KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,503

Total Known exploited

426

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2017-0005	7.8 High	The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server... Low complexity No user interaction	Microsoft Corporation	Windows GDI	about 4 years ago
CVE-2017-0149	8.8 High	Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a... Remote Low complexity	Microsoft Corporation	Internet Explorer	about 4 years ago
CVE-2017-0210	8.8 High	An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an... Remote Low complexity	Microsoft Corporation	Internet Explorer	about 4 years ago
CVE-2017-8291	7.8 High	Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile... Low complexity	Artifex	Ghostscript	about 4 years ago
CVE-2017-8543	9.8 Critical	Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8,... Remote Low complexity No user interaction	Microsoft Corporation	Microsoft Windows	about 4 years ago
CVE-2017-18362	9.8 Critical	ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to... Malware Remote Low complexity No user interaction	ConnectWise	ManagedITSync integration for Kaseya VSA	about 4 years ago
CVE-2016-0162	4.3 Medium	Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet... Remote Low complexity	Microsoft	Internet Explorer	about 4 years ago
CVE-2016-3351	6.5 Medium	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka... Malware Remote Low complexity	Microsoft	Internet Explorer, Edge	about 4 years ago
CVE-2016-4655	5.5 Medium	The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. Low complexity	Apple	iOS	about 4 years ago
CVE-2016-4656	7.8 High	The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory... Low complexity	Apple	iOS	about 4 years ago
CVE-2016-4657	8.8 High	WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted... Remote Low complexity	Apple	iOS	about 4 years ago
CVE-2019-11707	8.8 High	A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.... Remote Low complexity	Mozilla	Firefox ESR, Firefox, Thunderbird	about 4 years ago
CVE-2021-0920	6.4 Medium	In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege... No user interaction	Google	Android	about 4 years ago
CVE-2021-30883	7.8 High	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1,... Low complexity	Apple	iOS and iPadOS, macOS	about 4 years ago
CVE-2020-1027	7.8 High	An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of... Low complexity No user interaction	Microsoft	Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	about 4 years ago
CVE-2020-0638	7.8 High	An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker... Malware Low complexity No user interaction	Microsoft	Windows, Windows 10 Version 1903 for ARM64-based Systems, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows Server, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909 for ARM64-based Systems	about 4 years ago
CVE-2019-7286	7.8 High	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental... Low complexity	Apple	iOS, macOS	about 4 years ago
CVE-2019-7287	7.8 High	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute... Low complexity	Apple	iOS	about 4 years ago
CVE-2019-0676	6.5 Medium	An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited... Remote Low complexity	Microsoft	Internet Explorer 11, Internet Explorer 10	about 4 years ago
CVE-2019-5786	6.5 Medium	Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access... Remote Low complexity	Google	Chrome	about 4 years ago
CVE-2019-0703	6.5 Medium	An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information... Remote Low complexity No user interaction	Microsoft	Windows, Windows Server	about 4 years ago
CVE-2019-0880	7.8 High	A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege... Low complexity No user interaction	Microsoft	Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	about 4 years ago
CVE-2019-13720	8.8 High	Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted... Remote Low complexity	Google	Chrome	about 4 years ago
CVE-2019-11708	10.0 Critical	Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed... Remote Low complexity No user interaction	Mozilla	Firefox ESR, Firefox, Thunderbird	about 4 years ago
CVE-2019-8720	8.8 High	A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code... Remote Low complexity	Apple	webkitgtk	about 4 years ago

Displaying vulnerabilities 1651 - 1675 of 2503 in total