Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-8425	WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload	WP Swings	WooCommerce Ultimate Gift Card	2026-03-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-24915	Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure	Unknown	Contest Gallery – Photo Contest Plugin for WordPress	2026-03-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-6329	Control iD iDSecure passwordCustom Authentication Bypass	Control iD	iDSecure	2026-03-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2026-21708	A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.	Veeam	Backup and Replication	2026-03-13 16:26:50 UTC	The Shadowserver (via CIRCL)
CVE-2026-21667	A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.	Veeam	Backup and Replication	2026-03-13 16:26:50 UTC	The Shadowserver (via CIRCL)
CVE-2026-21669	A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.	Veeam	Backup and Replication	2026-03-13 16:26:50 UTC	The Shadowserver (via CIRCL)
CVE-2026-21666	A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.	Veeam	Backup and Replication	2026-03-13 16:26:50 UTC	The Shadowserver (via CIRCL)
CVE-2024-13030	D-Link DIR-823G Web Management Interface HNAP1 SetVirtualServerSettings access control	D-Link	DIR-823G	2026-03-12 10:50:26 UTC	The Shadowserver (via CIRCL)
CVE-2021-24943	Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection	Unknown	Registrations for the Events Calendar – Event Registration Plugin	2026-03-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4063	InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE	Unknown	InPost Gallery	2026-03-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-47188	A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit...	n/a	n/a	2026-03-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-3606	TamronOS ping os command injection	n/a	TamronOS	2026-03-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-21620	Junos OS: SRX Series and EX Series: J-Web doesn't sufficiently sanitize input to prevent XSS	Juniper Networks	Junos OS	2026-03-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-13985	Dahua EIMS capture_handle.action RCE	Zhejiang Dahua Technology Co., Ltd.	EIMS	2026-03-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-4462	Employee Records System v1.0 Arbitrary File Upload RCE	Employee Records System	Employee Records System	2026-02-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-22214	Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.	n/a	n/a	2026-02-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0747	Infographic Maker - iList < 4.3.8 - Unauthenticated SQL Injection	Unknown	Infographic Maker – iList	2026-02-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-37393	Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An...	n/a	n/a	2026-02-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0784	Title Experiments Free < 9.0.1 - Unauthenticated SQLi	Unknown	Title Experiments Free	2026-02-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34041	Sangfor Endpoint Detection and Response OS Command Injection	Sangfor Technologies Co., Ltd.	Endpoint Detection and Response Platform	2026-02-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-54763	An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without...	n/a	n/a	2026-02-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-36858	An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via...	n/a	n/a	2026-02-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34068	Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters	Samsung Electronics	WLAN AP WEA453e	2026-02-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-36857	Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.	n/a	n/a	2026-02-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-31250	Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack...	n/a	n/a	2026-02-16 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 351 - 375 of 3822 in total