Known Exploited Vulnerability Feed
Evidence-backed KEV intelligence enriched with confidence scoring, exploitation status, CISA KEV status, and sensor telemetry.
2,578
Total KEVs
Known exploited vulnerabilities tracked in KEVIntel
955
Beyond CISA KEV
Additional exploited CVEs tracked beyond CISA KEV
16
KEVs Observed in Sensors (7d)
Tracked KEVs with live exploitation attempts in honeypots
1,676+
Artifacts Available
PoC, Nuclei, and scanner context
| CVE | Product | Vendor | Confidence | Exploitation Status | Sensors | First Seen | Added | Artifacts |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17246 | Kibana | Elastic | High | Exploited | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2019-16662 | rConfig | rConfig | High | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2024-9264 | Grafana | Grafana | High | Exploited | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2024-12987 | Vigor2960, Vigor300B | DrayTek | Confirmed | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2024-6047 | GV_DSP_LPR_V2, GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420, GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H, GVLX 4 V2, GVLX 4 V3, GV_IPCAMD_GV_BX130, GV_GM8186_VS14 | GeoVision | Confirmed | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2024-11120 | GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, GVLX 4 V3 | GeoVision | Confirmed | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2025-27363 | FreeType | FreeType | Confirmed | Active | — | about 1 year ago | about 1 year ago |
PoC
|
| CVE-2024-58136 | Yii | yiiframework | Confirmed | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2025-34028 | Command Center Innovation Release | Commvault | Confirmed | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2025-3248 | langflow | langflow-ai | Confirmed | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2017-9844 | NetWeaver | SAP | High | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2023-44221 | SMA100 | SonicWall | Confirmed | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2024-38475 | Apache HTTP Server | Apache Software Foundation | Confirmed | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2025-3928 | Web Server | Commvault | Confirmed | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2025-31324 | SAP NetWeaver (Visual Composer development server) | SAP_SE | Confirmed | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2025-42599 | Active! mail 6 | QUALITIA CO., LTD. | Confirmed | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2025-1976 | Fabric OS | Brocade | Confirmed | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2022-22274 | SonicOS | SonicWall | High | Active | — | about 1 year ago | about 1 year ago |
PoC
|
| CVE-2016-10372 | D1000 modem | Eir | High | Active | — | about 1 year ago | about 1 year ago |
PoC
|
| CVE-2023-0656 | SonicOS | SonicWall | High | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2019-12780 | Wemo Enabled Crock-Pot | Belkin | High | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2023-26801 | BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300 | LB-LINK | High | Active | — | about 1 year ago | about 1 year ago |
—
|
| CVE-2023-24488 | Citrix ADC and Citrix Gateway | Citrix | High | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2023-38646 | Metabase | Metabase | High | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|
| CVE-2018-9995 | DVR4104, DVR4216 | TBK | High | Active | — | about 1 year ago | about 1 year ago |
PoC
Nuclei
|