KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,499

Total Known exploited

351

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-49703	5.5 Medium	scsi: ibmvfc: Store vhost pointer during subcrq allocation Low complexity No user interaction	Linux	Linux	over 1 year ago
CVE-2022-49353	5.5 Medium	powerpc/papr_scm: don't requests stats with '0' sized stats buffer Low complexity No user interaction	Linux	Linux	over 1 year ago
CVE-2022-49201	4.7 Medium	ibmvnic: fix race between xmit and reset No user interaction	Linux	Linux	over 1 year ago
CVE-2022-49198	5.5 Medium	mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb Low complexity No user interaction	Linux	Linux	over 1 year ago
CVE-2024-49035	8.7 High	Partner.Microsoft.Com Elevation of Privilege Vulnerability Remote Low complexity	Microsoft	Microsoft Partner Center	over 1 year ago
CVE-2023-34192	9.0 Critical	Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to... Remote Low complexity	Zimbra	Zimbra Collaboration Suite	over 1 year ago
CVE-2024-20953	8.8 High	Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily... Remote Low complexity No user interaction	Oracle Corporation	Agile PLM Framework	over 1 year ago
CVE-2017-3066	9.8 Critical	Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization... Remote Low complexity No user interaction	Adobe	Adobe ColdFusion ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier	over 1 year ago
CVE-2025-24989	8.2 High	Microsoft Power Pages Elevation of Privilege Vulnerability Remote Low complexity No user interaction	Microsoft	Microsoft Power Pages	over 1 year ago
CVE-2025-0111	7.1 High	PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface Remote Low complexity No user interaction	Palo Alto Networks	Cloud NGFW, PAN-OS, Prisma Access	over 1 year ago
CVE-2025-23209	8.1 High	Potential RCE with a compromised security key in craft/cms Remote	craftcms	cms	over 1 year ago
CVE-2024-53704	9.8 Critical	An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. Malware Remote Low complexity No user interaction	SonicWall	SonicOS	over 1 year ago
CVE-2025-0108	8.8 High	PAN-OS: Authentication Bypass in the Management Web Interface Remote Low complexity No user interaction	Palo Alto Networks	Cloud NGFW, PAN-OS, Prisma Access	over 1 year ago
CVE-2024-57727	7.5 High	SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote... Malware Remote Low complexity No user interaction	SimpleHelp	SimpleHelp	over 1 year ago
CVE-2024-41710	7.2 High	A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1... Remote Low complexity No user interaction	Mitel	6800 Series, 6900 Series, 6900w Series SIP Phones, including the 6970 Conference Unit	over 1 year ago
CVE-2025-24200	6.1 Medium	An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS... Low complexity No user interaction	Apple	iOS and iPadOS, iPadOS	over 1 year ago
CVE-2024-40890	8.8 High	UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A... Remote Low complexity No user interaction	Zyxel	VMG4325-B10A firmware	over 1 year ago
CVE-2024-40891	8.8 High	UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel... Remote Low complexity No user interaction	Zyxel	VMG4325-B10A firmware	over 1 year ago
CVE-2025-21418	7.8 High	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	over 1 year ago
CVE-2025-21391	7.1 High	Windows Storage Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	over 1 year ago
CVE-2025-0994	8.6 High	Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization... Remote Low complexity No user interaction	Trimble	Cityworks, Cityworks (with office companion)	over 1 year ago
CVE-2024-21413	9.8 Critical	Microsoft Outlook Remote Code Execution Vulnerability Remote Low complexity No user interaction	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016	over 1 year ago
CVE-2020-29574	9.8 Critical	An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL... Remote Low complexity No user interaction	Sophos	Cyberoam OS	over 1 year ago
CVE-2020-15069	9.8 Critical	Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless... Remote Low complexity No user interaction	Sophos	XG Firewall	over 1 year ago
CVE-2022-23748	7.8 High	mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what... Low complexity	Apple	Audinate Dante Application Library for Windows	over 1 year ago

Displaying vulnerabilities 1001 - 1025 of 2499 in total