Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2026-25187	Winlogon Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows 11 version 26H1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	2026-04-19 13:49:43 UTC	The Shadowserver (via CIRCL)
CVE-2026-3564	ScreenConnect Instance Level Cryptographic Material Exposure	ConnectWise	ScreenConnect	2026-04-19 13:47:27 UTC	The Shadowserver (via CIRCL)
CVE-2026-26127	.NET Denial of Service Vulnerability	Microsoft	.NET 10.0, .NET 9.0, Microsoft.Bcl.Memory	2026-04-19 13:46:42 UTC	The Shadowserver (via CIRCL)
CVE-2026-21262	SQL Server Elevation of Privilege Vulnerability	Microsoft	Microsoft SQL Server 2016 Service Pack 3 (GDR), Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft SQL Server 2017 (CU 31), Microsoft SQL Server 2017 (GDR), Microsoft SQL Server 2019 (CU 32), Microsoft SQL Server 2019 (GDR), Microsoft SQL Server 2022 (GDR), Microsoft SQL Server 2022 for x64-based Systems (CU 23), Microsoft SQL Server 2025 (CU 2), Microsoft SQL Server 2025 for x64-based Systems (GDR)	2026-04-19 13:46:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-6605	SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText,...	n/a	n/a	2026-04-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-66954	A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames...	n/a	n/a	2026-04-17 21:00:04 UTC	The Shadowserver (via CIRCL)
CVE-2024-32114	Apache ActiveMQ: Jolokia and REST API were not secured with default configuration	Apache Software Foundation	Apache ActiveMQ	2026-04-17 18:30:06 UTC	The Shadowserver (via CIRCL)
CVE-2025-0520	ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution	ShowDoc	ShowDoc	2026-04-16 18:40:07 UTC	The Shadowserver (via CIRCL)
CVE-2026-33032	Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover	0xJacky	nginx-ui	2026-04-15 16:05:13 UTC	The Shadowserver (via CIRCL)
CVE-2018-7490	uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.	n/a	n/a	2026-04-15 14:28:38 UTC	The Shadowserver (via CIRCL)
CVE-2023-22809	In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR,...	n/a	n/a	2026-04-15 14:28:37 UTC	The Shadowserver (via CIRCL)
CVE-2024-4367	A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability...	Mozilla	Firefox, Firefox ESR, Thunderbird	2026-04-15 14:28:37 UTC	The Shadowserver (via CIRCL)
CVE-2018-15473	OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the...	n/a	n/a	2026-04-15 14:28:36 UTC	The Shadowserver (via CIRCL)
CVE-2022-0778	Infinite loop in BN_mod_sqrt() reachable when parsing certificates	OpenSSL	OpenSSL	2026-04-15 14:28:35 UTC	The Shadowserver (via CIRCL)
CVE-2025-61624	An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4,...	Fortinet	FortiOS, FortiProxy, FortiSwitchManager, FortiPAM	2026-04-14 04:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-20300	SQL injection vulnerability in the wp_where function in WeiPHP 5.0.	n/a	n/a	2026-04-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-3223	Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.	n/a	n/a	2026-04-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-59528	Flowise has Remote Code Execution vulnerability	FlowiseAI	Flowise	2026-04-10 15:41:14 UTC	The Shadowserver (via CIRCL)
CVE-2026-21891	ZimaOS has Authentication Bypass via System-Level Username	IceWhaleTech	ZimaOS	2026-04-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-3965	whyour qinglong API express.ts protection mechanism	whyour	qinglong	2026-04-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-0740	Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload	SaturdayDrive	Ninja Forms - File Uploads	2026-04-08 15:49:34 UTC	The Shadowserver (via CIRCL)
CVE-2025-8943	Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers			2026-04-07 18:20:05 UTC	The Shadowserver (via CIRCL)
CVE-2025-30208	Vite bypasses server.fs.deny when using `?raw??`	vitejs	vite	2026-04-06 19:42:04 UTC	The Shadowserver (via CIRCL)
CVE-2026-23744	REC in MCPJam inspector due to HTTP Endpoint exposes	MCPJam	inspector	2026-04-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-33936	python-ecdsa: Denial of Service via improper DER length validation in crafted private keys	tlsfuzzer	python-ecdsa	2026-04-02 09:00:05 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 301 - 325 of 3822 in total