Exploitation Signals
Observed exploitation attempts against internet-facing services, mapped to CVEs and reviewed for confidence.
45
KEVs Observed
373
Exploitation Events
100
Unique Attacker IPs
24
Sensors Reporting
Exploitation Attempts Over Time (24h)
Top Observed KEVs
Most active exploited vulnerabilities in the selected window, ranked by observed exploitation attempts.
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Apache Software Foundation · Apache HTTP Server
- Unique Attacker IPs
- 63
- Sensors
- 23
First seen 2026-07-09 15:16 UTC · Last seen 2026-07-19 09:48 UTC
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...
Oracle Corporation · WebLogic Server
- Unique Attacker IPs
- 2
- Sensors
- 2
First seen 2026-06-10 21:20 UTC · Last seen 2026-07-19 06:26 UTC
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled...
ThinkPHP · ThinkPHP Framework
- Unique Attacker IPs
- 25
- Sensors
- 18
First seen 2026-06-08 22:26 UTC · Last seen 2026-07-19 08:48 UTC
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including...
Meta · react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel
- Unique Attacker IPs
- 4
- Sensors
- 4
First seen 2026-06-09 14:41 UTC · Last seen 2026-07-19 08:29 UTC
Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape
FlowiseAI · Flowise
- Unique Attacker IPs
- 8
- Sensors
- 1
First seen 2026-07-13 04:05 UTC · Last seen 2026-07-18 14:30 UTC
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated...
SonicWall · SMA1000
- Unique Attacker IPs
- 2
- Sensors
- 1
First seen 2026-07-17 15:14 UTC · Last seen 2026-07-19 09:19 UTC
Telemetry-Backed Exploitation Intelligence
KEVIntel honeypots and sensors observe exploitation attempts targeting internet-facing services. Activity is mapped to CVEs where possible and reviewed for confidence. Per-CVE telemetry is available on individual CVE pages when observations exist.
Observed Exploitation Attempts
Telemetry mapped to KEV catalog CVEs in the selected window.
2026-07-18 10:07 UTC – 2026-07-19 10:07 UTC
| CVE | Product / Vendor | Attempts | Unique Attacker IPs | Sensors | First Seen | Last Seen |
|---|---|---|---|---|---|---|
|
CVE-2021-41773
Apache HTTP Server |
Apache HTTP Server / Apache Software Foundation | 95 | 63 | 23 | 2026-07-09 15:16 UTC | 2026-07-19 09:48 UTC |
|
CVE-2020-14882
WebLogic Server |
WebLogic Server / Oracle Corporation | 85 | 2 | 2 | 2026-06-10 21:20 UTC | 2026-07-19 06:26 UTC |
|
CVE-2022-47945
ThinkPHP Framework |
ThinkPHP Framework / ThinkPHP | 74 | 25 | 18 | 2026-06-08 22:26 UTC | 2026-07-19 08:48 UTC |
|
CVE-2025-55182
react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel |
react-server-dom-webpack, react-server-dom-turbopack, react-server-dom-parcel / Meta | 13 | 4 | 4 | 2026-06-09 14:41 UTC | 2026-07-19 08:29 UTC |
|
CVE-2026-46442
Flowise |
Flowise / FlowiseAI | 11 | 8 | 1 | 2026-07-13 04:05 UTC | 2026-07-18 14:30 UTC |
|
CVE-2026-15409
SMA1000 |
SMA1000 / SonicWall | 10 | 2 | 1 | 2026-07-17 15:14 UTC | 2026-07-19 09:19 UTC |
|
CVE-2023-1389
TP-Link Archer AX21 (AX1800) |
TP-Link Archer AX21 (AX1800) / TP-Link | 6 | 2 | 6 | 2026-06-11 06:25 UTC | 2026-07-19 02:09 UTC |
|
CVE-2017-10271
WebLogic Server |
WebLogic Server / Oracle Corporation | 5 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:07 UTC |
|
CVE-2026-48282
ColdFusion |
ColdFusion / Adobe | 5 | 1 | 1 | 2026-07-02 16:52 UTC | 2026-07-19 02:12 UTC |
|
CVE-2018-10562
GPON home routers |
GPON home routers / Dasan | 5 | 4 | 4 | 2026-06-09 01:20 UTC | 2026-07-19 04:15 UTC |
|
CVE-2024-12847
DGN1000 |
DGN1000 / NETGEAR | 4 | 4 | 3 | 2026-06-09 10:18 UTC | 2026-07-19 08:11 UTC |
|
CVE-2023-26801
BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300 |
BL-AC1900_2.0, BL-WR9000, BL-X26, BL-LTE300 / LB-LINK | 4 | 1 | 1 | 2026-06-25 17:17 UTC | 2026-07-19 08:16 UTC |
|
CVE-2026-39808
FortiSandbox, FortiSandbox PaaS |
FortiSandbox, FortiSandbox PaaS / Fortinet | 4 | 3 | 1 | 2026-06-12 13:59 UTC | 2026-07-19 03:58 UTC |
|
CVE-2023-20198
Cisco IOS XE Software |
Cisco IOS XE Software / Cisco | 3 | 2 | 2 | 2026-06-12 00:33 UTC | 2026-07-19 02:09 UTC |
|
CVE-2021-30128
