KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,503

Total Known exploited

426

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2009-1151	9.8 Critical	Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject... Remote Low complexity No user interaction	phpMyAdmin	phpMyAdmin	about 4 years ago
CVE-2009-0927	8.8 High	Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute... Remote Low complexity	Adobe	Reader and Acrobat	about 4 years ago
CVE-2005-2773	9.8 Critical	HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node... Remote Low complexity No user interaction	HP	OpenView Network Node Manager	about 4 years ago
CVE-2022-26318	9.8 Critical	On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS... Remote Low complexity No user interaction	WatchGuard	Firebox and XTM appliances	about 4 years ago
CVE-2022-26143	9.8 Critical	The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain... Remote Low complexity No user interaction	Mitel	MiCollab, MiVoice Business Express	about 4 years ago
CVE-2022-21999	7.8 High	Windows Print Spooler Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2021-42237	9.8 Critical	Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve... Malware Remote Low complexity No user interaction	Sitecore	Sitecore XP	about 4 years ago
CVE-2021-22941	9.8 Critical	Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise... Malware Remote Low complexity No user interaction	Citrix	Citrix ShareFile storage zones controller	about 4 years ago
CVE-2020-9377	8.8 High	D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are... Remote Low complexity No user interaction	D-Link	DIR-610	about 4 years ago
CVE-2020-9054	9.8 Critical	ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi Remote Low complexity No user interaction	ZyXEL	NAS326, NAS520, NAS540, NAS542, NSA210, NSA220, NSA220+, NSA221, NSA310, NSA320, NSA320S, NSA325, NSA325v2	about 4 years ago
CVE-2020-7247	9.8 Critical	smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands... Remote Low complexity No user interaction	OpenBSD	OpenSMTPD	about 4 years ago
CVE-2020-5410	7.5 High	Directory Traversal with spring-cloud-config-server Remote Low complexity No user interaction	Spring by VMware	Spring Cloud Config	about 4 years ago
CVE-2020-25223	9.8 Critical	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 Remote Low complexity No user interaction	Sophos	SG UTM	about 4 years ago
CVE-2020-2506	7.3 High	improper access control vulnerability in Helpdesk Remote Low complexity No user interaction	QNAP Systems Inc.	Helpdesk	about 4 years ago
CVE-2020-2021	10.0 Critical	PAN-OS: Authentication Bypass in SAML Authentication Malware Remote Low complexity No user interaction	Palo Alto Networks	PAN-OS	about 4 years ago
CVE-2020-1956	8.8 High	Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user... Remote Low complexity No user interaction	Apache	Kylin	about 4 years ago
CVE-2020-1631	8.8 High	Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services Remote Low complexity	Juniper Networks	Junos OS	about 4 years ago
CVE-2019-6340	8.1 High	Drupal core - Highly critical - Remote Code Execution Remote No user interaction	Drupal	Drupal Core	about 4 years ago
CVE-2019-2616	7.2 High	Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported... Remote Low complexity No user interaction	Oracle Corporation	BI Publisher (formerly XML Publisher)	about 4 years ago
CVE-2019-16920	9.8 Critical	Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the... Remote Low complexity No user interaction	D-Link	DIR-655C, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, DIR-825	about 4 years ago
CVE-2019-15107	9.8 Critical	An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. Malware Remote Low complexity No user interaction	Webmin	Webmin	about 4 years ago
CVE-2019-12991	8.8 High	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Remote Low complexity No user interaction	Citrix	SD-WAN	about 4 years ago
CVE-2019-12989	9.8 Critical	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Remote Low complexity No user interaction	Citrix	SD-WAN	about 4 years ago
CVE-2019-11043	8.7 High	Underflow in PHP-FPM can lead to RCE Malware Remote No user interaction	PHP	PHP	about 4 years ago
CVE-2019-10068	9.8 Critical	An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to... Remote Low complexity No user interaction	Kentico	Kentico CMS	about 4 years ago

Displaying vulnerabilities 1801 - 1825 of 2503 in total