Known Exploited Vulnerabilities

Focus on What Matters

There are 349,612 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-14174	Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory...	Google	Chrome	2026-06-01 10:46:09 UTC	CVE
CVE-2018-4063	An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially...	n/a	Sierra Wireless	2026-06-01 10:46:08 UTC	CVE
CVE-2025-58360	GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature	geoserver	geoserver	2026-06-01 10:46:03 UTC	CVE
CVE-2025-8110	File overwrite in file update API in Gogs	Gogs	Gogs	2026-06-01 10:46:00 UTC	CVE
CVE-2025-62221	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	2026-06-01 10:45:52 UTC	CVE
CVE-2025-6218	RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability	RARLAB	WinRAR	2026-06-01 10:45:52 UTC	CVE
CVE-2025-48633	In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error...	Google	Android	2026-06-01 10:45:51 UTC	CVE
CVE-2025-48572	In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local...	Google	Android	2026-06-01 10:45:45 UTC	CVE
CVE-2022-37055	D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,	n/a	n/a	2026-06-01 10:45:43 UTC	CVE
CVE-2025-66644	Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.	Array Networks	ArrayOS AG	2026-06-01 10:45:37 UTC	CVE
CVE-2025-55182	A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...	Meta	react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel	2026-06-01 10:45:37 UTC	CVE
CVE-2021-26828	OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files...	n/a	n/a	2026-06-01 10:45:29 UTC	CVE
CVE-2021-26829	OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.	n/a	n/a	2026-06-01 10:45:14 UTC	CVE
CVE-2025-61757	Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are...	Oracle Corporation	Identity Manager	2026-06-01 10:44:54 UTC	CVE
CVE-2025-13223	Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2026-06-01 10:44:40 UTC	CVE
CVE-2025-58034	An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet...	Fortinet	FortiWeb	2026-06-01 10:44:37 UTC	CVE
CVE-2025-64446	A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9,...	Fortinet	FortiWeb	2026-06-01 10:44:27 UTC	CVE
CVE-2025-62215	Windows Kernel Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2025, Windows Server 2025 (Server Core installation)	2026-06-01 10:44:18 UTC	CVE
CVE-2025-9242	WatchGuard Firebox iked Out of Bounds Write Vulnerability	WatchGuard	Fireware OS	2026-06-01 10:44:15 UTC	CVE
CVE-2025-12480	Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after...	TrioFox	TrioFox	2026-06-01 10:44:14 UTC	CVE
CVE-2025-21042	Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.	Samsung Mobile	Samsung Mobile Devices	2026-06-01 10:44:11 UTC	CVE
CVE-2023-7305	SmartBI RMIServlet Unrestricted File Upload RCE	Guangzhou Smart Software Co., Ltd.	SmartBI	2026-06-01 10:44:04 UTC	CVE
CVE-2025-9491	Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability	Microsoft	Windows	2026-06-01 10:43:58 UTC	CVE
CVE-2025-48703	CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the...	centos-webpanel	CentOS Web Panel	2026-06-01 10:43:53 UTC	CVE
CVE-2025-11371	Gladinet CentreStack and TrioFox Local File Inclusion Flaw	Gladinet	CentreStack and TrioFox	2026-06-01 10:43:51 UTC	CVE

Displaying vulnerabilities 126 - 150 of 3822 in total