Exploitation Signals

Observed exploitation attempts against internet-facing services, mapped to CVEs and reviewed for confidence.

32

KEVs Observed

1,902

Exploitation Events

321

Unique Attacker IPs

23

Sensors Reporting

Top Observed KEVs

Most active exploited vulnerabilities in the selected window, ranked by observed exploitation attempts.

CVE-2022-47945 486 attempts

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...

ThinkPHP · ThinkPHP Framework

Unique Attacker IPs
127
Sensors
22

First seen 2026-06-08 22:26 UTC · Last seen 2026-07-15 19:27 UTC

CVE-2025-55182 321 attempts

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...

Meta · react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel

Unique Attacker IPs
32
Sensors
17

First seen 2026-06-09 14:41 UTC · Last seen 2026-07-15 18:34 UTC

CVE-2026-20230 299 attempts

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

Cisco · Cisco Unified Communications Manager

Unique Attacker IPs
2
Sensors
1

First seen 2026-06-25 02:30 UTC · Last seen 2026-07-15 07:46 UTC

CVE-2026-46817 191 attempts

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are...

Oracle Corporation · Oracle Payments

Unique Attacker IPs
1
Sensors
1

First seen 2026-07-01 01:33 UTC · Last seen 2026-07-13 14:59 UTC

CVE-2026-10520 161 attempts

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to...

ivanti · Sentry

Unique Attacker IPs
15
Sensors
1

First seen 2026-06-10 09:03 UTC · Last seen 2026-07-15 16:38 UTC

CVE-2026-8037 77 attempts

OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

Progress Software · LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF

Unique Attacker IPs
17
Sensors
1

First seen 2026-06-30 07:54 UTC · Last seen 2026-07-15 09:00 UTC

Telemetry-Backed Exploitation Intelligence

KEVIntel honeypots and sensors observe exploitation attempts targeting internet-facing services. Activity is mapped to CVEs where possible and reviewed for confidence. Per-CVE telemetry is available on individual CVE pages when observations exist.

Observed Exploitation Attempts

Telemetry mapped to KEV catalog CVEs in the selected window.

2026-07-08 19:44 UTC – 2026-07-15 19:44 UTC

CVE Attempts Unique Attacker IPs Sensors
CVE-2022-47945

ThinkPHP Framework

486 127 22
CVE-2025-55182

react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel

321 32 17
CVE-2026-20230

Cisco Unified Communications Manager

299 2 1
CVE-2026-46817

Oracle Payments

191 1 1
CVE-2026-10520

Sentry

161 15 1
CVE-2026-8037

LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF

77 17 1
CVE-2026-55255

langflow

44 5 1
CVE-2026-48282

ColdFusion

40 8 1
CVE-2017-18368

P660HN-T1A v1 TCLinux Fw

39 25 1
CVE-2026-52813

gogs

36 10 9
CVE-2018-10562

GPON home routers

33 32 18
CVE-2024-12847

DGN1000

27 26 17
CVE-2023-1389

TP-Link Archer AX21 (AX1800)

27 1 12
CVE-2023-26801

BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300

24 1 1
CVE-2026-39808

FortiSandbox, FortiSandbox PaaS

19 5 1
CVE-2026-4020

Gravity SMTP

16 13 10
CVE-2026-35273

PeopleSoft Enterprise PeopleTools

14 4 1
CVE-2024-3721

DVR-4104, DVR-4216

8 5 3
CVE-2023-20198

Cisco IOS XE Software

8 2 7
CVE-2014-8361

SDK

6 6 1
CVE-2024-20767

ColdFusion

6 6 4
CVE-2026-20253

Splunk Enterprise

3 2 1
CVE-2025-26319

Flowise

2 1 1
CVE-2026-33017

langflow

2 1 2
CVE-2020-14882

WebLogic Server

2 1 1
CVE-2024-8181

Flowise

2 1 1
CVE-2021-24212

WooCommerce Help Scout

2 1 1
CVE-2022-46169

cacti

2 2 1
CVE-2026-5027

langflow

2 1 1
CVE-2020-5902

BIG-IP

1 1 1
CVE-2023-4966

NetScaler ADC, NetScaler Gateway

1 1 1
CVE-2023-6567

LearnPress – WordPress LMS Plugin

1 1 1