Known Exploited Vulnerabilities

Focus on What Matters

There are 301,657 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-12276	A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated...	GrandNode	GrandNode	2025-07-02 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2022-25237	Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the...	Bonitasoft	Bonita Web	2025-07-02 12:00:24 UTC	The Shadowserver (via CIRCL)
CVE-2021-31602	An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has...	Hitachi Vantara	Pentaho	2025-07-02 12:00:13 UTC	The Shadowserver (via CIRCL)
CVE-2021-33564	An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a...	markevans	dragonfly	2025-07-01 12:00:43 UTC	The Shadowserver (via CIRCL)
CVE-2019-20933	InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may...	InfluxData	InfluxDB	2025-07-01 12:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2023-35813	Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.	Sitecore	Experience Manager, Experience Platform, Experience Commerce	2025-07-01 12:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2021-21389	BuddyPress privilege escalation via REST API	buddypress	BuddyPress	2025-07-01 12:00:15 UTC	The Shadowserver (via CIRCL)
CVE-2025-6554	Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page....	Google	Chrome	2025-07-01 07:30:28 UTC	CyberInsider
CVE-2019-9733	An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case...	JFrog	Artifactory	2025-06-29 12:00:26 UTC	The Shadowserver (via CIRCL)
CVE-2024-42640	angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability...	adonespitogo	angular-base64-upload	2025-06-27 12:01:47 UTC	The Shadowserver (via CIRCL)
CVE-2024-43360	ZoneMinder Time-based SQL Injection	ZoneMinder	zoneminder	2025-06-27 12:01:40 UTC	The Shadowserver (via CIRCL)
CVE-2024-8856	Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload	revmakx	Backup and Staging by WP Time Capsule	2025-06-27 12:01:33 UTC	The Shadowserver (via CIRCL)
CVE-2024-50498	WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability	LUBUS	WP Query Console	2025-06-27 12:01:26 UTC	The Shadowserver (via CIRCL)
CVE-2024-6396	Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim	aimhubio	aimhubio/aim	2025-06-27 12:01:19 UTC	The Shadowserver (via CIRCL)
CVE-2024-8877	SQL Injection	Riello	Netman 204	2025-06-27 12:01:13 UTC	The Shadowserver (via CIRCL)
CVE-2024-7954	SPIP porte_plume Plugin Arbitrary PHP Execution	SPIP	SPIP	2025-06-27 12:01:06 UTC	The Shadowserver (via CIRCL)
CVE-2024-39914	FOG has a command injection in /fog/management/export.php?filename=	FOGProject	fogproject	2025-06-27 12:00:59 UTC	The Shadowserver (via CIRCL)
CVE-2024-29895	Cacti command injection in cmd_realtime.php	Cacti	cacti	2025-06-27 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2024-44849	Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.	Qualitor	Qualitor	2025-06-27 12:00:42 UTC	The Shadowserver (via CIRCL)
CVE-2024-2389	Flowmon Unauthenticated Command Injection Vulnerability	Progress Software	Flowmon	2025-06-27 12:00:36 UTC	The Shadowserver (via CIRCL)
CVE-2024-22319	IBM Operational Decision Manager JDNI injection	IBM	Operational Decision Manager	2025-06-27 12:00:29 UTC	The Shadowserver (via CIRCL)
CVE-2020-12720	vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.	vBulletin	vBulletin	2025-06-26 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2020-24589	The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.	WSO2	API Manager	2025-06-26 12:00:11 UTC	The Shadowserver (via CIRCL)
CVE-2024-0769	D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal	D-Link	DIR-859	2025-06-25 16:45:11 UTC	CISA
CVE-2025-6543	Memory overflow vulnerability leading to unintended control flow and Denial of Service	NetScaler	ADC, Gateway	2025-06-25 16:30:33 UTC	TheHackerNews

Displaying vulnerabilities 51 - 75 of 1951 in total