Known Exploited Vulnerabilities

Focus on What Matters

There are 301,047 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-15227	Remote Code Execution vulnerability	nette	application	2025-07-12 12:00:33 UTC	The Shadowserver (via CIRCL)
CVE-2021-33690	Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions...	SAP SE	SAP NetWeaver Development Infrastructure (Component Build Service)	2025-07-12 12:00:26 UTC	The Shadowserver (via CIRCL)
CVE-2025-47812	In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into...	wftpserver	Wing FTP Server	2025-07-10 17:45:23 UTC	Huntress Blog
CVE-2020-28188	Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via...	TerraMaster	TOS	2025-07-09 12:00:20 UTC	The Shadowserver (via CIRCL)
CVE-2023-46347	In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL...	NDK Design	Step by Step products Pack	2025-07-08 12:03:12 UTC	The Shadowserver (via CIRCL)
CVE-2024-36111	KubePi's JWT token validation has a defect	1Panel-dev	KubePi	2025-07-08 12:03:05 UTC	The Shadowserver (via CIRCL)
CVE-2023-4450	jeecgboot JimuReport Template injection	jeecgboot	JimuReport	2025-07-08 12:02:59 UTC	The Shadowserver (via CIRCL)
CVE-2023-3710	Printer web page invalid command execution	Honeywell, Honeywell	PM23/43, PC23/43, PD43, PM42, PX4ie/6ie, PX45/65, PD45, PX240, PX940, PM45, RP2f/RP4f	2025-07-08 12:02:52 UTC	The Shadowserver (via CIRCL)
CVE-2023-26802	An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass...	Digital China Networks	DCBI-Netlog-LAB	2025-07-08 12:02:42 UTC	The Shadowserver (via CIRCL)
CVE-2023-35885	CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.	CloudPanel	CloudPanel	2025-07-08 12:02:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-4634	The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including,...	dglingren	Media Library Assistant	2025-07-08 12:02:27 UTC	The Shadowserver (via CIRCL)
CVE-2023-3836	Dahua Smart Park Management unrestricted upload	Dahua	Smart Park Management	2025-07-08 12:02:20 UTC	The Shadowserver (via CIRCL)
CVE-2023-31446	In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This...	Cassia Networks	Cassia Gateway firmware	2025-07-08 12:02:11 UTC	The Shadowserver (via CIRCL)
CVE-2023-33831	A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a...	FUXA	FUXA	2025-07-08 12:02:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-52028	TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.	TOTOlink	A3700R	2025-07-08 12:01:51 UTC	The Shadowserver (via CIRCL)
CVE-2023-1698	WAGO: WBM Command Injection in multiple products	WAGO	Compact Controller CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line	2025-07-08 12:01:44 UTC	The Shadowserver (via CIRCL)
CVE-2023-25135	vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers...	vBulletin	vBulletin	2025-07-08 12:01:35 UTC	The Shadowserver (via CIRCL)
CVE-2023-34133	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an...	SonicWall	GMS, Analytics	2025-07-08 12:01:28 UTC	The Shadowserver (via CIRCL)
CVE-2023-29919	SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not...	n/a	SolarView Compact	2025-07-08 12:01:18 UTC	The Shadowserver (via CIRCL)
CVE-2023-23333	There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions...	SolarView	Compact	2025-07-08 12:01:10 UTC	The Shadowserver (via CIRCL)
CVE-2023-30625	rudder-server vulnerable to SQL Injection	rudderlabs	rudder-server	2025-07-08 12:01:03 UTC	The Shadowserver (via CIRCL)
CVE-2022-36509	H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.	H3C	GR3200	2025-07-08 12:00:53 UTC	The Shadowserver (via CIRCL)
CVE-2023-28343	OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone...	Altenergy	Power Control Software	2025-07-08 12:00:42 UTC	The Shadowserver (via CIRCL)
CVE-2023-1177	Path Traversal: '\..\filename' in mlflow/mlflow	mlflow	mlflow/mlflow	2025-07-08 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2023-22478	KubePi is vulnerable to missing authorization	KubeOperator	KubePi	2025-07-08 12:00:28 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 1 - 25 of 1940 in total