0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,131 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,501
Total Known exploited
353
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2024-21893 | 8.2 High |
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2022-48618 | 7.0 High |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An...
No user interaction
|
| CVE-2023-22527 | 10.0 Critical |
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2024-23222 | 8.8 High |
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS...
Remote
Low complexity
|
| CVE-2023-34048 | 9.8 Critical |
VMware vCenter Server Out-of-Bounds Write Vulnerability
Remote
Low complexity
No user interaction
|
| CVE-2023-35082 | 10.0 Critical |
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2023-6548 | 5.5 Medium |
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to...
Low complexity
No user interaction
|
| CVE-2023-6549 | 8.2 High |
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of...
Remote
Low complexity
No user interaction
|
| CVE-2024-0519 | 8.8 High |
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a...
Remote
Low complexity
|
| CVE-2018-15133 | 8.1 High |
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially...
Remote
No user interaction
|
| CVE-2023-29357 | 9.8 Critical |
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Malware
Remote
Low complexity
No user interaction
|
| CVE-2024-21887 | 9.1 Critical |
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2023-46805 | 8.2 High |
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2023-23752 | 5.3 Medium |
[20230201] - Core - Improper access check in webservice endpoints
Remote
Low complexity
No user interaction
|
| CVE-2023-38203 | 9.8 Critical |
Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE
Malware
Remote
Low complexity
No user interaction
|
| CVE-2023-29300 | 9.8 Critical |
Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution
Malware
Remote
Low complexity
No user interaction
|
| CVE-2023-27524 | 8.9 High |
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
Remote
No user interaction
|
| CVE-2023-41990 | 7.8 High |
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS...
Low complexity
|
| CVE-2016-20017 | 9.8 Critical |
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in...
Remote
Low complexity
No user interaction
|
| CVE-2023-7101 | 7.8 High |
Arbitrary Code Execution (ACE) Vulnerability
Low complexity
|
| CVE-2023-7024 | 8.8 High |
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a...
Remote
Low complexity
|
| CVE-2023-47565 | 8.0 High |
Legacy VioStor NVR
Low complexity
No user interaction
|
| CVE-2023-49897 | 8.8 High |
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this...
Remote
Low complexity
No user interaction
|
| CVE-2023-6448 | 9.8 Critical |
Unitronics VisiLogic uses a default administrative password
Remote
Low complexity
No user interaction
|
| CVE-2023-50428 | 5.3 Medium |
In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code...
Remote
Low complexity
No user interaction
|
Displaying vulnerabilities 1226 - 1250 of 2501 in total