Exploitation Signals

Observed exploitation attempts against internet-facing services, mapped to CVEs and reviewed for confidence.

54

KEVs Observed

2,640

Exploitation Events

443

Unique Attacker IPs

24

Sensors Reporting

Exploitation Attempts Over Time (7d)

Loading...

Top Observed KEVs

Most active exploited vulnerabilities in the selected window, ranked by observed exploitation attempts.

CVE-2021-41773 693 attempts

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

Apache Software Foundation · Apache HTTP Server

Unique Attacker IPs
239
Sensors
23

First seen 2026-07-09 15:16 UTC · Last seen 2026-07-19 03:12 UTC

CVE-2022-47945 450 attempts

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...

ThinkPHP · ThinkPHP Framework

Unique Attacker IPs
114
Sensors
22

First seen 2026-06-08 22:26 UTC · Last seen 2026-07-19 02:52 UTC

CVE-2025-55182 348 attempts

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...

Meta · react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel

Unique Attacker IPs
43
Sensors
18

First seen 2026-06-09 14:41 UTC · Last seen 2026-07-19 02:11 UTC

CVE-2026-20230 300 attempts

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

Cisco · Cisco Unified Communications Manager

Unique Attacker IPs
1
Sensors
1

First seen 2026-06-25 02:30 UTC · Last seen 2026-07-16 06:28 UTC

CVE-2026-46817 194 attempts

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are...

Oracle Corporation · Oracle Payments

Unique Attacker IPs
2
Sensors
1

First seen 2026-07-01 01:33 UTC · Last seen 2026-07-17 23:03 UTC

CVE-2026-48282 79 attempts

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe · ColdFusion

Unique Attacker IPs
9
Sensors
2

First seen 2026-07-02 16:52 UTC · Last seen 2026-07-19 02:12 UTC

Telemetry-Backed Exploitation Intelligence

KEVIntel honeypots and sensors observe exploitation attempts targeting internet-facing services. Activity is mapped to CVEs where possible and reviewed for confidence. Per-CVE telemetry is available on individual CVE pages when observations exist.

Observed Exploitation Attempts

Telemetry mapped to KEV catalog CVEs in the selected window.

2026-07-12 03:18 UTC – 2026-07-19 03:19 UTC

CVE Attempts Unique Attacker IPs Sensors
CVE-2021-41773

Apache HTTP Server

693 239 23
CVE-2022-47945

ThinkPHP Framework

450 114 22
CVE-2025-55182

react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel

348 43 18
CVE-2026-20230

Cisco Unified Communications Manager

300 1 1
CVE-2026-46817

Oracle Payments

194 2 1
CVE-2026-48282

ColdFusion

79 9 2
CVE-2026-10520

Sentry

77 7 2
CVE-2026-52813

gogs

50 15 12
CVE-2026-55255

langflow

44 5 1
CVE-2024-12847

DGN1000

38 36 19
CVE-2026-8037

LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF

38 11 2
CVE-2026-46442

Flowise

36 17 1
CVE-2018-10562

GPON home routers

35 33 18
CVE-2023-1389

TP-Link Archer AX21 (AX1800)

32 2 13
CVE-2026-39808

FortiSandbox, FortiSandbox PaaS

31 8 4
CVE-2017-18368

P660HN-T1A v1 TCLinux Fw

28 14 1
CVE-2023-26801

BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300

26 1 1
CVE-2026-4020

Gravity SMTP

25 23 12
CVE-2024-8181

Flowise

20 3 2
CVE-2023-20198

Cisco IOS XE Software

14 2 11
CVE-2026-15409

SMA1000

11 4 1
CVE-2026-20253

Splunk Enterprise

7 1 1
CVE-2024-20767

ColdFusion

6 5 3
CVE-2017-10271

WebLogic Server

5 1 1
CVE-2020-5902

BIG-IP

4 2 2
CVE-2021-30128

Apache OFBiz

3 1 1
CVE-2024-36420

Flowise

3 3 2
CVE-2016-10372

D1000 modem

3 3 1
CVE-2020-17518

Apache Flink

3 1 1
CVE-2024-3721

DVR-4104, DVR-4216

3 2 2
CVE-2014-8361

SDK

2 2 1
CVE-2022-46169

cacti

2 1 2
CVE-2021-24212

WooCommerce Help Scout

2 1 1
CVE-2026-35273

PeopleSoft Enterprise PeopleTools

2 2 2
CVE-2023-4966

NetScaler ADC, NetScaler Gateway

2 2 2
CVE-2026-9082

Drupal core

2 1 1
CVE-2026-1207

Django

2 1 1
CVE-2026-33017

langflow

2 1 2
CVE-2020-14882

WebLogic Server

2 1 1
CVE-2025-26319

Flowise

2 2 2
CVE-2020-14883

WebLogic Server

1 1 1
CVE-2024-29972

NAS326 firmware, NAS542 firmware

1 1 1
CVE-2018-2894

WebLogic Server

1 1 1
CVE-2026-8054

dotCMS Core

1 1 1
CVE-2026-5027

langflow

1 1 1
CVE-2020-6287

SAP NetWeaver AS JAVA (LM Configuration Wizard)

1 1 1
CVE-2019-13608

StoreFront Server

1 1 1
CVE-2026-3055

ADC, Gateway

1 1 1
CVE-2019-12989

SD-WAN

1 1 1
CVE-2025-54068

livewire

1 1 1