KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,500

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2024-43451	6.5 Medium	NTLM Hash Disclosure Spoofing Vulnerability Remote Low complexity	Microsoft	Windows Server 2025, Windows Server 2025 (Server Core installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 1 year ago
CVE-2021-41277	10.0 Critical	GeoJSON URL validation can expose server files and environment variables to unauthorized users Remote Low complexity No user interaction	metabase	metabase	over 1 year ago
CVE-2024-49039	8.8 High	Windows Task Scheduler Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows Server 2025, Windows Server 2025 (Server Core installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	over 1 year ago
CVE-2014-2120	6.1 Medium	Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to... Remote Low complexity	Cisco	Adaptive Security Appliance (ASA) Software	over 1 year ago
CVE-2021-26086	5.3 Medium	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in... Remote Low complexity No user interaction	Atlassian	Jira Server, Jira Data Center	over 1 year ago
CVE-2019-16278	9.8 Critical	Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted... Remote Low complexity No user interaction	nostromo	nhttpd	over 1 year ago
CVE-2024-5910	9.3 Critical	Expedition: Missing Authentication Leads to Admin Account Takeover Remote Low complexity No user interaction	Palo Alto Networks	Expedition	over 1 year ago
CVE-2024-43093	7.3 High	In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive... Low complexity	Google	Android	over 1 year ago
CVE-2024-51567	10.0 Critical	upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and... Malware Remote Low complexity No user interaction	CyberPanel	CyberPanel	over 1 year ago
CVE-2024-8957	7.2 High	PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration Remote Low complexity No user interaction	PTZOptics	PT30X-SDI, PT30X-NDI	over 1 year ago
CVE-2024-8956	9.1 Critical	PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication Remote Low complexity No user interaction	PTZOptics	PT30X-SDI, PT30X-NDI	over 1 year ago
CVE-2024-20481	5.8 Medium	A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense... Remote Low complexity No user interaction	Cisco	Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software	over 1 year ago
CVE-2024-37383	6.1 Medium	Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Remote Low complexity	Roundcube	Roundcube Webmail	over 1 year ago
CVE-2024-47575	9.8 Critical	A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7,... Remote Low complexity No user interaction	Fortinet	FortiManager	over 1 year ago
CVE-2024-38094	7.2 High	Microsoft SharePoint Remote Code Execution Vulnerability Malware Remote Low complexity No user interaction	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	over 1 year ago
CVE-2024-9537	9.3 Critical	ScienceLogic SL1 unspecified vulnerability Remote Low complexity No user interaction	ScienceLogic	SL1	over 1 year ago
CVE-2024-40711	9.8 Critical	A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Malware Remote Low complexity No user interaction	Veeam	Backup and Recovery	over 1 year ago
CVE-2021-4444	7.3 High	Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization Remote Low complexity No user interaction	woobewoo	Product Filter by WBW	over 1 year ago
CVE-2024-30088	7.0 High	Windows Kernel Elevation of Privilege Vulnerability Malware No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	over 1 year ago
CVE-2024-9680	9.8 Critical	An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of... Malware Remote Low complexity No user interaction	Mozilla	Firefox, Firefox ESR, Thunderbird	over 1 year ago
CVE-2024-28987	9.1 Critical	SolarWinds Web Help Desk Hardcoded Credential Vulnerability Remote Low complexity No user interaction	SolarWinds	Web Help Desk	over 1 year ago
CVE-2024-23113	9.8 Critical	A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13,... Remote Low complexity No user interaction	Fortinet	FortiSwitchManager, FortiOS, FortiPAM, FortiProxy	over 1 year ago
CVE-2024-9379	6.5 Medium	SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run... Remote Low complexity No user interaction	Ivanti	CSA (Cloud Services Appliance)	over 1 year ago
CVE-2024-9380	7.2 High	An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin... Remote Low complexity No user interaction	Ivanti	CSA (Cloud Services Appliance)	over 1 year ago
CVE-2024-43572	7.8 High	Microsoft Management Console Remote Code Execution Vulnerability Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 1 year ago

Displaying vulnerabilities 1076 - 1100 of 2500 in total