Known Exploited Vulnerabilities

Focus on What Matters

There are 303,054 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-2389	Flowmon Unauthenticated Command Injection Vulnerability	Progress Software	Flowmon	2025-06-27 12:00:36 UTC	The Shadowserver (via CIRCL)
CVE-2024-22319	IBM Operational Decision Manager JDNI injection	IBM	Operational Decision Manager	2025-06-27 12:00:29 UTC	The Shadowserver (via CIRCL)
CVE-2020-12720	vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.	vBulletin	vBulletin	2025-06-26 12:00:23 UTC	The Shadowserver (via CIRCL)
CVE-2020-24589	The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.	WSO2	API Manager	2025-06-26 12:00:11 UTC	The Shadowserver (via CIRCL)
CVE-2024-0769	D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal	D-Link	DIR-859	2025-06-25 16:45:11 UTC	CISA
CVE-2025-6543	Memory overflow vulnerability leading to unintended control flow and Denial of Service	NetScaler	ADC, Gateway	2025-06-25 16:30:33 UTC	TheHackerNews
CVE-2025-26319	FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.	FlowiseAI	Flowise	2025-06-25 12:00:52 UTC	The Shadowserver (via CIRCL)
CVE-2025-27112	Navidrome has authentication bypass in Subsonic API with non-existent username	navidrome	navidrome	2025-06-25 12:00:45 UTC	The Shadowserver (via CIRCL)
CVE-2025-2777	SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2025-06-25 12:00:38 UTC	The Shadowserver (via CIRCL)
CVE-2025-26793	The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username...	Hirsch	Enterphone MESH	2025-06-25 12:00:31 UTC	The Shadowserver (via CIRCL)
CVE-2025-2775	SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2025-06-25 12:00:24 UTC	The Shadowserver (via CIRCL)
CVE-2025-2776	SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection	SysAid	SysAid On-Prem	2025-06-25 12:00:17 UTC	The Shadowserver (via CIRCL)
CVE-2025-2294	Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion	extendthemes	Kubio AI Page Builder	2025-06-25 12:00:10 UTC	The Shadowserver (via CIRCL)
CVE-2025-52572	Hikka vulnerable to RCE through dangling web interface	hikariatama	Hikka	2025-06-24 21:40:19 UTC	CVE
CVE-2024-54085	Redfish Authentication Bypass	AMI	MegaRAC-SPx	2025-06-24 04:40:23 UTC	CVE
CVE-2019-6693	Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup...	Fortinet	FortiGate	2025-06-24 04:40:16 UTC	CVE
CVE-2025-34037	Linksys Routers E/WAG/WAP/WES/WET/WRT-Series	Linksys	E4200, E3200, E3000, E2500 v1/v2, E2100L v1, E2000, E1550, E1500 v1, E1200 v1, E1000 v1, E900 v1	2025-06-24 03:40:18 UTC	CVE
CVE-2018-0127	A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an...	Cisco	RV132W ADSL2+ Wireless-N VPN Router, RV134W VDSL2 Wireless-AC VPN Router	2025-06-22 12:00:27 UTC	The Shadowserver (via CIRCL)
CVE-2021-41293	ECOA BAS controller - Path Traversal-3	ECOA	ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0, RiskBuster System TRANE 1.0, Graphic Control Software, SmartHome II E9246, RiskTerminator	2025-06-21 12:00:50 UTC	The Shadowserver (via CIRCL)
CVE-2025-0868	Remote Code Execution in DocsGPT	Arc53	DocsGPT	2025-06-21 12:00:43 UTC	The Shadowserver (via CIRCL)
CVE-2020-11455	LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.	LimeSurvey	LimeSurvey	2025-06-21 12:00:35 UTC	The Shadowserver (via CIRCL)
CVE-2018-14912	cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a...	CGit	CGit	2025-06-21 12:00:25 UTC	The Shadowserver (via CIRCL)
CVE-2018-11222	Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php...	Artica	Pandora FMS	2025-06-21 12:00:14 UTC	The Shadowserver (via CIRCL)
CVE-2025-4322	Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover	StylemixThemes	Motors - Car Dealer, Rental & Listing WordPress theme	2025-06-20 12:10:36 UTC	Wordfence
CVE-2024-7120	Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection	Raisecom	MSG1200, MSG2100E, MSG2200, MSG2300	2025-06-20 12:00:18 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 101 - 125 of 1982 in total