0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,187 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,503
Total Known exploited
425
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2019-0841 | 7.8 High |
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...
Malware
Low complexity
No user interaction
|
| CVE-2019-0543 | 7.8 High |
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of...
Malware
Low complexity
No user interaction
|
| CVE-2017-0101 | 7.8 High |
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows...
Malware
Low complexity
|
| CVE-2016-3309 | 7.8 High |
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold...
Malware
Low complexity
No user interaction
|
| CVE-2020-5135 | 9.8 Critical |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by...
Remote
Low complexity
No user interaction
|
| CVE-2015-2546 | 8.2 High |
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server...
Malware
Low complexity
|
| CVE-2021-20083 | 8.8 High |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious...
Remote
Low complexity
No user interaction
|
| CVE-2017-6077 | 9.8 Critical |
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell...
Remote
Low complexity
No user interaction
|
| CVE-2013-0631 | 7.5 High |
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in...
Remote
Low complexity
No user interaction
|
| CVE-2022-26486 | 9.6 Critical |
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in...
Remote
Low complexity
|
| CVE-2022-26485 | 8.8 High |
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing...
Remote
Low complexity
|
| CVE-2013-0629 | 7.5 High |
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified...
Remote
Low complexity
No user interaction
|
| CVE-2021-21973 | 5.3 Medium |
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server...
Remote
Low complexity
No user interaction
|
| CVE-2020-8218 | 7.2 High |
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code...
Remote
Low complexity
No user interaction
|
| CVE-2019-11581 | 9.8 Critical |
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions....
Remote
Low complexity
No user interaction
|
| CVE-2013-0625 | 9.8 Critical |
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute...
Remote
Low complexity
No user interaction
|
| CVE-2016-6277 | 8.8 High |
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before...
Remote
Low complexity
|
| CVE-2009-3960 | 6.5 Medium |
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0,...
Malware
Remote
Low complexity
|
| CVE-2014-0496 | 8.8 High |
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to...
Remote
Low complexity
|
| CVE-2002-0367 | 7.8 High |
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows...
Low complexity
No user interaction
|
| CVE-2004-0210 | 7.8 High |
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by...
Low complexity
No user interaction
|
| CVE-2008-2992 | 7.8 High |
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that...
Malware
Low complexity
|
| CVE-2008-3431 | 8.8 High |
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and...
Low complexity
No user interaction
|
| CVE-2009-1123 | 7.8 High |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate...
Low complexity
|
| CVE-2009-3129 | 7.8 High |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel...
Low complexity
|
Displaying vulnerabilities 1851 - 1875 of 2503 in total