KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

353

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2023-36845	9.8 Critical	Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable Remote Low complexity No user interaction	Juniper Networks	Junos OS	over 2 years ago
CVE-2023-36847	5.3 Medium	Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files Remote Low complexity No user interaction	Juniper Networks	Junos OS	over 2 years ago
CVE-2023-36851	5.3 Medium	Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files Remote Low complexity No user interaction	Juniper Networks	Junos OS	over 2 years ago
CVE-2023-29552	7.5 High	The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the... Remote Low complexity No user interaction	VMware	Service Location Protocol (SLP)	over 2 years ago
CVE-2023-22518	9.8 Critical	All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows... Malware Remote Low complexity No user interaction	Atlassian	Confluence Data Center, Confluence Server	over 2 years ago
CVE-2023-46604	10.0 Critical	Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack Malware Remote Low complexity No user interaction	Apache Software Foundation	Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module	over 2 years ago
CVE-2023-46747	9.8 Critical	BIG-IP Configuration utility unauthenticated remote code execution vulnerability Malware Remote Low complexity No user interaction	F5	BIG-IP	over 2 years ago
CVE-2023-46748	8.8 High	BIG-IP Configuration utility authenticated SQL injection vulnerability Remote Low complexity No user interaction	F5	BIG-IP	over 2 years ago
CVE-2023-31418	7.5 High	Elasticsearch uncontrolled resource consumption Remote Low complexity No user interaction	Elastic	Elasticsearch	over 2 years ago
CVE-2023-5631	6.1 Medium	Stored XSS vulnerability in Roundcube Remote Low complexity	Roundcube	Roundcubemail	over 2 years ago
CVE-2023-20273	7.2 High	A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges... Remote Low complexity No user interaction	Cisco	Cisco IOS XE Software	over 2 years ago
CVE-2023-4966	9.4 Critical	Unauthenticated sensitive information disclosure Malware Remote Low complexity No user interaction	Citrix	NetScaler ADC, NetScaler Gateway	over 2 years ago
CVE-2023-20198	10.0 Critical	Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are... Remote Low complexity No user interaction	Cisco	Cisco IOS XE Software	over 2 years ago
CVE-2023-5360	9.8 Critical	Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload Remote Low complexity No user interaction	Unknown	Royal Elementor Addons and Templates	over 2 years ago
CVE-2023-30801	9.8 Critical	qBittorrent Web UI Default Credentials Lead to RCE Remote Low complexity No user interaction	qBittorrent	qBittorrent client	over 2 years ago
CVE-2023-44487	7.5 High	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as... Remote Low complexity No user interaction	Google	Cloud Platform	over 2 years ago
CVE-2023-21608	7.8 High	Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability Low complexity	Adobe	Acrobat Reader	over 2 years ago
CVE-2023-41763	5.3 Medium	Skype for Business Elevation of Privilege Vulnerability Remote Low complexity No user interaction	Microsoft	Skype for Business Server 2015 CU13, Skype for Business Server 2019 CU7	over 2 years ago
CVE-2023-36563	6.5 Medium	Microsoft WordPad Information Disclosure Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 2 years ago
CVE-2023-20109	6.6 Medium	A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an... Remote No user interaction	Cisco	IOS, Cisco IOS XE Software	over 2 years ago
CVE-2023-42824	7.8 High	The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their... Low complexity No user interaction	Apple	iOS and iPadOS	over 2 years ago
CVE-2023-22515	9.8 Critical	Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown... Malware Remote Low complexity No user interaction	Atlassian	Confluence Data Center, Confluence Server	over 2 years ago
CVE-2023-40044	10.0 Critical	WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability Malware Remote Low complexity No user interaction	Progress Software Corporation	WS_FTP Server	over 2 years ago
CVE-2023-42793	9.8 Critical	In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible Malware Remote Low complexity No user interaction	JetBrains	TeamCity	over 2 years ago
CVE-2023-28229	7.0 High	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 2 years ago

Displaying vulnerabilities 1276 - 1300 of 2501 in total