Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2018-1000130	A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on...	n/a	n/a	2025-07-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-10108	Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified...	n/a	n/a	2025-07-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-1335	From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the...	Apache Software Foundation	Apache Tika	2025-07-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-15642	rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval...	n/a	n/a	2025-07-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-16159	The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php...	n/a	n/a	2025-07-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2011-3600	The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with...	OFBiz	OFBiz	2025-07-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-6090	Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute...	n/a	n/a	2025-07-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-11686	The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.	n/a	n/a	2025-07-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-35813	Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.	n/a	n/a	2025-07-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-20933	InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may...	n/a	n/a	2025-07-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-31602	An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has...	n/a	n/a	2025-07-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-33564	An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a...	n/a	n/a	2025-07-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-12276	A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated...	n/a	n/a	2025-07-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-25237	Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the...	n/a	n/a	2025-07-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21389	BuddyPress privilege escalation via REST API	buddypress	BuddyPress	2025-06-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-51467	Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability	Apache Software Foundation	Apache OFBiz	2025-06-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-21650	Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add()...	n/a	n/a	2025-06-30 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-9733	An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case...	n/a	n/a	2025-06-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-29441	Authentication bypass	alibaba	nacos	2025-06-28 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-36934	In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4...	n/a	n/a	2025-06-27 09:50:50 UTC	The Shadowserver (via CIRCL)
CVE-2020-29597	IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to...	n/a	n/a	2025-06-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35713	Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell...	n/a	n/a	2025-06-27 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-6396	Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim	aimhubio	aimhubio/aim	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-1698	The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is...	wpdevteam	NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-38289	A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote...	n/a	n/a	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 701 - 725 of 3822 in total