0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,499
Total Known exploited
351
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2018-18472 | 9.8 Critical |
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the...
Remote
Low complexity
No user interaction
|
| CVE-2018-18852 | 8.8 High |
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use...
Remote
Low complexity
No user interaction
|
| CVE-2019-6703 | 9.8 Critical |
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows...
Remote
Low complexity
No user interaction
|
| CVE-2018-19207 | 9.8 Critical |
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because...
Remote
Low complexity
No user interaction
|
| CVE-2018-18956 | 7.5 High |
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault...
Remote
Low complexity
No user interaction
|
| CVE-2018-11687 | 7.5 High |
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the...
Remote
Low complexity
No user interaction
|
| CVE-2018-11529 | 8.0 High |
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV...
Low complexity
|
| CVE-2018-11329 | 7.5 High |
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's...
Remote
Low complexity
No user interaction
|
| CVE-2018-11239 | 7.5 High |
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to...
Remote
Low complexity
No user interaction
|
| CVE-2018-10831 | 7.5 High |
Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a...
Remote
Low complexity
No user interaction
|
| CVE-2018-10657 | 7.5 High |
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable,...
Remote
Low complexity
No user interaction
|
| CVE-2018-10468 | 7.5 High |
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal...
Remote
Low complexity
No user interaction
|
| CVE-2018-10376 | 7.5 High |
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows...
Remote
Low complexity
No user interaction
|
| CVE-2018-10299 | 7.5 High |
An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used...
Remote
Low complexity
No user interaction
|
| CVE-2017-2404 | 3.3 Low |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote...
Low complexity
|
| CVE-2016-6195 | 9.8 Critical |
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows...
Remote
Low complexity
No user interaction
|
| CVE-2016-1409 | 7.5 High |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS...
Remote
Low complexity
No user interaction
|
| CVE-2015-8562 | 7.5 High |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP...
Remote
Low complexity
|
| CVE-2015-2945 | 7.5 High |
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP...
Remote
Low complexity
|
| CVE-2015-1494 | 4.3 Medium |
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site...
Remote
|
| CVE-2014-7235 | 10.0 Critical |
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before...
Remote
Low complexity
|
| CVE-2014-6293 | 7.5 High |
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands...
Remote
Low complexity
|
| CVE-2014-1815 | 9.3 Critical |
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...
Remote
|
| CVE-2014-1809 | 6.8 Medium |
The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to...
Remote
|
| CVE-2014-1807 | 7.2 High |
The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...
Low complexity
|
Displaying vulnerabilities 2376 - 2400 of 2499 in total