KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,500

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2024-43573	6.5 Medium	Windows MSHTML Platform Spoofing Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 22H2, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 21H2, Windows 11 Version 23H2, Windows Server 2019, Windows 10 Version 1809, Windows Server 2019 (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows Server 2016, Windows 10 Version 1607, Windows Server 2012 R2 (Server Core installation), Windows Server 2016 (Server Core installation), Windows Server 2012 R2	over 1 year ago
CVE-2024-43047	7.8 High	Use After Free in DSP Service Low complexity No user interaction	Qualcomm, Inc.	Snapdragon	over 1 year ago
CVE-2024-45519	10.0 Critical	The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1... Remote Low complexity No user interaction	Zimbra	Zimbra Collaboration	over 1 year ago
CVE-2024-29824	9.6 Critical	An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same... Low complexity No user interaction	Ivanti	EPM	over 1 year ago
CVE-2020-15415	9.8 Critical	On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via... Remote Low complexity No user interaction	DrayTek	Vigor3900, Vigor2960, Vigor300B	over 1 year ago
CVE-2019-0344	9.8 Critical	Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to... Remote Low complexity No user interaction	SAP SE	SAP Commerce Cloud (virtualjdbc extension)	over 1 year ago
CVE-2023-25280	9.8 Critical	OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the... Remote Low complexity No user interaction	D-Link	DIR820LA1_FW105B03	over 1 year ago
CVE-2024-7593	9.8 Critical	Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker... Remote Low complexity No user interaction	Ivanti	vTM	over 1 year ago
CVE-2024-8963	9.4 Critical	Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Remote Low complexity No user interaction	Ivanti	CSA (Cloud Services Appliance)	over 1 year ago
CVE-2020-14644	9.8 Critical	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are... Remote Low complexity No user interaction	Oracle Corporation	WebLogic Server	over 1 year ago
CVE-2024-27348	9.8 Critical	Apache HugeGraph-Server: Command execution in gremlin Remote Low complexity No user interaction	Apache Software Foundation	Apache HugeGraph-Server	over 1 year ago
CVE-2020-0618	8.8 High	A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft... Remote Low complexity No user interaction	Microsoft	Microsoft SQL Server, Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)	over 1 year ago
CVE-2022-21445	9.8 Critical	Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions... Remote Low complexity No user interaction	Oracle Corporation	Application Development Framework (ADF)	over 1 year ago
CVE-2014-0502	8.8 High	Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before... Remote Low complexity	Adobe	Flash Player	over 1 year ago
CVE-2013-0648	8.8 High	Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171... Remote Low complexity	Adobe	Flash Player	over 1 year ago
CVE-2014-0497	9.8 Critical	Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before... Remote Low complexity No user interaction	Adobe	Flash Player	over 1 year ago
CVE-2013-0643	8.8 High	The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x... Remote Low complexity	Adobe	Flash Player	over 1 year ago
CVE-2024-43461	8.8 High	Windows MSHTML Platform Spoofing Vulnerability Remote Low complexity	Microsoft	Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 1 year ago
CVE-2024-6670	9.8 Critical	WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability Malware Remote Low complexity No user interaction	Progress Software Corporation	WhatsUp Gold	over 1 year ago
CVE-2024-8190	7.2 High	An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker... Remote Low complexity No user interaction	Ivanti	CSA (Cloud Services Appliance)	over 1 year ago
CVE-2024-38217	5.4 Medium	Windows Mark of the Web Security Feature Bypass Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 1 year ago
CVE-2024-38226	7.3 High	Microsoft Publisher Security Feature Bypass Vulnerability Low complexity	Microsoft	Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Publisher 2016	over 1 year ago
CVE-2024-38014	7.8 High	Windows Installer Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	over 1 year ago
CVE-2017-1000253	7.8 High	Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86... Malware Low complexity No user interaction	Linux	Kernel	over 1 year ago
CVE-2024-40766	9.8 Critical	An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized... Malware Remote Low complexity No user interaction	SonicWall	SonicOS	over 1 year ago

Displaying vulnerabilities 1101 - 1125 of 2500 in total