KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

1.1%

actively
exploited

Focus on what’s exploited

Out of 349,964 known CVEs, only 1.1% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

3,824

Total Known exploited

280

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2017-5689	9.8 Critical	An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and... Remote Low complexity No user interaction	Intel Corporation	Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability	over 4 years ago
CVE-2020-0787	7.8 High	An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links,... Malware Low complexity	Microsoft	Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	over 4 years ago
CVE-2020-5722	9.8 Critical	The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker... Remote Low complexity No user interaction	Grandstream	Grandstream UCM6200 Series	over 4 years ago
CVE-2022-22587	9.8 Critical	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3,... Remote Low complexity No user interaction	Apple	iOS and iPadOS, macOS	over 4 years ago
CVE-2020-0787	7.8 High	An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links,... Malware Low complexity	Microsoft	Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	over 4 years ago
CVE-2017-5689	9.8 Critical	An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and... Remote Low complexity No user interaction	Intel Corporation	Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability	over 4 years ago
CVE-2014-1776	9.8 Critical	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of... Remote Low complexity No user interaction	Microsoft	Internet Explorer	over 4 years ago
CVE-2014-6271	9.8 Critical	GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to... Remote Low complexity No user interaction	GNU	Bash	over 4 years ago
CVE-2018-8453	7.8 High	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k... Malware Low complexity	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	over 4 years ago
CVE-2012-0391	9.8 Critical	The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling... Remote Low complexity No user interaction	Apache	Struts	over 4 years ago
CVE-2006-1547	7.5 High	ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a... Remote Low complexity No user interaction	Apache Software Foundation	Struts	over 4 years ago
CVE-2021-35247	4.3 Medium	Improper Input Validation Vulnerability in Serv-U Remote Low complexity	SolarWinds	Serv-U	over 4 years ago
CVE-2006-1547	7.5 High	ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a... Remote Low complexity No user interaction	Apache Software Foundation	Struts	over 4 years ago
CVE-2012-0391	9.8 Critical	The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling... Remote Low complexity No user interaction	Apache	Struts	over 4 years ago
CVE-2018-8453	7.8 High	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k... Malware Low complexity	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	over 4 years ago
CVE-2021-35247	4.3 Medium	Improper Input Validation Vulnerability in Serv-U Remote Low complexity	SolarWinds	Serv-U	over 4 years ago
CVE-2020-11978	8.8 High	An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example... Remote Low complexity No user interaction	Apache Software Foundation	Apache Airflow	over 4 years ago
CVE-2020-13927	9.8 Critical	The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to... Remote Low complexity No user interaction	Apache	Apache Airflow	over 4 years ago
CVE-2020-11978	8.8 High	An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example... Remote Low complexity No user interaction	Apache Software Foundation	Apache Airflow	over 4 years ago
CVE-2020-13671	8.8 High	Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension... Remote Low complexity No user interaction	Drupal	Drupal Core	over 4 years ago
CVE-2020-14864	7.5 High	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported... Remote Low complexity No user interaction	Oracle Corporation	Business Intelligence Enterprise Edition	over 4 years ago
CVE-2021-22991	9.8 Critical	On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3,... Remote Low complexity No user interaction	F5	BIG-IP	over 4 years ago
CVE-2021-21315	7.1 High	Command Injection Vulnerability Low complexity No user interaction	sebhildebrandt	systeminformation	over 4 years ago
CVE-2021-21975	7.5 High	Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the... Malware Remote Low complexity No user interaction	VMware	VMware vRealize Operations	over 4 years ago
CVE-2021-33766	7.3 High	Microsoft Exchange Server Information Disclosure Vulnerability Remote Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8	over 4 years ago

Displaying vulnerabilities 2976 - 3000 of 3824 in total