Known Exploited Vulnerabilities

Focus on What Matters

There are 297,509 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-25003	WPCargo < 6.9.0 - Unauthenticated RCE	Unknown	WPCargo Track & Trace	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-26295	RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI	Apache Software Foundation	Apache OFBiz	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-22024	An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA...	Ivanti	ICS, IPS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-9995	TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which...	TBK	DVR4104 and DVR4216	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-17506	There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the...	D-Link	DIR-868L, DIR-817LW	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-11530	A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter...	n/a	n/a	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-39026	Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive...	n/a	n/a	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-17431	Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.	Comodo	UTM Firewall	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35665	An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in...	n/a	n/a	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-5674	__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1...	NUUO, NETGEAR	NVRmini 2, NVRsolo, ReadyNAS Surveillance	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-5128	A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...	YouPHPTube	YouPHPTube	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-3760	There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially...	HackerOne	Sprockets	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-7927	A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN,...	Dahua	Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-21899	QTS, QuTS hero, QuTScloud	QNAP Systems Inc.	QTS, QuTS hero, QuTScloud	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-43795	WPS Server Side Request Forgery in GeoServer	geoserver	geoserver	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-35250	Directory Transversal Vulnerability in Serv-U 15.3	SolarWinds	Serv-U	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-40822	GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.	n/a	n/a	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-9866	A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual...	SonicWall	Global Management System (GMS)	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-13315	Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an...	TOTOLINK	A3002RU	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-0778	Uniview ISC 2500-S VM.php setNatConfig os command injection	Uniview	ISC 2500-S	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-32432	Craft CMS Allows Remote Code Execution	craftcms	cms	2025-04-26 00:00:00 UTC	ONYPHE Blog
CVE-2019-5129	A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...	YouPHPTube	YouPHPTube	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-12635	Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before...	Apache Software Foundation	Apache CouchDB	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-10737	A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.	Nagios	XI	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-19824	On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the...	TOTOLINK	Realtek SDK based routers	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 251 - 275 of 1850 in total