Known Exploited Vulnerabilities

Focus on What Matters

There are 303,579 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2018-16763	FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote...	FUEL CMS	FUEL CMS	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-3810	Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to...	Oturia	Oturia Smart Google Code Inserter	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-34993	This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not...	Commvault	CommCell	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-27920	Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in...	Srimax	Output Messenger	2025-05-12 16:35:47 UTC	Microsoft Threat Intelligence
CVE-2021-22707	A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink...	n/a	EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-24799	GLPI allows unauthenticated SQL injection through the inventory endpoint	glpi-project	glpi	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-41266	Authentication bypass issue in the Operator Console	minio	console	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-8961	A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.	Hewlett Packard Enterprise	Intelligent Management Center	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-24285	Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection	Unknown	Car Seller - Auto Classifieds Script	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-27482	homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor...	home-assistant	core, supervisor	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-7796	Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.	n/a	n/a	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-5827	Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna	vanna-ai	vanna-ai/vanna	2025-05-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-24762	Perfect Survey < 1.5.2 - Unauthenticated SQL Injection	perfectsurvey	Perfect Survey	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0747	Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection	QuantumCloud	Infographic Maker – iList	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-2314	VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call	Innate Images LLC	VR Calendar	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1386	Fusion Builder < 3.6.2 - Unauthenticated SSRF	Unknown	Fusion Builder	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4117	IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi	Unknown	IWS	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0679	Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE	Unknown	Narnoo Distributor	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0826	WP Video Gallery <= 1.7.1 - Unauthenticated SQLi	Majba	WP Video Gallery	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-23489	The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's'...	n/a	Easy Digital Downloads WordPress Plugin	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0786	KiviCare < 2.3.9 - Unauthenticated SQLi	Iqonic Design	KiviCare – Clinic & Patient Management System (EHR)	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-12800	The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution...	n/a	n/a	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-37580	Apache ShenYu Admin bypass JWT authentication	Apache Software Foundation	Apache ShenYu Admin	2025-05-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-24499	Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution	Unknown	Workreap	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0827	Bestbooks <= 2.6.3 - Unauthenticated SQLi	Unknown	Bestbooks	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 301 - 325 of 2002 in total