0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,500
Total Known exploited
352
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2020-11651 | 9.8 Critical |
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly...
Remote
Low complexity
No user interaction
|
| CVE-2020-16846 | 9.8 Critical |
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in...
Remote
Low complexity
No user interaction
|
| CVE-2018-2380 | 6.6 Medium |
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2010-5326 | 10.0 Critical |
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote...
Remote
Low complexity
No user interaction
|
| CVE-2016-9563 | 6.5 Medium |
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the...
Remote
Low complexity
No user interaction
|
| CVE-2020-6287 | 10.0 Critical |
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an...
Remote
Low complexity
No user interaction
|
| CVE-2020-6207 | 10.0 Critical |
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a...
Remote
Low complexity
No user interaction
|
| CVE-2016-3976 | 7.5 High |
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot...
Remote
Low complexity
No user interaction
|
| CVE-2019-16256 | 9.8 Critical |
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location...
Remote
Low complexity
No user interaction
|
| CVE-2020-10148 | 9.8 Critical |
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
Remote
Low complexity
No user interaction
|
| CVE-2021-35211 | 9.0 Critical |
Serv-U Remote Memory Escape Vulnerability
Malware
Remote
No user interaction
|
| CVE-2016-3643 | 7.8 High |
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated...
Low complexity
No user interaction
|
| CVE-2020-10199 | 8.8 High |
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
Remote
Low complexity
No user interaction
|
| CVE-2021-20021 | 9.8 Critical |
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2019-7481 | 7.5 High |
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-20022 | 7.2 High |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-20023 | 4.9 Medium |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-20016 | 9.8 Critical |
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2020-12271 | 10.0 Critical |
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2020-10181 | 9.8 Critical |
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges...
Remote
Low complexity
No user interaction
|
| CVE-2017-6327 | 8.8 High |
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual...
Remote
Low complexity
No user interaction
|
| CVE-2019-18988 | 7.0 High |
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers'...
No user interaction
|
| CVE-2017-9248 | 9.8 Critical |
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect...
Remote
Low complexity
No user interaction
|
| CVE-2021-31755 | 9.8 Critical |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows...
Remote
Low complexity
No user interaction
|
| CVE-2020-10987 | 9.8 Critical |
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the...
Remote
Low complexity
No user interaction
|
Displaying vulnerabilities 2301 - 2325 of 2500 in total