1.1%
actively
exploited
exploited
Focus on what’s exploited
Out of 349,964 known CVEs, only 1.1% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
3,823
Total Known exploited
279
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2018-14912 | 7.5 High |
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a...
Remote
Low complexity
No user interaction
|
| CVE-2018-11222 | 7.5 High |
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php...
Remote
Low complexity
No user interaction
|
| CVE-2017-8226 | 9.8 Critical |
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who...
Remote
Low complexity
No user interaction
|
| CVE-2025-1974 | 9.8 Critical |
ingress-nginx admission controller RCE escalation
Remote
Low complexity
No user interaction
|
| CVE-2024-7120 | 5.3 Medium |
Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection
Remote
Low complexity
No user interaction
|
| CVE-2025-23121 | 9.9 Critical |
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
Remote
Low complexity
No user interaction
|
| CVE-2024-9644 | 9.8 Critical |
Four-Faith F3x36 bapply.cgi Auth Bypass
Remote
Low complexity
No user interaction
|
| CVE-2021-29442 | 8.6 High |
Authentication bypass
Remote
Low complexity
No user interaction
|
| CVE-2025-4123 | 7.6 High |
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers...
Remote
Low complexity
|
| CVE-2022-48164 | 7.5 High |
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to...
Remote
Low complexity
No user interaction
|
| CVE-2022-39960 | 5.3 Medium |
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to...
Remote
Low complexity
No user interaction
|
| CVE-2022-31847 | 7.5 High |
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via...
Remote
Low complexity
No user interaction
|
| CVE-2022-0540 | 9.8 Critical |
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This...
Remote
Low complexity
No user interaction
|
| CVE-2020-8209 | 7.5 High |
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before...
Remote
Low complexity
No user interaction
|
| CVE-2020-8191 | 6.1 Medium |
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix...
Remote
Low complexity
|
| CVE-2019-12986 | 9.8 Critical |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
Remote
Low complexity
No user interaction
|
| CVE-2019-12985 | 9.8 Critical |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
Remote
Low complexity
No user interaction
|
| CVE-2019-12987 | 9.8 Critical |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
Remote
Low complexity
No user interaction
|
| CVE-2021-20837 | 9.8 Critical |
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002...
Remote
Low complexity
No user interaction
|
| CVE-2019-12990 | 9.8 Critical |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
Remote
Low complexity
No user interaction
|
| CVE-2021-34624 | 9.8 Critical |
ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in File Uploader Component
Remote
Low complexity
No user interaction
|
| CVE-2023-1020 | 9.8 Critical |
Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
Remote
Low complexity
No user interaction
|
| CVE-2025-47162 | 8.4 High |
Microsoft Office Remote Code Execution Vulnerability
Low complexity
No user interaction
|
| CVE-2025-47172 | 8.8 High |
Microsoft SharePoint Server Remote Code Execution Vulnerability
Remote
Low complexity
No user interaction
|
| CVE-2025-3052 | 8.2 High |
An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.
Low complexity
No user interaction
|
Displaying vulnerabilities 776 - 800 of 3823 in total