KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

1.1%

actively
exploited

Focus on what’s exploited

Out of 349,964 known CVEs, only 1.1% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

3,824

Total Known exploited

280

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2023-27482	10.0 Critical	homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor... Remote Low complexity No user interaction	home-assistant	core, supervisor	12 months ago
CVE-2019-17270	9.8 Critical	Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the... Remote Low complexity No user interaction	Yachtcontrol	Yachtcontrol	12 months ago
CVE-2017-18378	8.4 High	In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through... Low complexity No user interaction	NETGEAR	ReadyNAS Surveillance	12 months ago
CVE-2017-14135	9.8 Critical	enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute... Remote Low complexity No user interaction	OpenDreambox	OpenDreambox 2.0.0	12 months ago
CVE-2025-5068	8.8 High	Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML... Remote Low complexity	Google	Chrome	12 months ago
CVE-2021-37291	9.8 Critical	An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php. Remote Low complexity No user interaction	KevinLAB Inc	Building Energy Management System 4ST BEMS	about 1 year ago
CVE-2013-1965	9.3 Critical	Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a... Remote	Apache	Struts	about 1 year ago
CVE-2023-26255	7.5 High	An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By... Remote Low complexity No user interaction	Atlassian	Jira	about 1 year ago
CVE-2020-13638	9.8 Critical	lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been... Remote Low complexity No user interaction	rConfig	rConfig	about 1 year ago
CVE-2023-26256	7.5 High	An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By... Remote Low complexity No user interaction	Atlassian	Jira	about 1 year ago
CVE-2025-4428	7.2 High	Remote Code Execution Remote Low complexity No user interaction	Ivanti	Endpoint Manager Mobile	about 1 year ago
CVE-2025-4427	5.3 Medium	Authentication Bypass Remote Low complexity No user interaction	Ivanti	Endpoint Manager Mobile	about 1 year ago
CVE-2025-32709	7.8 High	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-32706	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-32701	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-30400	7.8 High	Microsoft DWM Core Library Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-30397	7.5 High	Scripting Engine Memory Corruption Vulnerability Remote	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-27920	7.2 High	Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in... Remote Low complexity No user interaction	Srimax	Output Messenger	about 1 year ago
CVE-2024-27443	6.1 Medium	An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature... Remote Low complexity	Zimbra	Zimbra Collaboration (ZCS)	about 1 year ago
CVE-2024-11182	5.3 Medium	Stored XSS vulnerability in MDaemon Email Server Remote Low complexity	MDaemon	Email Server	about 1 year ago
CVE-2023-38950	7.5 High	A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a... Remote Low complexity No user interaction	ZKTeco	BioTime	about 1 year ago
CVE-2018-17246	9.8 Critical	Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana... Remote Low complexity No user interaction	Elastic	Kibana	about 1 year ago
CVE-2019-16662	9.8 Critical	An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php... Remote Low complexity No user interaction	rConfig	rConfig	about 1 year ago
CVE-2024-9264	9.4 Critical	Grafana SQL Expressions allow for remote code execution Remote Low complexity No user interaction	Grafana	Grafana	about 1 year ago
CVE-2024-12987	6.9 Medium	DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection Remote Low complexity No user interaction	DrayTek	Vigor2960, Vigor300B	about 1 year ago

Displaying vulnerabilities 851 - 875 of 3824 in total