Known Exploited Vulnerabilities

Focus on What Matters

There are 349,612 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-43000	A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari...	Apple	macOS, iOS and iPadOS, Safari	2026-06-01 13:30:35 UTC	CISA
CVE-2025-31277	The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6,...	Apple	Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS	2026-06-01 13:30:35 UTC	CISA
CVE-2026-9082	Drupal core - Highly critical - SQL injection - SA-CORE-2026-004	Drupal	Drupal core	2026-06-01 13:29:38 UTC	CVE
CVE-2026-48172	LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is...	LiteSpeed Technologies	cPanel Plugin, WHM Plugin	2026-06-01 13:29:31 UTC	CVE
CVE-2026-34926	A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the...	Trend Micro, Inc.	TrendAI Apex One, TrendAI Apex One as a Service	2026-06-01 13:29:30 UTC	CVE
CVE-2025-34291	Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE	Langflow	Langflow	2026-06-01 13:29:30 UTC	CVE
CVE-2026-45498	Microsoft Defender Denial of Service Vulnerability	Microsoft	Microsoft Defender Antimalware Platform	2026-06-01 13:29:26 UTC	CVE
CVE-2026-41091	Microsoft Defender Elevation of Privilege Vulnerability	Microsoft	Microsoft Malware Protection Engine	2026-06-01 13:29:26 UTC	CVE
CVE-2026-34234	CtrlPanel: Unauthenticated RCE using installer script	Ctrlpanel-gg	panel	2026-06-01 13:29:18 UTC	CVE
CVE-2026-42897	Microsoft Exchange Server Spoofing Vulnerability	Microsoft	Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 15, Microsoft Exchange Server Subscription Edition RTM	2026-06-01 13:29:03 UTC	CVE
CVE-2026-42208	LiteLLM: SQL injection in Proxy API key verification	BerriAI	litellm	2026-06-01 13:26:37 UTC	CVE
CVE-2026-6973	An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated...	Ivanti	Endpoint Manager Mobile	2026-06-01 13:26:33 UTC	CVE
CVE-2026-44742	Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May...	Postorius project	Postorius	2026-06-01 13:26:33 UTC	CVE
CVE-2026-0300	PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal	Palo Alto Networks	Cloud NGFW, PAN-OS, Prisma Access	2026-06-01 13:26:25 UTC	CVE
CVE-2026-31431	crypto: algif_aead - Revert to operating out-of-place	Linux	Linux	2026-06-01 13:26:07 UTC	CVE
CVE-2026-41940	WebPros cPanel and WHM Authentication Bypass via Login Flow	WebPros	cPanel, WP Squared, WHM	2026-06-01 13:26:04 UTC	CVE
CVE-2026-32202	Windows Shell Spoofing Vulnerability	Microsoft	Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	2026-06-01 13:25:49 UTC	CVE
CVE-2024-1708	Improper limitation of a pathname to a restricted directory (“path traversal”)	ConnectWise	ScreenConnect	2026-06-01 13:24:35 UTC	CVE
CVE-2025-29635	A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote...	n/a	n/a	2026-06-01 13:23:43 UTC	CVE
CVE-2024-7399	Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to...	Samsung Electronics	MagicINFO 9 Server	2026-06-01 13:23:43 UTC	CVE
CVE-2024-57728	SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a...	n/a	n/a	2026-06-01 13:23:43 UTC	CVE
CVE-2024-57726	SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive...	n/a	n/a	2026-06-01 13:23:43 UTC	CVE
CVE-2026-39987	marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass	marimo-team	marimo	2026-06-01 13:23:39 UTC	CVE
CVE-2026-33825	Microsoft Defender Elevation of Privilege Vulnerability	Microsoft	Microsoft Defender Antimalware Platform	2026-06-01 13:22:36 UTC	CVE
CVE-2026-20133	A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected...	Cisco	Cisco Catalyst SD-WAN Manager	2026-06-01 13:22:22 UTC	CVE

Displaying vulnerabilities 1 - 25 of 3821 in total