0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,503
Total Known exploited
426
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2021-20028 | 9.8 Critical |
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products,...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2019-7483 | 7.5 High |
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of...
Remote
Low complexity
No user interaction
|
| CVE-2018-8440 | 7.8 High |
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC...
Malware
Low complexity
No user interaction
|
| CVE-2018-8406 | 7.8 High |
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX...
Malware
Low complexity
No user interaction
|
| CVE-2018-8405 | 7.8 High |
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX...
Malware
Low complexity
No user interaction
|
| CVE-2017-0213 | 7.3 High |
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2,...
Malware
Low complexity
|
| CVE-2017-0059 | 4.3 Medium |
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka...
Remote
Low complexity
|
| CVE-2017-0037 | 8.1 High |
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the...
Remote
No user interaction
|
| CVE-2016-7201 | 8.8 High |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...
Remote
Low complexity
|
| CVE-2016-7200 | 8.8 High |
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory...
Remote
Low complexity
|
| CVE-2016-0189 | 7.5 High |
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote...
Remote
|
| CVE-2016-0151 | 7.8 High |
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and...
Malware
Low complexity
|
| CVE-2016-0040 | 7.8 High |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a...
Low complexity
|
| CVE-2015-2426 | 8.8 High |
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows...
Remote
Low complexity
|
| CVE-2015-2419 | 8.8 High |
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory...
Remote
Low complexity
|
| CVE-2015-1770 | 8.8 High |
Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office...
Remote
Low complexity
|
| CVE-2013-3660 | 7.8 High |
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...
Low complexity
|
| CVE-2013-2729 | 9.8 Critical |
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary...
Remote
Low complexity
No user interaction
|
| CVE-2013-2551 | 8.8 High |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site...
Malware
Remote
Low complexity
|
| CVE-2010-4398 | 7.8 High |
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,...
Low complexity
No user interaction
|
| CVE-2013-2465 | 9.8 Critical |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2013-1690 | 8.8 High |
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly...
Remote
Low complexity
|
| CVE-2012-5076 | 9.8 Critical |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to...
Remote
Low complexity
No user interaction
|
| CVE-2011-2005 | 7.8 High |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed...
Low complexity
|
| CVE-2012-2539 | 7.8 High |
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow...
Low complexity
|
Displaying vulnerabilities 1751 - 1775 of 2503 in total