Known Exploited Vulnerabilities

Focus on What Matters

There are 297,503 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-32813	Drop Headers via Malicious Connection Header	traefik	traefik	2021-08-03 22:50:11 UTC	CVE
CVE-2021-35941	Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory...	n/a	n/a	2021-06-29 20:22:43 UTC	CVE
CVE-2021-34621	ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation	ProfilePress	ProfilePress	2021-06-28 11:22:25 UTC	Wordfence
CVE-2021-34619	Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin	StoreApps	WooCommerce Stock Manager	2021-06-14 08:23:03 UTC	Wordfence
CVE-2021-24370	Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE	Unknown	Fancy Product Designer	2021-06-01 08:59:19 UTC	Wordfence
CVE-2021-24175	The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass	Unknown	The Plus Addons for Elementor Page Builder	2021-04-05 18:27:44 UTC	CVE
CVE-2021-24217	Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain	Unknown	Facebook for WordPress	2021-03-25 07:17:45 UTC	Wordfence
CVE-2021-24219	All Thrive Themes and Plugins - Unauthenticated Option Update	Thrive Themes	Thrive Optimize, Thrive Comments, Thrive Headline Optimizer, Thrive Leads, Thrive Ultimatum, Thrive Quiz Builder, Thrive Apprentice, Thrive Visual Editor, Thrive Dashboard, Thrive Ovation, Thrive Clever Widgets, Rise by Thrive Themes, Ignition by Thrive Themes, Luxe by Thrive Themes, FocusBlog by Thrive Themes, Minus by Thrive Themes, Squared by Thrive Themes, Voice, Performag by Thrive Themes, Pressive by Thrive Themes, Storied by Thrive Themes, Thrive Themes Builder	2021-03-24 10:36:04 UTC	Wordfence
CVE-2021-24170	User Profile Picture < 2.5.0 - Sensitive Information Disclosure	Unknown	User Profile Picture	2021-03-03 06:33:07 UTC	Wordfence
CVE-2021-3122	CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to...	n/a	n/a	2021-02-07 19:45:03 UTC	CVE
CVE-2021-3006	The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows...	n/a	n/a	2021-01-03 05:49:30 UTC	CVE
CVE-2020-35234	The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker...	n/a	n/a	2020-12-14 02:21:44 UTC	CVE
CVE-2020-26876	The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by...	n/a	n/a	2020-10-07 16:56:25 UTC	CVE
CVE-2020-35948	An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify...	n/a	n/a	2020-09-22 13:28:02 UTC	Wordfence
CVE-2020-35949	An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to...	n/a	n/a	2020-08-13 12:09:59 UTC	Wordfence
CVE-2020-35945	An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with...	n/a	n/a	2020-08-04 05:57:42 UTC	Wordfence
CVE-2020-15129	Open redirect in Traefik	containous	traefik	2020-07-30 15:20:15 UTC	CVE
CVE-2020-24186	A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to...	n/a	n/a	2020-07-28 14:15:03 UTC	Wordfence
CVE-2020-13125	An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in...	n/a	n/a	2020-05-17 00:39:00 UTC	CVE
CVE-2020-13126	An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with...	n/a	n/a	2020-05-17 00:38:37 UTC	CVE
CVE-2020-12075	The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.	n/a	n/a	2020-03-24 07:10:05 UTC	Wordfence
CVE-2014-8739	Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative...	Creative Solutions	Creative Contact Form	2020-02-08 17:21:54 UTC	CVE
CVE-2020-8417	The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.	n/a	n/a	2020-01-28 14:27:48 UTC	Wordfence
CVE-2020-6167	A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS,...	n/a	n/a	2020-01-08 11:25:14 UTC	Wordfence
CVE-2019-19915	The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or...	WordPress	301 Redirects - Easy Redirect Manager plugin	2019-12-19 10:20:28 UTC	Wordfence

Displaying vulnerabilities 1701 - 1725 of 1850 in total