KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-45045	8.8 High	Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000,... Remote Low complexity No user interaction	Xiongmai	NVR devices	over 3 years ago
CVE-2022-4135	9.6 Critical	Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to... Remote Low complexity	Google	Chrome	over 3 years ago
CVE-2021-35587	9.8 Critical	Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are... Remote Low complexity No user interaction	Oracle Corporation	Access Manager	over 3 years ago
CVE-2022-41049	5.4 Medium	Windows Mark of the Web Security Feature Bypass Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2	over 3 years ago
CVE-2022-41073	7.8 High	Windows Print Spooler Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 3 years ago
CVE-2022-41091	5.4 Medium	Windows Mark of the Web Security Feature Bypass Vulnerability Malware Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2	over 3 years ago
CVE-2022-41128	8.8 High	Windows Scripting Languages Remote Code Execution Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2	over 3 years ago
CVE-2021-25337	4.4 Medium	Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or... Low complexity	Samsung Mobile	Samsung Mobile Devices	over 3 years ago
CVE-2021-25369	6.2 Medium	An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. Low complexity No user interaction	Samsung Mobile	Samsung Mobile Devices	over 3 years ago
CVE-2021-25370	6.1 Medium	An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel... No user interaction	Samsung Mobile	Samsung Mobile Devices	over 3 years ago
CVE-2022-41125	7.8 High	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 3 years ago
CVE-2022-3723	8.8 High	Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Remote Low complexity	Google	Chrome	over 3 years ago
CVE-2022-42827	7.8 High	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS... Low complexity	Apple	iOS and iPadOS	over 3 years ago
CVE-2020-3433	7.8 High	Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability Malware Low complexity No user interaction	Cisco	Cisco AnyConnect Secure Mobility Client	over 3 years ago
CVE-2020-3153	6.5 Medium	Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability Malware Low complexity No user interaction	Cisco	Cisco AnyConnect Secure Mobility Client	over 3 years ago
CVE-2018-19323	9.8 Critical	The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC... Malware Remote Low complexity No user interaction	GIGABYTE	APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II	over 3 years ago
CVE-2018-19322	7.8 High	The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before... Malware Low complexity No user interaction	GIGABYTE	APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II	over 3 years ago
CVE-2018-19321	7.8 High	The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before... Malware Low complexity No user interaction	GIGABYTE	APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II	over 3 years ago
CVE-2018-19320	7.8 High	The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC... Malware Low complexity No user interaction	GIGABYTE	APP Center, AORUS GRAPHICS ENGINE, XTREME GAMING ENGINE, OC GURU II	over 3 years ago
CVE-2022-42889	9.8 Critical	Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults Remote Low complexity No user interaction	Apache Software Foundation	Apache Commons Text	over 3 years ago
CVE-2022-41352	9.8 Critical	An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole... Remote Low complexity No user interaction	Zimbra	Collaboration	over 3 years ago
CVE-2021-3493	8.8 High	The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on... Low complexity No user interaction	Ubuntu	linux kernel	over 3 years ago
CVE-2016-20016	9.8 Critical	MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote... Remote Low complexity No user interaction	MVPower	CCTV DVR	over 3 years ago
CVE-2017-20149	9.8 Critical	The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and... Remote Low complexity No user interaction	Mikrotik	RouterOS	over 3 years ago
CVE-2022-40684	9.8 Critical	An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6,... Malware Remote Low complexity No user interaction	Fortinet	Fortinet FortiOS, FortiProxy, FortiSwitchManager	over 3 years ago

Displaying vulnerabilities 1476 - 1500 of 2501 in total