Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-4009	Unauthenticated Arbitrary Command Injection in Evertz SDVN	Evertz	3080ipx-10G, MViP-II, cVIP, 7890IXG, CC Access Server, 5782XPS-APP-4E	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-0674	Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel	Elber	Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, Wayber Analog/Digital Audio STL	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-7309	Dahua Smart Park Integrated Management Platform Front-End Arbitrary File Upload	Zhejiang Dahua Technology Co., Ltd.	Smart Park Integrated Management Platform	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-25034	SugarCRM PHP Deserialization RCE	SugarCRM	SugarCRM	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-47539	WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability	Arraytics	Eventin	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-9193	WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update	creativeon	WHMpress - WHMCS WordPress Integration Plugin	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-53118	Securden Unified PAM Authentication Bypass	Securden	Unified PAM	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34143	ETQ Reliance CG Authentication Bypass via Trailing Space RCE	ETQ	Reliance CG (legacy)	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-6235	Sensitive information disclosure	NetScaler	NetScaler Console	2025-11-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-3980	An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed...	Sophos	Sophos Mobile managed on-premises	2025-11-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-20073	Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability	Cisco	Cisco Small Business RV Series Router Firmware	2025-11-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-5830	ColumbiaSoft Document Locator WebTools login improper authentication	ColumbiaSoft	Document Locator	2025-11-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-26258	Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the...	n/a	n/a	2025-11-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4328	WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload	Unknown	WooCommerce Checkout Field Manager	2025-11-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-49785	NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting	ChatGPTNextWeb	NextChat	2025-11-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0592	MapSVG < 6.2.20 - Unauthenticated SQLi	Unknown	MapSVG	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1020	Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call	Unknown	Product Table for WooCommerce (wooproducttable)	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0827	Bestbooks <= 2.6.3 - Unauthenticated SQLi	Unknown	Bestbooks	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-31137	Unauthenticated Remote Code Execution in Roxy-WI	hap-wi	roxy-wi	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-29007	Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows...	n/a	n/a	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-37580	Apache ShenYu Admin bypass JWT authentication	Apache Software Foundation	Apache ShenYu Admin	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-27931	LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a...	n/a	n/a	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0826	WP Video Gallery <= 1.7.1 - Unauthenticated SQLi	Unknown	WP Video Gallery	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-44427	An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to...	n/a	n/a	2025-11-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-17173	LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.	n/a	n/a	2025-11-06 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 476 - 500 of 3822 in total