KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 351,304 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,520

Total Known exploited

455

Added this week

908

More than CISA KEV

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2026-28318	7.5 High	SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability Remote Low complexity No user interaction	SolarWinds	Serv-U	about 23 hours ago
CVE-2026-7473	6.9 Medium	Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass Remote Low complexity No user interaction	Arista Networks	EOS	1 day ago
CVE-2026-3300	9.8 Critical	Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field Remote Low complexity No user interaction	WPEverest	Everest Forms Pro	1 day ago
CVE-2026-20245	7.8 High	Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability Low complexity No user interaction	Cisco	Cisco Catalyst SD-WAN Manager	1 day ago
CVE-2023-6875	9.8 Critical	The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to... Remote Low complexity No user interaction	wpexpertsio	POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications	3 days ago
CVE-2022-24716	7.5 High	Path traversal in Icinga Web 2 Remote Low complexity No user interaction	Icinga	icingaweb2	3 days ago
CVE-2020-13379	8.2 High	The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated... Remote Low complexity No user interaction	Grafana	Grafana	3 days ago
CVE-2024-6671	9.8 Critical	WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability Remote Low complexity No user interaction	Progress Software Corporation	WhatsUp Gold	3 days ago
CVE-2023-22620	7.5 High	An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an... Remote	SecurePoint	UTM	3 days ago
CVE-2025-67303	7.5 High	An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was... Remote Low complexity No user interaction	Comfy-Org	ComfyUI-Manager	3 days ago
CVE-2026-45247	9.3 Critical	Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection Remote Low complexity No user interaction	Mirasvit	Full Page Cache Warmer for Magento 2	3 days ago
CVE-2025-48827	10.0 Critical	vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP... Remote Low complexity No user interaction	vBulletin	vBulletin	3 days ago
CVE-2026-8206	9.8 Critical	Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' Remote Low complexity No user interaction	themeum	Kirki – Freeform Page Builder, Website Builder & Customizer	3 days ago
CVE-2023-6909	7.5 High	Path Traversal: '\..\filename' in mlflow/mlflow Remote Low complexity No user interaction	mlflow	mlflow/mlflow	4 days ago
CVE-2022-4059	9.8 Critical	Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi Remote Low complexity No user interaction	Unknown	Cryptocurrency Widgets Pack	4 days ago
CVE-2025-9316	6.9 Medium	N-central unauthenticated sessionID generation Remote Low complexity No user interaction	N-able	N-central	4 days ago
CVE-2026-41176	9.2 Critical	Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution Remote Low complexity No user interaction	rclone	rclone	4 days ago
CVE-2022-0492	7.8 High	A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain... Low complexity No user interaction	Linux	kernel	4 days ago
CVE-2025-48595	8.4 High	In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of... Low complexity No user interaction	Google	Android	4 days ago
CVE-2026-41089	9.8 Critical	Windows Netlogon Remote Code Execution Vulnerability Remote Low complexity No user interaction	Microsoft	Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	4 days ago
CVE-2024-21182	7.5 High	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	5 days ago
CVE-2023-43000	8.8 High	A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari... Remote Low complexity	Apple	macOS, iOS and iPadOS, Safari	5 days ago
CVE-2025-31277	8.8 High	The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6,... Remote Low complexity	Apple	Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS	5 days ago
CVE-2026-9082	9.8 Critical	Drupal core - Highly critical - SQL injection - SA-CORE-2026-004 Remote Low complexity No user interaction	Drupal	Drupal core	5 days ago
CVE-2026-48172	10.0 Critical	LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is... Remote Low complexity No user interaction	LiteSpeed Technologies	cPanel Plugin, WHM Plugin	5 days ago

Displaying vulnerabilities 1 - 25 of 2520 in total

KEVIntel

Known Exploited Vulnerability Intelligence Beyond CISA KEV

Prioritize the vulnerabilities attackers are actually exploiting—before they impact your organization.

KEVIntel is known exploited vulnerability intelligence that aggregates, attests, enriches, and distributes exploited-CVE data. It is not a CISA KEV mirror alone. The service includes the official catalog as a baseline and extends coverage with additional exploited-CVE attestations, evidence links, enrichment, and automation-ready delivery through the live feed above, RSS, JSON, and the Pro API.

Aggregated & attested

Exploitation signals from 60+ public sources, vendor advisories, and private honeypots—validated against credible evidence.

Enriched for prioritization

Every CVE joined with EPSS, CVSS, CWE, proof-of-concept references, and Nuclei/Metasploit context.

Automation-ready delivery

Live feed, RSS, JSON, and Pro API for VM, CTI, SOC, and MSSP workflows.

The AI vulnerability tsunami is accelerating disclosure

Hundreds of thousands of CVEs exist in the National Vulnerability Database and vendor advisories, and AI-assisted discovery is accelerating that volume further. CVSS scores describe theoretical severity, but severity is not the same as exploitation. Many high-severity vulnerabilities are never exploited in the wild, while some actively exploited flaws may be under-prioritized if teams rely on CVSS-only prioritization.

Only a small fraction of published CVEs ever show real-world exploitation signals. Security teams cannot remediate everything at once. Exploitation-led prioritization focuses limited patching, detection, and analyst time on CVEs with evidence-backed exploitation—not on vulnerability noise.

Disclosed vulnerabilities Actively exploited

351,304+ and growing

Only 0.7% of disclosed CVEs show real-world exploitation signals — and that sliver is the operationally urgent work.

Focus on the signal, not the noise. KEVIntel helps you identify the vulnerabilities attackers are actually using—so vulnerability management, CTI, SOC, MSSP, and exposure-management teams can prioritize remediation on real exploitation, not scanner volume alone.

CISA KEV is essential. It is not the whole picture.

KEVIntel extends your visibility beyond CISA KEV. CISA KEV is authoritative and valuable; KEVIntel complements it with additional exploited-CVE coverage, RSS delivery, honeypot and sensor telemetry, enrichment, and automation-ready Pro API access. See the full KEVIntel vs CISA KEV comparison.

CISA KEV

No RSS feed
Tracks vulnerabilities in CISA KEV
Curated by CISA

KEVIntel

RSS feed for real-time updates
CISA KEV plus 908+ more exploited in the wild
Independent intelligence from global honeypots, sensors, EPSS, CVSS, CWE, PoCs, and Nuclei/Metasploit context

Use CISA KEV. Go further with KEVIntel. Complete visibility, faster prioritization, stronger defenses—with exploitation timelines, source evidence, and platform statistics to back every decision.

From global telemetry to actionable intelligence

KEVIntel follows a simple pipeline: Collect, Attest, Enrich, Deliver. Each exploited CVE links to source material so analysts can verify why it was included and move from signal to action faster.

Collect

Global honeypot and sensor networks, CISA KEV, vendor advisories, cyber RSS feeds, and public reporting observe real-world exploitation attempts around the clock.
Attest

Validate exploitation with credible evidence—CISA KEV listings, advisories documenting active exploitation, honeypot observations, and defensible references—to separate signal from noise.
Enrich

Correlate each CVE with EPSS, CVSS, CWE, proof-of-concept references, Nuclei and Metasploit scanner context, online mentions, vendor metadata, and exploitation timelines.
Deliver

Actionable intelligence via this live feed, RSS, JSON, and the Pro API—ready for vulnerability management, CTI, SOC, SIEM/SOAR, MSSP, and exposure-management workflows.

Prioritize what matters

Reduce false positives

Strengthen defenses

Stay ahead of attackers