Known Exploited Vulnerabilities

Focus on What Matters

There are 300,926 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-6396	Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim	aimhubio	aimhubio/aim	2025-06-27 12:01:19 UTC	The Shadowserver (via CIRCL)
CVE-2024-8877	SQL Injection	Riello	Netman 204	2025-06-27 12:01:13 UTC	The Shadowserver (via CIRCL)
CVE-2024-7954	SPIP porte_plume Plugin Arbitrary PHP Execution	SPIP	SPIP	2025-06-27 12:01:06 UTC	The Shadowserver (via CIRCL)
CVE-2024-39914	FOG has a command injection in /fog/management/export.php?filename=	FOGProject	fogproject	2025-06-27 12:00:59 UTC	The Shadowserver (via CIRCL)
CVE-2024-29895	Cacti command injection in cmd_realtime.php	Cacti	cacti	2025-06-27 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2024-44849	Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.	Qualitor	Qualitor	2025-06-27 12:00:42 UTC	The Shadowserver (via CIRCL)
CVE-2024-2389	Flowmon Unauthenticated Command Injection Vulnerability	Progress Software	Flowmon	2025-06-27 12:00:36 UTC	The Shadowserver (via CIRCL)
CVE-2024-22319	IBM Operational Decision Manager JDNI injection	IBM	Operational Decision Manager	2025-06-27 12:00:29 UTC	The Shadowserver (via CIRCL)
CVE-2020-12720	vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.	vBulletin	vBulletin	2025-06-26 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2020-24589	The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.	WSO2	API Manager	2025-06-26 12:00:11 UTC	The Shadowserver (via CIRCL)
CVE-2024-0769	D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal	D-Link	DIR-859	2025-06-25 16:45:11 UTC	CISA
CVE-2025-6543	Memory overflow vulnerability leading to unintended control flow and Denial of Service	NetScaler	ADC, Gateway	2025-06-25 16:30:33 UTC	TheHackerNews
CVE-2025-26319	FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.	FlowiseAI	Flowise	2025-06-25 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2025-27112	Navidrome has authentication bypass in Subsonic API with non-existent username	navidrome	navidrome	2025-06-25 12:00:45 UTC	The Shadowserver (via CIRCL)
CVE-2025-2777	SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2025-06-25 12:00:38 UTC	The Shadowserver (via CIRCL)
CVE-2025-26793	The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username...	Hirsch	Enterphone MESH	2025-06-25 12:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2025-2775	SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2025-06-25 12:00:24 UTC	The Shadowserver (via CIRCL)
CVE-2025-2776	SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2025-06-25 12:00:17 UTC	The Shadowserver (via CIRCL)
CVE-2025-2294	Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion	extendthemes	Kubio AI Page Builder	2025-06-25 12:00:10 UTC	The Shadowserver (via CIRCL)
CVE-2025-52572	Hikka vulnerable to RCE through dangling web interface	hikariatama	Hikka	2025-06-24 21:40:19 UTC	CVE
CVE-2024-54085	Redfish Authentication Bypass	AMI	MegaRAC-SPx	2025-06-24 04:40:23 UTC	CVE
CVE-2019-6693	Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup...	Fortinet	FortiGate	2025-06-24 04:40:16 UTC	CVE
CVE-2025-34037	Linksys Routers E/WAG/WAP/WES/WET/WRT-Series	Linksys	E4200, E3200, E3000, E2500 v1/v2, E2100L v1, E2000, E1550, E1500 v1, E1200 v1, E1000 v1, E900 v1	2025-06-24 03:40:18 UTC	CVE
CVE-2018-0127	A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an...	Cisco	RV132W ADSL2+ Wireless-N VPN Router, RV134W VDSL2 Wireless-AC VPN Router	2025-06-22 12:00:27 UTC	The Shadowserver (via CIRCL)
CVE-2021-41293	ECOA BAS controller - Path Traversal-3	ECOA	ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0, RiskBuster System TRANE 1.0, Graphic Control Software, SmartHome II E9246, RiskTerminator	2025-06-21 12:00:50 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 51 - 75 of 1938 in total