multiple Archer Devices
CVE-2015-1427
added 2022-03-25
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
Elastic Elasticsearch
CVE-2015-1187
added 2022-03-25
D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
D-Link and TRENDnet Multiple Devices