Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-13372	/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary...	n/a	n/a	2025-09-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-16059	Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.	n/a	n/a	2025-09-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-20363	A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD)...	Cisco	IOS, Cisco IOS XR Software, Cisco Adaptive Security Appliance (ASA) Software, Cisco IOS XE Software, Cisco Firepower Threat Defense Software	2025-09-26 11:08:58 UTC	The Shadowserver (via CIRCL)
CVE-2025-7937	Supermicro BMC firmware update validation bypass	SMCI	MBD-X12STW	2025-09-25 15:10:05 UTC	The Shadowserver (via CIRCL)
CVE-2025-6198	Supermicro BMC firmware update validation bypass	SMCI	X13SEM-F	2025-09-25 15:10:05 UTC	The Shadowserver (via CIRCL)
CVE-2024-10237	SMC BMC Firmware Image Authentication Design Issue	SMCI	MBD-X12DPG-OA6	2025-09-25 15:10:05 UTC	The Shadowserver (via CIRCL)
CVE-2025-51591	A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting...	n/a	n/a	2025-09-25 15:00:07 UTC	The Shadowserver (via CIRCL)
CVE-2025-20149	A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device...	Cisco	IOS, Cisco IOS XE Software	2025-09-25 11:38:17 UTC	The Shadowserver (via CIRCL)
CVE-2025-20240	A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected...	Cisco	Cisco IOS XE Software	2025-09-25 11:38:17 UTC	The Shadowserver (via CIRCL)
CVE-2015-1328	The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check...	n/a	n/a	2025-09-19 06:22:04 UTC	The Shadowserver (via CIRCL)
CVE-2022-39986	A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id...	n/a	n/a	2025-09-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-40881	SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php	n/a	n/a	2025-09-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4117	IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi	Unknown	IWS	2025-09-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4447	Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi	Unknown	Fontsy	2025-09-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-54782	@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers	nestjs	nest	2025-09-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0679	Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE	Unknown	Narnoo Distributor	2025-09-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-41653	The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a...	n/a	n/a	2025-09-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-2314	VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call	Unknown	VR Calendar	2025-09-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-31161	Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload	hap-wi	roxy-wi	2025-09-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-2486	WAVLINK WN535K2/WN535K3 os command injection	WAVLINK	WN535K2, WN535K3	2025-09-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-40875	Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the...	n/a	n/a	2025-09-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-3297	On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.	n/a	n/a	2025-09-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-23178	An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed...	n/a	n/a	2025-09-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-13101	An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can...	n/a	n/a	2025-09-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-7344	Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.	Radix, Greenware Technologies, Howyar Technologies, SANFONG, CES Taiwan, SignalComputer	SmartRecovery, GreenGuard, SysReturn (32-bit and 64-bit), SANFONG EZ-Back System, CES NeoImpact, HDD King	2025-09-12 16:03:13 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 551 - 575 of 3822 in total