CVE Database — Known Exploited Vulnerabilities & EPSS
CVEs enriched with CISA Known Exploited Vulnerabilities (KEV) status, EPSS exploit-prediction scores, and CVSS — sorted exploited-first, each page connecting the vulnerability to its detection rules, exploiting malware, threat actors, and related briefings.
Most exploited CVEs
- CVE-2023-23752 — Joomla! Improper Access Control Vulnerability. Joomla! contains an improper access control KEV · EPSS 95%
- CVE-2018-7600 — Drupal Core Remote Code Execution Vulnerability. Drupal Core contains a remote code execut KEV · EPSS 94%
- CVE-2018-1000861 — Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability. A code exec KEV · EPSS 94%
- CVE-2021-22986 — F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerabil KEV · EPSS 94%
- CVE-2017-1000353 — Jenkins Remote Code Execution Vulnerability. Jenkins contains a remote code execution vuln KEV · EPSS 94%
- CVE-2018-13379 — Fortinet FortiOS SSL VPN Path Traversal Vulnerability. Fortinet FortiOS SSL VPN web portal KEV · EPSS 94%
- CVE-2019-3396 — Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability. KEV · EPSS 94%
- CVE-2019-17558 — Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability. The Apache KEV · EPSS 94%
- CVE-2020-1938 — Apache Tomcat Improper Privilege Management Vulnerability. Apache Tomcat treats Apache JSe KEV · EPSS 94%
- CVE-2022-46169 — Cacti Command Injection Vulnerability. Cacti contains a command injection vulnerability th KEV · EPSS 94%
- CVE-2019-2725 — Oracle WebLogic Server, Injection. Injection vulnerability in the Oracle WebLogic Server c KEV · EPSS 94%
- CVE-2024-6670 — Progress WhatsUp Gold SQL Injection Vulnerability. Progress WhatsUp Gold contains a SQL in KEV · EPSS 94%
- CVE-2021-22205 — GitLab Community and Enterprise Editions Remote Code Execution Vulnerability. GitHub Commu KEV · EPSS 94%
- CVE-2024-23897 — Jenkins Command Line Interface (CLI) Path Traversal Vulnerability. Jenkins Command Line In KEV · EPSS 94%
- CVE-2014-0160 — OpenSSL Information Disclosure Vulnerability. The TLS and DTLS implementations in OpenSSL KEV · EPSS 94%
- CVE-2019-11510 — Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability. Ivanti Pulse Connect Secure KEV · EPSS 94%
- CVE-2022-22963 — VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability. When using routing KEV · EPSS 94%
- CVE-2021-44529 — Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability . I KEV · EPSS 94%
- CVE-2022-22947 — VMware Spring Cloud Gateway Code Injection Vulnerability. Spring Cloud Gateway application KEV · EPSS 94%
- CVE-2019-15107 — Webmin Command Injection Vulnerability. An issue was discovered in Webmin. The parameter o KEV · EPSS 94%
- CVE-2022-44877 — CWP Control Web Panel OS Command Injection Vulnerability. CWP Control Web Panel (formerly KEV · EPSS 94%
- CVE-2022-1388 — F5 BIG-IP Missing Authentication Vulnerability. F5 BIG-IP contains a missing authenticatio KEV · EPSS 94%
- CVE-2019-0708 — Microsoft Remote Desktop Services Remote Code Execution Vulnerability. Microsoft Remote De KEV · EPSS 94%
- CVE-2020-14882 — Oracle WebLogic Server Remote Code Execution Vulnerability. Oracle WebLogic Server contain KEV · EPSS 94%
- CVE-2021-22005 — VMware vCenter Server File Upload Vulnerability. VMware vCenter Server contains a file upl KEV · EPSS 94%
- CVE-2022-30525 — Zyxel Multiple Firewalls OS Command Injection Vulnerability. A command injection vulnerabi KEV · EPSS 94%
- CVE-2022-22954 — VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerabil KEV · EPSS 94%
- CVE-2019-19781 — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability. Citrix ADC, KEV · EPSS 94%
- CVE-2023-32315 — Ignite Realtime Openfire Path Traversal Vulnerability. Ignite Realtime Openfire contains a KEV · EPSS 94%
- CVE-2021-26084 — Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Inject KEV · EPSS 94%
- CVE-2017-10271 — Oracle Corporation WebLogic Server Remote Code Execution Vulnerability. Oracle Corporation KEV · EPSS 94%
- CVE-2020-14883 — Oracle WebLogic Server Unspecified Vulnerability. Oracle WebLogic Server contains an unspe KEV · EPSS 94%
