Known Exploited Vulnerabilities

Focus on What Matters

There are 297,495 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-28255	Authentication Bypass in OpenMetadata	open-metadata	OpenMetadata	2025-05-15 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-4632	Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to...	Samsung Electronics	MagicINFO 9 Server	2025-05-14 18:15:29 UTC	TheHackerNews
CVE-2014-3206	Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the...	Seagate	BlackArmor NAS	2025-05-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0781	Nirweb support < 2.8.2 - Unauthenticated SQLi	Nirweb support	Nirweb support	2025-05-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0784	Title Experiments Free < 9.0.1 - Unauthenticated SQLi	kbowson	Title Experiments Free	2025-05-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-12987	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).	Citrix	SD-WAN Center	2025-05-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2019-12986	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).	Citrix	SD-WAN Center	2025-05-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-42999	Insecure Deserialization in SAP NetWeaver (Visual Composer development server)	SAP_SE	SAP NetWeaver (Visual Composer development server)	2025-05-14 00:00:00 UTC	TheHackerNews
CVE-2019-12985	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).	Citrix	SD-WAN Center	2025-05-14 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-4428	Remote Code Execution in API component in Ivanti Endpoint Manager Mobile	Ivanti	Endpoint Manager Mobile	2025-05-13 21:45:23 UTC	Tenable Blog
CVE-2025-4427	Authentication Bypass	Ivanti	Endpoint Manager Mobile	2025-05-13 21:45:15 UTC	Tenable Blog
CVE-2025-32756	A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10,...	Fortinet	FortiVoice, FortiRecorder, FortiMail, FortiNDR, FortiCamera	2025-05-13 21:15:43 UTC	Arctic Wolf
CVE-2025-30385	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-05-13 19:30:39 UTC	Tenable Blog
CVE-2024-48766	NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related...	NetAlertX	NetAlertX	2025-05-13 16:40:27 UTC	CVE
CVE-2024-46506	NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an...	NetAlertX	NetAlertX	2025-05-13 16:40:20 UTC	CVE
CVE-2019-12990	Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.	Citrix	SD-WAN Center	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-10942	modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to...	PrestaShop	Attribute Wizard	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-3810	Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to...	Oturia	Oturia Smart Google Code Inserter	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-16763	FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote...	FUEL CMS	FUEL CMS	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-10108	Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified...	Western Digital	MyCloud NAS	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-34993	This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not...	Commvault	CommCell	2025-05-13 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-32709	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-05-13 00:00:00 UTC	CISA
CVE-2025-30397	Scripting Engine Memory Corruption Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-05-13 00:00:00 UTC	CISA
CVE-2025-30400	Microsoft DWM Core Library Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025	2025-05-13 00:00:00 UTC	CISA
CVE-2025-32706	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-05-13 00:00:00 UTC	CISA

Displaying vulnerabilities 126 - 150 of 1850 in total