KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

1.1%

actively
exploited

Focus on what’s exploited

Out of 349,964 known CVEs, only 1.1% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

3,823

Total Known exploited

279

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2025-47172	8.8 High	Microsoft SharePoint Server Remote Code Execution Vulnerability Remote Low complexity No user interaction	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	12 months ago
CVE-2025-33070	8.1 High	Windows Netlogon Elevation of Privilege Vulnerability Remote No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	12 months ago
CVE-2025-29828	8.1 High	Windows Schannel Remote Code Execution Vulnerability Remote No user interaction	Microsoft	Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	12 months ago
CVE-2025-32713	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	12 months ago
CVE-2021-29203	9.8 Critical	A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management... Remote Low complexity No user interaction	n/a	HPE Edgeline Infrastructure Management Software	12 months ago
CVE-2021-24762	9.8 Critical	Perfect Survey < 1.5.2 - Unauthenticated SQL Injection Remote Low complexity No user interaction	Unknown	Perfect Survey	12 months ago
CVE-2021-36356	9.8 Critical	KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts... Remote Low complexity No user interaction	n/a	n/a	12 months ago
CVE-2021-24499	9.8 Critical	Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Remote Low complexity No user interaction	Unknown	Workreap	12 months ago
CVE-2024-32735	9.8 Critical	CyberPower PowerPanel Enterprise Missing Authentication Remote Low complexity No user interaction	CyberPower	CyberPower PowerPanel Enterprise	12 months ago
CVE-2009-0545	10.0 Critical	cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type... Remote Low complexity	ZeroShell	ZeroShell	12 months ago
CVE-2021-21234	7.7 High	Directory Traversal Remote Low complexity No user interaction	lukashinsch	spring-boot-actuator-logview	12 months ago
CVE-2023-47248	9.8 Critical	PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file Remote Low complexity No user interaction	Apache Software Foundation	PyArrow	12 months ago
CVE-2020-13942	9.8 Critical	Remote Code Execution in Apache Unomi Remote Low complexity No user interaction	Apache Software Foundation	Apache Unomi	12 months ago
CVE-2019-1821	8.8 High	Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities Remote Low complexity No user interaction	Cisco	Cisco Prime Infrastructure	12 months ago
CVE-2019-18818	9.8 Critical	strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and... Remote Low complexity No user interaction	strapi	strapi	12 months ago
CVE-2020-11546	9.8 Critical	SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An... Remote Low complexity No user interaction	SuperWebMailer	SuperWebMailer	12 months ago
CVE-2020-36112	9.8 Critical	CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in... Remote Low complexity No user interaction	CSE	Bookstore	12 months ago
CVE-2018-2894	9.8 Critical	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	12 months ago
CVE-2014-3206	9.8 Critical	Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the... Remote Low complexity No user interaction	Seagate	BlackArmor NAS	12 months ago
CVE-2018-10942	9.8 Critical	modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to... Remote Low complexity No user interaction	PrestaShop	Attribute Wizard addon	12 months ago
CVE-2022-0867	9.8 Critical	ARPrice Lite < 3.6.1 - Unauthenticated SQLi Remote Low complexity No user interaction	Unknown	Pricing Table Plugin	12 months ago
CVE-2018-3810	9.8 Critical	Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to... Remote Low complexity No user interaction	Oturia	Smart Google Code Inserter	12 months ago
CVE-2021-30168	9.8 Critical	MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-1 Remote Low complexity No user interaction	MERIT LILIN ENT.CO.,LTD.	P2/Z2/P3/Z3 IP camera firmware	12 months ago
CVE-2022-0786	9.8 Critical	KiviCare < 2.3.9 - Unauthenticated SQLi Remote Low complexity No user interaction	Unknown	KiviCare – Clinic & Patient Management System (EHR)	12 months ago
CVE-2022-25369	9.8 Critical	An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a... Remote Low complexity No user interaction	n/a	n/a	12 months ago

Displaying vulnerabilities 801 - 825 of 3823 in total