Known Exploited Vulnerabilities

Focus on What Matters

There are 298,510 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-11182	Stored XSS vulnerability in MDaemon Email Server	MDaemon	Email Server	2025-05-19 17:45:31 UTC	CISA
CVE-2024-27443	An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature...	Synacor	Zimbra Collaboration Suite (ZCS)	2025-05-19 17:45:24 UTC	CISA
CVE-2023-38950	A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a...	ZKTeco	BioTime	2025-05-19 17:45:17 UTC	CISA
CVE-2025-47916	Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the...	invisioncommunity	Invision Power Board	2025-05-19 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-12124	A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to...	WAVLINK	WN530H4	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-19365	The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically...	Wowza	Streaming Engine	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-47945	ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...	ThinkPHP	ThinkPHP Framework	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-15920	There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with...	Mida Solutions	Mida eFramework	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21479	In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the...	SAP SE	SCIMono	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35476	A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written...	OpenTSDB	OpenTSDB	2025-05-18 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-4050	JoomSport < 5.2.8 - Unauthenticated SQLi	beardev	JoomSport	2025-05-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-2507	command injection vulnerability in Helpdesk	QNAP Systems Inc.	Helpdesk	2025-05-17 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-29007	Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows...	Anuj Kumar	Dairy Farm Shop Management System	2025-05-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-20837	Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002...	Six Apart Ltd.	Movable Type	2025-05-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-14135	enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute...	Dream Multimedia	webadmin plugin	2025-05-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0867	ARPrice Lite < 3.6.1 - Unauthenticated SQLi	reputeinfosystems	Pricing Table Plugin	2025-05-16 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-12987	DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection	DrayTek	Vigor2960, Vigor300B	2025-05-15 18:00:21 UTC	CISA
CVE-2025-4664	Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a...	Google	Chrome	2025-05-15 11:15:14 UTC	CyberInsider
CVE-2024-31750	SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.	n/a	n/a	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-48307	JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.	n/a	n/a	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-28734	Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET...	n/a	n/a	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-2330	Netentsec NS-ASG Application Security Gateway index.php sql injection	Netentsec	NS-ASG Application Security Gateway	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-48455	An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327...	Netis	Wifi6 Router	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-57049	A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the...	n/a	n/a	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-45388	Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)	SpectoLabs	hoverfly	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 101 - 125 of 1864 in total