Known Exploited Vulnerabilities

Focus on What Matters

There are 297,489 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-29441	Authentication bypass	alibaba	nacos	2025-05-25 12:00:10 UTC	The Shadowserver (via CIRCL)
CVE-2020-17456	SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.	SEOWONINTECH CO., LTD	SLC-130 & SLR-120S	2025-05-24 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2025-4918	An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4,...	Mozilla	Firefox, Firefox ESR, Thunderbird	2025-05-24 12:00:16 UTC	The Shadowserver (via CIRCL)
CVE-2025-4919	An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects...	Mozilla	Firefox, Firefox ESR, Thunderbird	2025-05-24 12:00:10 UTC	The Shadowserver (via CIRCL)
CVE-2022-2958	BadgeOS < 3.7.1.3 - Subscriber+ SQLi	learningtimes	BadgeOS	2025-05-23 18:00:30 UTC	The Shadowserver (via CIRCL)
CVE-2022-0769	Users Ultra <= 3.1.0 - Unauthenticated SQL Injection	ExpressTech Systems	Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin	2025-05-23 18:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2018-7700	DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a...	DedeCMS	DedeCMS	2025-05-20 12:00:58 UTC	The Shadowserver (via CIRCL)
CVE-2021-43287	An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to...	ThoughtWorks	GoCD	2025-05-20 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2021-3223	Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.	Node-RED	Node-RED Dashboard	2025-05-20 12:00:45 UTC	The Shadowserver (via CIRCL)
CVE-2018-17246	Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana...	Elastic	Kibana	2025-05-20 12:00:37 UTC	The Shadowserver (via CIRCL)
CVE-2024-9264	Grafana SQL Expressions allow for remote code execution	Grafana	Grafana	2025-05-19 18:00:16 UTC	The Shadowserver (via CIRCL)
CVE-2024-11182	Stored XSS vulnerability in MDaemon Email Server	MDaemon	Email Server	2025-05-19 17:45:31 UTC	CISA
CVE-2024-27443	An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature...	Synacor	Zimbra Collaboration Suite (ZCS)	2025-05-19 17:45:24 UTC	CISA
CVE-2023-38950	A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a...	ZKTeco	BioTime	2025-05-19 17:45:17 UTC	CISA
CVE-2025-47916	Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the...	invisioncommunity	Invision Power Board	2025-05-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-12124	A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to...	WAVLINK	WN530H4	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21479	In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the...	SAP SE	SCIMono	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35476	A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written...	OpenTSDB	OpenTSDB	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-47945	ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...	ThinkPHP	ThinkPHP Framework	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-19365	The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically...	Wowza	Streaming Engine	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-15920	There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with...	Mida Solutions	Mida eFramework	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-2507	command injection vulnerability in Helpdesk	QNAP Systems Inc.	Helpdesk	2025-05-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4050	JoomSport < 5.2.8 - Unauthenticated SQLi	beardev	JoomSport	2025-05-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-20837	Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002...	Six Apart Ltd.	Movable Type	2025-05-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-29007	Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows...	Anuj Kumar	Dairy Farm Shop Management System	2025-05-16 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 76 - 100 of 1850 in total