0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,499
Total Known exploited
351
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2017-12635 | 9.8 Critical |
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before...
Remote
Low complexity
No user interaction
|
| CVE-2018-10737 | 7.2 High |
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
Remote
Low complexity
No user interaction
|
| CVE-2019-5129 | 10.0 Critical |
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...
Remote
Low complexity
No user interaction
|
| CVE-2019-19824 | 8.8 High |
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the...
Remote
Low complexity
No user interaction
|
| CVE-2019-5127 | 10.0 Critical |
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable...
Remote
Low complexity
No user interaction
|
| CVE-2024-0204 | 9.8 Critical |
Authentication Bypass in GoAnywhere MFT
Remote
Low complexity
No user interaction
|
| CVE-2018-11759 | 7.5 High |
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK...
Remote
Low complexity
No user interaction
|
| CVE-2024-11305 | 5.3 Medium |
Altenergy Power Control Software status_zigbee get_status_zigbee sql injection
Remote
Low complexity
No user interaction
|
| CVE-2024-9014 | 9.9 Critical |
OAuth2 client id and secret exposed through the web browser in pgAdmin 4
Remote
Low complexity
No user interaction
|
| CVE-2024-25735 | 9.1 Critical |
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP...
Remote
Low complexity
No user interaction
|
| CVE-2019-11248 | 6.5 Medium |
Kubernetes kubelet exposes /debug/pprof info on healthz port
Remote
Low complexity
No user interaction
|
| CVE-2024-27199 | 7.3 High |
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Malware
Remote
Low complexity
No user interaction
|
| CVE-2019-18394 | 9.8 Critical |
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send...
Remote
Low complexity
No user interaction
|
| CVE-2024-10914 | 9.2 Critical |
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection
Remote
No user interaction
|
| CVE-2024-0305 | 5.3 Medium |
Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure
Remote
Low complexity
No user interaction
|
| CVE-2021-46422 | 9.8 Critical |
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any...
Remote
Low complexity
No user interaction
|
| CVE-2024-27954 | 9.3 Critical |
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability
Remote
Low complexity
No user interaction
|
| CVE-2025-24893 | 9.8 Critical |
Remote code execution as guest via SolrSearchMacros request in xwiki
Remote
Low complexity
No user interaction
|
| CVE-2018-10379 | 6.1 Medium |
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2....
Remote
Low complexity
|
| CVE-2010-0219 | 10.0 Critical |
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of...
Remote
Low complexity
|
| CVE-2024-0352 | 7.3 High |
Likeshop HTTP POST Request File.php userFormImage unrestricted upload
Remote
Low complexity
No user interaction
|
| CVE-2022-39952 | 9.8 Critical |
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0...
Remote
Low complexity
No user interaction
|
| CVE-2023-37679 | 9.8 Critical |
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
Remote
Low complexity
No user interaction
|
| CVE-2021-21307 | 8.6 High |
Remote Code Exploit in Lucee Admin
Remote
Low complexity
No user interaction
|
| CVE-2022-29383 | 9.8 Critical |
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at...
Remote
Low complexity
No user interaction
|
Displaying vulnerabilities 926 - 950 of 2499 in total