KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-22706	7.8 High	Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through... Low complexity No user interaction	Arm	Mali GPU Kernel Driver	about 3 years ago
CVE-2021-30900	7.8 High	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS... Low complexity	Apple	iOS and iPadOS	about 3 years ago
CVE-2023-29059	7.8 High	3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416... Low complexity No user interaction	3CX	DesktopApp	about 3 years ago
CVE-2013-3163	8.8 High	Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a... Remote Low complexity	Microsoft	Internet Explorer	about 3 years ago
CVE-2022-39197	6.1 Medium	An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on... Remote Low complexity	HelpSystems	Cobalt Strike	about 3 years ago
CVE-2017-7494	9.8 Critical	Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to... Malware Remote Low complexity No user interaction	Samba	samba	about 3 years ago
CVE-2023-28445	10.0 Critical	Deno improperly handles resizable ArrayBuffer Remote Low complexity No user interaction	denoland	deno	about 3 years ago
CVE-2023-27638	9.8 Critical	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a... Remote Low complexity No user interaction	tshirtecommerce	Custom Product Designer for PrestaShop	about 3 years ago
CVE-2023-27637	9.8 Critical	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a... Remote Low complexity No user interaction	tshirtecommerce	Custom Product Designer for PrestaShop	about 3 years ago
CVE-2023-28725	9.1 Critical	General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute... Remote Low complexity No user interaction	General Bytes	Crypto Application Server (CAS)	about 3 years ago
CVE-2023-26360	8.6 High	Adobe ColdFusion Improper Access Control Arbitrary code execution Remote Low complexity No user interaction	Adobe	ColdFusion	about 3 years ago
CVE-2023-23397	9.8 Critical	Microsoft Outlook Elevation of Privilege Vulnerability Remote Low complexity No user interaction	Microsoft	Microsoft Office LTSC 2021, Microsoft Outlook 2016, Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Outlook 2013 Service Pack 1	about 3 years ago
CVE-2023-24880	4.4 Medium	Windows SmartScreen Security Feature Bypass Vulnerability Malware Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	about 3 years ago
CVE-2022-41328	6.5 Medium	A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through... Low complexity No user interaction	Fortinet	FortiOS	about 3 years ago
CVE-2020-5741	7.2 High	Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Remote Low complexity No user interaction	Plex	Plex Media Server (Windows)	about 3 years ago
CVE-2021-39144	8.5 High	XStream is vulnerable to a Remote Command Execution attack Remote No user interaction	x-stream	xstream	about 3 years ago
CVE-2022-33891	8.8 High	Apache Spark shell command injection vulnerability via Spark UI Remote Low complexity No user interaction	Apache Software Foundation	Apache Spark	about 3 years ago
CVE-2022-28810	6.8 Medium	Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as... Remote Low complexity	Zoho	ManageEngine ADSelfService Plus	about 3 years ago
CVE-2022-35914	9.8 Critical	/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Remote Low complexity No user interaction	GLPI	GLPI	about 3 years ago
CVE-2022-36537	7.5 High	ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the... Malware Remote Low complexity No user interaction	Potix Corporation	ZK Framework	over 3 years ago
CVE-2022-47986	9.8 Critical	IBM Aspera Faspex code execution Malware Remote Low complexity No user interaction	IBM	Aspera Faspex	over 3 years ago
CVE-2022-41223	6.8 Medium	The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection... Malware Low complexity No user interaction	Mitel	MiVoice Connect	over 3 years ago
CVE-2022-40765	6.8 Medium	A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with... Malware Low complexity No user interaction	Mitel	MiVoice Connect	over 3 years ago
CVE-2022-46169	9.8 Critical	Unauthenticated Command Injection Remote Low complexity No user interaction	Cacti	cacti	over 3 years ago
CVE-2023-23529	8.8 High	A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS... Remote Low complexity	Apple	iOS and iPadOS, Safari, macOS	over 3 years ago

Displaying vulnerabilities 1426 - 1450 of 2501 in total