Known Exploited Vulnerabilities

Focus on What Matters

There are 298,510 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-41293	ECOA BAS controller - Path Traversal-3	ECOA	ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0, RiskBuster System TRANE 1.0, Graphic Control Software, SmartHome II E9246, RiskTerminator	2025-06-21 12:00:50 UTC	The Shadowserver (via CIRCL)
CVE-2025-0868	Remote Code Execution in DocsGPT	Arc53	DocsGPT	2025-06-21 12:00:43 UTC	The Shadowserver (via CIRCL)
CVE-2020-11455	LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.	LimeSurvey	LimeSurvey	2025-06-21 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2018-14912	cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a...	CGit	CGit	2025-06-21 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2018-11222	Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php...	Artica	Pandora FMS	2025-06-21 12:00:14 UTC	The Shadowserver (via CIRCL)
CVE-2025-4322	Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover	StylemixThemes	Motors - Car Dealer, Rental & Listing WordPress theme	2025-06-20 12:10:36 UTC	Wordfence
CVE-2024-7120	Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection	Raisecom	MSG1200, MSG2100E, MSG2200, MSG2300	2025-06-20 12:00:18 UTC	The Shadowserver (via CIRCL)
CVE-2024-9644	Four-Faith F3x36 bapply.cgi Auth Bypass	Four-Faith	F3x36	2025-06-19 12:00:28 UTC	The Shadowserver (via CIRCL)
CVE-2022-39960	The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to...	Netic Group	Group Export add-on for Atlassian Jira	2025-06-18 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2022-31847	A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via...	WAVLINK	WN579 X3	2025-06-18 12:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2022-48164	An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to...	Wavlink	WL-WN533A8	2025-06-18 12:00:21 UTC	The Shadowserver (via CIRCL)
CVE-2023-0386	A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux...	Linux	Kernel	2025-06-17 17:30:12 UTC	CISA
CVE-2025-43200	This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS...	Apple	iOS and iPadOS, macOS, iPadOS, watchOS, visionOS	2025-06-16 22:40:18 UTC	CVE
CVE-2023-33538	TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component...	TP-Link	TL-WR940N, TL-WR841N, TL-WR740N	2025-06-16 17:15:14 UTC	CISA
CVE-2020-8191	Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...	Citrix	ADC, Gateway, SDWAN WAN-OP	2025-06-13 12:00:19 UTC	The Shadowserver (via CIRCL)
CVE-2023-1020	Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi	Unknown	Steveas WP Live Chat Shoutbox	2025-06-13 12:00:12 UTC	The Shadowserver (via CIRCL)
CVE-2021-29203	A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management...	HPE	Edgeline Infrastructure Manager	2025-06-12 12:00:33 UTC	The Shadowserver (via CIRCL)
CVE-2021-34624	ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component	ProfilePress	ProfilePress	2025-06-12 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2024-32735	CyberPower PowerPanel Enterprise Missing Authentication	CyberPower	CyberPower PowerPanel Enterprise	2025-06-11 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2009-0545	cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type...	ZeroShell	ZeroShell	2025-06-11 12:00:26 UTC	The Shadowserver (via CIRCL)
CVE-2025-32433	Erlang/OTP SSH Vulnerable to Pre-Authentication RCE	erlang	otp	2025-06-11 08:45:31 UTC	CISA
CVE-2024-42009	A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a...	Roundcube	Roundcube Webmail	2025-06-11 08:45:23 UTC	CISA
CVE-2025-33053	Internet Shortcut Files Remote Code Execution Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-06-11 08:45:15 UTC	CISA
CVE-2019-1821	Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities	Cisco	Cisco Prime Infrastructure	2025-06-09 12:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2020-11546	SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An...	SuperWebMailer	SuperWebMailer	2025-06-09 12:00:13 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 1 - 25 of 1864 in total