Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-24071	Microsoft Windows File Explorer Spoofing Vulnerability	Microsoft	Windows 10 Version 1507, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	2025-12-02 23:02:58 UTC	The Shadowserver (via CIRCL)
CVE-2022-29081	Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control...	n/a	n/a	2025-12-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-24212	WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE	Unknown	WooCommerce Help Scout	2025-11-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1574	HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload	Unknown	HTML2WP	2025-11-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-7304	Ruijie RG-UAC nmc_sync.php Command Injection	Ruijie Networks Co., Ltd.	RG-UAC	2025-11-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-19825	On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the...	n/a	n/a	2025-11-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-4169	Ruijie RG-EW1200G Administrator Password set_passwd access control	Ruijie	RG-EW1200G	2025-11-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-50968	Apache OFBiz: Arbitrary file properties reading and SSRF attack	Apache Software Foundation	Apache OFBiz	2025-11-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0656	uDraw < 3.3.3 - Unauthenticated Arbitrary File Access	Unknown	Web To Print Shop : uDraw	2025-11-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2013-2678	Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive...	n/a	n/a	2025-11-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-11001	7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability	7-Zip	7-Zip	2025-11-21 13:46:16 UTC	The Shadowserver (via CIRCL)
CVE-2023-48022	Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that...	n/a	n/a	2025-11-20 17:26:09 UTC	The Shadowserver (via CIRCL)
CVE-2025-27505	GeoServer Missing Authorization on REST API Index	geoserver	geoserver	2025-11-20 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-64027	Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is...	n/a	n/a	2025-11-17 15:00:08 UTC	The Shadowserver (via CIRCL)
CVE-2025-8061	A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo...	Lenovo	Dispatcher 3.0 Driver, Dispatcher 3.1 Driver	2025-11-17 15:00:08 UTC	The Shadowserver (via CIRCL)
CVE-2025-36250	AIX Code Execution	IBM	AIX, VIOS	2025-11-17 15:00:08 UTC	The Shadowserver (via CIRCL)
CVE-2025-54574	Squid's URN Handling can lead to Buffer Overflow	squid-cache	squid	2025-11-17 15:00:08 UTC	The Shadowserver (via CIRCL)
CVE-2023-33177	Xibo CMS vulnerable to Remote Code Execution through Zip Slip	xibosignage	xibo-cms	2025-11-17 15:00:08 UTC	The Shadowserver (via CIRCL)
CVE-2025-12762	Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4)	pgadmin.org	pgAdmin 4	2025-11-17 15:00:08 UTC	The Shadowserver (via CIRCL)
CVE-2022-38130	The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the...	n/a	Keysight Technologies Sensor Management Server	2025-11-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-8961	A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.	Hewlett Packard Enterprise	Intelligent Management Center	2025-11-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-5815	The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post...	infornweb	News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry)	2025-11-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-34187	main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.	n/a	n/a	2025-11-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1006	Advanced Booking Calendar < 1.7.1 - Admin+ SQLi	Unknown	Advanced Booking Calendar	2025-11-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-47539	WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability	Arraytics	Eventin	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 451 - 475 of 3822 in total