KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 352,641 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private honeypots, enriched with prioritization metadata.

View stats Report a KEV

2,555

Total Known exploited

103

Added this week

938

More than CISA KEV

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2017-11317	9.8 Critical	Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows... Remote Low complexity No user interaction	Progress	Telerik UI for ASP.NET AJAX	about 4 years ago
CVE-2020-2509	9.8 Critical	Command Injection Vulnerability in QTS and QuTS hero Remote Low complexity No user interaction	QNAP Systems Inc.	QTS, QuTS hero	about 4 years ago
CVE-2021-42287	7.5 High	Active Directory Domain Services Elevation of Privilege Vulnerability Malware Remote No user interaction	Microsoft	Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2021-39793	7.8 High	In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to... Low complexity No user interaction	Google	Android	about 4 years ago
CVE-2022-23176	8.8 High	WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management... Remote Low complexity No user interaction	WatchGuard	Firebox and XTM appliances	about 4 years ago
CVE-2021-3156	7.8 High	Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via... Low complexity No user interaction	Sudo Project	Sudo	about 4 years ago
CVE-2017-0148	8.1 High	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;... Malware Remote No user interaction	Microsoft Corporation	Windows SMB	about 4 years ago
CVE-2021-31166	9.8 Critical	HTTP Protocol Stack Remote Code Execution Vulnerability Remote Low complexity No user interaction	Microsoft	Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2	about 4 years ago
CVE-2021-45382	9.8 Critical	A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L... Remote Low complexity No user interaction	D-link	DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L routers	about 4 years ago
CVE-2022-22965	9.8 Critical	A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific... Remote Low complexity No user interaction	VMware	Spring Framework	about 4 years ago
CVE-2022-22675	7.8 High	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6,... Low complexity	Apple	iOS and iPadOS, macOS, watchOS	about 4 years ago
CVE-2022-22674	5.5 Medium	An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is... Low complexity No user interaction	Apple	macOS	about 4 years ago
CVE-2021-21551	8.8 High	Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or... Low complexity No user interaction	Dell	dbutil	about 4 years ago
CVE-2018-10561	9.8 Critical	An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device... Remote Low complexity No user interaction	Dasan	GPON home routers	about 4 years ago
CVE-2018-10562	9.8 Critical	An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a... Malware Remote Low complexity No user interaction	Dasan	GPON home routers	about 4 years ago
CVE-2022-26871	9.8 Critical	An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which... Remote Low complexity No user interaction	Trend Micro	Trend Micro Apex Central	about 4 years ago
CVE-2022-1040	9.8 Critical	An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5... Remote Low complexity No user interaction	Sophos	Sophos Firewall	about 4 years ago
CVE-2021-34484	7.8 High	Windows User Profile Service Elevation of Privilege Vulnerability Low complexity No user interaction	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	about 4 years ago
CVE-2021-28799	10.0 Critical	Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync) Malware Remote Low complexity No user interaction	QNAP Systems Inc.	HBS 3, HBS 2, HBS 1.3	about 4 years ago
CVE-2022-28221	6.1 Medium	CleanTalk AntiSpam <= 5.173 Reflected XSS Remote Low complexity	CleanTalk	CleanTalk AntiSpam	about 4 years ago
CVE-2019-7483	7.5 High	In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of... Remote Low complexity No user interaction	SonicWall	SMA100	about 4 years ago
CVE-2018-8440	7.8 High	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC... Malware Low complexity No user interaction	Microsoft	Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers	about 4 years ago
CVE-2018-8406	7.8 High	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX... Malware Low complexity No user interaction	Microsoft	Windows Server 2016, Windows 10, Windows 10 Servers	about 4 years ago
CVE-2018-8405	7.8 High	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX... Malware Low complexity No user interaction	Microsoft	Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers	about 4 years ago
CVE-2017-0213	7.3 High	Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2,... Malware Low complexity	Microsoft Corporation	Windows COM	about 4 years ago

Displaying vulnerabilities 1776 - 1800 of 2555 in total

KEVIntel

Known Exploited Vulnerability Intelligence Beyond CISA KEV

Prioritize the vulnerabilities attackers are actually exploiting—before they impact your organization.

