Known Exploited Vulnerabilities

Focus on What Matters

There are 304,048 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-0352	Likeshop HTTP POST Request File.php userFormImage unrestricted upload	n/a	Likeshop	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-39952	A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0...	Fortinet	FortiNAC	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2010-0219	Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of...	Apache Software Foundation	Axis2	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-37679	A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.	n/a	n/a	2025-04-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21307	Remote Code Exploit in Lucee Admin	lucee	Lucee	2025-04-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-29383	NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at...	n/a	n/a	2025-04-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21978	VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of...	n/a	VMware View Planner	2025-04-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-31200	A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and...	Apple	visionOS, iOS iOS and iPadOS, tvOS, macOS	2025-04-17 00:00:00 UTC	CISA
CVE-2025-31201	This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1,...	Apple	visionOS, iOS iOS and iPadOS, tvOS, macOS	2025-04-17 00:00:00 UTC	CISA
CVE-2025-24054	NTLM Hash Disclosure Spoofing Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-04-17 00:00:00 UTC	CISA
CVE-2021-20035	Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands...	SonicWall	SMA100	2025-04-16 00:00:00 UTC	CISA
CVE-2025-3248	Langflow Unauth RCE	langflow-ai	langflow	2025-04-13 00:00:00 UTC	CVE
CVE-2025-3102	SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation	brainstormforce	OttoKit: All-in-One Automation Platform (Formerly SureTriggers)	2025-04-11 00:00:00 UTC	TheHackerNews
CVE-2024-58136	Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the...	yiiframework	Yii	2025-04-10 00:00:00 UTC	CVE
CVE-2024-53197	ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices	Linux	Linux	2025-04-09 00:00:00 UTC	CISA
CVE-2024-53150	ALSA: usb-audio: Fix out of bounds reads when finding clock sources	Linux	Linux	2025-04-09 00:00:00 UTC	CISA
CVE-2025-30406	Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's...	Gladinet	CentreStack	2025-04-08 00:00:00 UTC	CISA
CVE-2025-29824	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-04-08 00:00:00 UTC	CISA
CVE-2025-31161	CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is...	CrushFTP	CrushFTP	2025-04-07 00:00:00 UTC	CISA
CVE-2025-22457	A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA...	Ivanti	Connect Secure, Policy Secure, Neurons for ZTA gateways	2025-04-04 00:00:00 UTC	CISA
CVE-2025-24813	Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT	Apache Software Foundation	Apache Tomcat	2025-04-01 00:00:00 UTC	CISA
CVE-2024-20439	A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a...	Cisco	Cisco Smart License Utility	2025-03-31 00:00:00 UTC	CISA
CVE-2025-30355	Synapse vulnerable to federation denial of service via malformed events	element-hq	synapse	2025-03-27 00:00:00 UTC	CVE
CVE-2025-2857	Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised...	Mozilla	Firefox, Firefox ESR	2025-03-27 00:00:00 UTC	CVE
CVE-2025-2783	Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to...	Google	Chrome	2025-03-27 00:00:00 UTC	CISA

Displaying vulnerabilities 451 - 475 of 2008 in total