KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-41033	7.8 High	Windows COM+ Event System Service Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 3 years ago
CVE-2022-41040	8.8 High	Microsoft Exchange Server Elevation of Privilege Vulnerability Malware Remote Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23	over 3 years ago
CVE-2022-41082	8.0 High	Microsoft Exchange Server Remote Code Execution Vulnerability Malware Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23	over 3 years ago
CVE-2022-36804	8.8 High	Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from... Remote Low complexity No user interaction	Atlassian	Bitbucket Server, Bitbucket Data Center	over 3 years ago
CVE-2022-3236	9.8 Critical	A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and... Remote Low complexity No user interaction	Sophos	Sophos Firewall	over 3 years ago
CVE-2022-35405	9.8 Critical	Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also... Remote Low complexity No user interaction	Zoho	ManageEngine Password Manager Pro, PAM360, Access Manager Plus	over 3 years ago
CVE-2022-40769	7.5 High	profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses... Remote Low complexity No user interaction	johguse	profanity	over 3 years ago
CVE-2010-2568	7.8 High	Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote... Low complexity	Microsoft	Windows	over 3 years ago
CVE-2022-40139	7.2 High	Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could... Remote Low complexity No user interaction	Trend Micro	Trend Micro Apex One	over 3 years ago
CVE-2013-6282	8.8 High	The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses,... Remote Low complexity No user interaction	Linux	Linux Kernel	over 3 years ago
CVE-2013-2597	8.4 High	Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in... Low complexity No user interaction	Qualcomm	Linux Kernel	over 3 years ago
CVE-2013-2596	7.8 High	Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android... Low complexity No user interaction	Linux	Linux Kernel	over 3 years ago
CVE-2013-2094	8.4 High	The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local... Low complexity No user interaction	Linux	Linux Kernel	over 3 years ago
CVE-2022-40734	6.5 Medium	UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files,... Remote Low complexity No user interaction	UniSharp	laravel-filemanager	over 3 years ago
CVE-2022-37969	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 3 years ago
CVE-2022-32917	7.8 High	The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur... Low complexity No user interaction	Apple	iOS, macOS	over 3 years ago
CVE-2022-3180	9.8 Critical	WPGateway <= 3.5 - Unauthenticated Privilege Escalation Remote Low complexity No user interaction	Jack Hopman	WPGateway	over 3 years ago
CVE-2022-3075	9.6 Critical	Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to... Remote Low complexity	Google	Chrome	over 3 years ago
CVE-2022-27593	10.0 Critical	DeadBolt Ransomware Malware Remote Low complexity No user interaction	QNAP Systems Inc.	Photo Station	over 3 years ago
CVE-2011-4723	5.7 Medium	The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified... Low complexity No user interaction	D-Link	DIR-300	over 3 years ago
CVE-2017-5521	8.1 High	An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000... Remote No user interaction	NETGEAR	Routers	over 3 years ago
CVE-2018-13374	4.3 Medium	A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the... Malware Remote Low complexity No user interaction	Fortinet	Fortinet FortiOS, fortiADC	over 3 years ago
CVE-2018-2628	9.8 Critical	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	over 3 years ago
CVE-2018-6530	9.8 Critical	OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous... Malware Remote Low complexity No user interaction	D-Link	DIR-880L, DIR-868L, DIR-865L, DIR-860L	over 3 years ago
CVE-2018-7445	9.8 Critical	A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to... Remote Low complexity No user interaction	MikroTik	RouterOS	over 3 years ago

Displaying vulnerabilities 1501 - 1525 of 2501 in total