Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-35667	JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.	n/a	n/a	2025-11-05 21:00:04 UTC	The Shadowserver (via CIRCL)
CVE-2025-48593	In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote...	Google	Android	2025-11-05 19:42:16 UTC	The Shadowserver (via CIRCL)
CVE-2024-12856	Four-Faith Industrial Router adjust_sys_time OS Command Injection	Four-Faith	F3x24, F3x36	2025-11-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-17532	Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi...	n/a	n/a	2025-10-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-11533	WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation	ApusTheme	WP Freeio	2025-10-29 21:41:13 UTC	The Shadowserver (via CIRCL)
CVE-2020-8958	Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to...	n/a	n/a	2025-10-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-60595	SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution.	n/a	n/a	2025-10-28 21:00:05 UTC	The Shadowserver (via CIRCL)
CVE-2025-55752	Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled	Apache Software Foundation	Apache Tomcat	2025-10-28 21:00:05 UTC	The Shadowserver (via CIRCL)
CVE-2024-6387	Openssh: regresshion - race condition in ssh allows rce/dos	, Red Hat	, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat OpenShift Container Platform 4.13, Red Hat OpenShift Container Platform 4.14, Red Hat OpenShift Container Platform 4.15, Red Hat OpenShift Container Platform 4.16, Red Hat Ceph Storage 5, Red Hat Ceph Storage 6, Red Hat Ceph Storage 7, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8	2025-10-28 06:45:31 UTC	The Shadowserver (via CIRCL)
CVE-2025-61156	Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary...	n/a	n/a	2025-10-27 16:53:52 UTC	The Shadowserver (via CIRCL)
CVE-2025-8868	Chef Automate compliance service SQL Injection Vulnerability	Progress Software	Chef Automate	2025-10-27 14:10:46 UTC	The Shadowserver (via CIRCL)
CVE-2023-5970	Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain...	SonicWall	SMA100	2025-10-26 22:33:03 UTC	The Shadowserver (via CIRCL)
CVE-2022-1703	Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to...	SonicWall	SMA100	2025-10-26 22:32:42 UTC	The Shadowserver (via CIRCL)
CVE-2022-2915	A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service...	SonicWall	SMA100	2025-10-26 22:32:25 UTC	The Shadowserver (via CIRCL)
CVE-2025-24477	A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12...	Fortinet	FortiOS	2025-10-26 22:32:03 UTC	The Shadowserver (via CIRCL)
CVE-2025-59474	Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users...	Jenkins Project	Jenkins	2025-10-26 19:42:31 UTC	The Shadowserver (via CIRCL)
CVE-2024-36394	SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	Sysaid	SysAid	2025-10-26 04:57:35 UTC	The Shadowserver (via CIRCL)
CVE-2023-50358	QTS, QuTS hero, QuTScloud	QNAP Systems Inc.	QTS, QuTS hero, QuTScloud	2025-10-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-11972	Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation	Unknown	Hunk Companion	2025-10-24 07:29:32 UTC	The Shadowserver (via CIRCL)
CVE-2024-9707	Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation	themehunk	Hunk Companion	2025-10-24 07:29:14 UTC	The Shadowserver (via CIRCL)
CVE-2024-9234	GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload	ataurr	GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor	2025-10-24 07:28:55 UTC	The Shadowserver (via CIRCL)
CVE-2025-34033	5VTechnologies Blue Angel Software Suite OS Command Injection	5VTechnologies	Blue Angel Software Suite	2025-10-22 16:58:31 UTC	The Shadowserver (via CIRCL)
CVE-2025-49533	Adobe Experience Manager (MS) \| Deserialization of Untrusted Data (CWE-502)	Adobe	Adobe Experience Manager (MS)	2025-10-21 22:26:08 UTC	The Shadowserver (via CIRCL)
CVE-2025-2611	ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE	ICT Innovations	ICTBroadcast	2025-10-15 17:56:53 UTC	The Shadowserver (via CIRCL)
CVE-2025-49844	Redis Lua Use-After-Free may lead to remote code execution	redis	redis	2025-10-15 14:56:30 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 501 - 525 of 3822 in total