KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

353

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2023-3460	9.8 Critical	Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation Remote Low complexity No user interaction	Unknown	Ultimate Member	almost 3 years ago
CVE-2021-25395	6.4 Medium	A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is... No user interaction	Samsung Mobile	Samsung Mobile Devices	almost 3 years ago
CVE-2021-25371	6.1 Medium	A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. No user interaction	Samsung Mobile	Samsung Mobile Devices	almost 3 years ago
CVE-2021-25372	6.1 Medium	An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. No user interaction	Samsung Mobile	Samsung Mobile Devices	almost 3 years ago
CVE-2021-25487	7.3 High	Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in... Low complexity No user interaction	Samsung Mobile	Samsung Mobile Devices	almost 3 years ago
CVE-2021-25394	6.4 Medium	A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio... No user interaction	Samsung Mobile	Samsung Mobile Devices	almost 3 years ago
CVE-2021-25489	3.3 Low	Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string... Low complexity No user interaction	Samsung Mobile	Samsung Mobile Devices	almost 3 years ago
CVE-2019-17621	9.8 Critical	The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute... Remote Low complexity No user interaction	D-Link	DIR-859 Wi-Fi router	almost 3 years ago
CVE-2019-20500	7.8 High	D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the... Low complexity No user interaction	D-Link	DWL-2600AP	almost 3 years ago
CVE-2023-27992	9.8 Critical	The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware... Remote Low complexity No user interaction	Zyxel	NAS326 firmware, NAS540 firmware, NAS542 firmware	almost 3 years ago
CVE-2023-32434	7.8 High	An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS... Low complexity	Apple	macOS, iOS and iPadOS, watchOS	almost 3 years ago
CVE-2023-32435	8.8 High	A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS... Remote Low complexity	Apple	macOS, iOS and iPadOS, Safari	almost 3 years ago
CVE-2023-20867	3.9 Low	VMware Tools Authentication Bypass Vulnerability No user interaction	VMware	VMware Tools	almost 3 years ago
CVE-2023-32439	8.8 High	A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS... Remote Low complexity	Apple	iOS and iPadOS, Safari, macOS	almost 3 years ago
CVE-2016-0165	7.8 High	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and... Low complexity	Microsoft	Windows	almost 3 years ago
CVE-2023-20887	9.8 Critical	Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for... Remote Low complexity No user interaction	VMware	Aria Operations for Networks (Formerly vRealize Network Insight)	almost 3 years ago
CVE-2020-35730	6.1 Medium	An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text... Remote Low complexity	Roundcube	Webmail	almost 3 years ago
CVE-2020-12641	9.8 Critical	rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting... Remote Low complexity No user interaction	Roundcube	Webmail	almost 3 years ago
CVE-2021-44026	9.8 Critical	Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. Remote Low complexity No user interaction	Roundcube	Roundcube Webmail	almost 3 years ago
CVE-2016-9079	7.5 High	A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild... Remote Low complexity No user interaction	Mozilla	Firefox, Firefox ESR, Thunderbird	almost 3 years ago
CVE-2023-27997	9.2 Critical	A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below,... Malware Remote Low complexity No user interaction	Fortinet	FortiOS-6K7K, FortiProxy, FortiOS	almost 3 years ago
CVE-2023-35042	9.8 Critical	GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData... Remote Low complexity No user interaction	GeoServer	GeoServer	almost 3 years ago
CVE-2023-3079	8.8 High	Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Remote Low complexity	Google	Chrome	almost 3 years ago
CVE-2023-33009	9.8 Critical	A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series... Remote Low complexity No user interaction	Zyxel	ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware	almost 3 years ago
CVE-2023-33010	9.8 Critical	A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series... Remote Low complexity No user interaction	Zyxel	ATP series firmware, USG FLEX series firmware, USG FLEX 50(W) firmware, USG20(W)-VPN firmware, VPN series firmware, ZyWALL/USG series firmware	almost 3 years ago

Displaying vulnerabilities 1351 - 1375 of 2501 in total