KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,500

Total Known exploited

352

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2018-0824	8.8 High	A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM... Remote Low complexity	Microsoft	Windows	almost 2 years ago
CVE-2024-6220	9.8 Critical	简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload Remote Low complexity No user interaction	zhengdon	简数采集器	almost 2 years ago
CVE-2024-37085	6.8 Medium	VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full... Malware Remote Low complexity	VMware	VMware ESXi, VMware Cloud Foundation	almost 2 years ago
CVE-2024-4879	9.3 Critical	Jelly Template Injection Vulnerability in ServiceNow UI Macros Remote Low complexity No user interaction	ServiceNow	Now Platform	almost 2 years ago
CVE-2024-5217	9.2 Critical	Incomplete Input Validation in GlideExpression Script Remote Low complexity No user interaction	ServiceNow	Now Platform	almost 2 years ago
CVE-2023-45249	9.8 Critical	Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build... Remote Low complexity No user interaction	Acronis	Acronis Cyber Infrastructure	almost 2 years ago
CVE-2012-4792	8.8 High	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site... Remote Low complexity	Microsoft	Internet Explorer	almost 2 years ago
CVE-2024-39891	5.3 Medium	In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to... Remote Low complexity No user interaction	Twilio	Authy	almost 2 years ago
CVE-2022-22948	6.5 Medium	The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative... Remote Low complexity No user interaction	VMware	VMware vCenter Server and VMware Cloud Foundation	almost 2 years ago
CVE-2024-34102	9.8 Critical	XXE can expose crypt key and other secrets granting full admin access Remote Low complexity No user interaction	Adobe	Adobe Commerce	almost 2 years ago
CVE-2024-28995	8.6 High	SolarWinds Serv-U L Directory Transversal Vulnerability Remote Low complexity No user interaction	SolarWinds	SolarWinds Serv-U	almost 2 years ago
CVE-2022-48811	5.5 Medium	ibmvnic: don't release napi in __ibmvnic_open() Low complexity No user interaction	Linux	Linux	almost 2 years ago
CVE-2024-36401	9.8 Critical	Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver Remote Low complexity No user interaction	geoserver	geoserver	almost 2 years ago
CVE-2024-23692	9.8 Critical	Rejetto HTTP File Server 2.3m Unauthenticated RCE Remote Low complexity No user interaction	Rejetto	HTTP File Server	almost 2 years ago
CVE-2024-38112	7.5 High	Windows MSHTML Platform Spoofing Vulnerability Remote	Microsoft	Windows 10 Version 22H2, Windows 11 Version 23H2, Windows 10 Version 1507, Windows 11 version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows 10 Version 21H2, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows 10 Version 1809, Windows Server 2012 R2, Windows 11 version 22H3, Windows Server 2012 R2 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2019 (Server Core installation), Windows 11 version 21H2, Windows Server 2019	almost 2 years ago
CVE-2024-38080	7.8 High	Windows Hyper-V Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)	almost 2 years ago
CVE-2024-20399	6.0 Medium	Cisco NX-OS Software CLI Command Injection Vulnerability Low complexity No user interaction	Cisco	Cisco NX-OS Software	almost 2 years ago
CVE-2020-13965	6.1 Medium	An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is... Remote Low complexity	Roundcube	Webmail	almost 2 years ago
CVE-2022-2586	5.3 Medium	It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table... No user interaction	The Linux Kernel Organization	linux	almost 2 years ago
CVE-2022-24816	10.0 Critical	Improper Control of Generation of Code in jai-ext Remote Low complexity No user interaction	geosolutions-it	jai-ext	almost 2 years ago
CVE-2024-32896	7.8 High	there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... Low complexity	Google	Android	almost 2 years ago
CVE-2024-26169	7.8 High	Windows Error Reporting Service Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	almost 2 years ago
CVE-2024-4358	9.8 Critical	Registration Authentication Bypass Vulnerability Remote Low complexity No user interaction	Progress Software Corporation	Telerik Report Server	almost 2 years ago
CVE-2024-4577	9.8 Critical	Argument Injection in PHP-CGI Malware Remote Low complexity No user interaction	PHP Group	PHP	almost 2 years ago
CVE-2024-4610	7.8 High	Mali GPU Kernel Driver allows improper GPU memory processing operations Low complexity No user interaction	Arm Ltd	Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver	almost 2 years ago

Displaying vulnerabilities 1151 - 1175 of 2500 in total