{"metadata": {"count": 1231, "page": 1, "per_page": 100}, "data": [{"uuid": "fe026380-c375-4ff6-b489-8b01e189972d", "vulnerability": {"vulnId": "CVE-2017-12542", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "fe026380-c375-4ff6-b489-8b01e189972d"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T13:11:03+00:00"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2026-06-30T13:11:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T13:11:03+00:00", "first_seen_at": "2026-06-30T13:11:03+00:00"}, "scope": {"notes": "Affected: HP / HP iLO 4 | Class: device-management-platform | Severity: Critical (CVSS 10) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "HP", "30d_avg": 0, "90d_avg": 0, "product": "HP iLO 4", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2017-12542", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12542"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "5c265b12-5dff-4259-b5e3-e0e41e2cec23", "vulnerability": {"vulnId": "CVE-2026-36356", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "5c265b12-5dff-4259-b5e3-e0e41e2cec23"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T06:44:37+00:00"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2026-06-21T06:44:37+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T06:44:37+00:00", "first_seen_at": "2026-06-21T06:44:37+00:00"}, "scope": {"notes": "Affected: MeiG / MeiG Smart FORGE_SLT711 | Class: router | Severity: Critical (CVSS 9.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-21: 377", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "MeiG", "30d_avg": 0, "90d_avg": 0, "product": "MeiG Smart FORGE_SLT711", "cisa_kev": "no", "connections": 377, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-36356", "url": "https://www.cve.org/CVERecord?id=CVE-2026-36356"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "caa5acab-bf4e-48a0-b262-1ff0097f9e2a", "vulnerability": {"vulnId": "CVE-2026-10520", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "caa5acab-bf4e-48a0-b262-1ff0097f9e2a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2026-06-10T17:11:12+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-06-10T17:11:12+00:00"}, "scope": {"notes": "Affected: Ivanti / Sentry | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Ivanti", "30d_avg": 1, "90d_avg": 0, "product": "Sentry", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-10520", "url": "https://www.cve.org/CVERecord?id=CVE-2026-10520"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "e1e4050c-7882-474c-9315-d5eb4fac0557", "vulnerability": {"vulnId": "CVE-2026-24423", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "e1e4050c-7882-474c-9315-d5eb4fac0557"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-06-08T12:19:21+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2026-06-08T12:19:21+00:00"}, "scope": {"notes": "Affected: SmarterTools / SmarterMail | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-20: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "SmarterTools", "30d_avg": 0, "90d_avg": 0, "product": "SmarterMail", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-24423", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24423"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "466fadcd-435f-455f-9337-b455a9eb5b6b", "vulnerability": {"vulnId": "CVE-2024-8522", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "466fadcd-435f-455f-9337-b455a9eb5b6b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-06-08T12:12:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-06-08T12:12:59+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress LearnPress plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress LearnPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2024-8522", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8522"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "07cf1779-8ae3-4cd6-9daf-0b248c4634e6", "vulnerability": {"vulnId": "CVE-2025-34033", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "07cf1779-8ae3-4cd6-9daf-0b248c4634e6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T19:06:22+00:00"}, "timestamps": {"asserted_at": "2026-06-07T19:06:22+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-07T19:06:22+00:00", "first_seen_at": "2026-06-07T19:06:22+00:00"}, "scope": {"notes": "Affected: 5VTechnologies / Blue Angel Software Suite | Class: security-management-platform | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-07: 300", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "5VTechnologies", "30d_avg": 0, "90d_avg": 0, "product": "Blue Angel Software Suite", "cisa_kev": "no", "connections": 300, "observation_date": "2026-06-07", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}], "references": [{"id": "CVE-2025-34033", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34033"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "c7d75b0f-13f0-40e3-9c35-b716cb041e9f", "vulnerability": {"vulnId": "CVE-2020-9314", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "c7d75b0f-13f0-40e3-9c35-b716cb041e9f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 48}, "timestamps": {"asserted_at": "2026-05-16T21:20:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T21:20:08+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle iPlanet Web Server | Class: web-server | Severity: Medium (CVSS 4.