Known Exploited Vulnerabilities

Focus on What Matters

There are 303,021 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2022-25487	Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.	thedigicraft	Atom CMS	2025-07-07 12:00:53 UTC	The Shadowserver (via CIRCL)
CVE-2018-1335	From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the...	Apache Software Foundation	Apache Tika	2025-07-06 12:00:53 UTC	The Shadowserver (via CIRCL)
CVE-2019-15642	rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval...	Webmin	Webmin	2025-07-06 12:00:44 UTC	The Shadowserver (via CIRCL)
CVE-2017-6090	Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute...	PhpCollab	PhpCollab	2025-07-06 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2018-1000130	A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on...	Jolokia	Jolokia agent	2025-07-06 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2025-5777	NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread	NetScaler	ADC, Gateway	2025-07-04 12:00:14 UTC	The Shadowserver (via CIRCL)
CVE-2019-12276	A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated...	GrandNode	GrandNode	2025-07-02 12:00:34 UTC	The Shadowserver (via CIRCL)
CVE-2022-25237	Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the...	Bonitasoft	Bonita Web	2025-07-02 12:00:24 UTC	The Shadowserver (via CIRCL)
CVE-2021-31602	An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has...	Hitachi Vantara	Pentaho	2025-07-02 12:00:13 UTC	The Shadowserver (via CIRCL)
CVE-2021-33564	An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a...	markevans	dragonfly	2025-07-01 12:00:43 UTC	The Shadowserver (via CIRCL)
CVE-2019-20933	InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may...	InfluxData	InfluxDB	2025-07-01 12:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2023-35813	Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.	Sitecore	Experience Manager, Experience Platform, Experience Commerce	2025-07-01 12:00:22 UTC	The Shadowserver (via CIRCL)
CVE-2021-21389	BuddyPress privilege escalation via REST API	buddypress	BuddyPress	2025-07-01 12:00:15 UTC	The Shadowserver (via CIRCL)
CVE-2025-6554	Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page....	Google	Chrome	2025-07-01 07:30:28 UTC	CyberInsider
CVE-2019-9733	An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case...	JFrog	Artifactory	2025-06-29 12:00:26 UTC	The Shadowserver (via CIRCL)
CVE-2024-42640	angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability...	adonespitogo	angular-base64-upload	2025-06-27 12:01:47 UTC	The Shadowserver (via CIRCL)
CVE-2024-43360	ZoneMinder Time-based SQL Injection	ZoneMinder	zoneminder	2025-06-27 12:01:40 UTC	The Shadowserver (via CIRCL)
CVE-2024-8856	Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload	revmakx	Backup and Staging by WP Time Capsule	2025-06-27 12:01:33 UTC	The Shadowserver (via CIRCL)
CVE-2024-50498	WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability	LUBUS	WP Query Console	2025-06-27 12:01:26 UTC	The Shadowserver (via CIRCL)
CVE-2024-6396	Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim	aimhubio	aimhubio/aim	2025-06-27 12:01:19 UTC	The Shadowserver (via CIRCL)
CVE-2024-8877	SQL Injection	Riello	Netman 204	2025-06-27 12:01:13 UTC	The Shadowserver (via CIRCL)
CVE-2024-7954	SPIP porte_plume Plugin Arbitrary PHP Execution	SPIP	SPIP	2025-06-27 12:01:06 UTC	The Shadowserver (via CIRCL)
CVE-2024-39914	FOG has a command injection in /fog/management/export.php?filename=	FOGProject	fogproject	2025-06-27 12:00:59 UTC	The Shadowserver (via CIRCL)
CVE-2024-29895	Cacti command injection in cmd_realtime.php	Cacti	cacti	2025-06-27 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2024-44849	Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.	Qualitor	Qualitor	2025-06-27 12:00:42 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 76 - 100 of 1982 in total