KEVIntel is known exploited vulnerability intelligence that aggregates, attests, enriches, and distributes exploited-CVE data. It is not a CISA KEV mirror alone. The service includes the official catalog as a baseline and extends coverage with additional exploited-CVE attestations, evidence links, enrichment, and automation-ready delivery through the live feed above, RSS, JSON, and the Pro API.

Aggregated & attested

Exploitation signals from 60+ public sources, vendor advisories, and private honeypots—validated against credible evidence.

Enriched for prioritization

Every CVE joined with EPSS, CVSS, CWE, proof-of-concept references, and Nuclei/Metasploit context.

Automation-ready delivery

Live feed, RSS, JSON, and Pro API for VM, CTI, SOC, and MSSP workflows.

The AI vulnerability tsunami is accelerating disclosure

Hundreds of thousands of CVEs exist in the National Vulnerability Database and vendor advisories, and AI-assisted discovery is accelerating that volume further. CVSS scores describe theoretical severity, but severity is not the same as exploitation. Many high-severity vulnerabilities are never exploited in the wild, while some actively exploited flaws may be under-prioritized if teams rely on CVSS-only prioritization.

Only a small fraction of published CVEs ever show real-world exploitation signals. Security teams cannot remediate everything at once. Exploitation-led prioritization focuses limited patching, detection, and analyst time on CVEs with evidence-backed exploitation—not on vulnerability noise.

Disclosed vulnerabilities Actively exploited

352,641+ and growing

Only 0.7% of disclosed CVEs show real-world exploitation signals — and that sliver is the operationally urgent work.

Focus on the signal, not the noise. KEVIntel helps you identify the vulnerabilities attackers are actually using—so vulnerability management, CTI, SOC, MSSP, and exposure-management teams can prioritize remediation on real exploitation, not scanner volume alone.

CISA KEV is essential. It is not the whole picture.

KEVIntel extends your visibility beyond CISA KEV. CISA KEV is authoritative and valuable; KEVIntel complements it with additional exploited-CVE coverage, RSS delivery, global honeypot telemetry, enrichment, and automation-ready Pro API access. See the full KEVIntel vs CISA KEV comparison.

CISA KEV

No RSS feed
Tracks vulnerabilities in CISA KEV
Curated by CISA

KEVIntel

RSS feed for real-time updates
CISA KEV plus 938+ more exploited in the wild
Independent intelligence from global honeypots, EPSS, CVSS, CWE, PoCs, and Nuclei/Metasploit context

Use CISA KEV. Go further with KEVIntel. Complete visibility, faster prioritization, stronger defenses—with exploitation timelines, source evidence, and platform statistics to back every decision.

From global telemetry to actionable intelligence

KEVIntel follows a simple pipeline: Collect, Attest, Enrich, Deliver. Each exploited CVE links to source material so analysts can verify why it was included and move from signal to action faster.

Collect

Global honeypot networks, CISA KEV, vendor advisories, cyber RSS feeds, and public reporting observe real-world exploitation attempts around the clock.
Attest

Validate exploitation with credible evidence—CISA KEV listings, advisories documenting active exploitation, honeypot observations, and defensible references—to separate signal from noise.
Enrich

Correlate each CVE with EPSS, CVSS, CWE, proof-of-concept references, Nuclei and Metasploit scanner context, online mentions, vendor metadata, and exploitation timelines.
Deliver

Actionable intelligence via this live feed, RSS, JSON, and the Pro API—ready for vulnerability management, CTI, SOC, SIEM/SOAR, MSSP, and exposure-management workflows.

Prioritize what matters

Reduce false positives

Strengthen defenses

Stay ahead of attackers