Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-29973	UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before...	Zyxel	NAS326 firmware, NAS542 firmware	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-32640	MasaCMS SQL Injection vulnerability	MasaCMS	MasaCMS	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-39914	FOG has a command injection in /fog/management/export.php?filename=	FOGProject	fogproject	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-27956	WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability	ValvePress	Automatic	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-10081	CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass...	Ericsson	CodeChecker	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-1061	The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in...			2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-45507	Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE	Apache Software Foundation	Apache OFBiz	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-28255	Authentication Bypass in OpenMetadata	open-metadata	OpenMetadata	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-1698	The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is...	wpdevteam	NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-38289	A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote...	n/a	n/a	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-48307	JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.	n/a	n/a	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-50498	WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability	Ajit Bohra	WP Query Console	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-6396	Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim	aimhubio	aimhubio/aim	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-8877	SQL Injection	Riello	Netman 204	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-44849	Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.	n/a	n/a	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-5827	Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna	vanna-ai	vanna-ai/vanna	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-5148	D-Link DAR-7000/DAR-8000 uploadfile.php unrestricted upload	D-Link	DAR-7000, DAR-8000	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-2389	Flowmon Unauthenticated Command Injection Vulnerability	Progress Software	Flowmon	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-6205	PayPlus Payment Gateway < 6.6.9 - Unauthenticated SQLi	Unknown	PayPlus Payment Gateway	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-42640	angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability...	n/a	n/a	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-37032	Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the...	n/a	n/a	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-43360	ZoneMinder Time-based SQL Injection	ZoneMinder	zoneminder	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-8856	Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload	revmakx	Backup and Staging by WP Time Capsule	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-7954	SPIP porte_plume Plugin Arbitrary PHP Execution	SPIP	SPIP	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-29895	Cacti command injection in cmd_realtime.php	Cacti	cacti	2025-06-26 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 726 - 750 of 3822 in total