Known Exploited Vulnerabilities

Focus on What Matters

There are 301,657 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-52028	TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.	TOTOlink	A3700R	2025-07-08 12:01:51 UTC	The Shadowserver (via CIRCL)
CVE-2023-1698	WAGO: WBM Command Injection in multiple products	WAGO	Compact Controller CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line	2025-07-08 12:01:44 UTC	The Shadowserver (via CIRCL)
CVE-2023-25135	vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers...	vBulletin	vBulletin	2025-07-08 12:01:35 UTC	The Shadowserver (via CIRCL)
CVE-2023-34133	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an...	SonicWall	GMS, Analytics	2025-07-08 12:01:28 UTC	The Shadowserver (via CIRCL)
CVE-2023-29919	SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not...	n/a	SolarView Compact	2025-07-08 12:01:18 UTC	The Shadowserver (via CIRCL)
CVE-2023-23333	There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions...	SolarView	Compact	2025-07-08 12:01:10 UTC	The Shadowserver (via CIRCL)
CVE-2023-30625	rudder-server vulnerable to SQL Injection	rudderlabs	rudder-server	2025-07-08 12:01:03 UTC	The Shadowserver (via CIRCL)
CVE-2022-36509	H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.	H3C	GR3200	2025-07-08 12:00:53 UTC	The Shadowserver (via CIRCL)
CVE-2023-28343	OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone...	Altenergy	Power Control Software	2025-07-08 12:00:42 UTC	The Shadowserver (via CIRCL)
CVE-2023-1177	Path Traversal: '\..\filename' in mlflow/mlflow	mlflow	mlflow/mlflow	2025-07-08 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2023-22478	KubePi is vulnerable to missing authorization	KubeOperator	KubePi	2025-07-08 12:00:28 UTC	The Shadowserver (via CIRCL)
CVE-2014-3931	fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption.	n/a	Multi-Router Looking Glass	2025-07-07 17:45:39 UTC	CISA
CVE-2016-10033	The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command...	PHPMailer	PHPMailer	2025-07-07 17:45:30 UTC	CISA
CVE-2019-5418	There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted...	Rails	https://github.com/rails/rails	2025-07-07 17:45:23 UTC	CISA
CVE-2019-9621	Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows...	Zimbra	Collaboration Suite	2025-07-07 17:45:14 UTC	CISA
CVE-2021-24442	Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection	wpdevart	Poll, Survey, Questionnaire and Voting system	2025-07-07 12:01:33 UTC	The Shadowserver (via CIRCL)
CVE-2022-22897	A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for...	ApolloTheme	AP PageBuilder for PrestaShop	2025-07-07 12:01:23 UTC	The Shadowserver (via CIRCL)
CVE-2022-2488	WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection	WAVLINK	WN535K2, WN535K3	2025-07-07 12:01:16 UTC	The Shadowserver (via CIRCL)
CVE-2020-35235	vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access...	WordPress	secure-file-manager plugin	2025-07-07 12:01:04 UTC	The Shadowserver (via CIRCL)
CVE-2022-25487	Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.	thedigicraft	Atom CMS	2025-07-07 12:00:53 UTC	The Shadowserver (via CIRCL)
CVE-2018-1335	From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the...	Apache Software Foundation	Apache Tika	2025-07-06 12:00:53 UTC	The Shadowserver (via CIRCL)
CVE-2019-15642	rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval...	Webmin	Webmin	2025-07-06 12:00:44 UTC	The Shadowserver (via CIRCL)
CVE-2017-6090	Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute...	PhpCollab	PhpCollab	2025-07-06 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2018-1000130	A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on...	Jolokia	Jolokia agent	2025-07-06 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2025-5777	NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread	NetScaler	ADC, Gateway	2025-07-04 12:00:14 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 26 - 50 of 1951 in total