Known Exploited Vulnerabilities

Focus on What Matters

There are 297,472 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-8191	Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...	Citrix	["ADC", "Gateway", "SDWAN WAN-OP"]	2025-06-13 12:00:19 UTC	The Shadowserver (via CIRCL)
CVE-2023-1020	Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi	Unknown	Steveas WP Live Chat Shoutbox	2025-06-13 12:00:12 UTC	The Shadowserver (via CIRCL)
CVE-2021-29203	A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management...	HPE	Edgeline Infrastructure Manager	2025-06-12 12:00:33 UTC	The Shadowserver (via CIRCL)
CVE-2021-34624	ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component	ProfilePress	ProfilePress	2025-06-12 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2024-32735	CyberPower PowerPanel Enterprise Missing Authentication	CyberPower	CyberPower PowerPanel Enterprise	2025-06-11 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2009-0545	cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type...	ZeroShell	ZeroShell	2025-06-11 12:00:26 UTC	The Shadowserver (via CIRCL)
CVE-2025-32433	Erlang/OTP SSH Vulnerable to Pre-Authentication RCE	erlang	otp	2025-06-11 08:45:31 UTC	CISA
CVE-2024-42009	A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a...	Roundcube	Roundcube Webmail	2025-06-11 08:45:23 UTC	CISA
CVE-2025-33053	Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-06-11 08:45:15 UTC	CISA
CVE-2019-1821	Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities	Cisco	Cisco Prime Infrastructure	2025-06-09 12:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2020-11546	SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An...	SuperWebMailer	SuperWebMailer	2025-06-09 12:00:13 UTC	The Shadowserver (via CIRCL)
CVE-2012-4867	Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary...	vtiger	CRM	2025-06-09 08:35:45 UTC	SANS Internet Storm Center
CVE-2020-36112	CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in...	Musyoka Ian	CSE Bookstore	2025-06-08 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2021-30168	MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-1	MERIT LILIN ENT.CO.,LTD.	P2/Z2/P3/Z3 IP camera firmware	2025-06-07 12:00:33 UTC	The Shadowserver (via CIRCL)
CVE-2022-24260	A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.	Voipmonitor	Voipmonitor GUI	2025-06-07 12:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2021-27964	SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to...	SonLogger	SonLogger	2025-06-06 12:00:43 UTC	The Shadowserver (via CIRCL)
CVE-2022-25322	ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.	ZEROF	Web Server	2025-06-06 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2022-35413	WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential...	Penta Security Systems Inc.	WAPPLES	2025-06-06 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2018-12031	Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory...	Eaton	Intelligent Power Manager	2025-06-06 12:00:15 UTC	The Shadowserver (via CIRCL)
CVE-2025-49113	Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is...	Roundcube	Webmail	2025-06-05 17:00:41 UTC	BleepingComputer
CVE-2024-57726	SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive...	SimpleHelp	SimpleHelp	2025-06-05 12:02:17 UTC	Sophos News
CVE-2024-57728	SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a...	SimpleHelp	SimpleHelp	2025-06-05 12:02:10 UTC	Sophos News
CVE-2019-17270	Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the...	Yachtcontrol	Yachtcontrol	2025-06-05 12:00:55 UTC	The Shadowserver (via CIRCL)
CVE-2017-18378	In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through...	NETGEAR	ReadyNAS Surveillance	2025-06-05 12:00:49 UTC	The Shadowserver (via CIRCL)
CVE-2020-10548	rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in...	rConfig	rConfig	2025-06-05 12:00:41 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 1 - 25 of 1850 in total