0.7%
actively
exploited
exploited
Focus on what’s exploited
Out of 350,016 known CVEs, only 0.7% show real-world exploitation signals.
Data from public sources (including CISA) plus private sensors, enriched with prioritization metadata.
2,499
Total Known exploited
351
Added this week
Search
Results update as you type.
⌘K
Added
Exploitability
Type to search. Filters apply instantly.
| CVE | Severity | Title |
|---|---|---|
| CVE-2018-20062 | 9.8 Critical |
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of...
Remote
Low complexity
No user interaction
|
| CVE-2019-9082 | 8.8 High |
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via...
Remote
Low complexity
|
| CVE-2019-18187 | 7.5 High |
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files...
Remote
Low complexity
No user interaction
|
| CVE-2020-29583 | 9.8 Critical |
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account...
Remote
Low complexity
No user interaction
|
| CVE-2019-8394 | 6.5 Medium |
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
Remote
Low complexity
No user interaction
|
| CVE-2020-10189 | 9.8 Critical |
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the...
Remote
Low complexity
No user interaction
|
| CVE-2021-40539 | 9.8 Critical |
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-27561 | 9.8 Critical |
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
Remote
Low complexity
No user interaction
|
| CVE-2019-9978 | 6.1 Medium |
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as...
Remote
Low complexity
|
| CVE-2020-11738 | 7.5 High |
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file...
Remote
Low complexity
No user interaction
|
| CVE-2020-25213 | 10.0 Critical |
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it...
Remote
Low complexity
No user interaction
|
| CVE-2020-4006 | 9.1 Critical |
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Remote
Low complexity
No user interaction
|
| CVE-2021-21985 | 9.8 Critical |
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2021-21972 | 9.8 Critical |
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2020-3952 | 9.8 Critical |
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does...
Remote
Low complexity
No user interaction
|
| CVE-2021-22005 | 9.8 Critical |
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2020-3950 | 7.8 High |
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before...
Low complexity
No user interaction
|
| CVE-2020-3992 | 9.8 Critical |
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2019-5544 | 9.8 Critical |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the...
Malware
Remote
Low complexity
No user interaction
|
| CVE-2020-17496 | 9.8 Critical |
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel...
Remote
Low complexity
No user interaction
|
| CVE-2020-5847 | 9.8 Critical |
Unraid through 6.8.0 allows Remote Code Execution.
Remote
Low complexity
No user interaction
|
| CVE-2021-42359 | 7.5 High |
WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion
Remote
Low complexity
No user interaction
|
| CVE-2021-39205 | 6.8 Medium |
DOM-based XSS/Content Spoofing via Prototype Pollution
Remote
|
| CVE-2021-38154 | 7.5 High |
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access,...
Remote
Low complexity
No user interaction
|
| CVE-2021-32813 | 4.8 Medium |
Drop Headers via Malicious Connection Header
Remote
No user interaction
|
Displaying vulnerabilities 2326 - 2350 of 2499 in total