KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,503

Total Known exploited

426

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2014-8439	8.8 High	Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before... Remote Low complexity	Adobe	Flash Player	about 4 years ago
CVE-2014-4123	8.8 High	Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of... Remote Low complexity	Microsoft	Internet Explorer	about 4 years ago
CVE-2014-0546	9.8 Critical	Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and... Remote Low complexity No user interaction	Adobe	Reader and Acrobat	about 4 years ago
CVE-2014-2817	8.8 High	Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of... Remote Low complexity	Microsoft	Internet Explorer	about 4 years ago
CVE-2014-4077	7.8 High	Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka... Low complexity	Microsoft	Windows	about 4 years ago
CVE-2014-3153	7.8 High	The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses,... Low complexity No user interaction	Linux	Linux Kernel	about 4 years ago
CVE-2013-7331	6.5 Medium	The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames,... Remote Low complexity No user interaction	Microsoft	Windows	about 4 years ago
CVE-2013-3993	6.5 Medium	IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted... Malware Remote Low complexity No user interaction	IBM	InfoSphere BigInsights	about 4 years ago
CVE-2013-3896	5.5 Medium	Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers... Low complexity	Microsoft	Silverlight	about 4 years ago
CVE-2013-2423	3.7 Low	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote... Remote No user interaction	Oracle	Java SE	about 4 years ago
CVE-2013-0431	5.3 Medium	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows... Malware Remote Low complexity No user interaction	Oracle	Java SE	about 4 years ago
CVE-2013-0422	9.8 Critical	Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public... Malware Remote Low complexity No user interaction	Oracle	Java	about 4 years ago
CVE-2013-0074	7.8 High	Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows... Malware Low complexity	Microsoft	Silverlight	about 4 years ago
CVE-2012-1710	9.8 Critical	Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to... Malware Remote Low complexity No user interaction	Oracle	Fusion Middleware	about 4 years ago
CVE-2010-1428	7.5 High	The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and... Malware Remote Low complexity No user interaction	Red Hat	JBoss Enterprise Application Platform	about 4 years ago
CVE-2010-0738	5.3 Medium	The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3... Malware Remote Low complexity No user interaction	Red Hat	JBoss Enterprise Application Platform	about 4 years ago
CVE-2016-6366	8.8 High	Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv,... Remote Low complexity No user interaction	Cisco	Adaptive Security Appliance (ASA) Software	about 4 years ago
CVE-2016-3298	6.5 Medium	Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1... Remote Low complexity	Microsoft	Internet Explorer	about 4 years ago
CVE-2016-6367	7.8 High	Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges... Low complexity No user interaction	Cisco	Adaptive Security Appliance (ASA) Software	about 4 years ago
CVE-2018-8611	7.8 High	An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of... Low complexity No user interaction	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	about 4 years ago
CVE-2018-19953	6.1 Medium	If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in... Malware Remote Low complexity	QNAP Systems Inc.	QTS	about 4 years ago
CVE-2018-19949	9.8 Critical	If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the... Malware Remote Low complexity No user interaction	QNAP Systems Inc.	QTS	about 4 years ago
CVE-2018-19943	8.0 High	If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in... Malware Remote	QNAP Systems Inc.	QTS	about 4 years ago
CVE-2017-0147	7.5 High	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... Malware Remote Low complexity No user interaction	Microsoft Corporation	Windows SMB	about 4 years ago
CVE-2017-0022	6.5 Medium	Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2... Remote Low complexity	Microsoft Corporation	XML Core Services	about 4 years ago

Displaying vulnerabilities 1626 - 1650 of 2503 in total