Known Exploited Vulnerabilities

Focus on What Matters

There are 297,489 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-1708	Improper limitation of a pathname to a restricted directory (“path traversal”)	ConnectWise	ScreenConnect	2025-05-30 00:00:00 UTC	TheHackerNews
CVE-2024-56145	RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms	craftcms	cms	2025-05-30 00:00:00 UTC	TrendMicro
CVE-2024-9047	WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php	nickboss	WordPress File Upload	2025-05-30 00:00:00 UTC	TrendMicro
CVE-2022-1952	eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload	Syntactics, Inc.	Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC	2025-05-29 12:00:37 UTC	The Shadowserver (via CIRCL)
CVE-2023-2648	Weaver E-Office uploadify.php unrestricted upload	Weaver	E-Office	2025-05-29 12:00:30 UTC	The Shadowserver (via CIRCL)
CVE-2020-29597	IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to...	IncomCMS	IncomCMS	2025-05-29 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2025-48930	The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an...	TeleMessage	service	2025-05-28 18:40:22 UTC	CVE
CVE-2025-48929	The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration...	TeleMessage	service	2025-05-28 18:40:15 UTC	CVE
CVE-2025-48928	The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which...	TeleMessage	service	2025-05-28 17:40:38 UTC	CVE
CVE-2025-48927	The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in...	TeleMessage	service	2025-05-28 17:40:31 UTC	CVE
CVE-2025-48926	The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone...	TeleMessage	service	2025-05-28 17:40:25 UTC	CVE
CVE-2025-48925	The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the...	TeleMessage	service	2025-05-28 17:40:18 UTC	CVE
CVE-2020-13117	Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.	Wavlink	WN575A4 & WN579X3	2025-05-28 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2020-35713	Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell...	Belkin	LINKSYS RE6500	2025-05-28 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-39780	On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist...	ASUS	RT-AX55	2025-05-28 00:00:00 UTC	GreyNoise
CVE-2019-18818	strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and...	Strapi	Strapi	2025-05-27 12:00:42 UTC	The Shadowserver (via CIRCL)
CVE-2023-47248	PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file	Apache Software Foundation	PyArrow	2025-05-27 12:00:36 UTC	The Shadowserver (via CIRCL)
CVE-2023-51467	Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability	Apache Software Foundation	Apache OFBiz	2025-05-27 12:00:29 UTC	The Shadowserver (via CIRCL)
CVE-2023-49070	Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present	Apache Software Foundation	Apache OFBiz	2025-05-27 12:00:21 UTC	The Shadowserver (via CIRCL)
CVE-2025-48827	vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP...	vBulletin	vBulletin	2025-05-27 00:00:00 UTC	KEVIntel
CVE-2025-48828	Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting...	vBulletin	vBulletin	2025-05-27 00:00:00 UTC	KEVIntel
CVE-2023-40000	WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Site Wide Stored XSS vulnerability	LiteSpeed Technologies	LiteSpeed Cache	2025-05-27 00:00:00 UTC	WPScan
CVE-2021-36356	KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts...	KRAMER	VIAware	2025-05-26 12:00:44 UTC	The Shadowserver (via CIRCL)
CVE-2023-1454	jeecg-boot qurestSql sql injection	jeecg	jeecg-boot	2025-05-26 12:00:37 UTC	The Shadowserver (via CIRCL)
CVE-2023-34960	A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands...	Chamilo	Chamilo	2025-05-25 12:00:17 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 51 - 75 of 1850 in total