Known Exploited Vulnerabilities

Focus on What Matters

There are 301,656 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-25257	An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0...	Fortinet	FortiWeb	2025-07-17 18:00:17 UTC	The Shadowserver (via CIRCL)
CVE-2025-34130	LILIN DVR Arbitrary File Read via net_html.cgi	Merit LILIN	DVR Firmware	2025-07-16 22:40:27 UTC	CVE
CVE-2025-34129	LILIN DVR RCE via Malicious FTP/NTP Configuration	Merit LILIN	DVR Firmware	2025-07-16 22:40:20 UTC	CVE
CVE-2019-2768	Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The...	Oracle Corporation	BI Publisher (formerly XML Publisher)	2025-07-16 12:00:20 UTC	The Shadowserver (via CIRCL)
CVE-2025-6558	Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially...	Google	Chrome	2025-07-16 08:30:28 UTC	CyberInsider
CVE-2025-6965	Integer Truncation on SQLite	SQLite	SQLite	2025-07-16 08:00:25 UTC	TheHackerNews
CVE-2025-49831	Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device	cyberark	conjur	2025-07-15 21:40:25 UTC	CVE
CVE-2022-46381	Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This...	Linear	eMerge E3-Series	2025-07-15 12:00:44 UTC	The Shadowserver (via CIRCL)
CVE-2021-45420	Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and...	Emerson	Dixell XWEB-500	2025-07-15 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-32235	Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory...	Ghost	Ghost	2025-07-15 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2020-35580	A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files...	SearchBlox	SearchBlox	2025-07-15 12:00:15 UTC	The Shadowserver (via CIRCL)
CVE-2020-15227	Remote Code Execution vulnerability	nette	application	2025-07-12 12:00:33 UTC	The Shadowserver (via CIRCL)
CVE-2021-33690	Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions...	SAP SE	SAP NetWeaver Development Infrastructure (Component Build Service)	2025-07-12 12:00:26 UTC	The Shadowserver (via CIRCL)
CVE-2025-47812	In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into...	wftpserver	Wing FTP Server	2025-07-10 17:45:23 UTC	Huntress Blog
CVE-2020-28188	Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via...	TerraMaster	TOS	2025-07-09 12:00:20 UTC	The Shadowserver (via CIRCL)
CVE-2023-46347	In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL...	NDK Design	Step by Step products Pack	2025-07-08 12:03:12 UTC	The Shadowserver (via CIRCL)
CVE-2024-36111	KubePi's JWT token validation has a defect	1Panel-dev	KubePi	2025-07-08 12:03:05 UTC	The Shadowserver (via CIRCL)
CVE-2023-4450	jeecgboot JimuReport Template injection	jeecgboot	JimuReport	2025-07-08 12:02:59 UTC	The Shadowserver (via CIRCL)
CVE-2023-3710	Printer web page invalid command execution	Honeywell, Honeywell	PM23/43, PC23/43, PD43, PM42, PX4ie/6ie, PX45/65, PD45, PX240, PX940, PM45, RP2f/RP4f	2025-07-08 12:02:52 UTC	The Shadowserver (via CIRCL)
CVE-2023-26802	An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass...	Digital China Networks	DCBI-Netlog-LAB	2025-07-08 12:02:42 UTC	The Shadowserver (via CIRCL)
CVE-2023-35885	CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.	CloudPanel	CloudPanel	2025-07-08 12:02:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-4634	The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including,...	dglingren	Media Library Assistant	2025-07-08 12:02:27 UTC	The Shadowserver (via CIRCL)
CVE-2023-3836	Dahua Smart Park Management unrestricted upload	Dahua	Smart Park Management	2025-07-08 12:02:20 UTC	The Shadowserver (via CIRCL)
CVE-2023-31446	In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This...	Cassia Networks	Cassia Gateway firmware	2025-07-08 12:02:11 UTC	The Shadowserver (via CIRCL)
CVE-2023-33831	A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a...	FUXA	FUXA	2025-07-08 12:02:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 1 - 25 of 1951 in total