Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-4634	The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including,...	dglingren	Media Library Assistant	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-49070	Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present	Apache Software Foundation	Apache OFBiz	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-1454	jeecg-boot qurestSql sql injection	n/a	jeecg-boot	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-4450	jeecgboot JimuReport Template injection	jeecgboot	JimuReport	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-36111	KubePi's JWT token validation has a defect	1Panel-dev	KubePi	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-1698	WAGO: WBM Command Injection in multiple products	WAGO	Compact Controller CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-28343	OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-22478	KubePi is vulnerable to missing authorization	KubeOperator	KubePi	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-1177	Path Traversal: '\..\filename' in mlflow/mlflow	mlflow	mlflow/mlflow	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-29919	SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-34133	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an...	SonicWall	GMS, Analytics	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-36509	H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-31446	In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-34960	A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-23489	The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's'...	n/a	Easy Digital Downloads WordPress Plugin	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-33831	A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a...	n/a	n/a	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-3836	Dahua Smart Park Management unrestricted upload	Dahua	Smart Park Management	2025-07-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0781	Nirweb support < 2.8.2 - Unauthenticated SQLi	Unknown	Nirweb support	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-2488	WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection	WAVLINK	WN535K2, WN535K3	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-22897	A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for...	n/a	n/a	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-25487	Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.	n/a	n/a	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35235	vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access...	n/a	n/a	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-41266	Authentication bypass issue in the Operator Console	minio	console	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1952	eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload	Unknown	Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-24442	Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection	wpdevart	Poll, Survey, Questionnaire and Voting system	2025-07-06 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 676 - 700 of 3822 in total