- CVE-2022-1040 — Sophos Firewall Authentication Bypass Vulnerability. An authentication bypass vulnerabilit KEV · EPSS 94%
- CVE-2022-24112 — Apache APISIX Authentication Bypass Vulnerability. Apache APISIX contains an authenticatio KEV · EPSS 94%
- CVE-2020-14750 — Oracle WebLogic Server Remote Code Execution Vulnerability. Oracle WebLogic Server contain KEV · EPSS 94%
- CVE-2021-43798 — Grafana Path Traversal Vulnerability. Grafana contains a path traversal vulnerability that KEV · EPSS 94%
- CVE-2023-35078 — Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability. Ivanti Endpoint Manage KEV · EPSS 94%
- CVE-2021-36260 — Hikvision Improper Input Validation. A command injection vulnerability in the web server o KEV · EPSS 94%
- CVE-2023-40044 — Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability. Progress WS_FTP Se KEV · EPSS 94%
- CVE-2023-46604 — Apache ActiveMQ Deserialization of Untrusted Data Vulnerability. Apache ActiveMQ contains KEV · EPSS 94%
- CVE-2023-46747 — F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability. F5 BIG-IP Configurati KEV · EPSS 94%
- CVE-2024-7593 — Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability. Ivanti Virtual Traffic KEV · EPSS 94%
- CVE-2022-29464 — WSO2 Multiple Products Unrestrictive Upload of File Vulnerability. Multiple WSO2 products KEV · EPSS 94%
- CVE-2021-40438 — Apache HTTP Server-Side Request Forgery (SSRF). A crafted request uri-path can cause mod_p KEV · EPSS 94%
- CVE-2018-11776 — Apache Struts Remote Code Execution Vulnerability. Apache Struts contains a vulnerability KEV · EPSS 94%
- CVE-2019-16759 — vBulletin PHP Module Remote Code Execution Vulnerability. The PHP module within vBulletin KEV · EPSS 94%
- CVE-2019-7609 — Kibana Arbitrary Code Execution. Kibana contain an arbitrary code execution flaw in the Ti KEV · EPSS 94%
- CVE-2020-3452 — Cisco ASA and FTD Read-Only Path Traversal Vulnerability. Cisco Adaptive Security Applianc KEV · EPSS 94%
- CVE-2022-22965 — Spring Framework JDK 9+ Remote Code Execution Vulnerability. Spring MVC or Spring WebFlux KEV · EPSS 94%
- CVE-2022-40684 — Fortinet Multiple Products Authentication Bypass Vulnerability. Fortinet FortiOS, FortiPro KEV · EPSS 94%
- CVE-2020-5902 — F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability. F5 KEV · EPSS 94%
- CVE-2024-4040 — CrushFTP VFS Sandbox Escape Vulnerability. CrushFTP contains an unspecified sandbox escape KEV · EPSS 94%
- CVE-2024-36401 — OSGeo GeoServer GeoTools Eval Injection Vulnerability. OSGeo GeoServer GeoTools contains a KEV · EPSS 94%
- CVE-2024-3273 — D-Link Multiple NAS Devices Command Injection Vulnerability. D-Link DNS-320L, DNS-325, DNS KEV · EPSS 94%
- CVE-2020-0796 — Microsoft SMBv3 Remote Code Execution Vulnerability. A remote code execution vulnerability KEV · EPSS 94%
- CVE-2018-2628 — Oracle WebLogic Server Unspecified Vulnerability. Oracle WebLogic Server contains an unspe KEV · EPSS 94%
- CVE-2021-21975 — VMware Server Side Request Forgery in vRealize Operations Manager API. Server Side Request KEV · EPSS 94%
- CVE-2023-38035 — Ivanti Sentry Authentication Bypass Vulnerability. Ivanti Sentry, formerly known as Mobile KEV · EPSS 94%
- CVE-2016-10033 — PHPMailer Command Injection Vulnerability. PHPMailer contains a command injection vulnerab KEV · EPSS 94%
- CVE-2019-0604 — Microsoft SharePoint Remote Code Execution Vulnerability. Microsoft SharePoint fails to ch KEV · EPSS 94%
- CVE-2023-43208 — NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability. NextGen KEV · EPSS 94%
- CVE-2021-40539 — Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability. Zoho ManageEngin KEV · EPSS 94%
- CVE-2017-3506 — Oracle WebLogic Server OS Command Injection Vulnerability. Oracle WebLogic Server, a produ KEV · EPSS 94%
- CVE-2020-2551 — Oracle Fusion Middleware Unspecified Vulnerability. Oracle Fusion Middleware contains an u KEV · EPSS 94%
- CVE-2020-7961 — Liferay Portal Deserialization of Untrusted Data Vulnerability. Liferay Portal contains a KEV · EPSS 94%
