Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-49844	Redis Lua Use-After-Free may lead to remote code execution	redis	redis	2025-10-15 14:56:30 UTC	The Shadowserver (via CIRCL)
CVE-2025-9976	OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x	Dassault Systèmes	Station Launcher App in 3DEXPERIENCE platform	2025-10-15 14:56:30 UTC	The Shadowserver (via CIRCL)
CVE-2021-27855	FatPipe software allows privilege escalation	FatPipe	WARP, IPVPN, MPVPN	2025-10-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-5947	Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie	aonetheme	Service Finder Bookings	2025-10-09 14:12:36 UTC	The Shadowserver (via CIRCL)
CVE-2025-28367	mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this...	n/a	n/a	2025-10-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-10957	CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the...	n/a	n/a	2025-10-08 20:14:57 UTC	The Shadowserver (via CIRCL)
CVE-2025-20188	A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of...	Cisco	Cisco IOS XE Software	2025-10-08 20:09:20 UTC	The Shadowserver (via CIRCL)
CVE-2025-37899	ksmbd: fix use-after-free in session logoff	Linux	Linux	2025-10-08 20:07:17 UTC	The Shadowserver (via CIRCL)
CVE-2025-6019	Libblockdev: lpe from allow_active to root in libblockdev via udisks	, Red Hat	, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.4 Extended Update Support	2025-10-08 19:51:45 UTC	The Shadowserver (via CIRCL)
CVE-2025-55161	Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf	Stirling-Tools	Stirling-PDF	2025-10-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-35219	OpenAPI Generator Online - Arbitrary File Read/Delete	OpenAPITools	openapi-generator	2025-10-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-25852	Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control...	n/a	n/a	2025-10-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-4325	Server-Side Request Forgery (SSRF) in gradio-app/gradio	gradio-app	gradio-app/gradio	2025-10-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-12832	WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails...	n/a	n/a	2025-10-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-5222	Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password	Viessmann	Vitogate 300	2025-10-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-1561	Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio	gradio-app	gradio-app/gradio	2025-10-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-28151	Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping...	n/a	n/a	2025-10-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-59489	Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an...	Unity3D	Unity Editor	2025-10-03 20:58:38 UTC	The Shadowserver (via CIRCL)
CVE-2021-20092	The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict...	n/a	Buffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3	2025-10-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-22911	A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection,...	n/a	Rocket.Chat server	2025-10-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-53652	Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of...	Jenkins Project	Jenkins Git Parameter Plugin	2025-10-01 11:57:58 UTC	The Shadowserver (via CIRCL)
CVE-2020-24581	An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not...	n/a	n/a	2025-10-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-24914	A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable...	n/a	n/a	2025-10-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-34993	This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not...	Commvault	CommCell	2025-10-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-17505	Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands...	n/a	n/a	2025-10-01 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 526 - 550 of 3822 in total