KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,500

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2019-19356	7.5 High	Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been... Remote No user interaction	Netis	WF2419	over 4 years ago
CVE-2020-2555	9.8 Critical	Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are... Remote Low complexity No user interaction	Oracle Corporation	WebCenter Portal, Utilities Framework	over 4 years ago
CVE-2012-3152	9.1 Critical	Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote... Remote Low complexity No user interaction	Oracle	Fusion Middleware	over 4 years ago
CVE-2020-14871	10.0 Critical	Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected... Remote Low complexity No user interaction	Oracle Corporation	Solaris Operating System	over 4 years ago
CVE-2015-4852	9.8 Critical	The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary... Remote Low complexity No user interaction	Oracle	WebLogic Server	over 4 years ago
CVE-2020-14750	9.8 Critical	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	over 4 years ago
CVE-2020-14882	9.8 Critical	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	over 4 years ago
CVE-2020-14883	7.2 High	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	over 4 years ago
CVE-2020-8644	9.8 Critical	PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Remote Low complexity No user interaction	PlaySMS	PlaySMS	over 4 years ago
CVE-2019-18935	9.8 Critical	Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is... Malware Remote Low complexity No user interaction	Progress	Telerik UI for ASP.NET AJAX	over 4 years ago
CVE-2020-8468	8.8 High	Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape... Remote Low complexity No user interaction	Trend Micro	Trend Micro OfficeScan, Trend Micro Apex One, Trend Micro Worry-Free Business Security (WFBS)	over 4 years ago
CVE-2021-22893	10.0 Critical	Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and... Malware Remote Low complexity No user interaction	Pulse Secure	Pulse Connect Secure	over 4 years ago
CVE-2020-8243	7.2 High	A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to... Remote Low complexity No user interaction	Pulse Secure	Pulse Connect Secre	over 4 years ago
CVE-2021-22900	7.2 High	A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to... Remote Low complexity No user interaction	Pulse Secure	Pulse Secure Secure	over 4 years ago
CVE-2021-22894	8.8 High	A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as... Remote Low complexity No user interaction	Pulse Secure	Pulse Connect Secure	over 4 years ago
CVE-2020-8260	7.2 High	A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code... Remote Low complexity No user interaction	Pulse Secure	Pulse Connect Secure / Pulse Policy Secure	over 4 years ago
CVE-2021-22899	8.8 High	A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code... Remote Low complexity No user interaction	Pulse Secure	Pulse Connect Secure	over 4 years ago
CVE-2019-11510	9.9 Critical	In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can... Malware Remote Low complexity No user interaction	Pulse Secure	Pulse Connect Secure	over 4 years ago
CVE-2019-11539	8.0 High	In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse... Malware Remote No user interaction	Pulse Secure	Pulse Connect Secure	over 4 years ago
CVE-2021-1906	6.2 Medium	Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute,... Low complexity No user interaction	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	over 4 years ago
CVE-2021-1905	8.4 High	Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute,... Low complexity No user interaction	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	over 4 years ago
CVE-2020-10221	8.8 High	lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in... Remote Low complexity No user interaction	rConfig	rConfig	over 4 years ago
CVE-2021-35395	9.8 Critical	Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access... Remote Low complexity No user interaction	Realtek	Jungle SDK	over 4 years ago
CVE-2017-16651	7.8 High	Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem,... Low complexity No user interaction	Roundcube	Roundcube Webmail	over 4 years ago
CVE-2020-11652	6.5 Medium	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some... Remote Low complexity No user interaction	SaltStack	Salt	over 4 years ago

Displaying vulnerabilities 2276 - 2300 of 2500 in total