Known Exploited Vulnerabilities

Focus on What Matters

There are 349,612 vulnerabilities in the CVE database.
Whilst only 1.1% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

Aware of a KEV not on the list? Let us know!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-38352	posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()	Linux	Linux	2026-06-01 10:40:05 UTC	CVE
CVE-2025-9377	Authenticated RCE via Parental Control command injection	TP-Link Systems Inc.	Archer C7(EU) V2, TL-WR841N/ND(MS) V9	2026-06-01 10:40:02 UTC	CVE
CVE-2023-50224	TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability	TP-Link	TL-WR841N	2026-06-01 10:40:01 UTC	CVE
CVE-2020-24363	TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a...	n/a	n/a	2026-06-01 10:39:51 UTC	CVE
CVE-2025-57819	FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE	FreePBX	endpoint	2026-06-01 10:39:48 UTC	CVE
CVE-2025-55177	Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78,...	Facebook	WhatsApp Desktop for Mac, WhatsApp Business for iOS, WhatsApp for iOS	2026-06-01 10:39:48 UTC	CVE
CVE-2025-50983	SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint...	n/a	n/a	2026-06-01 10:39:41 UTC	CVE
CVE-2025-7775	Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service	NetScaler	ADC, Gateway	2026-06-01 10:39:36 UTC	CVE
CVE-2025-48384	Git allows arbitrary code execution through broken config quoting	git	git	2026-06-01 10:39:30 UTC	CVE
CVE-2024-8069	Limited remote code execution with privilege of a NetworkService Account access	Citrix Session Recording	Citrix Session Recording	2026-06-01 10:39:30 UTC	CVE
CVE-2024-8068	Privilege escalation to NetworkService Account access	Citrix	Citrix Session Recording	2026-06-01 10:39:30 UTC	CVE
CVE-2025-43300	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and...	Apple	iOS and iPadOS, iPadOS, macOS	2026-06-01 10:39:18 UTC	CVE
CVE-2025-8876	Command Injection Vulnerability	N-able	N-central	2026-06-01 10:38:55 UTC	CVE
CVE-2025-8875	Insecure Deserialization Vulnerability	N-able	N-central	2026-06-01 10:38:55 UTC	CVE
CVE-2025-54948	A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code...	Trend Micro, Inc.	Trend Micro Apex One	2026-06-01 10:38:51 UTC	CVE
CVE-2013-3893	Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote...	n/a	n/a	2026-06-01 10:38:43 UTC	CVE
CVE-2007-0671	Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted...	n/a	n/a	2026-06-01 10:38:43 UTC	CVE
CVE-2025-8088	Path traversal vulnerability in WinRAR	win.rar GmbH	WinRAR	2026-06-01 10:38:35 UTC	CVE
CVE-2022-40799	Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the...	n/a	n/a	2026-06-01 10:38:24 UTC	CVE
CVE-2020-25079	An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated...	n/a	n/a	2026-06-01 10:38:24 UTC	CVE
CVE-2020-25078	An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint...	n/a	n/a	2026-06-01 10:38:24 UTC	CVE
CVE-2023-44976	Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via...	Hangzhou Shunwang	Rentdrv2	2026-06-01 10:38:13 UTC	CVE
CVE-2014-125123	Kloxo < 6.1.12 Unauthenticated SQL Injection RCE	LXCenter	Kloxo	2026-06-01 10:38:09 UTC	CVE
CVE-2025-47729	The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is...	TeleMessage	archiving backend	2026-06-01 10:37:52 UTC	CVE
CVE-2025-4632	Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to...	Samsung Electronics	MagicINFO 9 Server	2026-06-01 10:37:52 UTC	CVE

Displaying vulnerabilities 201 - 225 of 3822 in total