Apache OFBiz |
Apache OFBiz / Apache Software Foundation | 3 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:07 UTC |
|
CVE-2020-5902
BIG-IP |
BIG-IP / F5 | 3 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:07 UTC |
|
CVE-2020-17518
Apache Flink |
Apache Flink / Apache Software Foundation | 3 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:16 UTC |
|
CVE-2017-18368
P660HN-T1A v1 TCLinux Fw |
P660HN-T1A v1 TCLinux Fw / ZyXEL | 3 | 3 | 1 | 2026-06-09 16:18 UTC | 2026-07-19 07:26 UTC |
|
CVE-2026-8037
LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF |
LoadMaster, ECS Connections Manager, Object Scale Connection Manager, MOVEit WAF / Progress Software | 3 | 3 | 2 | 2026-06-30 07:54 UTC | 2026-07-19 03:09 UTC |
|
CVE-2026-10520
Sentry |
Sentry / ivanti | 2 | 2 | 2 | 2026-06-10 09:03 UTC | 2026-07-19 02:12 UTC |
|
CVE-2026-1207
Django |
Django / djangoproject | 2 | 1 | 1 | 2026-06-12 00:35 UTC | 2026-07-19 02:15 UTC |
|
CVE-2024-8181
Flowise |
Flowise / FlowiseAI | 2 | 1 | 1 | 2026-06-12 00:34 UTC | 2026-07-19 02:15 UTC |
|
CVE-2026-4020
Gravity SMTP |
Gravity SMTP / RocketGenius | 2 | 2 | 1 | 2026-06-12 00:35 UTC | 2026-07-19 02:14 UTC |
|
CVE-2024-20767
ColdFusion |
ColdFusion / Adobe | 2 | 2 | 2 | 2026-06-12 00:33 UTC | 2026-07-19 02:10 UTC |
|
CVE-2026-9082
Drupal core |
Drupal core / Drupal | 2 | 1 | 1 | 2026-06-12 00:34 UTC | 2026-07-19 02:12 UTC |
|
CVE-2022-46169
cacti |
cacti / Cacti | 2 | 1 | 2 | 2026-07-10 03:21 UTC | 2026-07-18 23:04 UTC |
|
CVE-2021-24212
WooCommerce Help Scout |
WooCommerce Help Scout / Unknown | 2 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:07 UTC |
|
CVE-2014-8361
SDK |
SDK / Realtek | 1 | 1 | 1 | 2026-06-27 01:44 UTC | 2026-07-18 15:42 UTC |
|
CVE-2026-8054
dotCMS Core |
dotCMS Core / dotCMS | 1 | 1 | 1 | 2026-06-08 13:59 UTC | 2026-07-19 02:12 UTC |
|
CVE-2016-10372
D1000 modem |
D1000 modem / Eir | 1 | 1 | 1 | 2026-06-26 01:16 UTC | 2026-07-18 18:16 UTC |
|
CVE-2017-12637
NetWeaver Application Server Java |
NetWeaver Application Server Java / SAP | 1 | 1 | 1 | 2026-06-12 00:36 UTC | 2026-07-19 02:14 UTC |
|
CVE-2018-2894
WebLogic Server |
WebLogic Server / Oracle Corporation | 1 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:06 UTC |
|
CVE-2019-12989
SD-WAN |
SD-WAN / Citrix | 1 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:06 UTC |
|
CVE-2019-13608
StoreFront Server |
StoreFront Server / Citrix | 1 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:06 UTC |
|
CVE-2026-35273
PeopleSoft Enterprise PeopleTools |
PeopleSoft Enterprise PeopleTools / Oracle Corporation | 1 | 1 | 1 | 2026-06-14 13:47 UTC | 2026-07-19 02:12 UTC |
|
CVE-2026-34910
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial |
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial / Ubiquiti Inc | 1 | 1 | 1 | 2026-06-11 12:15 UTC | 2026-07-19 02:12 UTC |
|
CVE-2026-3055
ADC, Gateway |
ADC, Gateway / NetScaler | 1 | 1 | 1 | 2026-06-12 00:34 UTC | 2026-07-19 02:12 UTC |
|
CVE-2020-14883
WebLogic Server |
WebLogic Server / Oracle Corporation | 1 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:07 UTC |
|
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard) |
SAP NetWeaver AS JAVA (LM Configuration Wizard) / SAP SE | 1 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:07 UTC |
|
CVE-2021-31805
Apache Struts |
Apache Struts / Apache Software Foundation | 1 | 1 | 1 | 2026-06-12 00:32 UTC | 2026-07-19 02:07 UTC |
|
CVE-2025-26319
Flowise |
Flowise / FlowiseAI | 1 | 1 | 1 | 2026-06-12 00:34 UTC | 2026-07-19 02:11 UTC |
|
CVE-2024-36420
Flowise |
Flowise / FlowiseAI | 1 | 1 | 1 | 2026-06-21 14:42 UTC | 2026-07-19 02:11 UTC |
|
CVE-2024-29972
NAS326 firmware, NAS542 firmware |
NAS326 firmware, NAS542 firmware / Zyxel | 1 | 1 | 1 | 2026-06-12 00:33 UTC | 2026-07-19 02:10 UTC |
|
CVE-2023-4966
NetScaler ADC, NetScaler Gateway |
NetScaler ADC, NetScaler Gateway / Citrix | 1 | 1 | 1 | 2026-06-12 00:33 UTC | 2026-07-19 02:10 UTC |
|
CVE-2023-6567
LearnPress – WordPress LMS Plugin |
LearnPress – WordPress LMS Plugin / thimpress | 1 | 1 | 1 | 2026-06-12 00:33 UTC | 2026-07-19 02:10 UTC |