Known Exploited Vulnerabilities

Focus on What Matters

There are 298,512 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2012-4867	Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary...	vtiger	CRM	2025-06-09 08:35:45 UTC	SANS Internet Storm Center
CVE-2020-36112	CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in...	Musyoka Ian	CSE Bookstore	2025-06-08 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2021-30168	MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-1	MERIT LILIN ENT.CO.,LTD.	P2/Z2/P3/Z3 IP camera firmware	2025-06-07 12:00:33 UTC	The Shadowserver (via CIRCL)
CVE-2022-24260	A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.	Voipmonitor	Voipmonitor GUI	2025-06-07 12:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2021-27964	SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to...	SonLogger	SonLogger	2025-06-06 12:00:43 UTC	The Shadowserver (via CIRCL)
CVE-2022-25322	ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.	ZEROF	Web Server	2025-06-06 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2022-35413	WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential...	Penta Security Systems Inc.	WAPPLES	2025-06-06 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2018-12031	Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory...	Eaton	Intelligent Power Manager	2025-06-06 12:00:15 UTC	The Shadowserver (via CIRCL)
CVE-2025-49113	Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is...	Roundcube	Webmail	2025-06-05 17:00:41 UTC	BleepingComputer
CVE-2024-57726	SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive...	SimpleHelp	SimpleHelp	2025-06-05 12:02:17 UTC	Sophos News
CVE-2024-57728	SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a...	SimpleHelp	SimpleHelp	2025-06-05 12:02:10 UTC	Sophos News
CVE-2019-17270	Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the...	Yachtcontrol	Yachtcontrol	2025-06-05 12:00:55 UTC	The Shadowserver (via CIRCL)
CVE-2017-18378	In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through...	NETGEAR	ReadyNAS Surveillance	2025-06-05 12:00:49 UTC	The Shadowserver (via CIRCL)
CVE-2020-10548	rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in...	rConfig	rConfig	2025-06-05 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2022-2487	WAVLINK WN535K2/WN535K3 nightled.cgi os command injection	WAVLINK	WN535K2, WN535K3	2025-06-04 12:00:32 UTC	The Shadowserver (via CIRCL)
CVE-2021-43711	The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The...	TOTOLINK	EX200	2025-06-04 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2024-11238	Landray EKP sysUiComponent.do delPreviewFile path traversal	Landray	EKP	2025-06-03 12:00:19 UTC	The Shadowserver (via CIRCL)
CVE-2025-21479	Incorrect Authorization in Graphics	Qualcomm, Inc.	Snapdragon	2025-06-03 07:45:18 UTC	CyberInsider
CVE-2025-27038	Use After Free in Graphics	Qualcomm, Inc.	Snapdragon	2025-06-03 06:45:33 UTC	CyberInsider
CVE-2025-21480	Incorrect Authorization in Graphics Windows	Qualcomm, Inc.	Snapdragon	2025-06-03 06:45:26 UTC	CyberInsider
CVE-2025-5419	Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2025-06-03 04:30:40 UTC	TheHackerNews
CVE-2025-35939	Craft CMS stores user-provided content in session files	Craft	CMS	2025-06-02 18:00:28 UTC	CISA
CVE-2025-3935	ScreenConnect Exposure to ASP.NET ViewState Code Injection	ConnectWise	ScreenConnect	2025-06-02 18:00:21 UTC	CISA
CVE-2023-26256	An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By...	STAGIL	STAGIL Navigation for Jira - Menu & Themes	2025-06-02 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2023-26255	An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By...	STAGIL	STAGIL Navigation for Jira - Menu & Themes	2025-06-02 12:00:34 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 26 - 50 of 1864 in total