Known Exploited Vulnerabilities

Focus on What Matters

There are 349,612 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-43510	A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS...	Apple	iOS and iPadOS, macOS, tvOS, visionOS, watchOS	2026-06-01 12:25:49 UTC	CVE
CVE-2025-32432	Craft CMS Allows Remote Code Execution	craftcms	cms	2026-06-01 12:10:33 UTC	CVE
CVE-2026-20131	Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability	Cisco	Cisco Secure Firewall Management Center (FMC)	2026-06-01 12:10:30 UTC	CVE
CVE-2026-20963	Microsoft SharePoint Remote Code Execution Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2026-06-01 12:10:26 UTC	CVE
CVE-2025-66376	Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import...	Zimbra	Collaboration	2026-06-01 12:10:26 UTC	CVE
CVE-2025-47813	loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.	wftpserver	Wing FTP Server	2026-06-01 12:10:18 UTC	CVE
CVE-2026-3910	Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via...	Google	Chrome	2026-06-01 12:10:11 UTC	CVE
CVE-2026-3909	Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted...	Google	Chrome	2026-06-01 12:10:11 UTC	CVE
CVE-2026-20118	Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability	Cisco	Cisco IOS XR Software	2026-06-01 12:09:59 UTC	CVE
CVE-2025-68613	n8n Vulnerable to Remote Code Execution via Expression Injection	n8n-io	n8n	2026-06-01 12:09:59 UTC	CVE
CVE-2026-1603	An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored...	Ivanti	Endpoint Manager	2026-06-01 12:09:49 UTC	CVE
CVE-2025-26399	SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability	SolarWinds	Web Help Desk	2026-06-01 12:09:49 UTC	CVE
CVE-2021-22054	VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37...	n/a	VMware Workspace ONE UEM console	2026-06-01 12:09:48 UTC	CVE
CVE-2023-41974	A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An...	Apple	iOS and iPadOS	2026-06-01 11:38:00 UTC	CVE
CVE-2021-30952	An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and...	Apple	watchOS, iOS and iPadOS, macOS	2026-06-01 11:38:00 UTC	CVE
CVE-2021-22681	Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers...	n/a	Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers	2026-06-01 11:38:00 UTC	CVE
CVE-2017-7921	An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series...	n/a	Hikvision Cameras	2026-06-01 11:37:59 UTC	CVE
CVE-2026-22719	VMware Aria Operations command injection vulnerability	VMware	VMware Aria Operations, VMware Cloud Foundation Operations, Telco Cloud Platform, Telco Cloud Infrastructure	2026-06-01 11:37:52 UTC	CVE
CVE-2026-21385	Integer Overflow or Wraparound in Graphics	Qualcomm, Inc.	Snapdragon	2026-06-01 11:37:52 UTC	CVE
CVE-2026-20127	Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability	Cisco	Cisco Catalyst SD-WAN Manager	2026-06-01 11:10:29 UTC	CVE
CVE-2026-20051	Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability	Cisco	Cisco NX-OS Software	2026-06-01 11:10:29 UTC	CVE
CVE-2022-20775	Cisco SD-WAN Software Privilege Escalation Vulnerability	Cisco	Cisco Catalyst SD-WAN, Cisco Catalyst SD-WAN Manager, Cisco SD-WAN vContainer, Cisco SD-WAN vEdge Cloud, Cisco SD-WAN vEdge Router	2026-06-01 11:08:34 UTC	CVE
CVE-2026-25108	FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially...	Soliton Systems K.K.	FileZen	2026-06-01 11:08:28 UTC	CVE
CVE-2025-68461	Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.	Roundcube	Webmail	2026-06-01 11:03:59 UTC	CVE
CVE-2025-49113	Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is...	Roundcube	Webmail	2026-06-01 11:03:57 UTC	CVE

Displaying vulnerabilities 51 - 75 of 3822 in total