Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-52875	An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and...	GFI	Kerio Control	2025-09-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-52488	DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input	dnnsoftware	Dnn.Platform	2025-09-12 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-42957	Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)	SAP_SE	SAP S/4HANA (Private Cloud or On-Premise)	2025-09-06 16:03:13 UTC	The Shadowserver (via CIRCL)
CVE-2024-38653	XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.	Ivanti	Avalanche	2025-09-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-7136	A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard...	Hewlett Packard Enterprise	Smart Update Manager (SUM)	2025-08-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-4463	IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote...	IBM	Maximo Asset Management	2025-08-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-8446	The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation...	Atlassian	Jira	2025-08-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-8424	Improper access control on the NetScaler Management Interface	NetScaler	ADC, Gateway	2025-08-28 11:25:26 UTC	The Shadowserver (via CIRCL)
CVE-2025-7776	Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service	NetScaler	ADC, Gateway	2025-08-28 11:25:26 UTC	The Shadowserver (via CIRCL)
CVE-2020-7209	LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.	n/a	LinuxKI	2025-08-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-43177	CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.	n/a	n/a	2025-08-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-40022	Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.	n/a	n/a	2025-08-22 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-22053	Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within...	n/a	Spring Cloud Netflix	2025-08-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-45038	Music Station	QNAP Systems Inc.	Music Station	2025-08-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-12593	IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory...	n/a	n/a	2025-08-20 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-7029	Command Injection in AVTech AVM1203 (IP Camera)	AVTech	AVM1203 (IP Camera)	2025-08-20 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2014-2321	web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated...	n/a	n/a	2025-08-20 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-52970	A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10...	Fortinet	FortiWeb	2025-08-18 14:08:46 UTC	The Shadowserver (via CIRCL)
CVE-2020-2507	command injection vulnerability in Helpdesk	QNAP Systems Inc.	Helpdesk	2025-08-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-7339	TVT DVR TD-2104TS-CL queryDevInfo information disclosure	TVT	DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM), AVISION DVR AV108T	2025-08-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-25256	An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version...	Fortinet	FortiSIEM	2025-08-13 20:30:58 UTC	The Shadowserver (via CIRCL)
CVE-2025-4371	A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to...	Lenovo	510 FHD Webcam, Performance FHD Webcam	2025-08-11 15:31:59 UTC	The Shadowserver (via CIRCL)
CVE-2018-1217	Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is...	Dell EMC	Avamar, Integrated Data Protection Appliance	2025-08-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-8442	The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0...	Atlassian	Jira	2025-08-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-1000028	Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that...	n/a	n/a	2025-08-07 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 576 - 600 of 3822 in total