0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,184 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,501
Total Known exploited
353
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2019-20085 | 7.5 High |
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Remote
Low complexity
No user interaction
|
| CVE-2021-36741 | 8.8 High |
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1...
Remote
Low complexity
No user interaction
|
| CVE-2021-36742 | 7.8 High |
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1...
Low complexity
No user interaction
|
| CVE-2020-8599 | 9.8 Critical |
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an...
Remote
Low complexity
No user interaction
|
| CVE-2021-27104 | 9.8 Critical |
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-27102 | 7.8 High |
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
Malware
Low complexity
No user interaction
|
| CVE-2021-27101 | 9.8 Critical |
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-27103 | 9.8 Critical |
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-21017 | 8.8 High |
Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
Remote
Low complexity
|
| CVE-2021-28550 | 9.6 Critical |
Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution
Remote
Low complexity
|
| CVE-2018-4939 | 9.8 Critical |
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data...
Remote
Low complexity
No user interaction
|
| CVE-2018-15961 | 9.8 Critical |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload...
Remote
Low complexity
No user interaction
|
| CVE-2018-4878 | 7.8 High |
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the...
Malware
Low complexity
|
| CVE-2020-5735 | 8.8 High |
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to...
Remote
Low complexity
No user interaction
|
| CVE-2019-2215 | 7.8 High |
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit...
Low complexity
No user interaction
|
| CVE-2020-0041 | 7.8 High |
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of...
Low complexity
No user interaction
|
| CVE-2020-0069 | 7.8 High |
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and...
Low complexity
No user interaction
|
| CVE-2017-9805 | 8.1 High |
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for...
Remote
No user interaction
|
| CVE-2021-42013 | 9.8 Critical |
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-41773 | 7.5 High |
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Malware
Remote
Low complexity
No user interaction
|
| CVE-2019-0211 | 7.8 High |
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or...
Low complexity
No user interaction
|
| CVE-2016-4437 | 9.8 Critical |
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary...
Remote
Low complexity
No user interaction
|
| CVE-2019-17558 | 7.5 High |
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be...
Remote
No user interaction
|
| CVE-2020-17530 | 9.8 Critical |
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts...
Remote
Low complexity
No user interaction
|
| CVE-2017-5638 | 9.8 Critical |
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message...
Malware
Remote
Low complexity
No user interaction
|
Displaying vulnerabilities 2126 - 2150 of 2501 in total