Known Exploited Vulnerabilities

Focus on What Matters

There are 303,822 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-11120	GeoVision EOL devices - OS Command Injection	GeoVision	GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, GVLX 4 V3	2025-05-07 06:40:19 UTC	CVE
CVE-2020-35131	Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in...	n/a	n/a	2025-05-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-52163	Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no...	n/a	n/a	2025-05-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-5700	Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0...	F5	BIG-IP	2025-05-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-7399	Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to...	Samsung Electronics	MagicINFO 9 Server	2025-05-06 10:45:19 UTC	CyberInsider
CVE-2013-7091	Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows...	Zimbra	Zimbra Collaboration Suite	2025-05-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-24016	Remote code execution in Wazuh server	wazuh	wazuh	2025-05-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-38130	The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the...	n/a	Keysight Technologies Sensor Management Server	2025-05-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-27931	LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a...	n/a	n/a	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-3801	IBAX go-ibax rowsInfo sql injection	IBAX	go-ibax	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-7921	An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series...	Hikvision	Hikvision Cameras	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2001-0537	HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being...	Cisco	IOS	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-36991	Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows	Splunk	Splunk Enterprise	2025-05-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-21650	Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add()...	GrandStream	Myucms	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-6114	Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure	Snap Creek LLC	Duplicator, Duplicator Pro	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-37291	An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.	KevinLAB Inc	Building Energy Management System	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-31478	An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and...	GL.iNet	All	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-31126	Unauthenticated Remote Code Execution in Roxy-wi	hap-wi	roxy-wi	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-29078	The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view...	fleegix	ejs	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-26833	An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A...	Open Automation Software	OAS Platform	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-53086	wifi: mt76: connac: do not check WED status for non-mmio devices	Linux	Linux	2025-05-02 15:55:33 UTC	CVE
CVE-2025-34028	Commvault Command Center Innovation Release Unathenticated Install Package Path Traversal	Commvault	Command Center Innovation Release	2025-05-02 00:00:00 UTC	CISA
CVE-2017-9844	SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized...	SAP SE	SAP NetWeaver	2025-05-01 09:15:27 UTC	Tenable Blog
CVE-2024-38475	Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.	Apache Software Foundation	Apache HTTP Server	2025-05-01 09:07:18 UTC	TheHackerNews
CVE-2023-44221	Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative...	SonicWall	SMA100	2025-05-01 09:06:31 UTC	TheHackerNews

Displaying vulnerabilities 351 - 375 of 2004 in total