Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-39312	True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read	True Ranker	True Ranker	2026-01-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-53944	An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through...	n/a	n/a	2026-01-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-22897	An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents...	n/a	n/a	2026-01-02 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-55190	Argo CD: Project API Token Exposes Repository Credentials	argoproj	argo-cd	2026-01-02 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2014-9118	The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell...	n/a	n/a	2026-01-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-9762	A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any...	n/a	n/a	2025-12-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-22122	An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an...	Fortinet	Fortinet FortiWeb	2025-12-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-8982	An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the...	n/a	n/a	2025-12-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-5914	Cross-site scripting (XSS)	Cloud Software Group	Citrix StoreFront	2025-12-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-29003	Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi,...	n/a	n/a	2025-12-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-65354	Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST...	n/a	n/a	2025-12-23 21:00:05 UTC	The Shadowserver (via CIRCL)
CVE-2021-30118	Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5	n/a	n/a	2025-12-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-5074	Authentication Bypass in D-Link D-View 8	D-Link	D-View 8	2025-12-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-59719	An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through...	Fortinet	FortiWeb	2025-12-16 14:02:50 UTC	The Shadowserver (via CIRCL)
CVE-2025-29927	Authorization Bypass in Next.js Middleware	vercel	next.js	2025-12-15 14:29:13 UTC	The Shadowserver (via CIRCL)
CVE-2025-24367	Cacti allows Arbitrary File Creation leading to RCE	Cacti	cacti	2025-12-15 03:00:07 UTC	The Shadowserver (via CIRCL)
CVE-2025-9074	Docker Desktop allows unauthenticated access to Docker Engine API from containers	Docker	Docker Desktop	2025-12-15 03:00:07 UTC	The Shadowserver (via CIRCL)
CVE-2022-2958	BadgeOS < 3.7.1.3 - Subscriber+ SQLi	Unknown	BadgeOS	2025-12-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-41649	An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a...	n/a	n/a	2025-12-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-6389	Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback	Sneeit	Sneeit Framework	2025-12-08 12:34:51 UTC	The Shadowserver (via CIRCL)
CVE-2018-11511	The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the...	n/a	n/a	2025-12-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-31126	Unauthenticated Remote Code Execution in Roxy-wi	hap-wi	roxy-wi	2025-12-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-17518	Apache Flink directory traversal attack: remote file writing through the REST API	Apache Software Foundation	Apache Flink	2025-12-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-8489	King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation	kingaddons	King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor	2025-12-03 21:31:32 UTC	The Shadowserver (via CIRCL)
CVE-2022-31814	pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host...	n/a	n/a	2025-12-03 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 426 - 450 of 3822 in total