KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2018-20250	7.8 High	In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in... Malware Low complexity	Check Point Software Technologies Ltd.	WinRAR	over 4 years ago
CVE-2018-8174	7.5 High	A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote... Malware Remote	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	over 4 years ago
CVE-2022-22620	8.8 High	A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1,... Remote Low complexity	Apple	Safari (v and ), macOS	over 4 years ago
CVE-2016-3088	9.8 Critical	The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT... Remote Low complexity No user interaction	Apache	ActiveMQ	over 4 years ago
CVE-2014-4404	7.8 High	Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged... Low complexity	Apple	iOS, Apple TV	over 4 years ago
CVE-2015-1130	7.8 High	The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via... Low complexity No user interaction	Apple	OS X	over 4 years ago
CVE-2015-1635	9.8 Critical	HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote... Remote Low complexity No user interaction	Microsoft	Windows	over 4 years ago
CVE-2021-36934	7.8 High	Windows Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows 10 Version 20H2	over 4 years ago
CVE-2020-0796	10.0 Critical	A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests,... Malware Remote Low complexity No user interaction	Microsoft	Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation)	over 4 years ago
CVE-2018-1000861	9.8 Critical	A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in... Remote Low complexity No user interaction	Jenkins	Jenkins	over 4 years ago
CVE-2017-9791	9.8 Critical	The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the... Remote Low complexity No user interaction	Apache Software Foundation	Apache Struts	over 4 years ago
CVE-2017-8464	8.8 High	Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT... Remote Low complexity	Microsoft Corporation	Windows Shell	over 4 years ago
CVE-2017-10271	7.5 High	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are... Malware Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	over 4 years ago
CVE-2017-0263	7.8 High	The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT... Low complexity No user interaction	Microsoft Corporation	Microsoft Windows	over 4 years ago
CVE-2017-0262	7.8 High	Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle... Low complexity	Microsoft Corporation	Microsoft Office	over 4 years ago
CVE-2017-0145	8.8 High	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... Malware Remote Low complexity No user interaction	Microsoft Corporation	Windows SMB	over 4 years ago
CVE-2017-0144	8.8 High	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... Malware Remote Low complexity No user interaction	Microsoft Corporation	Windows SMB	over 4 years ago
CVE-2015-2051	8.8 High	The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a... Low complexity No user interaction	D-Link	DIR-645 Wired/Wireless Router	over 4 years ago
CVE-2022-21882	7.0 High	Win32k Elevation of Privilege Vulnerability No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2	over 4 years ago
CVE-2022-23597	8.3 High	Remote program execution with user interaction Remote	Element	Element Desktop	over 4 years ago
CVE-2021-20038	9.8 Critical	A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated... Malware Remote Low complexity No user interaction	SonicWall	SonicWall SMA100	over 4 years ago
CVE-2022-22587	9.8 Critical	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3,... Remote Low complexity No user interaction	Apple	iOS and iPadOS, macOS	over 4 years ago
CVE-2020-0787	7.8 High	An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links,... Malware Low complexity	Microsoft	Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	over 4 years ago
CVE-2020-5722	9.8 Critical	The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker... Remote Low complexity No user interaction	Grandstream	Grandstream UCM6200 Series	over 4 years ago
CVE-2017-5689	9.8 Critical	An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and... Remote Low complexity No user interaction	Intel Corporation	Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability	over 4 years ago

Displaying vulnerabilities 1976 - 2000 of 2501 in total