Known Exploited Vulnerabilities

Focus on What Matters

There are 349,964 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-17456	SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.	n/a	n/a	2025-06-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-13167	Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches...	n/a	n/a	2025-06-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-12720	vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.	n/a	n/a	2025-06-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-26775	File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the...	n/a	n/a	2025-06-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-12800	The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution...	n/a	n/a	2025-06-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-24589	The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.	n/a	n/a	2025-06-25 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-24799	GLPI allows unauthenticated SQL injection through the inventory endpoint	glpi-project	glpi	2025-06-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-2777	SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2025-06-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-27112	Navidrome has authentication bypass in Subsonic API with non-existent username	navidrome	navidrome	2025-06-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-26319	FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.	n/a	n/a	2025-06-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-26793	The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username...	Hirsch	Enterphone MESH	2025-06-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-2294	Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion	extendthemes	Kubio AI Page Builder	2025-06-24 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-0944	itsourcecode Tailoring Management System customerview.php sql injection	itsourcecode	Tailoring Management System	2025-06-23 11:41:47 UTC	The Shadowserver (via CIRCL)
CVE-2021-24285	Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection	Unknown	Car Seller - Auto Classifieds Script	2025-06-23 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-19276	OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary...	n/a	n/a	2025-06-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2001-0537	HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being...	n/a	n/a	2025-06-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-47945	ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...	n/a	n/a	2025-06-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-0868	Remote Code Execution in DocsGPT	Arc53	DocsGPT	2025-06-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-22707	A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink...	n/a	EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )	2025-06-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-0127	A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an...	n/a	Cisco RV132W and RV134W Wireless VPN Routers	2025-06-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-13117	Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a...	n/a	n/a	2025-06-21 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-11222	Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php...	n/a	n/a	2025-06-20 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-11455	LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.	n/a	n/a	2025-06-20 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-1000170	jqueryFileTree 2.1.5 and older Directory Traversal	n/a	n/a	2025-06-20 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-1974	ingress-nginx admission controller RCE escalation	kubernetes	ingress-nginx	2025-06-20 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 751 - 775 of 3822 in total