Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 352,648 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private honeypots, enriched with prioritization metadata.

View stats Report a KEV

2,555

Total Known exploited

103

Added this week

938

More than CISA KEV

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2017-12238	6.5 Medium	A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow... Low complexity No user interaction	Cisco	Cisco IOS	over 4 years ago
CVE-2017-12240	9.8 Critical	The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated,... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2017-12319	5.9 Medium	A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an... Remote No user interaction	Cisco	Cisco IOS XE	over 4 years ago
CVE-2017-6627	7.5 High	A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote... Remote Low complexity No user interaction	Cisco	Cisco IOS and Cisco IOS XE	over 4 years ago
CVE-2017-6663	6.5 Medium	A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent... Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2017-6736	8.8 High	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... Remote Low complexity No user interaction	Cisco, IntelliShield	IOS, Universal Product	over 4 years ago
CVE-2017-6737	8.8 High	A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely... Remote Low complexity No user interaction	Cisco	IOS	over 4 years ago
CVE-2017-6738	8.8 High	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... Remote Low complexity No user interaction	Cisco	IOS, Cisco IOS XE Software	over 4 years ago
CVE-2017-6739	8.8 High	A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely... Remote Low complexity No user interaction	IntelliShield	Universal Product	over 4 years ago
CVE-2017-6740	8.8 High	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... Remote Low complexity No user interaction	Cisco, IntelliShield	IOS, Universal Product	over 4 years ago
CVE-2017-6743	8.8 High	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... Remote Low complexity No user interaction	Cisco, IntelliShield	IOS, Universal Product	over 4 years ago
CVE-2017-6744	8.8 High	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an... Remote Low complexity No user interaction	Cisco, IntelliShield	IOS, Universal Product	over 4 years ago
CVE-2017-8540	7.8 High	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1,... Low complexity	Microsoft Corporation	Malware Protection Engine	over 4 years ago
CVE-2018-0151	9.8 Critical	A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0154	7.5 High	A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an... Remote Low complexity No user interaction	Cisco	Cisco IOS	over 4 years ago
CVE-2018-0155	8.6 High	A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0156	7.5 High	A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0158	8.6 High	A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0159	7.5 High	A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0161	6.3 Medium	A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst... Remote No user interaction	Cisco	Cisco IOS	over 4 years ago
CVE-2018-0167	8.8 High	Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and... Low complexity No user interaction	Cisco	Cisco IOS, IOS XE, and IOS XR	over 4 years ago
CVE-2018-0172	8.6 High	A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0173	8.6 High	A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0174	8.6 High	A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,... Remote Low complexity No user interaction	Cisco	Cisco IOS and IOS XE	over 4 years ago
CVE-2018-0175	8.0 High	Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR... Low complexity	Cisco	Cisco IOS, IOS XE, and IOS XR	over 4 years ago

Displaying vulnerabilities 1976 - 2000 of 2555 in total

KEVIntel

Known Exploited Vulnerability Intelligence Beyond CISA KEV

Prioritize the vulnerabilities attackers are actually exploiting—before they impact your organization.

KEVIntel is known exploited vulnerability intelligence that aggregates, attests, enriches, and distributes exploited-CVE data. It is not a CISA KEV mirror alone. The service includes the official catalog as a baseline and extends coverage with additional exploited-CVE attestations, evidence links, enrichment, and automation-ready delivery through the live feed above, RSS, JSON, and the Pro API.

Aggregated & attested

Exploitation signals from 60+ public sources, vendor advisories, and private honeypots—validated against credible evidence.

Enriched for prioritization

Every CVE joined with EPSS, CVSS, CWE, proof-of-concept references, and Nuclei/Metasploit context.

Automation-ready delivery

Live feed, RSS, JSON, and Pro API for VM, CTI, SOC, and MSSP workflows.

The AI vulnerability tsunami is accelerating disclosure

Hundreds of thousands of CVEs exist in the National Vulnerability Database and vendor advisories, and AI-assisted discovery is accelerating that volume further. CVSS scores describe theoretical severity, but severity is not the same as exploitation. Many high-severity vulnerabilities are never exploited in the wild, while some actively exploited flaws may be under-prioritized if teams rely on CVSS-only prioritization.

Only a small fraction of published CVEs ever show real-world exploitation signals. Security teams cannot remediate everything at once. Exploitation-led prioritization focuses limited patching, detection, and analyst time on CVEs with evidence-backed exploitation—not on vulnerability noise.

Disclosed vulnerabilities Actively exploited

352,648+ and growing

Only 0.7% of disclosed CVEs show real-world exploitation signals — and that sliver is the operationally urgent work.

Focus on the signal, not the noise. KEVIntel helps you identify the vulnerabilities attackers are actually using—so vulnerability management, CTI, SOC, MSSP, and exposure-management teams can prioritize remediation on real exploitation, not scanner volume alone.

CISA KEV is essential. It is not the whole picture.

KEVIntel extends your visibility beyond CISA KEV. CISA KEV is authoritative and valuable; KEVIntel complements it with additional exploited-CVE coverage, RSS delivery, global honeypot telemetry, enrichment, and automation-ready Pro API access. See the full KEVIntel vs CISA KEV comparison.

CISA KEV

No RSS feed
Tracks vulnerabilities in CISA KEV
Curated by CISA

KEVIntel

RSS feed for real-time updates
CISA KEV plus 938+ more exploited in the wild
Independent intelligence from global honeypots, EPSS, CVSS, CWE, PoCs, and Nuclei/Metasploit context

Use CISA KEV. Go further with KEVIntel. Complete visibility, faster prioritization, stronger defenses—with exploitation timelines, source evidence, and platform statistics to back every decision.

From global telemetry to actionable intelligence

KEVIntel follows a simple pipeline: Collect, Attest, Enrich, Deliver. Each exploited CVE links to source material so analysts can verify why it was included and move from signal to action faster.

Collect

Global honeypot networks, CISA KEV, vendor advisories, cyber RSS feeds, and public reporting observe real-world exploitation attempts around the clock.
Attest

Validate exploitation with credible evidence—CISA KEV listings, advisories documenting active exploitation, honeypot observations, and defensible references—to separate signal from noise.
Enrich

Correlate each CVE with EPSS, CVSS, CWE, proof-of-concept references, Nuclei and Metasploit scanner context, online mentions, vendor metadata, and exploitation timelines.
Deliver

Actionable intelligence via this live feed, RSS, JSON, and the Pro API—ready for vulnerability management, CTI, SOC, SIEM/SOAR, MSSP, and exposure-management workflows.

Prioritize what matters

Reduce false positives

Strengthen defenses

Stay ahead of attackers