Known Exploited Vulnerabilities

Focus on What Matters

There are 297,540 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-5127	A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...	YouPHPTube	YouPHPTube"	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-31324	Missing Authorization check in SAP NetWeaver (Visual Composer development server)	SAP_SE	SAP NetWeaver (Visual Composer development server)	2025-04-25 00:00:00 UTC	Tenable Blog
CVE-2019-11248	Kubernetes kubelet exposes /debug/pprof info on healthz port	Kubernetes	Kubernetes	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-27199	In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible	JetBrains	TeamCity	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-18394	A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send...	Ignite Realtime	Openfire	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-9014	OAuth2 client id and secret exposed through the web browser in pgAdmin 4	pgadmin.org	pgAdmin 4	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-11759	The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK...	Apache Software Foundation	Apache Tomcat Connectors	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-11305	Altenergy Power Control Software status_zigbee get_status_zigbee sql injection	Altenergy	Power Control Software	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-25735	An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP...	n/a	n/a	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-10914	D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection	D-Link	DNS-320, DNS-320LW, DNS-325, DNS-340L	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-46422	Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any...	n/a	n/a	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-24893	Remote code execution as guest via SolrSearchMacros request in xwiki	xwiki	xwiki-platform	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-0305	Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure	Guangzhou Yingke Electronic Technology	Ncast	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-0204	Authentication Bypass in GoAnywhere MFT	Fortra	GoAnywhere MFT	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-27954	WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability	WP Automatic	Automatic	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-21762	A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0...	Fortinet	FortiProxy, FortiOS	2025-04-24 00:00:00 UTC	CVE
CVE-2018-10379	An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2....	GitLab	GitLab Community Edition (CE), GitLab Enterprise Edition (EE)	2025-04-23 21:33:20 UTC	The Shadowserver (via CIRCL)
CVE-2024-0352	Likeshop HTTP POST Request File.php userFormImage unrestricted upload	n/a	Likeshop	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-39952	A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0...	Fortinet	FortiNAC	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-37679	A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.	n/a	n/a	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2010-0219	Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of...	Apache Software Foundation	Axis2	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-29383	NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at...	n/a	n/a	2025-04-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21307	Remote Code Exploit in Lucee Admin	lucee	Lucee	2025-04-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21978	VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of...	n/a	VMware View Planner	2025-04-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-31200	A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and...	Apple	visionOS, iOS iOS and iPadOS, tvOS, macOS	2025-04-17 00:00:00 UTC	CISA

Displaying vulnerabilities 276 - 300 of 1850 in total