Exploitation Signals
Observed exploitation attempts against internet-facing services, mapped to CVEs and reviewed for confidence.
15
KEVs Observed
516
Exploitation Events
61
Unique Attacker IPs
23
Sensors Reporting
Top Observed KEVs
Most active exploited vulnerabilities in the selected window, ranked by observed exploitation attempts.
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
Cisco · Cisco Unified Communications Manager
- Unique Attacker IPs
- 1
- Sensors
- 1
First seen 2026-06-25 02:30 UTC · Last seen 2026-07-15 07:46 UTC
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...
Meta · react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel
- Unique Attacker IPs
- 12
- Sensors
- 8
First seen 2026-06-09 14:41 UTC · Last seen 2026-07-15 18:34 UTC
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...
ThinkPHP · ThinkPHP Framework
- Unique Attacker IPs
- 27
- Sensors
- 19
First seen 2026-06-08 22:26 UTC · Last seen 2026-07-15 20:32 UTC
Gogs: Path Traversal in organization name results in RCE through Git hooks
gogs · gogs
- Unique Attacker IPs
- 6
- Sensors
- 7
First seen 2026-06-26 16:33 UTC · Last seen 2026-07-15 07:23 UTC
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through...
Fortinet · FortiSandbox, FortiSandbox PaaS
- Unique Attacker IPs
- 2
- Sensors
- 1
First seen 2026-06-12 13:59 UTC · Last seen 2026-07-14 21:25 UTC
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
RocketGenius · Gravity SMTP
- Unique Attacker IPs
- 7
- Sensors
- 8
First seen 2026-06-12 00:35 UTC · Last seen 2026-07-15 08:07 UTC
Telemetry-Backed Exploitation Intelligence
KEVIntel honeypots and sensors observe exploitation attempts targeting internet-facing services. Activity is mapped to CVEs where possible and reviewed for confidence. Per-CVE telemetry is available on individual CVE pages when observations exist.
Observed Exploitation Attempts
Telemetry mapped to KEV catalog CVEs in the selected window.
2026-07-14 21:04 UTC – 2026-07-15 21:04 UTC
| CVE | Product / Vendor | Attempts | Unique Attacker IPs | Sensors | First Seen | Last Seen |
|---|---|---|---|---|---|---|
|
CVE-2026-20230
Cisco Unified Communications Manager |
Cisco Unified Communications Manager / Cisco | 271 | 1 | 1 | 2026-06-25 02:30 UTC | 2026-07-15 07:46 UTC |
|
CVE-2025-55182
react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel |
react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel / Meta | 115 | 12 | 8 | 2026-06-09 14:41 UTC | 2026-07-15 18:34 UTC |
|
CVE-2022-47945
ThinkPHP Framework |
ThinkPHP Framework / ThinkPHP | 64 | 27 | 19 | 2026-06-08 22:26 UTC | 2026-07-15 20:32 UTC |
|
CVE-2026-52813
gogs |
gogs / gogs | 21 | 6 | 7 | 2026-06-26 16:33 UTC | 2026-07-15 07:23 UTC |
|
CVE-2026-39808
FortiSandbox, FortiSandbox PaaS |
FortiSandbox, FortiSandbox PaaS / Fortinet | 12 | 2 | 1 | 2026-06-12 13:59 UTC | 2026-07-14 21:25 UTC |
|
CVE-2026-4020
Gravity SMTP |
Gravity SMTP / RocketGenius | 8 | 7 | 8 | 2026-06-12 00:35 UTC | 2026-07-15 08:07 UTC |
|
CVE-2026-8037
LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF |
LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF / Progress Software | 5 | 3 | 1 | 2026-06-30 07:54 UTC | 2026-07-15 09:00 UTC |
|
CVE-2017-18368
P660HN-T1A v1 TCLinux Fw |
P660HN-T1A v1 TCLinux Fw / ZyXEL | 4 | 4 | 1 | 2026-06-09 16:18 UTC | 2026-07-15 15:49 UTC |
|
CVE-2018-10562
GPON home routers |
GPON home routers / Dasan | 4 | 4 | 3 | 2026-06-09 01:20 UTC | 2026-07-15 18:03 UTC |
|
CVE-2023-26801
BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300 |
BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300 / LB-LINK | 4 | 1 | 1 | 2026-06-25 17:17 UTC | 2026-07-15 13:09 UTC |
|
CVE-2023-1389
TP-Link Archer AX21 (AX1800) |
TP-Link Archer AX21 (AX1800) / TP-Link | 3 | 1 | 3 | 2026-06-11 06:25 UTC | 2026-07-15 15:13 UTC |
|
CVE-2024-12847
DGN1000 |
DGN1000 / NETGEAR | 2 | 2 | 2 | 2026-06-09 10:18 UTC | 2026-07-15 14:54 UTC |
|
CVE-2024-20767
ColdFusion |
ColdFusion / Adobe | 1 | 1 | 1 | 2026-06-12 00:33 UTC | 2026-07-15 07:58 UTC |
|
CVE-2026-10520
Sentry |
Sentry / ivanti | 1 | 1 | 1 | 2026-06-10 09:03 UTC | 2026-07-15 16:38 UTC |
|
CVE-2023-20198
Cisco IOS XE Software |
Cisco IOS XE Software / Cisco | 1 | 1 | 1 | 2026-06-12 00:33 UTC | 2026-07-15 09:29 UTC |