Known Exploited Vulnerabilities

Focus on What Matters

There are 298,512 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-13638	lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been...	rConfig	rConfig	2025-06-02 12:00:27 UTC	The Shadowserver (via CIRCL)
CVE-2014-2321	web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated...	ZTE	F460 & F660	2025-06-01 12:01:13 UTC	The Shadowserver (via CIRCL)
CVE-2022-0952	Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update	click5	Sitemap by click5	2025-06-01 12:01:06 UTC	The Shadowserver (via CIRCL)
CVE-2021-33544	UDP Technology/Geutebrück camera devices: command injection leading to RCE	Geutebrück	E2 Series, Encoder G-Code	2025-06-01 12:00:59 UTC	The Shadowserver (via CIRCL)
CVE-2020-11991	When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to...	Apache Software Foundation	Apache Cocoon	2025-06-01 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2024-8181	Flowise Authentication Bypass	FlowiseAI	Flowise	2025-06-01 12:00:45 UTC	The Shadowserver (via CIRCL)
CVE-2022-29153	HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows...	HashiCorp	Consul & Consul Enterprise	2025-06-01 12:00:38 UTC	The Shadowserver (via CIRCL)
CVE-2017-1000170	jqueryFileTree 2.1.5 and older Directory Traversal	jqueryFileTree	jqueryFileTree	2025-06-01 12:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2023-31465	An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to...	FSMLabs	TimeKeeper	2025-05-31 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2023-46574	An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the...	TOTOLINK	A3700R	2025-05-31 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-41109	SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.	Patton LLC	SmartNode SN200	2025-05-31 12:00:27 UTC	The Shadowserver (via CIRCL)
CVE-2023-34659	jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.	JEECG	jeecg-boot	2025-05-31 12:00:20 UTC	The Shadowserver (via CIRCL)
CVE-2018-19276	OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary...	OpenMRS	OpenMRS	2025-05-30 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2018-2894	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are...	Oracle Corporation	WebLogic Server	2025-05-30 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2024-1708	Improper limitation of a pathname to a restricted directory (“path traversal”)	ConnectWise	ScreenConnect	2025-05-30 00:00:00 UTC	TheHackerNews
CVE-2024-56145	RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms	craftcms	cms	2025-05-30 00:00:00 UTC	TrendMicro
CVE-2024-9047	WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php	nickboss	WordPress File Upload	2025-05-30 00:00:00 UTC	TrendMicro
CVE-2022-1952	eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload	Syntactics, Inc.	Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC	2025-05-29 12:00:37 UTC	The Shadowserver (via CIRCL)
CVE-2023-2648	Weaver E-Office uploadify.php unrestricted upload	Weaver	E-Office	2025-05-29 12:00:30 UTC	The Shadowserver (via CIRCL)
CVE-2020-29597	IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to...	IncomCMS	IncomCMS	2025-05-29 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2025-48930	The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an...	TeleMessage	service	2025-05-28 18:40:22 UTC	CVE
CVE-2025-48929	The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration...	TeleMessage	service	2025-05-28 18:40:15 UTC	CVE
CVE-2025-48928	The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which...	TeleMessage	service	2025-05-28 17:40:38 UTC	CVE
CVE-2025-48927	The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in...	TeleMessage	service	2025-05-28 17:40:31 UTC	CVE
CVE-2025-48926	The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone...	TeleMessage	service	2025-05-28 17:40:25 UTC	CVE

Displaying vulnerabilities 51 - 75 of 1864 in total