KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,503

Total Known exploited

426

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2019-18426	8.2 High	A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site... Remote Low complexity	Facebook	WhatsApp Desktop	about 4 years ago
CVE-2019-1385	7.8 High	An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in... Malware Low complexity No user interaction	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	about 4 years ago
CVE-2019-1130	7.8 High	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation... Malware Low complexity No user interaction	Microsoft	Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	about 4 years ago
CVE-2018-5002	7.8 High	Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to... Low complexity	Adobe	Adobe Flash Player 29.0.0.171 and earlier versions	about 4 years ago
CVE-2018-8589	7.8 High	An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege... Low complexity No user interaction	Microsoft	Windows Server 2008, Windows 7, Windows Server 2008 R2	about 4 years ago
CVE-2022-20821	6.5 Medium	Cisco IOS XR Software Health Check Open Port Vulnerability Remote Low complexity No user interaction	Cisco	Cisco IOS XR Software	about 4 years ago
CVE-2021-1048	7.8 High	In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of... Low complexity No user interaction	Google	Android	about 4 years ago
CVE-2022-30525	9.8 Critical	A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware... Remote Low complexity No user interaction	Zyxel	USG FLEX 100(W) firmware, USG FLEX 200 firmware, USG FLEX 500 firmware, USG FLEX 700 firmware, ATP series firmware, VPN series firmware, USG FLEX 50(W) firmware, USG 20(W)-VPN firmware	about 4 years ago
CVE-2022-22947	10.0 Critical	In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator... Remote Low complexity No user interaction	VMware	Spring Cloud Gateway	about 4 years ago
CVE-2022-1388	9.8 Critical	On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to... Malware Remote Low complexity No user interaction	F5	BIG-IP	about 4 years ago
CVE-2014-0160	7.5 High	The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote... Remote Low complexity No user interaction	OpenSSL	OpenSSL	about 4 years ago
CVE-2021-1789	8.8 High	A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina,... Remote Low complexity	Apple	iOS and iPadOS, macOS	about 4 years ago
CVE-2019-8506	8.8 High	A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes... Remote Low complexity	Apple	iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows	about 4 years ago
CVE-2014-4113	7.8 High	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,... Low complexity	Microsoft	Windows	about 4 years ago
CVE-2014-0322	8.8 High	Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving... Remote Low complexity	Microsoft	Internet Explorer	about 4 years ago
CVE-2022-26904	7.0 High	Windows User Profile Service Elevation of Privilege Vulnerability No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2022-0847	7.8 High	A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and... Low complexity No user interaction	Linux	kernel	about 4 years ago
CVE-2021-41357	7.8 High	Win32k Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2	about 4 years ago
CVE-2022-29464	9.8 Critical	Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a... Malware Remote Low complexity No user interaction	WSO2	WSO2 API Manager, WSO2 Identity Server, WSO2 Identity Server Analytics, WSO2 Enterprise Integrator, WSO2 Open Banking AM, WSO2 Open Banking KM	about 4 years ago
CVE-2019-1003029	9.9 Critical	A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in... Remote Low complexity No user interaction	Jenkins project	Jenkins Script Security Plugin	about 4 years ago
CVE-2021-40450	7.8 High	Win32k Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2	about 4 years ago
CVE-2022-21919	7.0 High	Windows User Profile Service Elevation of Privilege Vulnerability No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2018-6882	6.1 Medium	Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1... Malware Remote Low complexity	Zimbra	Collaboration Suite	about 4 years ago
CVE-2022-22718	7.8 High	Windows Print Spooler Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2019-3568	9.8 Critical	A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target... Remote Low complexity No user interaction	Facebook	WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, WhatsApp Business for iOS, WhatsApp for Windows Phone, WhatsApp for Tizen	about 4 years ago

Displaying vulnerabilities 1676 - 1700 of 2503 in total