Known Exploited Vulnerabilities

Focus on What Matters

There are 297,499 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2022-0827	Bestbooks <= 2.6.3 - Unauthenticated SQLi	Unknown	Bestbooks	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-41840	WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability	Collne Inc.	Welcart e-Commerce (WordPress plugin)	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-1768	The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user...	davidfcarr	RSVPMaker	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-16159	The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php...	WordPress	Gift Vouchers plugin	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0846	SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQLi	Unknown	SpeakOut! Email Petitions	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0760	Simple Link Directory < 7.7.2 - Unauthenticated SQL injection	Unknown	Simple Link Directory	2025-05-10 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2016-20016	MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote...	MVPower	CCTV DVR	2025-05-09 15:40:20 UTC	CVE
CVE-2011-3600	The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with...	OFBiz	OFBiz	2025-05-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-32563	An unauthenticated attacker could achieve the code execution through a RemoteControl server.	Ivanti	Avalanche	2025-05-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-38653	XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.	Ivanti	Avalanche	2025-05-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-30497	Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath...	n/a	n/a	2025-05-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-47218	QTS, QuTS hero, QuTScloud	QNAP Systems Inc.	QTS, QuTS hero, QuTScloud	2025-05-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-24931	Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection	Unknown	Secure Copy Content Protection and Content Locking	2025-05-09 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-47729	The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is...	TeleMessage	archiving backend	2025-05-08 14:40:20 UTC	CVE
CVE-2019-9762	A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any...	PHPSHE	PHPSHE	2025-05-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2018-11686	The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.	FlowPaper	FlowPaper	2025-05-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-13167	Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches...	n/a	n/a	2025-05-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-0540	A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This...	Atlassian	Jira Core Server, Jira Software Server, Jira Software Data Center, Jira Service Management Server, Jira Service Management Data Center	2025-05-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-21402	Unauthenticated Arbitrary File Access in Jellyfin	jellyfin	jellyfin	2025-05-08 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-27007	WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability	Brainstorm Force	SureTriggers	2025-05-07 14:15:14 UTC	TheHackerNews
CVE-2024-6047	GeoVision EOL device - OS Command Injection	GeoVision	GV_DSP_LPR_V2, GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420, GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H, GVLX 4 V2, GVLX 4 V3, GV_IPCAMD_GV_BX130, GV_GM8186_VS14	2025-05-07 06:40:20 UTC	CVE
CVE-2024-11120	GeoVision EOL devices - OS Command Injection	GeoVision	GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, GVLX 4 V3	2025-05-07 06:40:19 UTC	CVE
CVE-2016-5700	Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0...	F5	BIG-IP	2025-05-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-35131	Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in...	n/a	n/a	2025-05-07 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-52163	Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no...	n/a	n/a	2025-05-07 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 176 - 200 of 1850 in total