KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

353

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2023-26359	9.8 Critical	Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution Remote Low complexity No user interaction	Adobe	ColdFusion	almost 3 years ago
CVE-2023-40711	7.5 High	Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to... Remote Low complexity No user interaction	Veilid	Veilid	almost 3 years ago
CVE-2023-24489	9.8 Critical	A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated... Remote Low complexity No user interaction	Citrix	Citrix ShareFile Storage Zones Controller	almost 3 years ago
CVE-2023-39910	7.5 High	The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an... Remote Low complexity No user interaction	Libbitcoin	Libbitcoin Explorer	almost 3 years ago
CVE-2023-38180	7.5 High	.NET and Visual Studio Denial of Service Vulnerability Remote Low complexity No user interaction	Microsoft	ASP.NET Core 2.1, .NET 6.0, .NET 7.0, Microsoft Visual Studio 2022 version 17.2, Microsoft Visual Studio 2022 version 17.4, Microsoft Visual Studio 2022 version 17.6	almost 3 years ago
CVE-2017-18368	9.8 Critical	The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the... Remote Low complexity No user interaction	ZyXEL	P660HN-T1A v1 TCLinux Fw	almost 3 years ago
CVE-2023-3162	9.8 Critical	The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This... Remote Low complexity No user interaction	webtoffee	Stripe Payment Plugin for WooCommerce	almost 3 years ago
CVE-2023-35081	7.2 High	A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an... Remote Low complexity No user interaction	Ivanti	EPMM	almost 3 years ago
CVE-2023-37580	6.1 Medium	Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Remote Low complexity	Zimbra	Zimbra Collaboration	almost 3 years ago
CVE-2023-38606	5.5 Medium	This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and... Low complexity	Apple	tvOS, iOS and iPadOS, macOS, watchOS	almost 3 years ago
CVE-2023-35078	10.0 Critical	An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application... Malware Remote Low complexity No user interaction	Ivanti	Endpoint Manager Mobile	almost 3 years ago
CVE-2023-38205	7.5 High	ColdFusion Bypass - Vulnerability disclosure in ColdFusion \| BYPASS CVE-2023-29298 Remote Low complexity No user interaction	Adobe	ColdFusion	almost 3 years ago
CVE-2023-29298	7.5 High	Adobe ColdFusion Improper Access Control Security feature bypass Remote Low complexity No user interaction	Adobe	ColdFusion	almost 3 years ago
CVE-2023-3519	9.8 Critical	Unauthenticated remote code execution Malware Remote Low complexity No user interaction	Citrix	NetScaler ADC, NetScaler Gateway	almost 3 years ago
CVE-2023-28121	9.8 Critical	An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of... Remote Low complexity No user interaction	WooCommerce	WooCommerce Payments	almost 3 years ago
CVE-2023-36884	7.5 High	Windows Search Remote Code Execution Vulnerability Malware Remote	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 3 years ago
CVE-2023-37450	8.8 High	The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5,... Remote Low complexity	Apple	Safari, tvOS, iOS and iPadOS, macOS, watchOS	almost 3 years ago
CVE-2022-29303	9.8 Critical	SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. Remote Low complexity No user interaction	SolarView	Compact	almost 3 years ago
CVE-2023-38198	9.8 Critical	acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. Remote Low complexity No user interaction	acmesh-official	acme.sh	almost 3 years ago
CVE-2023-32049	8.8 High	Windows SmartScreen Security Feature Bypass Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	almost 3 years ago
CVE-2023-32046	7.8 High	Windows MSHTML Platform Elevation of Privilege Vulnerability Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 3 years ago
CVE-2023-35311	8.8 High	Microsoft Outlook Security Feature Bypass Vulnerability Remote Low complexity	Microsoft	Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2019, Microsoft Outlook 2016, Microsoft Outlook 2013, Microsoft Outlook 2013 Service Pack 1	almost 3 years ago
CVE-2023-36874	7.8 High	Windows Error Reporting Service Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 3 years ago
CVE-2022-31199	9.8 Critical	Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor... Malware Remote Low complexity No user interaction	Netwrix	Auditor	almost 3 years ago
CVE-2021-29256	8.8 High	. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege... Remote Low complexity No user interaction	Arm	Mali GPU kernel driver	almost 3 years ago

Displaying vulnerabilities 1326 - 1350 of 2501 in total