KEVIntel

Known Exploited Vulnerabilities

Curated + enriched signals for rapid prioritization

{ } JSON RSS PRO

0.7%

actively
exploited

Focus on what’s exploited

Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.

Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.

View stats Report a KEV

2,499

Total Known exploited

351

Added this week

Search

Results update as you type.

⌘K

Added

Exploitability

Type to search. Filters apply instantly.

CVE	Severity	Title	Vendor	Product	Added
CVE-2021-35941	7.5 High	Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory... Remote Low complexity No user interaction	Western Digital	WD My Book Live, WD My Book Live Duo	almost 5 years ago
CVE-2021-34621	9.8 Critical	ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation Remote Low complexity No user interaction	ProfilePress	ProfilePress	almost 5 years ago
CVE-2021-34619	8.8 High	Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin Remote Low complexity	StoreApps	WooCommerce Stock Manager	almost 5 years ago
CVE-2021-24370	9.8 Critical	Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE Remote Low complexity No user interaction	Unknown	Fancy Product Designer	about 5 years ago
CVE-2021-24175	9.8 Critical	The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass Remote Low complexity No user interaction	Unknown	The Plus Addons for Elementor Page Builder	about 5 years ago
CVE-2021-24217	8.1 High	Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain Remote No user interaction	Unknown	Facebook for WordPress	about 5 years ago
CVE-2021-24219	5.3 Medium	All Thrive Themes and Plugins - Unauthenticated Option Update Remote Low complexity No user interaction	Thrive Themes	Thrive Optimize, Thrive Comments, Thrive Headline Optimizer, Thrive Leads, Thrive Ultimatum, Thrive Quiz Builder, Thrive Apprentice, Thrive Visual Editor, Thrive Dashboard, Thrive Ovation, Thrive Clever Widgets, Rise by Thrive Themes, Ignition by Thrive Themes, Luxe by Thrive Themes, FocusBlog by Thrive Themes, Minus by Thrive Themes, Squared by Thrive Themes, Voice, Performag by Thrive Themes, Pressive by Thrive Themes, Storied by Thrive Themes, Thrive Themes Builder	about 5 years ago
CVE-2021-24170	7.5 High	User Profile Picture < 2.5.0 - Sensitive Information Disclosure Remote Low complexity No user interaction	Unknown	User Profile Picture	over 5 years ago
CVE-2021-3122	9.8 Critical	CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to... Remote Low complexity No user interaction	NCR	Command Center Agent	over 5 years ago
CVE-2021-3006	7.5 High	The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows... Remote Low complexity No user interaction	Seal Finance	Seal	over 5 years ago
CVE-2020-35234	7.5 High	The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker... Remote Low complexity No user interaction	WordPress	easy-wp-smtp plugin	over 5 years ago
CVE-2020-26876	7.5 High	The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by... Remote Low complexity No user interaction	WordPress	wp-courses plugin	over 5 years ago
CVE-2020-35948	9.9 Critical	An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify... Remote Low complexity No user interaction	watchful.li	XCloner Backup and Restore	over 5 years ago
CVE-2020-35949	10.0 Critical	An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to... Remote Low complexity No user interaction	WordPress	Quiz and Survey Master plugin	almost 6 years ago
CVE-2020-35945	9.9 Critical	An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with... Remote Low complexity No user interaction	Elegant Themes	Divi	almost 6 years ago
CVE-2020-15129	6.1 Medium	Open redirect in Traefik Remote	containous	traefik	almost 6 years ago
CVE-2020-24186	10.0 Critical	A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to... Remote Low complexity No user interaction	gVectors	wpDiscuz	almost 6 years ago
CVE-2020-13125	7.2 High	An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in... Remote Low complexity No user interaction	Brainstorm Force	Ultimate Addons for Elementor	about 6 years ago
CVE-2020-13126	9.9 Critical	An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with... Remote Low complexity No user interaction	Elementor	Elementor Pro	about 6 years ago
CVE-2020-12075	8.8 High	The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. Remote Low complexity No user interaction	supsystic.com	data-tables-generator-by-supsystic	about 6 years ago
CVE-2014-8739	9.8 Critical	Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative... Remote Low complexity No user interaction	jQuery	File Upload Plugin	over 6 years ago
CVE-2020-8417	8.8 High	The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. Remote Low complexity	Code Snippets	Code Snippets plugin for WordPress	over 6 years ago
CVE-2020-6167	8.8 High	A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject... Remote Low complexity	WordPress	Minimal Coming Soon & Maintenance Mode plugin	over 6 years ago
CVE-2019-19915	9.0 Critical	The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or... Remote Low complexity	WordPress	301 Redirects - Easy Redirect Manager	over 6 years ago
CVE-2019-17049	7.5 High	NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. Remote Low complexity No user interaction	NETGEAR	SRX5308	over 6 years ago

Displaying vulnerabilities 2351 - 2375 of 2499 in total