Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2026-34828	listmonk: Active sessions remain valid after password reset and password change	knadh	listmonk	2026-04-02 09:00:05 UTC	The Shadowserver (via CIRCL)
CVE-2022-1768	The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user...	davidfcarr	RSVPMaker	2026-04-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-20404	A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on...	Cisco	Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, Cisco Finesse, Cisco Packaged Contact Center Enterprise	2026-04-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-4368	Race Condition leading to User Session Mixup	NetScaler	ADC, Gateway	2026-03-31 10:46:28 UTC	The Shadowserver (via CIRCL)
CVE-2021-46381	Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].	n/a	n/a	2026-03-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-25114	osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution	osCommerce	Online Merchant	2026-03-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-5434	An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter...	n/a	Revive Adserver	2026-03-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0346	Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting	Unknown	XML Sitemap Generator for Google	2026-03-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-4681	Critical Remote Code Execution vulnerability reported in Windchill	PTC	Windchill PDMLink, FlexPLM	2026-03-25 15:00:08 UTC	The Shadowserver (via CIRCL)
CVE-2022-40843	The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router...	n/a	n/a	2026-03-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-15503	Sangfor Operation and Maintenance Management System common.jsp unrestricted upload	Sangfor	Operation and Maintenance Management System	2026-03-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-2376	Directorist < 7.3.1 - Unauthenticated Email Address Disclosure	Unknown	Directorist – WordPress Business Directory Plugin with Classified Ads Listings	2026-03-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-47795	GeoVision Geowebserver 5.3.3 - Local FIle Inclusion	Geovision	GeoVision Geowebserver	2026-03-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-25037	Aquatronica Controller System Complete Information Disclosure	Aquatronica	Aquatronica Controller System	2026-03-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-21992	Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager...	Oracle Corporation	Oracle Identity Manager, Oracle Web Services Manager	2026-03-23 06:46:50 UTC	The Shadowserver (via CIRCL)
CVE-2025-34054	AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection	AVTECH	IP camera, DVR, and NVR Devices	2026-03-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-10173	Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and...	n/a	n/a	2026-03-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-21902	Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root	Juniper Networks	Junos OS Evolved	2026-03-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34030	sar2html OS Command Injection	sar2html	sar2html	2026-03-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-4542	D-Link DAR-8000-10 sys1.php os command injection	D-Link	DAR-8000-10	2026-03-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-32746	telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc...	GNU	inetutils	2026-03-18 06:09:26 UTC	The Shadowserver (via CIRCL)
CVE-2021-44868	A problem was found in ming-soft MCMS v5.1. There is a sql injection vulnerability in /ms/cms/content/list.do	n/a	n/a	2026-03-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-12124	A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to...	n/a	n/a	2026-03-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-38627	Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection...	n/a	n/a	2026-03-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-10546	rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored...	n/a	n/a	2026-03-17 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 326 - 350 of 3822 in total