KEVIntel

Known Exploited Vulnerabilities

Focus on What Matters

There are 300,926 vulnerabilities in the CVE database. Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

0.6% Exploited

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID Vendor Source
CVE-2024-6396 aimhubio The Shadowserver (via CIRCL)
CVE-2024-8877 Riello The Shadowserver (via CIRCL)
CVE-2024-7954 SPIP The Shadowserver (via CIRCL)
CVE-2024-39914 FOGProject The Shadowserver (via CIRCL)
CVE-2024-29895 Cacti The Shadowserver (via CIRCL)
CVE-2024-44849 Qualitor The Shadowserver (via CIRCL)
CVE-2024-2389 Progress Software The Shadowserver (via CIRCL)
CVE-2024-22319 IBM The Shadowserver (via CIRCL)
CVE-2020-12720 vBulletin The Shadowserver (via CIRCL)
CVE-2020-24589 WSO2 The Shadowserver (via CIRCL)
CVE-2024-0769 D-Link CISA
CVE-2025-6543 NetScaler TheHackerNews
CVE-2025-26319 FlowiseAI The Shadowserver (via CIRCL)
CVE-2025-27112 navidrome The Shadowserver (via CIRCL)
CVE-2025-2777 SysAid The Shadowserver (via CIRCL)
CVE-2025-26793 Hirsch The Shadowserver (via CIRCL)
CVE-2025-2775 SysAid The Shadowserver (via CIRCL)
CVE-2025-2776 SysAid The Shadowserver (via CIRCL)
CVE-2025-2294 extendthemes The Shadowserver (via CIRCL)
CVE-2025-52572 hikariatama CVE
CVE-2024-54085 AMI CVE
CVE-2019-6693 Fortinet CVE
CVE-2025-34037 Linksys CVE
CVE-2018-0127 Cisco The Shadowserver (via CIRCL)
CVE-2021-41293 ECOA The Shadowserver (via CIRCL)
Displaying vulnerabilities 51 - 75 of 1938 in total