Known Exploited Vulnerabilities

Focus on What Matters

There are 303,059 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-53771	Microsoft SharePoint Server Spoofing Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2025-07-20 23:45:29 UTC	BleepingComputer
CVE-2025-49706	Microsoft SharePoint Server Spoofing Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2025-07-20 10:15:32 UTC	TheHackerNews
CVE-2025-53770	Microsoft SharePoint Server Remote Code Execution Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2025-07-20 10:15:25 UTC	TheHackerNews
CVE-2025-32819	A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an...	SonicWall	SMA100	2025-07-18 22:45:44 UTC	Google Threat Intelligence
CVE-2021-20039	Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated...	SonicWall	SonicWall SMA100	2025-07-18 22:45:36 UTC	Google Threat Intelligence
CVE-2025-54309	CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote...	CrushFTP	CrushFTP	2025-07-18 19:40:23 UTC	CVE
CVE-2025-25257	An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0...	Fortinet	FortiWeb	2025-07-17 18:00:17 UTC	The Shadowserver (via CIRCL)
CVE-2025-34130	LILIN DVR Arbitrary File Read via net_html.cgi	Merit LILIN	DVR Firmware	2025-07-16 22:40:27 UTC	CVE
CVE-2025-34129	LILIN DVR RCE via Malicious FTP/NTP Configuration	Merit LILIN	DVR Firmware	2025-07-16 22:40:20 UTC	CVE
CVE-2019-2768	Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The...	Oracle Corporation	BI Publisher (formerly XML Publisher)	2025-07-16 12:00:20 UTC	The Shadowserver (via CIRCL)
CVE-2025-6558	Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially...	Google	Chrome	2025-07-16 08:30:28 UTC	CyberInsider
CVE-2025-6965	Integer Truncation on SQLite	SQLite	SQLite	2025-07-16 08:00:25 UTC	TheHackerNews
CVE-2025-49831	Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device	cyberark	conjur	2025-07-15 21:40:25 UTC	CVE
CVE-2022-46381	Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This...	Linear	eMerge E3-Series	2025-07-15 12:00:44 UTC	The Shadowserver (via CIRCL)
CVE-2021-45420	Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and...	Emerson	Dixell XWEB-500	2025-07-15 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-32235	Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory...	Ghost	Ghost	2025-07-15 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2020-35580	A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files...	SearchBlox	SearchBlox	2025-07-15 12:00:15 UTC	The Shadowserver (via CIRCL)
CVE-2020-15227	Remote Code Execution vulnerability	nette	application	2025-07-12 12:00:33 UTC	The Shadowserver (via CIRCL)
CVE-2021-33690	Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions...	SAP SE	SAP NetWeaver Development Infrastructure (Component Build Service)	2025-07-12 12:00:26 UTC	The Shadowserver (via CIRCL)
CVE-2025-47812	In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into...	wftpserver	Wing FTP Server	2025-07-10 17:45:23 UTC	Huntress Blog
CVE-2020-28188	Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via...	TerraMaster	TOS	2025-07-09 12:00:20 UTC	The Shadowserver (via CIRCL)
CVE-2023-46347	In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL...	NDK Design	Step by Step products Pack	2025-07-08 12:03:12 UTC	The Shadowserver (via CIRCL)
CVE-2024-36111	KubePi's JWT token validation has a defect	1Panel-dev	KubePi	2025-07-08 12:03:05 UTC	The Shadowserver (via CIRCL)
CVE-2023-4450	jeecgboot JimuReport Template injection	jeecgboot	JimuReport	2025-07-08 12:02:59 UTC	The Shadowserver (via CIRCL)
CVE-2023-3710	Printer web page invalid command execution	Honeywell, Honeywell	PM23/43, PC23/43, PD43, PM42, PX4ie/6ie, PX45/65, PD45, PX240, PX940, PM45, RP2f/RP4f	2025-07-08 12:02:52 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 26 - 50 of 1982 in total