Known Exploited Vulnerabilities

Focus on What Matters

There are 304,014 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-0778	Uniview ISC 2500-S VM.php setNatConfig os command injection	Uniview	ISC 2500-S	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-9866	A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual...	SonicWall	Global Management System (GMS)	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-13315	Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an...	TOTOLINK	A3002RU	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-40822	GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.	n/a	n/a	2025-04-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-31324	Missing Authorization check in SAP NetWeaver (Visual Composer development server)	SAP_SE	SAP NetWeaver (Visual Composer development server)	2025-04-25 00:00:00 UTC	Tenable Blog
CVE-2018-10737	A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.	Nagios	XI	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-5129	A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...	YouPHPTube	YouPHPTube	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-12635	Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before...	Apache Software Foundation	Apache CouchDB	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-19824	On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the...	TOTOLINK	Realtek SDK based routers	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-5127	A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...	YouPHPTube	YouPHPTube"	2025-04-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-21762	A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0...	Fortinet	FortiProxy, FortiOS	2025-04-24 00:00:00 UTC	CVE
CVE-2024-27199	In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible	JetBrains	TeamCity	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-11248	Kubernetes kubelet exposes /debug/pprof info on healthz port	Kubernetes	Kubernetes	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-18394	A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send...	Ignite Realtime	Openfire	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-9014	OAuth2 client id and secret exposed through the web browser in pgAdmin 4	pgadmin.org	pgAdmin 4	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-11759	The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK...	Apache Software Foundation	Apache Tomcat Connectors	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-11305	Altenergy Power Control Software status_zigbee get_status_zigbee sql injection	Altenergy	Power Control Software	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-25735	An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP...	n/a	n/a	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-0305	Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure	Guangzhou Yingke Electronic Technology	Ncast	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-10914	D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection	D-Link	DNS-320, DNS-320LW, DNS-325, DNS-340L	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-46422	Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any...	n/a	n/a	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-24893	Remote code execution as guest via SolrSearchMacros request in xwiki	xwiki	xwiki-platform	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-27954	WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability	WP Automatic	Automatic	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-0204	Authentication Bypass in GoAnywhere MFT	Fortra	GoAnywhere MFT	2025-04-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-10379	An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2....	GitLab	GitLab Community Edition (CE), GitLab Enterprise Edition (EE)	2025-04-23 21:33:20 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 426 - 450 of 2008 in total