Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-12780	The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-0656	A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could...	SonicWall	SonicOS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-10372	The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547,...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-22274	A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service...	SonicWall	SonicOS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-26801	LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-32030	The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-22024	An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA...	Ivanti, Ivant	ICS, IPS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-3721	TBK DVR-4104/DVR-4216 os command injection	TBK	DVR-4104, DVR-4216	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-38646	Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-9995	TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-27850	Bypass of the fix for CVE-2019-0195	Apache Software Foundation	Apache Tapestry	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25114	Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection	Unknown	Paid Memberships Pro	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25646	Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.	Apache Software Foundation	Apache Druid	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-4191	An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with...	GitLab	GitLab	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-3928	Commvault Web Server unspecified vulnerability	Commvault	Web Server	2025-04-28 00:00:00 UTC	CISA
CVE-2025-42599	Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request...	QUALITIA CO., LTD.	Active! mail 6	2025-04-28 00:00:00 UTC	CISA
CVE-2025-1976	Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6	Brocade	Fabric OS	2025-04-28 00:00:00 UTC	CISA
CVE-2021-26295	RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI	Apache Software Foundation	Apache OFBiz	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-24488	Cross site scripting	Citrix	Citrix ADC and Citrix Gateway	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-2825	No title available			2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25003	WPCargo < 6.9.0 - Unauthenticated RCE	Unknown	WPCargo Track & Trace	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-17215	Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to...	Huawei Technologies Co., Ltd.	HG532	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25899	An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-26294	An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-17506	There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the...	n/a	n/a	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 1 - 25 of 1400 in total