KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,499

Total Known exploited

351

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-29383	9.8 Critical	NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at... Remote Low complexity No user interaction	NETGEAR	ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3	about 1 year ago
CVE-2025-31200	7.5 High	A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1,... Remote	Apple	iOS and iPadOS, macOS, tvOS, visionOS, watchOS	about 1 year ago
CVE-2025-24054	6.5 Medium	NTLM Hash Disclosure Spoofing Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-31201	6.8 Medium	This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1,... Remote No user interaction	Apple	iOS and iPadOS, macOS, tvOS, visionOS	about 1 year ago
CVE-2021-20035	6.5 Medium	Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands... Remote Low complexity No user interaction	SonicWall	SMA100	about 1 year ago
CVE-2025-3102	8.1 High	SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation Remote No user interaction	brainstormforce	OttoKit: All-in-One Automation Platform (Formerly SureTriggers)	about 1 year ago
CVE-2024-53197	7.8 High	ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Low complexity No user interaction	Linux	Linux	about 1 year ago
CVE-2024-53150	7.1 High	ALSA: usb-audio: Fix out of bounds reads when finding clock sources Low complexity No user interaction	Linux	Linux	about 1 year ago
CVE-2025-29824	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-30406	9.0 Critical	Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's... Remote No user interaction	Gladinet	CentreStack	about 1 year ago
CVE-2025-31161	9.8 Critical	CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is... Malware Remote Low complexity No user interaction	CrushFTP	CrushFTP	about 1 year ago
CVE-2025-22457	9.0 Critical	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA... Malware Remote No user interaction	Ivanti	Connect Secure, Policy Secure, Neurons for ZTA gateways	about 1 year ago
CVE-2025-24813	10.0 Critical	Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT Remote Low complexity No user interaction	Apache Software Foundation	Apache Tomcat	about 1 year ago
CVE-2024-20439	9.8 Critical	A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a... Remote Low complexity No user interaction	Cisco	Cisco Smart License Utility	about 1 year ago
CVE-2025-2857	10.0 Critical	Incorrect handle could lead to sandbox escapes Remote Low complexity No user interaction	Mozilla	Firefox	about 1 year ago
CVE-2025-30355	7.1 High	Synapse vulnerable to federation denial of service via malformed events Remote Low complexity No user interaction	element-hq	synapse	about 1 year ago
CVE-2025-2783	8.3 High	Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to... Remote	Google	Chrome	about 1 year ago
CVE-2019-9874	9.8 Critical	Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2... Remote Low complexity No user interaction	Sitecore	CMS	about 1 year ago
CVE-2019-9875	8.8 High	Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by... Remote Low complexity No user interaction	Sitecore	Sitecore CMS	about 1 year ago
CVE-2025-30154	8.6 High	Multiple Reviewdog actions were compromised during a specific time period Remote Low complexity No user interaction	reviewdog	reviewdog	about 1 year ago
CVE-2025-30349	7.2 High	Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted... Remote Low complexity No user interaction	Horde	IMP	about 1 year ago
CVE-2025-30259	3.5 Low	The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and... Remote No user interaction	Meta	WhatsApp cloud service	about 1 year ago
CVE-2017-12637	7.5 High	Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote... Remote Low complexity No user interaction	SAP	NetWeaver Application Server Java	about 1 year ago
CVE-2024-48248	8.6 High	NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead... Remote Low complexity No user interaction	NAKIVO	Backup & Replication Director	about 1 year ago
CVE-2025-1316	9.3 Critical	Edimax IC-7100 IP Camera OS Command Injection Remote Low complexity No user interaction	Edimax	IC-7100 IP Camera	about 1 year ago

Displaying vulnerabilities 951 - 975 of 2499 in total