KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

353

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2023-4211	5.5 Medium	Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations Low complexity No user interaction	Arm Ltd	Midgard GPU Kernel Driver, Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver, Arm 5th Gen GPU Architecture Kernel Driver	over 2 years ago
CVE-2023-5217	8.8 High	Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially... Remote Low complexity	Google	Chrome, libvpx	over 2 years ago
CVE-2018-14667	9.8 Critical	The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote,... Remote Low complexity No user interaction	[UNKNOWN]	RichFaces	over 2 years ago
CVE-2023-41991	5.5 Medium	A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to... Low complexity	Apple	iOS and iPadOS, macOS	over 2 years ago
CVE-2023-41993	8.8 High	The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution.... Remote Low complexity	Apple	macOS	over 2 years ago
CVE-2023-41992	7.8 High	The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local... Low complexity No user interaction	Apple	macOS, iOS and iPadOS	over 2 years ago
CVE-2023-41179	7.2 High	A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and... Remote Low complexity No user interaction	Trend Micro, Inc.	Trend Micro Apex One, Trend Micro Worry-Free Business Security, Trend Micro Worry-Free Business Security Services	over 2 years ago
CVE-2023-28434	8.8 High	MinIO is vulnerable to privilege escalation on Linux/MacOS Remote Low complexity No user interaction	minio	minio	over 2 years ago
CVE-2022-22265	5.0 Medium	An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code...	Samsung Mobile	Samsung Mobile Devices	over 2 years ago
CVE-2017-6884	8.8 High	A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in... Malware Remote Low complexity No user interaction	Zyxel	EMG2926	over 2 years ago
CVE-2014-8361	9.8 Critical	The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in... Remote Low complexity No user interaction	Realtek	SDK	over 2 years ago
CVE-2021-3129	9.8 Critical	Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure... Malware Remote Low complexity No user interaction	Facade	Ignition	over 2 years ago
CVE-2023-26369	7.8 High	[Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild Low complexity	Adobe	Acrobat Reader	over 2 years ago
CVE-2023-35674	7.8 High	In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local... Low complexity No user interaction	Google	Android	over 2 years ago
CVE-2023-20269	5.0 Medium	A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)... Malware Remote Low complexity No user interaction	Cisco	Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software	over 2 years ago
CVE-2023-4863	8.8 High	Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds... Remote Low complexity	Google	Chrome, libwebp	over 2 years ago
CVE-2023-36802	7.8 High	Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2	over 2 years ago
CVE-2023-36761	6.5 Medium	Microsoft Word Information Disclosure Vulnerability Remote Low complexity	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Word 2016, Microsoft Word 2013 Service Pack 1	over 2 years ago
CVE-2023-41061	7.8 High	A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted... Low complexity	Apple	iOS and iPadOS, watchOS	over 2 years ago
CVE-2023-41064	7.8 High	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9,... Low complexity	Apple	macOS, iOS and iPadOS	over 2 years ago
CVE-2023-33246	9.8 Critical	Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function Remote Low complexity No user interaction	Apache Software Foundation	Apache RocketMQ	over 2 years ago
CVE-2023-32315	8.6 High	Openfire administration console authentication bypass Remote Low complexity No user interaction	igniterealtime	Openfire	almost 3 years ago
CVE-2023-38831	7.8 High	RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue... Malware Low complexity	RARLAB	WinRAR	almost 3 years ago
CVE-2023-38035	9.8 Critical	A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass... Malware Remote Low complexity No user interaction	Ivanti	MobileIron Sentry	almost 3 years ago
CVE-2023-27532	7.5 High	Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This... Malware Remote Low complexity No user interaction	Veeam	Veeam Backup & Replication	almost 3 years ago

Displaying vulnerabilities 1301 - 1325 of 2501 in total