Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 352,641 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private honeypots, enriched with prioritization metadata.

View stats Report a KEV

2,555

Total Known exploited

103

Added this week

938

More than CISA KEV

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2013-0633	9.3 High	Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before... Remote	Adobe	Flash Player	over 13 years ago
CVE-2012-6498	6.8 Medium	Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote attackers to execute arbitrary code by uploading... Remote	Atomymaxsite	Atomymaxsite	over 13 years ago
CVE-2012-6081	6.0 Medium	Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in... Remote	MoinMoin	MoinMoin	over 13 years ago
CVE-2012-6467	4.3 Medium	Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other inline element, which makes it easier for... Remote	Opera	Opera Browser	over 13 years ago
CVE-2011-5148	6.8 Medium	Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote... Remote	Joomla!	Simple File Upload	almost 14 years ago
CVE-2012-1854	7.8 High	Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for... 5075 days faster than CISA KEV Low complexity	Microsoft	Office	almost 14 years ago
CVE-2012-2376	10.0 High	Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via... Remote Low complexity	PHP	PHP	about 14 years ago
CVE-2012-0779	9.3 High	Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and... Remote	Adobe	Flash Player	about 14 years ago
CVE-2012-1795	7.5 High	webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter,... Remote Low complexity	Webglimpse	Webglimpse	about 14 years ago
CVE-2012-1557	7.5 High	SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x... Remote Low complexity	Parallels	Plesk Panel	about 14 years ago
CVE-2012-1071	7.5 High	SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL... Remote Low complexity	TYPO3	mv_cooking extension	over 14 years ago
CVE-2011-4862	10.0 High	Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and... Remote Low complexity	FreeBSD	FreeBSD	over 14 years ago
CVE-2011-4369	10.0 High	Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6... Remote Low complexity	Adobe	Reader and Acrobat	over 14 years ago
CVE-2011-3402	8.8 High	Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows... 5324 days faster than CISA KEV Remote Low complexity	Microsoft	Windows	over 14 years ago
CVE-2011-4075	7.5 High	The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby... Remote Low complexity	phpLDAPadmin	phpLDAPadmin	over 14 years ago
CVE-2011-2444	4.3 Medium	Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7... Remote	Adobe	Flash Player	over 14 years ago
CVE-2011-3192	7.8 High	The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of... Remote Low complexity	Apache	HTTP Server	almost 15 years ago
CVE-2011-1968	7.1 High	The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets... Remote	Microsoft	Windows	almost 15 years ago
CVE-2011-2900	7.5 High	Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web... Remote Low complexity	Mongoose	Mongoose	almost 15 years ago
CVE-2011-0226	9.3 High	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and... Remote	Apple	iOS	almost 15 years ago
CVE-2011-1331	9.3 High	JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro... Remote	JustSystems	Ichitaro	almost 15 years ago
CVE-2011-2110	10.0 High	Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to... Remote Low complexity	Adobe	Flash Player	almost 15 years ago
CVE-2009-5076	7.5 High	CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator... Remote Low complexity	CRE Loaded	CRE Loaded	about 15 years ago
CVE-2011-1950	5.5 Medium	plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as... Remote Low complexity	Plone	Plone	about 15 years ago
CVE-2011-1752	5.0 Medium	The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of... Remote Low complexity	Apache	Subversion	about 15 years ago

Displaying vulnerabilities 2476 - 2500 of 2555 in total

KEVIntel

Known Exploited Vulnerability Intelligence Beyond CISA KEV

Prioritize the vulnerabilities attackers are actually exploiting—before they impact your organization.

KEVIntel is known exploited vulnerability intelligence that aggregates, attests, enriches, and distributes exploited-CVE data. It is not a CISA KEV mirror alone. The service includes the official catalog as a baseline and extends coverage with additional exploited-CVE attestations, evidence links, enrichment, and automation-ready delivery through the live feed above, RSS, JSON, and the Pro API.

Aggregated & attested

Exploitation signals from 60+ public sources, vendor advisories, and private honeypots—validated against credible evidence.

Enriched for prioritization

Every CVE joined with EPSS, CVSS, CWE, proof-of-concept references, and Nuclei/Metasploit context.

Automation-ready delivery

Live feed, RSS, JSON, and Pro API for VM, CTI, SOC, and MSSP workflows.

The AI vulnerability tsunami is accelerating disclosure

Hundreds of thousands of CVEs exist in the National Vulnerability Database and vendor advisories, and AI-assisted discovery is accelerating that volume further. CVSS scores describe theoretical severity, but severity is not the same as exploitation. Many high-severity vulnerabilities are never exploited in the wild, while some actively exploited flaws may be under-prioritized if teams rely on CVSS-only prioritization.

Only a small fraction of published CVEs ever show real-world exploitation signals. Security teams cannot remediate everything at once. Exploitation-led prioritization focuses limited patching, detection, and analyst time on CVEs with evidence-backed exploitation—not on vulnerability noise.

Disclosed vulnerabilities Actively exploited

352,641+ and growing

Only 0.7% of disclosed CVEs show real-world exploitation signals — and that sliver is the operationally urgent work.

Focus on the signal, not the noise. KEVIntel helps you identify the vulnerabilities attackers are actually using—so vulnerability management, CTI, SOC, MSSP, and exposure-management teams can prioritize remediation on real exploitation, not scanner volume alone.

CISA KEV is essential. It is not the whole picture.

KEVIntel extends your visibility beyond CISA KEV. CISA KEV is authoritative and valuable; KEVIntel complements it with additional exploited-CVE coverage, RSS delivery, global honeypot telemetry, enrichment, and automation-ready Pro API access. See the full KEVIntel vs CISA KEV comparison.

CISA KEV

No RSS feed
Tracks vulnerabilities in CISA KEV
Curated by CISA

KEVIntel

RSS feed for real-time updates
CISA KEV plus 938+ more exploited in the wild
Independent intelligence from global honeypots, EPSS, CVSS, CWE, PoCs, and Nuclei/Metasploit context

Use CISA KEV. Go further with KEVIntel. Complete visibility, faster prioritization, stronger defenses—with exploitation timelines, source evidence, and platform statistics to back every decision.

From global telemetry to actionable intelligence

KEVIntel follows a simple pipeline: Collect, Attest, Enrich, Deliver. Each exploited CVE links to source material so analysts can verify why it was included and move from signal to action faster.

Collect

Global honeypot networks, CISA KEV, vendor advisories, cyber RSS feeds, and public reporting observe real-world exploitation attempts around the clock.
Attest

Validate exploitation with credible evidence—CISA KEV listings, advisories documenting active exploitation, honeypot observations, and defensible references—to separate signal from noise.
Enrich

Correlate each CVE with EPSS, CVSS, CWE, proof-of-concept references, Nuclei and Metasploit scanner context, online mentions, vendor metadata, and exploitation timelines.
Deliver

Actionable intelligence via this live feed, RSS, JSON, and the Pro API—ready for vulnerability management, CTI, SOC, SIEM/SOAR, MSSP, and exposure-management workflows.

Prioritize what matters

Reduce false positives

Strengthen defenses

Stay ahead of attackers