KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2023-21715	7.3 High	Microsoft Publisher Security Feature Bypass Vulnerability Low complexity	Microsoft	Microsoft 365 Apps for Enterprise	over 3 years ago
CVE-2023-23376	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 3 years ago
CVE-2023-21823	7.8 High	Windows Graphics Component Remote Code Execution Vulnerability Low complexity No user interaction	Microsoft	Microsoft Office for Android, Microsoft Office for Universal, Microsoft Office for iOS, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 3 years ago
CVE-2015-2291	7.8 High	(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a... Malware Low complexity No user interaction	Intel	Ethernet diagnostics driver for Windows	over 3 years ago
CVE-2022-24990	7.5 High	TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to... Malware Remote Low complexity No user interaction	TerraMaster	NAS	over 3 years ago
CVE-2023-0669	7.2 High	Fortra GoAnywhere MFT License Response Servlet Command Injection Malware Remote Low complexity No user interaction	Fortra	Goanywhere MFT	over 3 years ago
CVE-2022-21587	9.8 Critical	Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are... Malware Remote Low complexity No user interaction	Oracle Corporation	Web Applications Desktop Integrator	over 3 years ago
CVE-2023-22952	8.8 High	In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. Remote Low complexity No user interaction	SugarCRM	SugarCRM	over 3 years ago
CVE-2017-11357	9.8 Critical	Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to... Malware Remote Low complexity No user interaction	Progress	Telerik UI for ASP.NET AJAX	over 3 years ago
CVE-2022-47966	9.8 Critical	Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario... Malware Remote Low complexity No user interaction	Zoho	ManageEngine	over 3 years ago
CVE-2023-24059	7.3 High	Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023. Remote Low complexity No user interaction	Rockstar Games	Grand Theft Auto V	over 3 years ago
CVE-2022-44877	9.8 Critical	login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via... Remote Low complexity No user interaction	CWP (Control Web Panel)	Control Web Panel	over 3 years ago
CVE-2023-21674	8.8 High	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 3 years ago
CVE-2022-41080	8.8 High	Microsoft Exchange Server Elevation of Privilege Vulnerability Malware Remote Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2016 Cumulative Update 22	over 3 years ago
CVE-2018-18809	9.9 Critical	TIBCO JasperReports Library Directory Traversal Vulnerability Remote Low complexity No user interaction	TIBCO Software Inc.	TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS	over 3 years ago
CVE-2018-5430	7.7 High	TIBCO JasperReports Server Information Disclosure Vulnerability Remote Low complexity No user interaction	TIBCO Software Inc.	TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS	over 3 years ago
CVE-2022-45359	9.8 Critical	WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload Remote Low complexity No user interaction	YITH	YITH WooCommerce Gift Cards	over 3 years ago
CVE-2022-34478	6.5 Medium	The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These... Remote Low complexity	Mozilla	Firefox, Firefox ESR, Thunderbird	over 3 years ago
CVE-2022-42856	8.8 High	A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2... Remote Low complexity	Apple	tvOS	over 3 years ago
CVE-2022-26500	8.8 High	Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to... Malware Remote Low complexity No user interaction	Veeam	Backup & Replication	over 3 years ago
CVE-2022-27518	9.8 Critical	Unauthenticated remote arbitrary code execution Remote Low complexity No user interaction	Citrix	Citrix Gateway, Citrix ADC	over 3 years ago
CVE-2022-44698	5.4 Medium	Windows SmartScreen Security Feature Bypass Vulnerability Malware Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016	over 3 years ago
CVE-2022-42475	9.3 Critical	A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0... Malware Remote Low complexity No user interaction	Fortinet	FortiProxy, FortiOS	over 3 years ago
CVE-2022-26501	9.8 Critical	Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Malware Remote Low complexity No user interaction	Veeam	Backup & Replication	over 3 years ago
CVE-2022-4262	8.8 High	Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Remote Low complexity	Google	Chrome	over 3 years ago

Displaying vulnerabilities 1451 - 1475 of 2501 in total