Exploitation Signals

Observed exploitation attempts against internet-facing services, mapped to CVEs and reviewed for confidence.

15

KEVs Observed

516

Exploitation Events

61

Unique Attacker IPs

23

Sensors Reporting

Top Observed KEVs

Most active exploited vulnerabilities in the selected window, ranked by observed exploitation attempts.

CVE-2026-20230 271 attempts

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

Cisco · Cisco Unified Communications Manager

Unique Attacker IPs
1
Sensors
1

First seen 2026-06-25 02:30 UTC · Last seen 2026-07-15 07:46 UTC

CVE-2025-55182 115 attempts

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...

Meta · react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel

Unique Attacker IPs
12
Sensors
8

First seen 2026-06-09 14:41 UTC · Last seen 2026-07-15 18:34 UTC

CVE-2022-47945 64 attempts

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...

ThinkPHP · ThinkPHP Framework

Unique Attacker IPs
27
Sensors
19

First seen 2026-06-08 22:26 UTC · Last seen 2026-07-15 20:32 UTC

CVE-2026-52813 21 attempts

Gogs: Path Traversal in organization name results in RCE through Git hooks

gogs · gogs

Unique Attacker IPs
6
Sensors
7

First seen 2026-06-26 16:33 UTC · Last seen 2026-07-15 07:23 UTC

CVE-2026-39808 12 attempts

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through...

Fortinet · FortiSandbox, FortiSandbox PaaS

Unique Attacker IPs
2
Sensors
1

First seen 2026-06-12 13:59 UTC · Last seen 2026-07-14 21:25 UTC

CVE-2026-4020 8 attempts

Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

RocketGenius · Gravity SMTP

Unique Attacker IPs
7
Sensors
8

First seen 2026-06-12 00:35 UTC · Last seen 2026-07-15 08:07 UTC

Telemetry-Backed Exploitation Intelligence

KEVIntel honeypots and sensors observe exploitation attempts targeting internet-facing services. Activity is mapped to CVEs where possible and reviewed for confidence. Per-CVE telemetry is available on individual CVE pages when observations exist.

Observed Exploitation Attempts

Telemetry mapped to KEV catalog CVEs in the selected window.

2026-07-14 21:04 UTC – 2026-07-15 21:04 UTC

CVE Attempts Unique Attacker IPs Sensors
CVE-2026-20230

Cisco Unified Communications Manager

271 1 1
CVE-2025-55182

react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel

115 12 8
CVE-2022-47945

ThinkPHP Framework

64 27 19
CVE-2026-52813

gogs

21 6 7
CVE-2026-39808

FortiSandbox, FortiSandbox PaaS

12 2 1
CVE-2026-4020

Gravity SMTP

8 7 8
CVE-2026-8037

LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF

5 3 1
CVE-2017-18368

P660HN-T1A v1 TCLinux Fw

4 4 1
CVE-2018-10562

GPON home routers

4 4 3
CVE-2023-26801

BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300

4 1 1
CVE-2023-1389

TP-Link Archer AX21 (AX1800)

3 1 3
CVE-2024-12847

DGN1000

2 2 2
CVE-2024-20767

ColdFusion

1 1 1
CVE-2026-10520

Sentry

1 1 1
CVE-2023-20198

Cisco IOS XE Software

1 1 1