KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

1.1%

actively
exploited

Focus on what’s exploited

Out of 349,964 known CVEs, only 1.1% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

3,823

Total Known exploited

279

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2018-13382	9.1 Critical	An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to... Malware Remote Low complexity No user interaction	Fortinet	Fortinet FortiOS, FortiProxy	over 4 years ago
CVE-2019-9670	9.8 Critical	mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as... Remote Low complexity No user interaction	Synacor	Zimbra Collaboration Suite	over 4 years ago
CVE-2019-2725	7.5 High	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are... Malware Remote Low complexity No user interaction	Oracle Corporation	Tape Library ACSLS	over 4 years ago
CVE-2013-3900	5.5 Medium	WinVerifyTrust Signature Validation Vulnerability Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 4 years ago
CVE-2019-1458	7.8 High	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... Malware Low complexity No user interaction	Microsoft	Windows, Windows Server	over 4 years ago
CVE-2020-6572	8.8 High	Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2021-36260	9.8 Critical	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the... Remote Low complexity No user interaction	Hikvision	n/a	over 4 years ago
CVE-2021-22017	5.3 Medium	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network... Remote Low complexity No user interaction	VMware	VMware vCenter Server, VMware Cloud Foundation	over 4 years ago
CVE-2021-22017	5.3 Medium	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network... Remote Low complexity No user interaction	VMware	VMware vCenter Server, VMware Cloud Foundation	over 4 years ago
CVE-2021-36260	9.8 Critical	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the... Remote Low complexity No user interaction	Hikvision	n/a	over 4 years ago
CVE-2020-6572	8.8 High	Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Remote Low complexity	Google	Chrome	over 4 years ago
CVE-2019-1458	7.8 High	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k... Malware Low complexity No user interaction	Microsoft	Windows, Windows Server	over 4 years ago
CVE-2019-2725	7.5 High	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are... Malware Remote Low complexity No user interaction	Oracle Corporation	Tape Library ACSLS	over 4 years ago
CVE-2019-9670	9.8 Critical	mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as... Remote Low complexity No user interaction	Synacor	Zimbra Collaboration Suite	over 4 years ago
CVE-2018-13382	9.1 Critical	An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to... Malware Remote Low complexity No user interaction	Fortinet	Fortinet FortiOS, FortiProxy	over 4 years ago
CVE-2018-13383	4.3 Medium	A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy... Malware Remote Low complexity No user interaction	Fortinet	Fortinet FortiOS and FortiProxy	over 4 years ago
CVE-2019-1579	8.1 High	Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or... Malware Remote No user interaction	Palo Alto Networks	Palo Alto Networks GlobalProtect Portal/Gateway Interface	over 4 years ago
CVE-2019-10149	9.0 Critical	A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in... Remote No user interaction	exim	exim	over 4 years ago
CVE-2015-7450	9.8 Critical	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow... Remote Low complexity No user interaction	IBM	n/a	over 4 years ago
CVE-2017-1000486	9.8 Critical	Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution Remote Low complexity No user interaction	Primetek	Primefaces	over 4 years ago
CVE-2019-7609	10.0 Critical	Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the... Remote Low complexity No user interaction	Elastic	Kibana	over 4 years ago
CVE-2021-27860	9.8 Critical	Arbitrary file upload vulnerability in FatPipe software Remote Low complexity No user interaction	FatPipe	WARP, IPVPN, MPVPN	over 4 years ago
CVE-2021-45461	9.8 Critical	FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute... Remote Low complexity No user interaction	FreePBX	Rest Phone Apps	over 4 years ago
CVE-2021-43890	7.1 High	Windows AppX Installer Spoofing Vulnerability Remote	Microsoft	App Installer	over 4 years ago
CVE-2021-4102	8.8 High	Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Remote Low complexity	Google	Chrome	over 4 years ago

Displaying vulnerabilities 3026 - 3050 of 3823 in total