KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2020-9934	5.5 Medium	An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and... Low complexity No user interaction	Apple	iOS, macOS	over 3 years ago
CVE-2022-26258	9.8 Critical	D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. Remote Low complexity No user interaction	D-Link	DIR-820L	over 3 years ago
CVE-2011-1823	7.8 High	The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local... Low complexity No user interaction	Google	Android	over 3 years ago
CVE-2022-31474	7.5 High	WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal Remote Low complexity No user interaction	iThemes	BackupBuddy	over 3 years ago
CVE-2020-36193	7.5 High	Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related... Remote Low complexity No user interaction	pear	Archive_Tar	almost 4 years ago
CVE-2022-26352	9.8 Critical	An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose... Malware Remote Low complexity No user interaction	dotCMS	dotCMS	almost 4 years ago
CVE-2022-24706	9.8 Critical	Remote Code Execution Vulnerability in Packaging Remote Low complexity No user interaction	Apache Software Foundation	Apache CouchDB	almost 4 years ago
CVE-2022-24112	9.8 Critical	apisix/batch-requests plugin allows overwriting the X-REAL-IP header Remote Low complexity No user interaction	Apache Software Foundation	Apache APISIX	almost 4 years ago
CVE-2022-22963	9.8 Critical	In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to... Remote Low complexity No user interaction	VMware	Spring Cloud Function	almost 4 years ago
CVE-2022-2294	8.8 High	Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a... Malware Remote Low complexity	Google	Chrome	almost 4 years ago
CVE-2021-39226	9.8 Critical	Snapshot authentication bypass in grafana Remote Low complexity No user interaction	grafana	grafana	almost 4 years ago
CVE-2021-38406	7.8 High	Delta Electronics DOPSoft 2 Out-of-Bounds Write Low complexity	Delta Electronics	DOPSoft 2	almost 4 years ago
CVE-2021-31010	7.5 High	A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8... Remote Low complexity No user interaction	Apple	macOS, watchOS	almost 4 years ago
CVE-2020-28949	7.8 High	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to... Low complexity	pear	Archive_Tar	almost 4 years ago
CVE-2022-0028	8.6 High	PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering Remote Low complexity No user interaction	Palo Alto Networks	Cloud NGFW, PAN-OS, Prisma Access	almost 4 years ago
CVE-2022-22536	10.0 Critical	SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are... Remote Low complexity No user interaction	SAP SE	SAP NetWeaver and ABAP Platform, SAP Web Dispatcher, SAP Content Server	almost 4 years ago
CVE-2022-32894	7.8 High	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey... Low complexity	Apple	iOS and iPadOS, macOS	almost 4 years ago
CVE-2022-32893	8.8 High	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey... Remote Low complexity	Apple	Safari, iOS and iPadOS, macOS	almost 4 years ago
CVE-2022-2856	6.5 Medium	Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily... Remote Low complexity	Google	Chrome	almost 4 years ago
CVE-2022-26923	8.8 High	Active Directory Domain Services Elevation of Privilege Vulnerability Remote Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 4 years ago
CVE-2022-21971	7.8 High	Windows Runtime Remote Code Execution Vulnerability Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2	almost 4 years ago
CVE-2017-15944	9.8 Critical	Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute... Remote Low complexity No user interaction	Palo Alto Networks	PAN-OS	almost 4 years ago
CVE-2022-37042	9.8 Critical	Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing... Malware Remote Low complexity No user interaction	Zimbra	Collaboration Suite	almost 4 years ago
CVE-2022-27925	7.2 High	Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated... Malware Remote Low complexity No user interaction	Zimbra	Collaboration	almost 4 years ago
CVE-2022-34713	7.8 High	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 4 years ago

Displaying vulnerabilities 1526 - 1550 of 2501 in total