KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2023-34362	9.8 Critical	In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL... Malware Remote Low complexity No user interaction	Progress	MOVEit Transfer	about 3 years ago
CVE-2023-27639	7.5 High	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the... Remote Low complexity No user interaction	PrestaShop	Custom Product Designer	about 3 years ago
CVE-2023-27640	7.5 High	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the... Remote Low complexity No user interaction	PrestaShop	Custom Product Designer	about 3 years ago
CVE-2023-28771	9.8 Critical	Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG... Remote Low complexity No user interaction	Zyxel	ZyWALL/USG series firmware, VPN series firmware, USG FLEX series firmware, ATP series firmware	about 3 years ago
CVE-2023-2868	9.4 Critical	Remote Code injection in Barracuda Email Security Gateway Remote Low complexity No user interaction	Barracuda	Barracuda Email Security Gateway	about 3 years ago
CVE-2023-28204	6.5 Medium	An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6... Remote Low complexity	Apple	macOS, Safari, watchOS, iOS and iPadOS, tvOS	about 3 years ago
CVE-2023-32409	8.6 High	The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS... Remote Low complexity No user interaction	Apple	macOS, Safari, watchOS, iOS and iPadOS, tvOS	about 3 years ago
CVE-2023-32373	8.8 High	A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6... Remote Low complexity	Apple	macOS, Safari, watchOS, iOS and iPadOS, tvOS	about 3 years ago
CVE-2023-33297	7.5 High	Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the... Remote Low complexity No user interaction	Bitcoin	Bitcoin Core	about 3 years ago
CVE-2004-1464	5.9 Medium	Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP... Remote No user interaction	Cisco	IOS	about 3 years ago
CVE-2016-6415	7.5 High	The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x,... Remote Low complexity No user interaction	Cisco	IOS, IOS XE, IOS XR, PIX	about 3 years ago
CVE-2023-21492	4.4 Medium	Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. Low complexity No user interaction	Samsung Mobile	Samsung Mobile Devices	about 3 years ago
CVE-2023-32243	9.8 Critical	WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation Remote Low complexity No user interaction	WPDeveloper	Essential Addons for Elementor	about 3 years ago
CVE-2023-25717	9.8 Critical	Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a... Remote Low complexity No user interaction	Ruckus Wireless	Admin	about 3 years ago
CVE-2016-3427	9.8 Critical	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect... Remote Low complexity No user interaction	Oracle	Java SE	about 3 years ago
CVE-2016-8735	9.8 Critical	Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before... Remote Low complexity No user interaction	Apache Software Foundation	Apache Tomcat	about 3 years ago
CVE-2014-0196	5.5 Medium	The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO &... Low complexity No user interaction	Linux	kernel	about 3 years ago
CVE-2021-3560	7.8 High	It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the... Low complexity No user interaction	Linux	polkit	about 3 years ago
CVE-2015-5317	7.5 High	The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name... Remote Low complexity No user interaction	Jenkins	Jenkins	about 3 years ago
CVE-2010-3904	7.8 High	The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36... Low complexity No user interaction	Linux	Linux Kernel	about 3 years ago
CVE-2023-24932	6.7 Medium	Secure Boot Security Feature Bypass Vulnerability Low complexity No user interaction	Microsoft	Windows Server 2025 (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 3 years ago
CVE-2023-29336	7.8 High	Win32k Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 3 years ago
CVE-2023-1389	8.8 High	TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the... Low complexity No user interaction	TP-Link	TP-Link Archer AX21 (AX1800)	about 3 years ago
CVE-2021-45046	9.0 Critical	Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack Malware Remote No user interaction	Apache Software Foundation	Apache Log4j	about 3 years ago
CVE-2023-21839	7.5 High	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	about 3 years ago

Displaying vulnerabilities 1376 - 1400 of 2501 in total