Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-54987	A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code...	Trend Micro, Inc.	Trend Micro Apex One	2025-08-06 15:30:06 UTC	The Shadowserver (via CIRCL)
CVE-2022-28219	Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.	n/a	n/a	2025-08-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-17506	Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL...	n/a	n/a	2025-08-02 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-30220	GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling	geoserver	geoserver	2025-08-02 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-50967	The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely...	n/a	n/a	2025-08-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-48455	An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327...	n/a	n/a	2025-08-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-20074	On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.	n/a	n/a	2025-08-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-6023	ModelDB Local File Include	vertaai	vertaai/modeldb	2025-08-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-12296	Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information...	n/a	n/a	2025-08-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-26833	An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A...	Open Automation Software	OAS Platform	2025-08-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-34027	Versa Concerto Authentication Bypass File Write Remote Code Execution	Versa	Concerto	2025-08-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-5394	Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation	Bearsthemes	Alone – Charity Multipurpose Non-profit WordPress Theme	2025-07-31 08:05:53 UTC	The Shadowserver (via CIRCL)
CVE-2022-47075	An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to...	n/a	n/a	2025-07-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-45933	KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication,...	n/a	n/a	2025-07-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-36144	An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the...	n/a	n/a	2025-07-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1026	Kyocera Net View Address Book Exposure	Kyocera	Multifunction Printer Net Viewer	2025-07-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-31656	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users....	n/a	VMware Workspace ONE Access, Identity Manager and vRealize Automation	2025-07-31 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-8181	Flowise Authentication Bypass	FlowiseAI	Flowise	2025-07-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-23961	In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by...	n/a	n/a	2025-07-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-41646	RevPi Webstatus application is vulnerable to an authentication bypass	Kunbus	Revolution Pi webstatus	2025-07-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-11991	When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to...	n/a	Apache Cocoon	2025-07-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-34993	A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and...	Fortinet	FortiWLM	2025-07-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-30258	Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated...	n/a	n/a	2025-07-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-45852	In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell...	n/a	n/a	2025-07-29 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-18393	PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory,...	n/a	n/a	2025-07-27 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 601 - 625 of 3822 in total