Known Exploited Vulnerabilities

Focus on What Matters

There are 298,510 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-48925	The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the...	TeleMessage	service	2025-05-28 17:40:18 UTC	CVE
CVE-2020-13117	Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.	Wavlink	WN575A4 & WN579X3	2025-05-28 12:00:41 UTC	The Shadowserver (via CIRCL)
CVE-2020-35713	Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell...	Belkin	LINKSYS RE6500	2025-05-28 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2023-39780	On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist...	ASUS	RT-AX55	2025-05-28 00:00:00 UTC	GreyNoise
CVE-2019-18818	strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and...	Strapi	Strapi	2025-05-27 12:00:42 UTC	The Shadowserver (via CIRCL)
CVE-2023-47248	PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file	Apache Software Foundation	PyArrow	2025-05-27 12:00:36 UTC	The Shadowserver (via CIRCL)
CVE-2023-51467	Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability	Apache Software Foundation	Apache OFBiz	2025-05-27 12:00:29 UTC	The Shadowserver (via CIRCL)
CVE-2023-49070	Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present	Apache Software Foundation	Apache OFBiz	2025-05-27 12:00:21 UTC	The Shadowserver (via CIRCL)
CVE-2023-40000	WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Site Wide Stored XSS vulnerability	LiteSpeed Technologies	LiteSpeed Cache	2025-05-27 00:00:00 UTC	WPScan
CVE-2025-48827	vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP...	vBulletin	vBulletin	2025-05-27 00:00:00 UTC	KEVIntel
CVE-2025-48828	Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting...	vBulletin	vBulletin	2025-05-27 00:00:00 UTC	KEVIntel
CVE-2021-36356	KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts...	KRAMER	VIAware	2025-05-26 12:00:44 UTC	The Shadowserver (via CIRCL)
CVE-2023-1454	jeecg-boot qurestSql sql injection	jeecg	jeecg-boot	2025-05-26 12:00:37 UTC	The Shadowserver (via CIRCL)
CVE-2023-34960	A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands...	Chamilo	Chamilo	2025-05-25 12:00:17 UTC	The Shadowserver (via CIRCL)
CVE-2021-29441	Authentication bypass	alibaba	nacos	2025-05-25 12:00:10 UTC	The Shadowserver (via CIRCL)
CVE-2020-17456	SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.	SEOWONINTECH CO., LTD	SLC-130 & SLR-120S	2025-05-24 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2025-4918	An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4,...	Mozilla	Firefox, Firefox ESR, Thunderbird	2025-05-24 12:00:16 UTC	The Shadowserver (via CIRCL)
CVE-2025-4919	An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects...	Mozilla	Firefox, Firefox ESR, Thunderbird	2025-05-24 12:00:10 UTC	The Shadowserver (via CIRCL)
CVE-2022-2958	BadgeOS < 3.7.1.3 - Subscriber+ SQLi	learningtimes	BadgeOS	2025-05-23 18:00:30 UTC	The Shadowserver (via CIRCL)
CVE-2022-0769	Users Ultra <= 3.1.0 - Unauthenticated SQL Injection	ExpressTech Systems	Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin	2025-05-23 18:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2018-7700	DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a...	DedeCMS	DedeCMS	2025-05-20 12:00:58 UTC	The Shadowserver (via CIRCL)
CVE-2021-43287	An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to...	ThoughtWorks	GoCD	2025-05-20 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2021-3223	Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.	Node-RED	Node-RED Dashboard	2025-05-20 12:00:45 UTC	The Shadowserver (via CIRCL)
CVE-2018-17246	Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana...	Elastic	Kibana	2025-05-20 12:00:37 UTC	The Shadowserver (via CIRCL)
CVE-2024-9264	Grafana SQL Expressions allow for remote code execution	Grafana	Grafana	2025-05-19 18:00:16 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 76 - 100 of 1864 in total