KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2019-10758	9.9 Critical	mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to... Remote Low complexity No user interaction	mongo-express	mongo-express	over 4 years ago
CVE-2020-8816	9.1 Critical	Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Remote Low complexity No user interaction	Pi-hole	Pi-hole Web	over 4 years ago
CVE-2020-11261	7.8 High	Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto,... Low complexity No user interaction	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	over 4 years ago
CVE-2021-44077	9.8 Critical	Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to... Remote Low complexity No user interaction	Zoho	ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus MSP, ManageEngine SupportCenter Plus	over 4 years ago
CVE-2021-40438	9.0 Critical	mod_proxy SSRF Remote No user interaction	Apache Software Foundation	Apache HTTP Server	over 4 years ago
CVE-2021-37415	9.8 Critical	Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Remote Low complexity No user interaction	Zoho	ManageEngine ServiceDesk Plus	over 4 years ago
CVE-2018-14847	9.1 Critical	MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write... Remote Low complexity No user interaction	MikroTik	RouterOS	over 4 years ago
CVE-2021-40449	7.8 High	Win32k Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 4 years ago
CVE-2021-42292	7.8 High	Microsoft Excel Security Feature Bypass Vulnerability Low complexity	Microsoft	Microsoft Office 2019, Microsoft Office 2019 for Mac, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Excel 2016, Microsoft Office 2016, Microsoft Excel 2013 Service Pack 1, Microsoft Office 2013 Service Pack 1	over 4 years ago
CVE-2021-42321	8.8 High	Microsoft Exchange Server Remote Code Execution Vulnerability Malware Remote Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11	over 4 years ago
CVE-2021-22204	6.8 Medium	Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the... Low complexity No user interaction	ExifTool	ExifTool	over 4 years ago
CVE-2020-16017	9.6 Critical	Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-37976	6.5 Medium	Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2020-16009	8.8 High	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-30632	8.8 High	Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2020-16013	8.8 High	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-30633	9.6 Critical	Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-21148	8.8 High	Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-37973	9.6 Critical	Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-30551	8.8 High	Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-37975	8.8 High	Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2020-6418	8.8 High	Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-30554	8.8 High	Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-21206	8.8 High	Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-38000	6.1 Medium	Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily... Remote Low complexity	Google	Chrome	over 4 years ago

Displaying vulnerabilities 2051 - 2075 of 2501 in total