Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 352,641 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private honeypots, enriched with prioritization metadata.

View stats Report a KEV

2,555

Total Known exploited

103

Added this week

938

More than CISA KEV

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2024-57728	7.2 High	SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a... 1 day faster than CISA KEV Malware Remote Low complexity No user interaction	SimpleHelp	SimpleHelp remote support software	10 days ago
CVE-2024-57726	9.9 Critical	SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive... 1 day faster than CISA KEV Malware Remote Low complexity No user interaction	SimpleHelp	SimpleHelp remote support software	10 days ago
CVE-2026-39987	9.3 Critical	marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass 1 day faster than CISA KEV Remote Low complexity No user interaction	marimo-team	marimo	10 days ago
CVE-2026-33825	7.8 High	Microsoft Defender Elevation of Privilege Vulnerability 1 day faster than CISA KEV Low complexity No user interaction	Microsoft	Microsoft Defender Antimalware Platform	10 days ago
CVE-2026-20133	6.5 Medium	A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected... 1 day faster than CISA KEV Remote Low complexity No user interaction	Cisco	Cisco Catalyst SD-WAN Manager	10 days ago
CVE-2026-20128	7.5 High	Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability 1 day faster than CISA KEV No user interaction	Cisco	Cisco Catalyst SD-WAN Manager	10 days ago
CVE-2026-20122	5.4 Medium	Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability 1 day faster than CISA KEV Remote Low complexity No user interaction	Cisco	Cisco Catalyst SD-WAN Manager	10 days ago
CVE-2025-48700	6.1 Medium	An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra... 1 day faster than CISA KEV Remote Low complexity	Zimbra	Zimbra Collaboration (ZCS)	10 days ago
CVE-2025-32975	10.0 Critical	Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch... 1 day faster than CISA KEV Remote Low complexity No user interaction	Quest	KACE Systems Management Appliance	10 days ago
CVE-2025-2749	7.2 High	Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE 1 day faster than CISA KEV Remote Low complexity No user interaction	Kentico	Xperience	10 days ago
CVE-2023-27351	7.5 High	This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication... 1 day faster than CISA KEV Malware Remote Low complexity No user interaction	PaperCut	NG	10 days ago
CVE-2026-32201	6.5 Medium	Microsoft SharePoint Server Spoofing Vulnerability 1 day faster than CISA KEV Remote Low complexity No user interaction	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	10 days ago
CVE-2026-34621	8.6 High	Acrobat Reader \| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) 1 day faster than CISA KEV Low complexity	Adobe	Acrobat Reader	10 days ago
CVE-2025-60710	7.8 High	Host Process for Windows Tasks Elevation of Privilege Vulnerability 1 day faster than CISA KEV Low complexity No user interaction	Microsoft	Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2025, Windows Server 2025 (Server Core installation)	10 days ago
CVE-2023-36424	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability 1 day faster than CISA KEV Low complexity No user interaction	Microsoft	Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	10 days ago
CVE-2023-21529	8.8 High	Microsoft Exchange Server Remote Code Execution Vulnerability 1 day faster than CISA KEV Malware Remote Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 23	10 days ago
CVE-2020-9715	7.8 High	Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an... 1 day faster than CISA KEV Low complexity	Adobe	Adobe Acrobat and Reader	10 days ago
CVE-2026-1340	9.8 Critical	A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. 1 day faster than CISA KEV Remote Low complexity No user interaction	Ivanti	Endpoint Manager Mobile	10 days ago
CVE-2026-3502	7.8 High	TrueConf Client Update Integrity Verification Bypass 1 day faster than CISA KEV Low complexity	TrueConf	TrueConf Client	10 days ago
CVE-2026-5281	8.8 High	Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute... 1 day faster than CISA KEV Remote Low complexity	Google	Chrome	10 days ago
CVE-2025-53521	9.3 Critical	BigIP APM Vulnerability 1 day faster than CISA KEV Remote Low complexity No user interaction	F5	BIG-IP	10 days ago
CVE-2026-33634	9.4 Critical	Trivy ecosystem supply chain briefly compromised 1 day faster than CISA KEV Remote Low complexity No user interaction	aquasecurity, BerriAI, team-telnyx	setup-trivy, trivy-action, trivy, LiteLLM, telnyx	10 days ago
CVE-2026-33017	9.3 Critical	Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint 1 day faster than CISA KEV Remote Low complexity No user interaction	langflow-ai	langflow	10 days ago
CVE-2025-54068	9.2 Critical	Livewire vulnerable to remote command execution during property update hydration 1 day faster than CISA KEV Remote No user interaction	livewire	livewire	10 days ago
CVE-2025-43520	5.5 Medium	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS... 1 day faster than CISA KEV Low complexity No user interaction	Apple	iOS and iPadOS, macOS, tvOS, visionOS, watchOS	10 days ago

