KEVIntel

Known Exploited Vulnerabilities

Focus on What Matters

There are 298,512 vulnerabilities in the CVE database. Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

0.6% Exploited

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID Vendor Source
CVE-2012-4867 vtiger SANS Internet Storm Center
CVE-2020-36112 Musyoka Ian The Shadowserver (via CIRCL)
CVE-2021-30168 MERIT LILIN ENT.CO.,LTD. The Shadowserver (via CIRCL)
CVE-2022-24260 Voipmonitor The Shadowserver (via CIRCL)
CVE-2021-27964 SonLogger The Shadowserver (via CIRCL)
CVE-2022-25322 ZEROF The Shadowserver (via CIRCL)
CVE-2022-35413 Penta Security Systems Inc. The Shadowserver (via CIRCL)
CVE-2018-12031 Eaton The Shadowserver (via CIRCL)
CVE-2025-49113 Roundcube BleepingComputer
CVE-2024-57726 SimpleHelp Sophos News
CVE-2024-57728 SimpleHelp Sophos News
CVE-2019-17270 Yachtcontrol The Shadowserver (via CIRCL)
CVE-2017-18378 NETGEAR The Shadowserver (via CIRCL)
CVE-2020-10548 rConfig The Shadowserver (via CIRCL)
CVE-2022-2487 WAVLINK The Shadowserver (via CIRCL)
CVE-2021-43711 TOTOLINK The Shadowserver (via CIRCL)
CVE-2024-11238 Landray The Shadowserver (via CIRCL)
CVE-2025-21479 Qualcomm, Inc. CyberInsider
CVE-2025-27038 Qualcomm, Inc. CyberInsider
CVE-2025-21480 Qualcomm, Inc. CyberInsider
CVE-2025-5419 Google TheHackerNews
CVE-2025-35939 Craft CISA
CVE-2025-3935 ConnectWise CISA
CVE-2023-26256 STAGIL The Shadowserver (via CIRCL)
CVE-2023-26255 STAGIL The Shadowserver (via CIRCL)
Displaying vulnerabilities 26 - 50 of 1864 in total