Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-42999	Insecure Deserialization in SAP NetWeaver (Visual Composer development server)	SAP_SE	SAP NetWeaver (Visual Composer development server)	2026-06-01 10:37:52 UTC	CVE
CVE-2025-32756	A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions,...	Fortinet	FortiNDR, FortiCamera, FortiRecorder, FortiVoice, FortiMail	2026-06-01 10:37:50 UTC	CVE
CVE-2025-20337	Cisco ISE API Unauthenticated Remote Code Execution Vulnerability	Cisco	Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector	2026-06-01 10:37:36 UTC	CVE
CVE-2025-20281	Cisco ISE API Unauthenticated Remote Code Execution Vulnerability	Cisco	Cisco Identity Services Engine Software	2026-06-01 10:37:36 UTC	CVE
CVE-2023-2533	PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF	PaperCut	PaperCut NG/MF	2026-06-01 10:37:36 UTC	CVE
CVE-2025-6558	Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially...	Google	Chrome	2026-06-01 10:37:23 UTC	CVE
CVE-2025-49706	Microsoft SharePoint Server Spoofing Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2026-06-01 10:37:23 UTC	CVE
CVE-2025-49704	Microsoft SharePoint Remote Code Execution Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019	2026-06-01 10:37:23 UTC	CVE
CVE-2025-2776	SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2026-06-01 10:37:22 UTC	CVE
CVE-2025-2775	SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2026-06-01 10:37:22 UTC	CVE
CVE-2025-53770	Microsoft SharePoint Server Remote Code Execution Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2026-06-01 10:37:19 UTC	CVE
CVE-2025-54309	CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote...	CrushFTP	CrushFTP	2026-06-01 10:37:11 UTC	CVE
CVE-2025-25257	An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb...	Fortinet	FortiWeb	2026-06-01 10:37:09 UTC	CVE
CVE-2025-34130	LILIN DVR Arbitrary File Read via net_html.cgi	Merit LILIN	DVR Firmware	2026-06-01 10:37:03 UTC	CVE
CVE-2025-34129	LILIN DVR RCE via Malicious FTP/NTP Configuration	Merit LILIN	DVR Firmware	2026-06-01 10:37:03 UTC	CVE
CVE-2025-49831	Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device	cyberark	conjur	2026-06-01 10:37:00 UTC	CVE
CVE-2025-47812	In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into...	wftpserver	Wing FTP Server	2026-06-01 10:36:56 UTC	CVE
CVE-2025-5777	NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread	NetScaler	ADC, Gateway	2026-06-01 10:36:46 UTC	CVE
CVE-2019-9621	Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows...	n/a	n/a	2026-06-01 10:36:30 UTC	CVE
CVE-2019-5418	There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted...	Rails	https://github.com/rails/rails	2026-06-01 10:36:30 UTC	CVE
CVE-2016-10033	The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command...	n/a	n/a	2026-06-01 10:36:30 UTC	CVE
CVE-2014-3931	fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.	n/a	n/a	2026-06-01 10:36:30 UTC	CVE
CVE-2025-6554	Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page....	Google	Chrome	2026-06-01 10:36:20 UTC	CVE
CVE-2025-48928	The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which...	TeleMessage	service	2026-06-01 10:36:17 UTC	CVE
CVE-2025-48927	The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in...	TeleMessage	service	2026-06-01 10:36:17 UTC	CVE

Displaying vulnerabilities 226 - 250 of 3822 in total