KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-30333	7.5 High	RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated... Malware Remote Low complexity No user interaction	RARLAB	UnRAR	almost 4 years ago
CVE-2022-37450	5.9 Medium	Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of... Remote No user interaction	Ethereum	Go Ethereum	almost 4 years ago
CVE-2022-27924	7.5 High	Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance.... Malware Remote Low complexity No user interaction	Zimbra	Zimbra Collaboration	almost 4 years ago
CVE-2022-26138	9.8 Critical	The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group... Remote Low complexity No user interaction	Atlassian	Questions For Confluence	almost 4 years ago
CVE-2021-24284	9.8 Critical	Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload Remote Low complexity No user interaction	SayenThemes	Kaswara Modern VC Addons	almost 4 years ago
CVE-2022-22047	7.8 High	Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 4 years ago
CVE-2022-26925	8.1 High	Windows LSA Spoofing Vulnerability Remote No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 4 years ago
CVE-2022-29499	9.8 Critical	The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The... Malware Remote Low complexity No user interaction	Mitel	MiVoice Connect	almost 4 years ago
CVE-2021-30533	6.5 Medium	Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions... Remote Low complexity	Google	Chrome	almost 4 years ago
CVE-2021-4034	7.8 High	A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow... Low complexity No user interaction	freedesktop.org	polkit	almost 4 years ago
CVE-2021-30983	7.8 High	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to... Low complexity	Apple	iOS and iPadOS	almost 4 years ago
CVE-2020-3837	7.8 High	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3,... Low complexity	Apple	iOS, macOS, tvOS, watchOS	almost 4 years ago
CVE-2020-9907	7.8 High	A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An... Low complexity	Apple	iOS, tvOS	almost 4 years ago
CVE-2019-8605	7.8 High	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS... Low complexity	Apple	iOS, macOS, tvOS, watchOS	almost 4 years ago
CVE-2018-4344	7.8 High	A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12,... Low complexity	Apple	iOS, macOS, tvOS, watchOS	almost 4 years ago
CVE-2022-30190	7.8 High	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Malware Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 4 years ago
CVE-2021-38163	9.9 Critical	SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative... Remote Low complexity No user interaction	SAP SE	SAP NetWeaver (Visual Composer 7.0 RT)	almost 4 years ago
CVE-2016-2386	9.8 Critical	SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via... Remote Low complexity No user interaction	SAP	NetWeaver J2EE Engine	almost 4 years ago
CVE-2016-2388	5.3 Medium	The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP... Remote Low complexity No user interaction	SAP	NetWeaver AS JAVA	almost 4 years ago
CVE-2012-0754	8.1 High	Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and... Remote No user interaction	Adobe	Flash Player	almost 4 years ago
CVE-2019-7195	9.8 Critical	This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP... Malware Remote Low complexity No user interaction	QNAP	QNAP NAS devices running Photo Station	almost 4 years ago
CVE-2019-7194	9.8 Critical	This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP... Malware Remote Low complexity No user interaction	QNAP	QNAP NAS devices running Photo Station	almost 4 years ago
CVE-2019-7193	9.8 Critical	This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP... Malware Remote Low complexity No user interaction	QNAP	QNAP NAS devices	almost 4 years ago
CVE-2019-7192	9.8 Critical	This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP... Malware Remote Low complexity No user interaction	QNAP	QNAP NAS devices running Photo Station	almost 4 years ago
CVE-2019-5825	6.5 Medium	Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a... Remote Low complexity	Google	Chrome	almost 4 years ago

Displaying vulnerabilities 1551 - 1575 of 2501 in total