- CVE-2021-21985 — VMware vCenter Server Improper Input Validation Vulnerability. VMware vSphere Client conta KEV · EPSS 94%
- CVE-2024-21887 — Ivanti Connect Secure and Policy Secure Command Injection Vulnerability. Ivanti Connect Se KEV · EPSS 94%
- CVE-2017-7269 — Microsoft Windows Server Buffer Overflow Vulnerability. Microsoft Windows Server 2003 R2 c KEV · EPSS 94%
- CVE-2020-25213 — WordPress File Manager Plugin Remote Code Execution Vulnerability. WordPress File Manager KEV · EPSS 94%
- CVE-2019-6340 — Drupal Core Remote Code Execution Vulnerability. In Drupal Core, some field types do not p KEV · EPSS 94%
- CVE-2021-42013 — Apache HTTP Server Path Traversal Vulnerability. Apache HTTP Server contains a path traver KEV · EPSS 94%
- CVE-2022-26134 — Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability. Atlassian KEV · EPSS 94%
- CVE-2018-0296 — Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability. Cisco Adaptive Se KEV · EPSS 94%
- CVE-2022-24990 — TerraMaster OS Remote Command Execution Vulnerability. TerraMaster OS contains a remote co KEV · EPSS 94%
- CVE-2019-7256 — Nice Linear eMerge E3-Series OS Command Injection Vulnerability. Nice Linear eMerge E3-Ser KEV · EPSS 94%
- CVE-2023-35082 — Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerabil KEV · EPSS 94%
- CVE-2021-20090 — Arcadyan Buffalo Firmware Path Traversal Vulnerability. Arcadyan Buffalo firmware contains KEV · EPSS 94%
- CVE-2019-9670 — Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Refer KEV · EPSS 94%
- CVE-2022-36804 — Atlassian Bitbucket Server and Data Center Command Injection Vulnerability. Multiple API e KEV · EPSS 94%
- CVE-2022-0543 — Debian-specific Redis Server Lua Sandbox Escape Vulnerability. Redis is prone to a (Debian KEV · EPSS 94%
- CVE-2022-21587 — Oracle E-Business Suite Unspecified Vulnerability. Oracle E-Business Suite contains an uns KEV · EPSS 94%
- CVE-2024-28995 — SolarWinds Serv-U Path Traversal Vulnerability . SolarWinds Serv-U contains a path travers KEV · EPSS 94%
- CVE-2020-6287 — SAP NetWeaver Missing Authentication for Critical Function Vulnerability. SAP NetWeaver Ap KEV · EPSS 94%
- CVE-2022-35914 — Teclib GLPI Remote Code Execution Vulnerability. Teclib GLPI contains a remote code execut KEV · EPSS 94%
- CVE-2020-8193 — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability. Citrix KEV · EPSS 94%
- CVE-2023-44487 — HTTP/2 Rapid Reset Attack Vulnerability. HTTP/2 contains a rapid reset vulnerability that KEV · EPSS 94%
- CVE-2018-15961 — Adobe ColdFusion Unrestricted File Upload Vulnerability. Adobe ColdFusion contains an unre KEV · EPSS 94%
- CVE-2019-16278 — Nostromo nhttpd Directory Traversal Vulnerability. Nostromo nhttpd contains a directory tr KEV · EPSS 94%
- CVE-2021-38647 — Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. Micros KEV · EPSS 94%
- CVE-2021-41773 — Apache HTTP Server Path Traversal Vulnerability. Apache HTTP Server contains a path traver KEV · EPSS 94%
- CVE-2023-24489 — Citrix Content Collaboration ShareFile Improper Access Control Vulnerability. Citrix Conte KEV · EPSS 94%
- CVE-2020-15505 — Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability. Ivanti MobileIron KEV · EPSS 94%
- CVE-2023-33246 — Apache RocketMQ Command Execution Vulnerability. Several components of Apache RocketMQ, in KEV · EPSS 94%
- CVE-2020-16846 — SaltStack Salt Shell Injection Vulnerability. SaltStack Salt allows an unauthenticated use KEV · EPSS 94%
- CVE-2021-35464 — ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability. ForgeRoc KEV · EPSS 94%
- CVE-2019-1653 — Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability. Cisco S KEV · EPSS 94%
- CVE-2019-11580 — Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability. Atlassian Crowd KEV · EPSS 94%
- CVE-2022-24706 — Apache CouchDB Insecure Default Initialization of Resource Vulnerability. Apache CouchDB c KEV · EPSS 94%
- CVE-2018-7602 — Drupal Core Remote Code Execution Vulnerability. A remote code execution vulnerability exi KEV · EPSS 94%
- CVE-2020-0688 — Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability. Microsoft Ex KEV · EPSS 94%