Known Exploited Vulnerabilities

Focus on What Matters

There are 297,510 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-16662	An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php...	rConfig	rConfig	2025-04-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-26775	File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the...	n/a	n/a	2025-04-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1020	Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call	Acowebs	Product Table for WooCommerce (wooproducttable)	2025-04-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-15568	TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation...	n/a	n/a	2025-04-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-8209	Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before...	n/a	Citrix XenMobile Server	2025-04-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-7980	Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI....	n/a	n/a	2025-04-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-1976	Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6	Brocade	Fabric OS	2025-04-28 00:00:00 UTC	CISA
CVE-2025-42599	Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request...	QUALITIA CO., LTD.	Active! mail 6	2025-04-28 00:00:00 UTC	CISA
CVE-2017-17215	Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to...	Huawei Technologies Co., Ltd.	HG532	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-26294	An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-3928	Commvault Web Server unspecified vulnerability	Commvault	Web Server	2025-04-28 00:00:00 UTC	CISA
CVE-2021-25646	Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.	Apache Software Foundation	Apache Druid	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-4191	An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with...	GitLab	GitLab	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25114	Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection	Stranger Studios	Paid Memberships Pro	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25899	An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-27850	Bypass of the fix for CVE-2019-0195	Apache Software Foundation	Apache Tapestry	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25003	WPCargo < 6.9.0 - Unauthenticated RCE	Unknown	WPCargo Track & Trace	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-9995	TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which...	TBK	DVR4104 and DVR4216	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-26295	RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI	Apache Software Foundation	Apache OFBiz	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-22024	An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA...	Ivanti	ICS, IPS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-32030	The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-3721	TBK DVR-4104/DVR-4216 os command injection	TBK	DVR-4104, DVR-4216	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-26801	LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-24488	Cross site scripting	Citrix	Citrix ADC and Citrix Gateway	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-38646	Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 226 - 250 of 1850 in total