KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 352,641 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private honeypots, enriched with prioritization metadata.

View stats Report a KEV

2,555

Total Known exploited

103

Added this week

938

More than CISA KEV

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2019-1069	7.8 High	Task Scheduler Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803 (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	about 4 years ago
CVE-2019-1064	7.8 High	Windows Elevation of Privilege Vulnerability Malware Low complexity No user interaction	Microsoft	Windows 10 Version 1703, Windows 10 Version 1803, Windows Server, version 1803 (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1709 for 32-bit Systems, Windows 10 Version 1709, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	about 4 years ago
CVE-2019-0841	7.8 High	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation... Malware Low complexity No user interaction	Microsoft	Windows, Windows Server	about 4 years ago
CVE-2019-0543	7.8 High	An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of... Malware Low complexity No user interaction	Microsoft	Windows	about 4 years ago
CVE-2016-3309	7.8 High	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold... Malware Low complexity No user interaction	Microsoft	Windows	about 4 years ago
CVE-2020-5135	9.8 Critical	A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by... Remote Low complexity No user interaction	SonicWall	SonicOS	about 4 years ago
CVE-2015-2546	8.2 High	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server... Malware Low complexity	Microsoft	Windows	about 4 years ago
CVE-2018-8120	7.0 High	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k... Malware No user interaction	Microsoft	Windows Server 2008, Windows 7, Windows Server 2008 R2	about 4 years ago
CVE-2021-20083	8.8 High	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious... Remote Low complexity No user interaction	jQuery	jquery-plugin-query-object	over 4 years ago
CVE-2013-0625	9.8 Critical	Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute... Remote Low complexity No user interaction	Adobe	ColdFusion	over 4 years ago
CVE-2022-26486	9.6 Critical	An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in... Remote Low complexity	Mozilla	Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus	over 4 years ago
CVE-2022-26485	8.8 High	Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing... Remote Low complexity	Mozilla	Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus	over 4 years ago
CVE-2021-21973	5.3 Medium	The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server... Remote Low complexity No user interaction	VMware	VMware vCenter Server, VMware Cloud Foundation	over 4 years ago
CVE-2020-8218	7.2 High	A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code... Remote Low complexity No user interaction	Pulse Secure	Pulse Connect Secure	over 4 years ago
CVE-2019-11581	9.8 Critical	There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions.... Remote Low complexity No user interaction	Atlassian	Jira Server and Data Center	over 4 years ago
CVE-2017-6077	9.8 Critical	ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell... Remote Low complexity No user interaction	NETGEAR	DGN2200	over 4 years ago
CVE-2016-6277	8.8 High	NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before... Remote Low complexity	NETGEAR	Routers	over 4 years ago
CVE-2009-3960	6.5 Medium	Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0,... Malware Remote Low complexity	Adobe	BlazeDS	over 4 years ago
CVE-2013-0631	7.5 High	Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in... Remote Low complexity No user interaction	Adobe	ColdFusion	over 4 years ago
CVE-2013-0629	7.5 High	Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified... Remote Low complexity No user interaction	Adobe	ColdFusion	over 4 years ago
CVE-2013-1675	6.5 Medium	Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly... Remote Low complexity	Mozilla	Firefox, Firefox ESR, Thunderbird, Thunderbird ESR	over 4 years ago
CVE-2002-0367	7.8 High	smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows... Low complexity No user interaction	Microsoft	Windows	over 4 years ago
CVE-2004-0210	7.8 High	The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by... Low complexity No user interaction	Microsoft	Windows NT, Windows 2000	over 4 years ago
CVE-2008-2992	7.8 High	Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that... Malware Low complexity	Adobe	Acrobat and Reader	over 4 years ago
CVE-2008-3431	8.8 High	The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and... Low complexity No user interaction	Sun	xVM VirtualBox	over 4 years ago

Displaying vulnerabilities 1901 - 1925 of 2555 in total

KEVIntel

Known Exploited Vulnerability Intelligence Beyond CISA KEV

Prioritize the vulnerabilities attackers are actually exploiting—before they impact your organization.

KEVIntel is known exploited vulnerability intelligence that aggregates, attests, enriches, and distributes exploited-CVE data. It is not a CISA KEV mirror alone. The service includes the official catalog as a baseline and extends coverage with additional exploited-CVE attestations, evidence links, enrichment, and automation-ready delivery through the live feed above, RSS, JSON, and the Pro API.

Aggregated & attested

Exploitation signals from 60+ public sources, vendor advisories, and private honeypots—validated against credible evidence.

Enriched for prioritization

Every CVE joined with EPSS, CVSS, CWE, proof-of-concept references, and Nuclei/Metasploit context.

Automation-ready delivery

Live feed, RSS, JSON, and Pro API for VM, CTI, SOC, and MSSP workflows.

The AI vulnerability tsunami is accelerating disclosure

Hundreds of thousands of CVEs exist in the National Vulnerability Database and vendor advisories, and AI-assisted discovery is accelerating that volume further. CVSS scores describe theoretical severity, but severity is not the same as exploitation. Many high-severity vulnerabilities are never exploited in the wild, while some actively exploited flaws may be under-prioritized if teams rely on CVSS-only prioritization.

Only a small fraction of published CVEs ever show real-world exploitation signals. Security teams cannot remediate everything at once. Exploitation-led prioritization focuses limited patching, detection, and analyst time on CVEs with evidence-backed exploitation—not on vulnerability noise.

Disclosed vulnerabilities Actively exploited

352,641+ and growing

Only 0.7% of disclosed CVEs show real-world exploitation signals — and that sliver is the operationally urgent work.

Focus on the signal, not the noise. KEVIntel helps you identify the vulnerabilities attackers are actually using—so vulnerability management, CTI, SOC, MSSP, and exposure-management teams can prioritize remediation on real exploitation, not scanner volume alone.

CISA KEV is essential. It is not the whole picture.

KEVIntel extends your visibility beyond CISA KEV. CISA KEV is authoritative and valuable; KEVIntel complements it with additional exploited-CVE coverage, RSS delivery, global honeypot telemetry, enrichment, and automation-ready Pro API access. See the full KEVIntel vs CISA KEV comparison.

CISA KEV

No RSS feed
Tracks vulnerabilities in CISA KEV
Curated by CISA

KEVIntel

RSS feed for real-time updates
CISA KEV plus 938+ more exploited in the wild
Independent intelligence from global honeypots, EPSS, CVSS, CWE, PoCs, and Nuclei/Metasploit context

Use CISA KEV. Go further with KEVIntel. Complete visibility, faster prioritization, stronger defenses—with exploitation timelines, source evidence, and platform statistics to back every decision.

From global telemetry to actionable intelligence

KEVIntel follows a simple pipeline: Collect, Attest, Enrich, Deliver. Each exploited CVE links to source material so analysts can verify why it was included and move from signal to action faster.

Collect

Global honeypot networks, CISA KEV, vendor advisories, cyber RSS feeds, and public reporting observe real-world exploitation attempts around the clock.
Attest

Validate exploitation with credible evidence—CISA KEV listings, advisories documenting active exploitation, honeypot observations, and defensible references—to separate signal from noise.
Enrich

Correlate each CVE with EPSS, CVSS, CWE, proof-of-concept references, Nuclei and Metasploit scanner context, online mentions, vendor metadata, and exploitation timelines.
Deliver

Actionable intelligence via this live feed, RSS, JSON, and the Pro API—ready for vulnerability management, CTI, SOC, SIEM/SOAR, MSSP, and exposure-management workflows.

Prioritize what matters

Reduce false positives

Strengthen defenses

Stay ahead of attackers