Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-2768	Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The...	Oracle Corporation	BI Publisher (formerly XML Publisher)	2025-07-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-32235	Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory...	n/a	n/a	2025-07-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35580	A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files...	n/a	n/a	2025-07-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-45420	Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and...	n/a	n/a	2025-07-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-46381	Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This...	n/a	n/a	2025-07-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-32462	Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...	Sudo project	Sudo	2025-07-12 17:37:26 UTC	The Shadowserver (via CIRCL)
CVE-2021-33690	Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions...	SAP SE	SAP NetWeaver Development Infrastructure (Component Build Service)	2025-07-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-15227	Remote Code Execution vulnerability	nette	application	2025-07-11 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-4578	File Provider <= 1.2.3 - Unauthenticated SQLi	Unknown	File Provider	2025-07-10 21:00:04 UTC	The Shadowserver (via CIRCL)
CVE-2020-28188	Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via...	n/a	n/a	2025-07-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-6192	Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome	2025-07-08 15:46:22 UTC	The Shadowserver (via CIRCL)
CVE-2025-5959	Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...	Google	Chrome	2025-07-08 15:46:22 UTC	The Shadowserver (via CIRCL)
CVE-2025-6191	Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a...	Google	Chrome	2025-07-08 15:46:22 UTC	The Shadowserver (via CIRCL)
CVE-2023-35885	CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.	n/a	n/a	2025-07-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-34659	jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-34133	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an...	SonicWall	GMS, Analytics	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-22478	KubePi is vulnerable to missing authorization	KubeOperator	KubePi	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-25135	vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-31478	An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-30625	rudder-server vulnerable to SQL Injection	rudderlabs	rudder-server	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-52028	TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-23333	There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-31446	In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-26802	An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-3836	Dahua Smart Park Management unrestricted upload	Dahua	Smart Park Management	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 651 - 675 of 3822 in total