0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,501
Total Known exploited
352
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2018-13382 | 9.1 Critical |
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2018-13383 | 4.3 Medium |
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2019-1579 | 8.1 High |
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or...
Malware
Remote
No user interaction
|
| CVE-2019-10149 | 9.0 Critical |
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in...
Remote
No user interaction
|
| CVE-2015-7450 | 9.8 Critical |
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow...
Remote
Low complexity
No user interaction
|
| CVE-2017-1000486 | 9.8 Critical |
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
Remote
Low complexity
No user interaction
|
| CVE-2021-36260 | 9.8 Critical |
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the...
Remote
Low complexity
No user interaction
|
| CVE-2019-7609 | 10.0 Critical |
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the...
Remote
Low complexity
No user interaction
|
| CVE-2021-22017 | 5.3 Medium |
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network...
Remote
Low complexity
No user interaction
|
| CVE-2020-6572 | 8.8 High |
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Remote
Low complexity
|
| CVE-2021-27860 | 9.8 Critical |
Arbitrary file upload vulnerability in FatPipe software
Remote
Low complexity
No user interaction
|
| CVE-2021-45461 | 9.8 Critical |
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute...
Remote
Low complexity
No user interaction
|
| CVE-2021-4102 | 8.8 High |
Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Remote
Low complexity
|
| CVE-2021-43890 | 7.1 High |
Windows AppX Installer Spoofing Vulnerability
Malware
Remote
|
| CVE-2021-44515 | 9.8 Critical |
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild...
Remote
Low complexity
No user interaction
|
| CVE-2010-1871 | 8.8 High |
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss...
Remote
Low complexity
|
| CVE-2017-12149 | 9.8 Critical |
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2017-17562 | 8.1 High |
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of...
Remote
No user interaction
|
| CVE-2021-44168 | 3.3 Low |
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local...
Low complexity
No user interaction
|
| CVE-2019-0193 | 7.2 High |
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the...
Remote
Low complexity
No user interaction
|
| CVE-2019-7238 | 9.8 Critical |
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
Remote
Low complexity
No user interaction
|
| CVE-2021-35394 | 9.8 Critical |
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The...
Remote
Low complexity
No user interaction
|
| CVE-2019-13272 | 7.8 High |
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...
Low complexity
No user interaction
|
| CVE-2020-17463 | 9.8 Critical |
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Remote
Low complexity
No user interaction
|
| CVE-2021-44228 | 10.0 Critical |
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Malware
Remote
Low complexity
No user interaction
|
Displaying vulnerabilities 2026 - 2050 of 2501 in total