Known Exploited Vulnerabilities

Focus on What Matters

There are 297,489 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2022-2487	WAVLINK WN535K2/WN535K3 nightled.cgi os command injection	WAVLINK	WN535K2, WN535K3	2025-06-04 12:00:32 UTC	The Shadowserver (via CIRCL)
CVE-2021-43711	The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The...	TOTOLINK	EX200	2025-06-04 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2024-11238	Landray EKP sysUiComponent.do delPreviewFile path traversal	Landray	EKP	2025-06-03 12:00:19 UTC	The Shadowserver (via CIRCL)
CVE-2025-21479	Incorrect Authorization in Graphics	Qualcomm, Inc.	Snapdragon	2025-06-03 07:45:18 UTC	CyberInsider
CVE-2025-27038	Use After Free in Graphics	Qualcomm, Inc.	Snapdragon	2025-06-03 06:45:33 UTC	CyberInsider
CVE-2025-21480	Incorrect Authorization in Graphics Windows	Qualcomm, Inc.	Snapdragon	2025-06-03 06:45:26 UTC	CyberInsider
CVE-2025-5419	Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2025-06-03 04:30:40 UTC	TheHackerNews
CVE-2025-35939	Craft CMS stores user-provided content in session files	Craft	CMS	2025-06-02 18:00:28 UTC	CISA
CVE-2025-3935	ScreenConnect Exposure to ASP.NET ViewState Code Injection	ConnectWise	ScreenConnect	2025-06-02 18:00:21 UTC	CISA
CVE-2023-26256	An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By...	STAGIL	STAGIL Navigation for Jira - Menu & Themes	2025-06-02 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2023-26255	An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By...	STAGIL	STAGIL Navigation for Jira - Menu & Themes	2025-06-02 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2020-13638	lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been...	rConfig	rConfig	2025-06-02 12:00:27 UTC	The Shadowserver (via CIRCL)
CVE-2014-2321	web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated...	ZTE	F460 & F660	2025-06-01 12:01:13 UTC	The Shadowserver (via CIRCL)
CVE-2022-0952	Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update	click5	Sitemap by click5	2025-06-01 12:01:06 UTC	The Shadowserver (via CIRCL)
CVE-2021-33544	UDP Technology/Geutebrück camera devices: command injection leading to RCE	Geutebrück	E2 Series, Encoder G-Code	2025-06-01 12:00:59 UTC	The Shadowserver (via CIRCL)
CVE-2020-11991	When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to...	Apache Software Foundation	Apache Cocoon	2025-06-01 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2024-8181	Flowise Authentication Bypass	FlowiseAI	Flowise	2025-06-01 12:00:45 UTC	The Shadowserver (via CIRCL)
CVE-2022-29153	HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows...	HashiCorp	Consul & Consul Enterprise	2025-06-01 12:00:38 UTC	The Shadowserver (via CIRCL)
CVE-2017-1000170	jqueryFileTree 2.1.5 and older Directory Traversal	jqueryFileTree	jqueryFileTree	2025-06-01 12:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2023-31465	An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to...	FSMLabs	TimeKeeper	2025-05-31 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2023-46574	An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the...	TOTOLINK	A3700R	2025-05-31 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-41109	SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.	Patton LLC	SmartNode SN200	2025-05-31 12:00:27 UTC	The Shadowserver (via CIRCL)
CVE-2023-34659	jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.	JEECG	jeecg-boot	2025-05-31 12:00:20 UTC	The Shadowserver (via CIRCL)
CVE-2018-19276	OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary...	OpenMRS	OpenMRS	2025-05-30 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2018-2894	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are...	Oracle Corporation	WebLogic Server	2025-05-30 12:00:34 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 26 - 50 of 1850 in total