Known Exploited Vulnerabilities

Focus on What Matters

There are 349,949 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-34038	Weaver E-cology SQL Injection	Weaver	E-cology	2026-01-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34059	Dahua Smart Cloud Gateway Registration Management Platform SQL Injection	Zhejiang Dahua Technology Co., Ltd.	Smart Cloud Gateway Registration Management Platform	2026-01-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-11714	An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0...	n/a	n/a	2026-01-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-40748	PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php.	n/a	n/a	2026-01-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-69200	phpMyFAQ has unauthenticated config backup download via /api/setup/backup	thorsten	phpMyFAQ	2026-01-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-20440	A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This...	Cisco	Cisco Smart License Utility	2026-01-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-10204	Unauth Admin Reset Password on AC Smart II	LG Electronics	AC Smart II	2026-01-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-36923	Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before...	n/a	n/a	2026-01-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-7314	anji-plus AJ-Report Authentication Bypass	anji-plus	AJ-Report	2026-01-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-36870	Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE	Beijing Star-Net Ruijie Network Technology Co., Ltd.	RG-EG1000C, RG-EG2000F, RG-EG2000K, RG-EG2000L, RG-EG2000CE, RG-EG2000SE, RG-EG2000GE, RG-EG2000XE, RG-EG2000UE, RG-EG3000CE, RG-EG3000SE, RG-EG3000GE, RG-EG3000ME, RG-EG3000UE, RG-EG3000XE, RG-EG2100-P, EG3210, EG3220, EG3230, EG3250, NBR108G-P, NBR1000G-E, NBR1300G-E, NBR1700G-E, NBR2100G-E, NBR2500D-E, NBR3000D-E, NBR6120-E, NBR6135-E, NBR6205-E, NBR6210-E, NBR6215-E, NBR800G, NBR950G, NBR1000G-C, NBR2000G-C, NBR3000G-S	2026-01-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-7334	Changjetong T+ <= 16.x GetStoreWarehouseByStore Deserialization RCE	Changjetong Information Technology Co., Ltd.	T+	2026-01-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4984	ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection via user-login.html	Qingdao Esoft Tianchuang Network Technology Co., Ltd.	ZenTao Biz, ZenTao Max, ZenTao Open Source Edition	2026-01-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-3708	D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local...	D-Link	DSL-2750U	2026-01-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-7928	FastAdmin lang path traversal	n/a	FastAdmin	2026-01-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34039	Yonyou NC BeanShell Command Injection	Yonyou Co., Ltd.	UFIDA NC	2026-01-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34057	Ruijie NBR Router Administrative Credential Disclosure	Ruijie	NBR Router	2026-01-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34043	Vacron NVR Remote Command Execution	Vacron	Network Video Recorder (NVR)	2026-01-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34036	Shenzhen TVT CCTV-DVR Command Injection	Shenzhen TVT	CCTV-DVR	2026-01-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-28005	An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse...	n/a	n/a	2026-01-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-36728	The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows...	tunafish	Adning Advertising	2026-01-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-53364	Parse Server exposes the data schema via GraphQL API	parse-community	parse-server	2026-01-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-28185	User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system...	n/a	n/a	2026-01-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-18952	SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code...	n/a	n/a	2026-01-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-26879	Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the...	n/a	n/a	2026-01-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-5776	Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a...	n/a	MAGMI	2026-01-04 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 401 - 425 of 3822 in total