KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 352,641 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private honeypots, enriched with prioritization metadata.

View stats Report a KEV

2,555

Total Known exploited

103

Added this week

938

More than CISA KEV

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2022-22718	7.8 High	Windows Print Spooler Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2018-6882	6.1 Medium	Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1... Malware Remote Low complexity	Zimbra	Collaboration Suite	about 4 years ago
CVE-2019-16057	9.8 Critical	The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Malware Remote Low complexity No user interaction	D-Link	DNS-320	about 4 years ago
CVE-2022-22960	7.8 High	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in... Low complexity No user interaction	VMware	VMware Workspace ONE Access, Identity Manager and vRealize Automation	about 4 years ago
CVE-2022-1364	8.8 High	Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a... Remote Low complexity	Google	Chrome	about 4 years ago
CVE-2019-3929	9.8 Critical	The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W... Remote Low complexity No user interaction	Crestron	Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.	about 4 years ago
CVE-2018-7841	9.8 Critical	A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper... Remote Low complexity No user interaction	U.motion	U.motion Builder software version 1.3.4	about 4 years ago
CVE-2016-4523	7.5 High	The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service... Remote Low complexity No user interaction	Trihedral	VTScada	about 4 years ago
CVE-2014-0780	9.8 Critical	InduSoft Web Studio Path Traversal Remote Low complexity No user interaction	InduSoft	Web Studio	about 4 years ago
CVE-2010-5330	9.8 Critical	On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not... Remote Low complexity No user interaction	Ubiquiti	AirOS	about 4 years ago
CVE-2007-3010	9.8 Critical	masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute... Remote Low complexity No user interaction	Alcatel	OmniPCX Enterprise Communication Server	about 4 years ago
CVE-2022-22954	9.8 Critical	VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious... Malware Remote Low complexity No user interaction	VMware	VMware Workspace ONE Access and Identity Manager	about 4 years ago
CVE-2015-2502	8.8 High	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a... Remote Low complexity	Microsoft	Internet Explorer	about 4 years ago
CVE-2015-0313	9.8 Critical	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before... Remote Low complexity No user interaction	Adobe	Flash Player	about 4 years ago
CVE-2015-0311	9.8 Critical	Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through... Remote Low complexity No user interaction	Adobe	Flash Player	about 4 years ago
CVE-2014-9163	7.8 High	Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425... Low complexity	Adobe	Flash Player	about 4 years ago
CVE-2022-24521	7.8 High	Windows Common Log File System Driver Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2018-7602	9.8 Critical	Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 Malware Remote Low complexity No user interaction	Drupal	core	about 4 years ago
CVE-2018-20753	9.8 Critical	Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell... Malware Remote Low complexity No user interaction	Kaseya	VSA RMM	about 4 years ago
CVE-2015-5123	9.8 Critical	Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on... Remote Low complexity No user interaction	Adobe	Flash Player	about 4 years ago
CVE-2015-3113	9.8 Critical	Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before... Remote Low complexity No user interaction	Adobe	Flash Player	about 4 years ago
CVE-2015-5122	9.8 Critical	Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on... Remote Low complexity No user interaction	Adobe	Flash Player	about 4 years ago
CVE-2021-42278	7.5 High	Active Directory Domain Services Elevation of Privilege Vulnerability Malware Remote No user interaction	Microsoft	Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2021-27852	9.8 Critical	Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute... Remote Low complexity No user interaction	Checkbox	Survey	about 4 years ago
CVE-2021-22600	6.6 Medium	Double Free in net/packet/af_packet.c leading to priviledge escalation	Linux Kernel	Kernel	about 4 years ago

Displaying vulnerabilities 1751 - 1775 of 2555 in total

KEVIntel

Known Exploited Vulnerability Intelligence Beyond CISA KEV

Prioritize the vulnerabilities attackers are actually exploiting—before they impact your organization.

KEVIntel is known exploited vulnerability intelligence that aggregates, attests, enriches, and distributes exploited-CVE data. It is not a CISA KEV mirror alone. The service includes the official catalog as a baseline and extends coverage with additional exploited-CVE attestations, evidence links, enrichment, and automation-ready delivery through the live feed above, RSS, JSON, and the Pro API.

Aggregated & attested

Exploitation signals from 60+ public sources, vendor advisories, and private honeypots—validated against credible evidence.

Enriched for prioritization

Every CVE joined with EPSS, CVSS, CWE, proof-of-concept references, and Nuclei/Metasploit context.

Automation-ready delivery

Live feed, RSS, JSON, and Pro API for VM, CTI, SOC, and MSSP workflows.

The AI vulnerability tsunami is accelerating disclosure

Hundreds of thousands of CVEs exist in the National Vulnerability Database and vendor advisories, and AI-assisted discovery is accelerating that volume further. CVSS scores describe theoretical severity, but severity is not the same as exploitation. Many high-severity vulnerabilities are never exploited in the wild, while some actively exploited flaws may be under-prioritized if teams rely on CVSS-only prioritization.

Only a small fraction of published CVEs ever show real-world exploitation signals. Security teams cannot remediate everything at once. Exploitation-led prioritization focuses limited patching, detection, and analyst time on CVEs with evidence-backed exploitation—not on vulnerability noise.

Disclosed vulnerabilities Actively exploited

352,641+ and growing

Only 0.7% of disclosed CVEs show real-world exploitation signals — and that sliver is the operationally urgent work.

Focus on the signal, not the noise. KEVIntel helps you identify the vulnerabilities attackers are actually using—so vulnerability management, CTI, SOC, MSSP, and exposure-management teams can prioritize remediation on real exploitation, not scanner volume alone.

CISA KEV is essential. It is not the whole picture.

KEVIntel extends your visibility beyond CISA KEV. CISA KEV is authoritative and valuable; KEVIntel complements it with additional exploited-CVE coverage, RSS delivery, global honeypot telemetry, enrichment, and automation-ready Pro API access. See the full KEVIntel vs CISA KEV comparison.

CISA KEV

No RSS feed
Tracks vulnerabilities in CISA KEV
Curated by CISA

KEVIntel

RSS feed for real-time updates
CISA KEV plus 938+ more exploited in the wild
Independent intelligence from global honeypots, EPSS, CVSS, CWE, PoCs, and Nuclei/Metasploit context

Use CISA KEV. Go further with KEVIntel. Complete visibility, faster prioritization, stronger defenses—with exploitation timelines, source evidence, and platform statistics to back every decision.

From global telemetry to actionable intelligence

KEVIntel follows a simple pipeline: Collect, Attest, Enrich, Deliver. Each exploited CVE links to source material so analysts can verify why it was included and move from signal to action faster.

Collect

Global honeypot networks, CISA KEV, vendor advisories, cyber RSS feeds, and public reporting observe real-world exploitation attempts around the clock.
Attest

Validate exploitation with credible evidence—CISA KEV listings, advisories documenting active exploitation, honeypot observations, and defensible references—to separate signal from noise.
Enrich

Correlate each CVE with EPSS, CVSS, CWE, proof-of-concept references, Nuclei and Metasploit scanner context, online mentions, vendor metadata, and exploitation timelines.
Deliver

Actionable intelligence via this live feed, RSS, JSON, and the Pro API—ready for vulnerability management, CTI, SOC, SIEM/SOAR, MSSP, and exposure-management workflows.

Prioritize what matters

Reduce false positives

Strengthen defenses

Stay ahead of attackers