Displaying vulnerabilities 76 - 100 of 2555 in total

KEVIntel

Known Exploited Vulnerability Intelligence Beyond CISA KEV

Prioritize the vulnerabilities attackers are actually exploiting—before they impact your organization.

KEVIntel is known exploited vulnerability intelligence that aggregates, attests, enriches, and distributes exploited-CVE data. It is not a CISA KEV mirror alone. The service includes the official catalog as a baseline and extends coverage with additional exploited-CVE attestations, evidence links, enrichment, and automation-ready delivery through the live feed above, RSS, JSON, and the Pro API.

Aggregated & attested

Exploitation signals from 60+ public sources, vendor advisories, and private honeypots—validated against credible evidence.

Enriched for prioritization

Every CVE joined with EPSS, CVSS, CWE, proof-of-concept references, and Nuclei/Metasploit context.

Automation-ready delivery

Live feed, RSS, JSON, and Pro API for VM, CTI, SOC, and MSSP workflows.

The AI vulnerability tsunami is accelerating disclosure

Hundreds of thousands of CVEs exist in the National Vulnerability Database and vendor advisories, and AI-assisted discovery is accelerating that volume further. CVSS scores describe theoretical severity, but severity is not the same as exploitation. Many high-severity vulnerabilities are never exploited in the wild, while some actively exploited flaws may be under-prioritized if teams rely on CVSS-only prioritization.

Only a small fraction of published CVEs ever show real-world exploitation signals. Security teams cannot remediate everything at once. Exploitation-led prioritization focuses limited patching, detection, and analyst time on CVEs with evidence-backed exploitation—not on vulnerability noise.

Disclosed vulnerabilities Actively exploited

352,641+ and growing

Only 0.7% of disclosed CVEs show real-world exploitation signals — and that sliver is the operationally urgent work.

Focus on the signal, not the noise. KEVIntel helps you identify the vulnerabilities attackers are actually using—so vulnerability management, CTI, SOC, MSSP, and exposure-management teams can prioritize remediation on real exploitation, not scanner volume alone.

CISA KEV is essential. It is not the whole picture.

KEVIntel extends your visibility beyond CISA KEV. CISA KEV is authoritative and valuable; KEVIntel complements it with additional exploited-CVE coverage, RSS delivery, global honeypot telemetry, enrichment, and automation-ready Pro API access. See the full KEVIntel vs CISA KEV comparison.

CISA KEV

No RSS feed
Tracks vulnerabilities in CISA KEV
Curated by CISA

KEVIntel

RSS feed for real-time updates
CISA KEV plus 938+ more exploited in the wild
Independent intelligence from global honeypots, EPSS, CVSS, CWE, PoCs, and Nuclei/Metasploit context

Use CISA KEV. Go further with KEVIntel. Complete visibility, faster prioritization, stronger defenses—with exploitation timelines, source evidence, and platform statistics to back every decision.

From global telemetry to actionable intelligence

KEVIntel follows a simple pipeline: Collect, Attest, Enrich, Deliver. Each exploited CVE links to source material so analysts can verify why it was included and move from signal to action faster.

Collect

Global honeypot networks, CISA KEV, vendor advisories, cyber RSS feeds, and public reporting observe real-world exploitation attempts around the clock.
Attest

Validate exploitation with credible evidence—CISA KEV listings, advisories documenting active exploitation, honeypot observations, and defensible references—to separate signal from noise.
Enrich

Correlate each CVE with EPSS, CVSS, CWE, proof-of-concept references, Nuclei and Metasploit scanner context, online mentions, vendor metadata, and exploitation timelines.
Deliver

Actionable intelligence via this live feed, RSS, JSON, and the Pro API—ready for vulnerability management, CTI, SOC, SIEM/SOAR, MSSP, and exposure-management workflows.

Prioritize what matters

Reduce false positives

Strengthen defenses

Stay ahead of attackers