0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,499
Total Known exploited
280
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2021-25646 | 8.8 High |
Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
Remote
Low complexity
No user interaction
|
| CVE-2021-25114 | 9.8 Critical |
Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection
Remote
Low complexity
No user interaction
|
| CVE-2024-22024 | 8.3 High |
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA...
Remote
Low complexity
No user interaction
|
| CVE-2025-1976 | 8.6 High |
Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6
Low complexity
No user interaction
|
| CVE-2025-42599 | 9.8 Critical |
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request...
Remote
Low complexity
No user interaction
|
| CVE-2017-17215 | 8.8 High |
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-26294 | 7.5 High |
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a...
Remote
Low complexity
No user interaction
|
| CVE-2018-9995 | 9.8 Critical |
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which...
Remote
Low complexity
No user interaction
|
| CVE-2021-32030 | 9.8 Critical |
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication...
Remote
Low complexity
No user interaction
|
| CVE-2024-21899 | 9.8 Critical |
QTS, QuTS hero, QuTScloud
Remote
Low complexity
No user interaction
|
| CVE-2018-3760 | 7.5 High |
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially...
Remote
Low complexity
No user interaction
|
| CVE-2016-5674 | 9.8 Critical |
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1...
Remote
Low complexity
No user interaction
|
| CVE-2017-7927 | 7.3 High |
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN,...
Remote
Low complexity
No user interaction
|
| CVE-2020-11530 | 9.8 Critical |
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter...
Remote
Low complexity
No user interaction
|
| CVE-2023-39026 | 7.5 High |
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive...
Remote
Low complexity
No user interaction
|
| CVE-2019-17506 | 9.8 Critical |
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the...
Remote
Low complexity
No user interaction
|
| CVE-2018-17431 | 9.8 Critical |
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
Remote
Low complexity
No user interaction
|
| CVE-2019-5128 | 10.0 Critical |
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...
Remote
Low complexity
No user interaction
|
| CVE-2020-35665 | 9.8 Critical |
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in...
Remote
Low complexity
No user interaction
|
| CVE-2018-13315 | 9.8 Critical |
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an...
Remote
Low complexity
No user interaction
|
| CVE-2024-0778 | 8.0 High |
Uniview ISC 2500-S VM.php setNatConfig os command injection
Low complexity
No user interaction
|
| CVE-2018-9866 | 9.8 Critical |
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual...
Remote
Low complexity
No user interaction
|
| CVE-2023-43795 | 8.6 High |
WPS Server Side Request Forgery in GeoServer
Remote
Low complexity
No user interaction
|
| CVE-2021-35250 | 7.5 High |
Directory Transversal Vulnerability in Serv-U 15.3
Remote
Low complexity
No user interaction
|
| CVE-2021-40822 | 7.5 High |
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
Remote
Low complexity
No user interaction
|
Displaying vulnerabilities 901 - 925 of 2499 in total