Known Exploited Vulnerabilities

Focus on What Matters

There are 304,014 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-32030	The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-25003	WPCargo < 6.9.0 - Unauthenticated RCE	Unknown	WPCargo Track & Trace	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-3721	TBK DVR-4104/DVR-4216 os command injection	TBK	DVR-4104, DVR-4216	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-24488	Cross site scripting	Citrix	Citrix ADC and Citrix Gateway	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-22274	A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service...	SonicWall	SonicOS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-22024	An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA...	Ivanti	ICS, IPS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-38646	Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the...	n/a	n/a	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-0656	A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could...	SonicWall	SonicOS	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-10372	The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547,...	Eir	D1000 modem	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-4191	An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with...	GitLab	GitLab	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-12780	The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A...	Belkin	Wemo Enabled Crock-Pot	2025-04-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-3928	Commvault Web Server unspecified vulnerability	Commvault	Web Server	2025-04-28 00:00:00 UTC	CISA
CVE-2019-17506	There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the...	D-Link	DIR-868L, DIR-817LW	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-11530	A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter...	n/a	n/a	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-39026	Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive...	n/a	n/a	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-5128	A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...	YouPHPTube	YouPHPTube	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-17431	Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.	Comodo	UTM Firewall	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35665	An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in...	n/a	n/a	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-5674	__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1...	NUUO, NETGEAR	NVRmini 2, NVRsolo, ReadyNAS Surveillance	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-7927	A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN,...	Dahua	Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-3760	There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially...	HackerOne	Sprockets	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-21899	QTS, QuTS hero, QuTScloud	QNAP Systems Inc.	QTS, QuTS hero, QuTScloud	2025-04-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-32432	Craft CMS Allows Remote Code Execution	craftcms	cms	2025-04-26 00:00:00 UTC	ONYPHE Blog
CVE-2023-43795	WPS Server Side Request Forgery in GeoServer	geoserver	geoserver	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-13315	Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an...	TOTOLINK	A3002RU	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 401 - 425 of 2008 in total