KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,499

Total Known exploited

351

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2025-24472	8.1 High	An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy... Malware Remote No user interaction	Fortinet	FortiProxy, FortiOS	about 1 year ago
CVE-2025-30066	8.6 High	tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected... Remote Low complexity No user interaction	tj-actions	changed-files	about 1 year ago
CVE-2025-21590	6.7 Medium	Junos OS: An local attacker with shell access can execute arbitrary code Low complexity No user interaction	Juniper Networks	Junos OS	about 1 year ago
CVE-2025-24201	8.8 High	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4... Remote Low complexity	Apple	Safari, iOS and iPadOS, iPadOS, macOS, visionOS, watchOS	about 1 year ago
CVE-2025-24983	7.0 High	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation)	about 1 year ago
CVE-2025-24991	5.5 Medium	Windows NTFS Information Disclosure Vulnerability Low complexity	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-26633	7.0 High	Microsoft Management Console Security Feature Bypass Vulnerability Malware	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-24993	7.8 High	Windows NTFS Remote Code Execution Vulnerability Low complexity	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-24984	4.6 Medium	Windows NTFS Information Disclosure Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2025-24985	7.8 High	Windows Fast FAT File System Driver Remote Code Execution Vulnerability Low complexity	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	about 1 year ago
CVE-2024-13160	9.8 Critical	Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote... Remote Low complexity No user interaction	Ivanti	Endpoint Manager	about 1 year ago
CVE-2024-13161	9.8 Critical	Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote... Remote Low complexity No user interaction	Ivanti	Endpoint Manager	about 1 year ago
CVE-2024-13159	9.8 Critical	Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote... Remote Low complexity No user interaction	Ivanti	Endpoint Manager	about 1 year ago
CVE-2025-25181	5.8 Medium	A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL... Remote Low complexity No user interaction	Advantive	VeraCore	about 1 year ago
CVE-2024-57968	9.9 Critical	Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during... Remote Low complexity No user interaction	Advantive	VeraCore	about 1 year ago
CVE-2025-22226	7.1 High	VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious... Low complexity No user interaction	VMware	ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure	about 1 year ago
CVE-2024-50302	5.5 Medium	HID: core: zero-initialize the report buffer Low complexity No user interaction	Linux	Linux	about 1 year ago
CVE-2025-22224	9.3 Critical	VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious... Low complexity No user interaction	VMware	ESXi, Workstation, VMware Cloud Foundation, Telco Cloud Platform, Telco Cloud Infrastructure	about 1 year ago
CVE-2025-22225	8.2 High	VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary... Malware Low complexity No user interaction	VMware	VMware ESXi, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure	about 1 year ago
CVE-2018-8639	7.8 High	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k... Malware Low complexity No user interaction	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	over 1 year ago
CVE-2024-4885	9.8 Critical	WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability Remote Low complexity No user interaction	Progress Software Corporation	WhatsUp Gold	over 1 year ago
CVE-2022-43769	8.8 High	Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) Remote Low complexity No user interaction	Hitachi Vantara	Pentaho Business Analytics Server	over 1 year ago
CVE-2023-20118	6.5 Medium	A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could... Remote Low complexity No user interaction	Cisco	Cisco Small Business RV Series Router Firmware	over 1 year ago
CVE-2022-43939	8.6 High	Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions Remote Low complexity No user interaction	Hitachi Vantara	Pentaho Business Analytics Server	over 1 year ago
CVE-2025-21713	5.5 Medium	powerpc/pseries/iommu: Don't unset window if it was never set Low complexity No user interaction	Linux	Linux	over 1 year ago

Displaying vulnerabilities 976 - 1000 of 2499 in total