Live Exploited Vulnerability Feed
Evidence-backed KEV intelligence enriched with confidence scoring, exploitation status, CISA KEV status, and sensor telemetry.
| CVE | Product | Vendor | Confidence | Exploitation Status | Sensors | First Seen | Added | Artifacts |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) | Cisco | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
PoC
|
| CVE-2026-20963 | Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition | Microsoft | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
PoC
|
| CVE-2025-66376 | Collaboration | Zimbra | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2025-47813 | Wing FTP Server | wftpserver | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
PoC
Nuclei
Scanner
|
| CVE-2026-3910 | Chrome | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
|
| CVE-2026-3909 | Chrome | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
|
| CVE-2026-20118 | Cisco IOS XR Software | Cisco | Medium | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2025-68613 | n8n | n8n-io | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
PoC
Nuclei
Scanner
|
| CVE-2026-1603 | Endpoint Manager | Ivanti | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
PoC
Nuclei
Scanner
|
| CVE-2025-26399 | Web Help Desk | SolarWinds | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2021-22054 | Workspace ONE UEM | VMware | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
PoC
Nuclei
Scanner
|
| CVE-2023-41974 | iOS and iPadOS | Apple | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2021-30952 | watchOS, iOS and iPadOS, macOS | Apple | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2021-22681 | Studio 5000 Logix Designer, RSLogix 5000 | Rockwell Automation | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2017-7921 | DS-2CD2xx2F-I Series, DS-2CD2xx0F-I Series, DS-2CD2xx2FWD Series, DS-2CD4x2xFWD Series, DS-2CD4xx5 Series, DS-2DFx Series, DS-2CD63xx Series | Hikvision | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
PoC
Nuclei
Scanner
|
| CVE-2026-22719 | VMware Aria Operations, VMware Cloud Foundation Operations, Telco Cloud Platform, Telco Cloud Infrastructure | VMware | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2026-21385 | Snapdragon | Qualcomm, Inc. | Confirmed | Active exploitation | — | 16 days ago | 16 days ago |
—
|
| CVE-2026-20127 | Cisco Catalyst SD-WAN Manager | Cisco | Confirmed | Active exploitation | — | 17 days ago | 17 days ago |
PoC
|
| CVE-2026-20051 | Cisco NX-OS Software | Cisco | Medium | Active exploitation | — | 17 days ago | 17 days ago |
—
|
| CVE-2022-20775 | Cisco Catalyst SD-WAN, Cisco Catalyst SD-WAN Manager, Cisco SD-WAN vContainer, Cisco SD-WAN vEdge Cloud, Cisco SD-WAN vEdge Router | Cisco | Confirmed | Active exploitation | — | 17 days ago | 17 days ago |
—
|
| CVE-2026-25108 | FileZen | Soliton Systems K.K. | Confirmed | Active exploitation | — | 17 days ago | 17 days ago |
—
|
| CVE-2025-68461 | Webmail | Roundcube | Confirmed | Active exploitation | — | 17 days ago | 17 days ago |
—
|
| CVE-2025-49113 | Webmail | Roundcube | Confirmed | Active exploitation | — | 17 days ago | 17 days ago |
PoC
Nuclei
Scanner
|
| CVE-2026-22769 | RecoverPoint for Virtual Machines | Dell | Confirmed | Active exploitation | — | 17 days ago | 17 days ago |
—
|
| CVE-2021-22175 | GitLab | GitLab | Confirmed | Active exploitation | — | 17 days ago | 17 days ago |
PoC
Nuclei
Scanner
|