Exploit List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 7.3.26 | WordPress membership plugin bug exploited to create admin accounts | Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. | Exploit | |
| 7.3.26 | Google says 90 zero-days were exploited in attacks last year | Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. | Exploit | |
| 7.3.26 | Cisco flags more SD-WAN flaws as actively exploited in attacks | Cisco has flagged two Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices. | Exploit | |
| 7.3.26 | CISA flags VMware Aria Operations RCE flaw as exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. | Exploit | |
| 6.3.26 | Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities | Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in | Exploit | The Hacker News |
| 4.3.26 | Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 | Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between | Exploit | The Hacker News |
| 4.3.26 | CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria | Exploit | The Hacker News |
| 1.3.26 | US sanctions Russian broker for buying stolen zero-day exploits | The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. | Exploit | BleepingComputer |
| 28.2.26 | CISA: Recently patched RoundCube flaws now exploited in attacks | CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. | Exploit | |
| 22.2.26 | CISA orders feds to patch actively exploited Dell flaw within 3 days | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. | Exploit | |
| 21.2.26 | CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known | Exploit | The Hacker News |
| 19.2.26 | CISA gives feds 3 days to patch actively exploited BeyondTrust flaw | CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. | Exploit | |
| 19.2.26 | Google patches first Chrome zero-day exploited in attacks this year | Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. | Exploit | |
| 18.2.26 | CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 16.2.26 | New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released | Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity | Exploit | The Hacker News |
| 15.2.26 | Critical BeyondTrust RCE flaw now exploited in attacks, patch now | A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. | Exploit | |
| 13.2.26 | Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability | Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access | Exploit | The Hacker News |
| 12.2.26 | 83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure | A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to | Exploit | The Hacker News |
| 12.2.26 | Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices | Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in | Exploit | The Hacker News |
| 10.2.26 | Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data | The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems | Exploit | The Hacker News |
| 10.2.26 | SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers | Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk | Exploit | The Hacker News |
| 9.2.26 | TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure | Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious | Exploit | The Hacker News |
| 8.2.26 | Critical n8n flaws disclosed along with public exploits | Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. | Exploit | |
| 8.2.26 | CISA: VMware ESXi flaw now exploited in ransomware attacks | CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in zero-day attacks since at least February 2024. | Exploit | |
| 8.2.26 | CISA warns of five-year-old GitLab flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. | Exploit | |
| 4.2.26 | CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to | Exploit | The Hacker News |
| 3.2.26 | Ivanti warns of two EPMM flaws exploited in zero-day attacks | Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. | Exploit | |
| 3.2.26 | Microsoft patches actively exploited Office zero-day vulnerability | Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. | Exploit | |
| 3.2.26 | CISA says critical VMware RCE flaw now actively exploited | CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. | Exploit | |
| 30.1.26 | Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released | Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day | Exploit | The Hacker News |
| 28.1.26 | Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 | Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched | Exploit | The Hacker News |
| 27.1.26 | Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation | Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, | Exploit | The Hacker News |
| 25.1.26 | CISA confirms active exploitation of four enterprise software bugs | The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. | Exploit | |
| 25.1.26 | Hackers exploit critical telnetd auth bypass flaw to get root | A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. | Exploit | |
| 25.1.26 | SmarterMail auth bypass flaw now exploited to hijack admin accounts | Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. | Exploit | |
| 25.1.26 | Hackers exploit security testing apps to breach Fortune 500 firms | Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. | Exploit | |
| 24.1.26 | CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that | Exploit | The Hacker News |
| 24.1.26 | CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 22.1.26 | SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release | A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The | Exploit | The Hacker News |
| 22.1.26 | Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations | Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes | Exploit | The Hacker News |
| 18.1.26 | Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks | Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code. | Exploit | |
| 18.1.26 | Hackers exploit Modular DS WordPress plugin flaw for admin access | Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges. | Exploit | |
| 18.1.26 | Exploit code public for critical FortiSIEM command injection flaw | Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. | Exploit | |
| 17.1.26 | CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks | CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. | Exploit | |
| 16.1.26 | Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways | Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. | Exploit | The Hacker News |
| 16.1.26 | Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access | A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE- | Exploit | The Hacker News |
| 14.1.26 | CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known | Exploit | The Hacker News |
| 10.1.26 | VMware ESXi zero-days likely exploited a year before disclosure | Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. | Exploit | |
| 10.1.26 | Cisco warns of Identity Service Engine flaw with exploit code | Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. | Exploit | |
| 10.1.26 | CISA tags max severity HPE OneView flaw as actively exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. | Exploit | |
| 10.1.26 | New D-Link flaw in legacy DSL routers actively exploited in attacks | Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. | Exploit | |
| 10.1.26 | The Great VM Escape: ESXi Exploitation in the Wild | Based on indicators we observed, including the workstation name the threat actor was operating from and other TTPs, the Huntress Tactical Response team assesses with high confidence that initial access occurred via SonicWall VPN. | Exploit | HUNTRESS |
| 8.1.26 | Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release | Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept | Exploit | The Hacker News |
| 7.1.26 | CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 4.1.26 | Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass | Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. | Exploit | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks | Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. | Exploit |