0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,503
Total Known exploited
426
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2021-42287 | 7.5 High |
Active Directory Domain Services Elevation of Privilege Vulnerability
Malware
Remote
No user interaction
|
| CVE-2021-42278 | 7.5 High |
Active Directory Domain Services Elevation of Privilege Vulnerability
Malware
Remote
No user interaction
|
| CVE-2021-39793 | 7.8 High |
In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to...
Low complexity
No user interaction
|
| CVE-2017-0148 | 8.1 High |
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...
Malware
Remote
No user interaction
|
| CVE-2021-31166 | 9.8 Critical |
HTTP Protocol Stack Remote Code Execution Vulnerability
Remote
Low complexity
No user interaction
|
| CVE-2021-3156 | 7.8 High |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via...
Low complexity
No user interaction
|
| CVE-2022-22965 | 9.8 Critical |
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific...
Remote
Low complexity
No user interaction
|
| CVE-2021-45382 | 9.8 Critical |
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L...
Remote
Low complexity
No user interaction
|
| CVE-2022-22674 | 5.5 Medium |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is...
Low complexity
No user interaction
|
| CVE-2022-22675 | 7.8 High |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6,...
Low complexity
|
| CVE-2021-21551 | 8.8 High |
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or...
Low complexity
No user interaction
|
| CVE-2022-26871 | 9.8 Critical |
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which...
Remote
Low complexity
No user interaction
|
| CVE-2022-1040 | 9.8 Critical |
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5...
Remote
Low complexity
No user interaction
|
| CVE-2021-34484 | 7.8 High |
Windows User Profile Service Elevation of Privilege Vulnerability
Low complexity
No user interaction
|
| CVE-2021-28799 | 10.0 Critical |
Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)
Malware
Remote
Low complexity
No user interaction
|
| CVE-2018-10562 | 9.8 Critical |
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2018-10561 | 9.8 Critical |
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device...
Remote
Low complexity
No user interaction
|
| CVE-2022-28221 | 6.1 Medium |
CleanTalk AntiSpam <= 5.173 Reflected XSS
Remote
Low complexity
|
| CVE-2012-2034 | 7.5 High |
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on...
Remote
|
| CVE-2012-0518 | 4.7 Medium |
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers...
Remote
Low complexity
|
| CVE-2022-1096 | 8.8 High |
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Remote
Low complexity
|
| CVE-2022-0543 | 10.0 Critical |
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which...
Remote
Low complexity
No user interaction
|
| CVE-2021-38646 | 7.8 High |
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Malware
Low complexity
|
| CVE-2021-34486 | 7.8 High |
Windows Event Tracing Elevation of Privilege Vulnerability
Low complexity
No user interaction
|
| CVE-2021-26085 | 5.3 Medium |
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read...
Malware
Remote
Low complexity
No user interaction
|
Displaying vulnerabilities 1726 - 1750 of 2503 in total