Known Exploited Vulnerabilities

Focus on What Matters

There are 297,499 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-7399	Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to...	Samsung Electronics	MagicINFO 9 Server	2025-05-06 10:45:19 UTC	CyberInsider
CVE-2013-7091	Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows...	Zimbra	Zimbra Collaboration Suite	2025-05-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-38130	The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the...	n/a	Keysight Technologies Sensor Management Server	2025-05-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2025-24016	Remote code execution in Wazuh server	wazuh	wazuh	2025-05-06 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2001-0537	HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being...	Cisco	IOS	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-27931	LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a...	n/a	n/a	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-3801	IBAX go-ibax rowsInfo sql injection	IBAX	go-ibax	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-7921	An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series...	Hikvision	Hikvision Cameras	2025-05-05 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2024-36991	Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows	Splunk	Splunk Enterprise	2025-05-04 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-37291	An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.	KevinLAB Inc	Building Energy Management System	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-21650	Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add()...	GrandStream	Myucms	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-6114	Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure	Snap Creek LLC	Duplicator, Duplicator Pro	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-31126	Unauthenticated Remote Code Execution in Roxy-wi	hap-wi	roxy-wi	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-31478	An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and...	GL.iNet	All	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-26833	An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A...	Open Automation Software	OAS Platform	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2022-29078	The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view...	fleegix	ejs	2025-05-03 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2023-53086	wifi: mt76: connac: do not check WED status for non-mmio devices	Linux	Linux	2025-05-02 15:55:33 UTC	CVE
CVE-2025-34028	Commvault Command Center Innovation Release Unathenticated Install Package Path Traversal	Commvault	Command Center Innovation Release	2025-05-02 00:00:00 UTC	CISA
CVE-2017-9844	SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized...	SAP SE	SAP NetWeaver	2025-05-01 09:15:27 UTC	Tenable Blog
CVE-2024-38475	Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.	Apache Software Foundation	Apache HTTP Server	2025-05-01 09:07:18 UTC	TheHackerNews
CVE-2023-44221	Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative...	SonicWall	SMA100	2025-05-01 09:06:31 UTC	TheHackerNews
CVE-2021-21234	Directory Traversal	lukashinsch	spring-boot-actuator-logview	2025-05-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2021-29442	Authentication bypass	alibaba	nacos	2025-05-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2017-8226	Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who...	Amcrest	IPM-721S	2025-05-01 00:00:00 UTC	The Shadowserver (via CIRCL)
CVE-2020-17506	Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL...	n/a	n/a	2025-04-30 00:00:00 UTC	The Shadowserver (via CIRCL)

Displaying vulnerabilities 201 - 225 of 1850 in total