KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,131 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,501

Total Known exploited

353

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2020-29557	9.8 Critical	An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to... Remote Low complexity No user interaction	D-Link	DIR-825 R1	over 4 years ago
CVE-2020-25506	9.8 Critical	D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code... Remote Low complexity No user interaction	D-Link	DNS-320	over 4 years ago
CVE-2018-15811	7.5 High	DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Remote Low complexity No user interaction	DNN	DotNetNuke	over 4 years ago
CVE-2018-18325	7.5 High	DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an... Remote Low complexity No user interaction	DNN Software	DNN Platform	over 4 years ago
CVE-2017-9822	8.8 High	DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." Malware Remote Low complexity No user interaction	DotNetNuke	DotNetNuke CMS Fixed in 9.1.1	over 4 years ago
CVE-2019-15752	7.8 High	Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file... Low complexity	Docker	Docker Desktop Community Edition	over 4 years ago
CVE-2020-8515	9.8 Critical	DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as... Remote Low complexity No user interaction	DrayTek	Vigor2960, Vigor3900, Vigor300B	over 4 years ago
CVE-2018-7600	9.8 Critical	Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an... Malware Remote Low complexity No user interaction	Drupal	Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1	over 4 years ago
CVE-2021-22205	10.0 Critical	An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were... Malware Remote Low complexity No user interaction	GitLab	GitLab	over 4 years ago
CVE-2018-6789	9.8 Critical	An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may... Malware Remote Low complexity No user interaction	Exim	Exim	over 4 years ago
CVE-2020-8657	9.8 Critical	An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API... Remote Low complexity No user interaction	EyesOfNetwork	EyesOfNetwork	over 4 years ago
CVE-2020-8655	7.8 High	An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user... Low complexity	EyesOfNetwork	EyesOfNetwork	over 4 years ago
CVE-2020-5902	9.8 Critical	In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface... Malware Remote Low complexity No user interaction	F5	BIG-IP	over 4 years ago
CVE-2021-22986	9.8 Critical	On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd... Malware Remote Low complexity No user interaction	F5	BIG-IP; BIG-IQ	over 4 years ago
CVE-2021-35464	9.8 Critical	ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does... Malware Remote Low complexity No user interaction	ForgeRock	AM server	over 4 years ago
CVE-2019-5591	6.5 Medium	A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by... Low complexity No user interaction	Fortinet	Fortinet FortiOS	over 4 years ago
CVE-2020-12812	9.8 Critical	An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in... Malware Remote Low complexity No user interaction	Fortinet	Fortinet FortiOS	over 4 years ago
CVE-2018-13379	9.1 Critical	An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to... Malware Remote Low complexity No user interaction	Fortinet	Fortinet FortiOS, FortiProxy	over 4 years ago
CVE-2020-16010	9.6 Critical	Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2020-15999	9.6 Critical	Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a... Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-21166	8.8 High	Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-34473	9.1 Critical	Microsoft Exchange Server Remote Code Execution Vulnerability Malware Remote Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8	over 4 years ago
CVE-2020-1464	7.8 High	Windows Spoofing Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 4 years ago
CVE-2021-1732	7.8 High	Windows Win32k Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1803, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation), Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2	over 4 years ago
CVE-2021-34527	8.8 High	Windows Print Spooler Remote Code Execution Vulnerability Malware Remote Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 4 years ago

Displaying vulnerabilities 2201 - 2225 of 2501 in total