KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

1.1%

actively
exploited

Focus on what’s exploited

Out of 349,964 known CVEs, only 1.1% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

3,824

Total Known exploited

280

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-0786	9.8 Critical	KiviCare < 2.3.9 - Unauthenticated SQLi Remote Low complexity No user interaction	Unknown	KiviCare – Clinic & Patient Management System (EHR)	12 months ago
CVE-2022-25369	9.8 Critical	An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a... Remote Low complexity No user interaction	Dynamicweb	Dynamicweb	12 months ago
CVE-2022-24260	9.8 Critical	A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. Remote Low complexity No user interaction	Voipmonitor	Voipmonitor GUI	12 months ago
CVE-2022-41840	7.5 High	WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability Remote Low complexity No user interaction	Collne Inc.	Welcart e-Commerce (WordPress plugin)	12 months ago
CVE-2018-16763	9.8 Critical	FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote... Remote Low complexity No user interaction	Daylight Studio	FUEL CMS	12 months ago
CVE-2023-2648	6.3 Medium	Weaver E-Office uploadify.php unrestricted upload Remote Low complexity No user interaction	Weaver	E-Office	12 months ago
CVE-2024-11238	6.9 Medium	Landray EKP sysUiComponent.do delPreviewFile path traversal Remote Low complexity No user interaction	Landray	EKP	12 months ago
CVE-2023-47218	5.8 Medium	QTS, QuTS hero, QuTScloud No user interaction	QNAP Systems Inc.	QTS, QuTS hero, QuTScloud	12 months ago
CVE-2022-2487	8.0 High	WAVLINK WN535K2/WN535K3 nightled.cgi os command injection Low complexity No user interaction	WAVLINK	WN535K2, WN535K3	12 months ago
CVE-2020-7980	9.8 Critical	Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI.... Remote Low complexity No user interaction	Intellian	Aptus Web	12 months ago
CVE-2023-32563	9.8 Critical	An unauthenticated attacker could achieve the code execution through a RemoteControl server. Remote Low complexity No user interaction	Ivanti	Avalanche	12 months ago
CVE-2013-7091	5.0 Medium	Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows... Remote Low complexity	Zimbra	Zimbra Collaboration Suite	12 months ago
CVE-2020-15568	9.8 Critical	TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation... Remote Low complexity No user interaction	TerraMaster	TOS	12 months ago
CVE-2022-0760	9.8 Critical	Simple Link Directory < 7.7.2 - Unauthenticated SQL injection Remote Low complexity No user interaction	Unknown	Simple Link Directory	12 months ago
CVE-2021-43711	9.8 Critical	The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The... Remote Low complexity No user interaction	TOTOLINK	EX200	12 months ago
CVE-2022-4050	9.8 Critical	JoomSport < 5.2.8 - Unauthenticated SQLi Remote Low complexity No user interaction	Unknown	JoomSport	12 months ago
CVE-2022-35413	9.8 Critical	WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential... Remote Low complexity No user interaction	Penta Security Systems Inc.	WAPPLES	12 months ago
CVE-2020-35131	9.8 Critical	Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in... Remote Low complexity No user interaction	Agentejo	Cockpit	12 months ago
CVE-2021-27964	9.8 Critical	SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to... Remote Low complexity No user interaction	SonLogger	SonLogger	12 months ago
CVE-2023-27482	10.0 Critical	homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor... Remote Low complexity No user interaction	home-assistant	core, supervisor	12 months ago
CVE-2023-41109	9.8 Critical	SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. Remote Low complexity No user interaction	SmartNode	SN200	12 months ago
CVE-2022-0769	9.8 Critical	Users Ultra <= 3.1.0 - Unauthenticated SQL Injection Remote Low complexity No user interaction	Unknown	Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin	12 months ago
CVE-2018-12031	9.8 Critical	Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory... Remote Low complexity No user interaction	Eaton	Intelligent Power Manager	12 months ago
CVE-2022-25322	9.8 Critical	ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. Remote Low complexity No user interaction	ZEROF	Web Server 2.0	12 months ago
CVE-2021-24931	9.8 Critical	Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection Remote Low complexity No user interaction	Unknown	Secure Copy Content Protection and Content Locking	12 months ago

Displaying vulnerabilities 826 - 850 of 3824 in total