Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2026-48027	Compromised Nx Console version 18.95.0	nrwl	nx-console	2026-06-01 10:28:02 UTC	CVE
CVE-2026-45321	Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys	@tanstack	arktype-adapter, eslint-plugin-router, eslint-plugin-start, history, nitro-v2-vite-plugin, react-router, react-router-devtools, react-router-ssr-query, react-start, react-start-client, react-start-rsc, react-start-server, router-cli, router-core, router-devtools, router-devtools-core, router-generator, router-plugin, router-ssr-query-core, router-utils, outer-vite-plugin, solid-router, solid-router-devtools, solid-router-ssr-query, solid-start, solid-start-client, solid-start-server, start-client-core, start-fn-stubs, start-plugin-core, start-server-core, start-static-server-functions, start-storage-context, valibot-adapter, virtual-file-routes, vue-router, vue-router-devtools, vue-router-ssr-query, vue-start, vue-start-client, vue-start-server, zod-adapter	2026-06-01 10:27:54 UTC	CVE
CVE-2018-9205	Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.	Robbin Zhao	avatar_uploader	2026-05-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-2414	Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to...	n/a	Dogtag PKI	2026-05-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0785	Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi	Unknown	Daily Prayer Time	2026-05-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0948	Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi	Unknown	Order Listener for WooCommerce – Play Sounds Instantly on New Orders	2026-05-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-5426	KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value	Digital Knowledge	KnowledgeDeliver	2026-05-25 07:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34048	D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read	D-Link	DSL-2730U, DSL-2750U, DSL-2750E	2026-05-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-7311	BYTEVALUE Intelligent Flow Control Router Command Injection	BYTEVALUE (Luoyang Baiwei Intelligent Technology Co., Ltd.)	Flow Control Router	2026-05-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-42945	NGINX ngx_http_rewrite_module vulnerability	F5	NGINX Plus, NGINX Open Source	2026-05-19 15:36:39 UTC	The Shadowserver (via CIRCL)
CVE-2025-7544	Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow	Tenda	AC1206	2026-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-11963	IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter...	n/a	n/a	2026-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-44338	PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution	MervinPraison	PraisonAI	2026-05-14 14:20:11 UTC	The Shadowserver (via CIRCL)
CVE-2025-34023	Karel IP Phone IP1211 Path Traversal	Karel	Karel IP Phone IP1211	2026-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-11409	Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated...	n/a	n/a	2026-05-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34509	Sitecore XM and XP Hardcoded Credentials	Sitecore	Experience Manager, Experience Platform	2026-04-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-37999	WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability	HasThemes	HT Mega	2026-04-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-6893	Journyx Unauthenticated XML External Entities Injection	Journyx	Journyx (jtime)	2026-04-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-10353	Missing Authorization vulnerability in Melis Platform	Melis Technology	Melis Platform	2026-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-0159	Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE	Unknown	Extensive VC Addons for WPBakery page builder	2026-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-25573	Improper access control to download file in metersphere	metersphere	metersphere	2026-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-3844	Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote	cloudways	Breeze Cache	2026-04-25 15:00:05 UTC	The Shadowserver (via CIRCL)
CVE-2021-4374	The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to...	ValvePress	WordPress Automatic Plugin	2026-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-33626	LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading	InternLM	lmdeploy	2026-04-24 18:15:40 UTC	The Shadowserver (via CIRCL)
CVE-2019-8451	The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network...	Atlassian	Jira	2026-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 276 - 300 of 3822 in total