KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,500

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2016-3714	8.4 High	The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before... Low complexity No user interaction	ImageMagick	ImageMagick	over 1 year ago
CVE-2024-45506	7.5 High	HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding... Remote Low complexity No user interaction	HAProxy	HAProxy	over 1 year ago
CVE-2024-45389	6.4 Medium	Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS) Remote No user interaction	CloudCannon	pagefind	over 1 year ago
CVE-2024-7262	9.3 Critical	Arbitrary Code Execution in WPS Office Low complexity	Kingsoft	WPS Office	over 1 year ago
CVE-2021-20123	7.5 High	A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet... Remote Low complexity No user interaction	Draytek	Draytek VigorConnect	over 1 year ago
CVE-2021-20124	7.5 High	A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An... Remote Low complexity No user interaction	Draytek	Draytek VigorConnect	over 1 year ago
CVE-2024-7965	8.8 High	Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a... Remote Low complexity	Google	Chrome	almost 2 years ago
CVE-2024-38856	8.1 High	Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code Remote Low complexity No user interaction	Apache Software Foundation	Apache OFBiz	almost 2 years ago
CVE-2024-7971	9.6 Critical	Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page.... Remote Low complexity	Google	Chrome	almost 2 years ago
CVE-2024-39717	6.6 Medium	The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged... Remote No user interaction	Versa	Director	almost 2 years ago
CVE-2024-28000	9.8 Critical	WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability Remote Low complexity No user interaction	LiteSpeed Technologies	LiteSpeed Cache	almost 2 years ago
CVE-2021-33044	9.8 Critical	The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity... Remote Low complexity No user interaction	Dahua	Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices	almost 2 years ago
CVE-2021-33045	9.8 Critical	The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity... Remote Low complexity No user interaction	Dahua	Some Dahua IP Camera, Video Intercom, NVR, XVR devices	almost 2 years ago
CVE-2022-0185	8.4 High	A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel... Low complexity No user interaction	Linux	kernel	almost 2 years ago
CVE-2021-31196	7.2 High	Microsoft Exchange Server Remote Code Execution Vulnerability Remote Low complexity No user interaction	Microsoft	Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10	almost 2 years ago
CVE-2024-23897	9.8 Critical	Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by... Malware Remote Low complexity No user interaction	Jenkins Project	Jenkins	almost 2 years ago
CVE-2024-28986	9.8 Critical	SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability Remote Low complexity No user interaction	SolarWinds	Web Help Desk	almost 2 years ago
CVE-2024-38107	7.8 High	Windows Power Dependency Coordinator Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 Version 24H2	almost 2 years ago
CVE-2024-38178	7.5 High	Scripting Engine Memory Corruption Vulnerability Remote	Microsoft	Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 2 years ago
CVE-2024-38213	6.5 Medium	Windows Mark of the Web Security Feature Bypass Vulnerability Remote Low complexity	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 2 years ago
CVE-2024-38189	8.8 High	Microsoft Project Remote Code Execution Vulnerability Remote Low complexity	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Project 2016, Microsoft Office LTSC 2021	almost 2 years ago
CVE-2024-38193	7.8 High	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 2 years ago
CVE-2024-38106	7.0 High	Windows Kernel Elevation of Privilege Vulnerability No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 Version 24H2	almost 2 years ago
CVE-2024-36971	7.8 High	net: fix __dst_negative_advice() race Low complexity No user interaction	Linux	Linux	almost 2 years ago
CVE-2024-32113	9.1 Critical	Apache OFBiz: Path traversal leading to RCE Remote Low complexity No user interaction	Apache Software Foundation	Apache OFBiz	almost 2 years ago

Displaying vulnerabilities 1126 - 1150 of 2500 in total