Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-18393	PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory,...	n/a	n/a	2025-07-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-35844	packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure...	n/a	n/a	2025-07-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-53771	Microsoft SharePoint Server Spoofing Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2025-07-26 07:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2021-21087	ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser	Adobe	ColdFusion	2025-07-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-21500	Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable...	Oracle Corporation	User Management	2025-07-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-43287	An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to...	n/a	n/a	2025-07-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-0457	Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote...	n/a	n/a	2025-07-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-18371	An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files...	n/a	n/a	2025-07-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-52914	A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated...	n/a	n/a	2025-07-24 17:29:30 UTC	The Shadowserver (via CIRCL)
CVE-2024-46938	An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through...	n/a	n/a	2025-07-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-10586	Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation	eugenbobrowski	Debug Tool	2025-07-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-26073	Cisco SD-WAN vManage Directory Traversal Vulnerability	Cisco	Cisco Catalyst SD-WAN Manager	2025-07-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-23347	BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.	n/a	n/a	2025-07-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-27986	SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE:...	n/a	n/a	2025-07-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21402	Unauthenticated Arbitrary File Access in Jellyfin	jellyfin	jellyfin	2025-07-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-20282	Cisco ISE API Unauthenticated Remote Code Execution Vulnerability	Cisco	Cisco Identity Services Engine Software	2025-07-22 18:33:36 UTC	The Shadowserver (via CIRCL)
CVE-2022-29014	A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.	n/a	n/a	2025-07-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-45878	GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The...	n/a	n/a	2025-07-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0952	Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update	Unknown	Sitemap by click5	2025-07-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-22242	Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web	Juniper Networks	Junos OS	2025-07-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-20039	Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated...	SonicWall	SonicWall SMA100	2025-07-16 17:25:30 UTC	The Shadowserver (via CIRCL)
CVE-2025-32819	A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an...	SonicWall	SMA100	2025-07-16 17:25:30 UTC	The Shadowserver (via CIRCL)
CVE-2025-1727	End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication	End-of-Train and Head-of-Train remote linking protocol	End-of-Train and Head-of-Train remote linking protocol	2025-07-16 13:04:25 UTC	The Shadowserver (via CIRCL)
CVE-2021-30497	Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath...	n/a	n/a	2025-07-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-6114	Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure	Unknown	Duplicator, Duplicator Pro	2025-07-16 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 626 - 650 of 3822 in total