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "Oracle iPlanet Web Server", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.8, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2020-9314", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9314"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "6f426504-481c-43c6-a156-bf80dd57c746", "vulnerability": {"vulnId": "CVE-2025-67303", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "6f426504-481c-43c6-a156-bf80dd57c746"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-16T15:51:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T15:51:35+00:00"}, "scope": {"notes": "Affected: Comfy Org / ComfyUI-Manager | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Comfy Org", "30d_avg": 11, "90d_avg": 3, "product": "ComfyUI-Manager", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2025-67303", "url": "https://www.cve.org/CVERecord?id=CVE-2025-67303"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "7cd2b97f-5b5c-45c2-b132-69f3d1c971f7", "vulnerability": {"vulnId": "CVE-2024-45309", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "7cd2b97f-5b5c-45c2-b132-69f3d1c971f7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-16T15:14:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T15:14:18+00:00"}, "scope": {"notes": "Affected: OneDev / OneDev | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 18, "vendor": "OneDev", "30d_avg": 9, "90d_avg": 3, "product": "OneDev", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2024-45309", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45309"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "645b4732-067e-4a76-9b00-a458d4329323", "vulnerability": {"vulnId": "CVE-2022-28290", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "645b4732-067e-4a76-9b00-a458d4329323"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2026-05-16T10:01:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T10:01:07+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Country Selector plugin | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 1, "90d_avg": 0, "product": "Wordpress Country Selector plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2022-28290", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28290"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "65a133f1-2f3c-40fa-89f1-76f23603321e", "vulnerability": {"vulnId": "CVE-2021-22054", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "65a133f1-2f3c-40fa-89f1-76f23603321e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-15T15:16:56+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-15T15:16:56+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-15T15:16:56+00:00", "first_seen_at": "2026-05-15T15:16:56+00:00"}, "scope": {"notes": "Affected: Omnissa / Omnissa Workspace ONE UEM | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-05-15: 6", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Omnissa", "30d_avg": 0, "90d_avg": 0, "product": "Omnissa Workspace ONE UEM", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-05-15", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2021-22054", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22054"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "2ad2e93e-c224-45d0-99f8-275257fa12fe", "vulnerability": {"vulnId": "CVE-2022-50993", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "2ad2e93e-c224-45d0-99f8-275257fa12fe"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-15T14:34:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-15T14:34:44+00:00"}, "scope": {"notes": "Affected: Weaver / Weaver E-Office | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Weaver", "30d_avg": 1, "90d_avg": 0, "product": "Weaver E-Office", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2022-50993", "url": "https://www.cve.org/CVERecord?id=CVE-2022-50993"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "c45fb8ed-e753-4d21-8594-6491bad37976", "vulnerability": {"vulnId": "CVE-2025-71284", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "c45fb8ed-e753-4d21-8594-6491bad37976"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-15T14:34:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-15T14:34:17+00:00"}, "scope": {"notes": "Affected: Synway Information Engineering / Synway SMG Gateway Management Software | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Synway Information Engineering", "30d_avg": 0, "90d_avg": 0, "product": "Synway SMG Gateway Management Software", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2025-71284", "url": "https://www.cve.org/CVERecord?id=CVE-2025-71284"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "f1bf7728-5697-4ef0-bf87-6e46b8f2e37c", "vulnerability": {"vulnId": "CVE-2023-2523", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "f1bf7728-5697-4ef0-bf87-6e46b8f2e37c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-13T13:12:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-13T13:12:02+00:00"}, "scope": {"notes": "Affected: Weaver / Weave E-Office | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Weaver", "30d_avg": 0, "90d_avg": 0, "product": "Weave E-Office", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2023-2523", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2523"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "d451776f-25e5-4c7f-bc0f-fc957d075a48", "vulnerability": {"vulnId": "CVE-2026-41176", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "d451776f-25e5-4c7f-bc0f-fc957d075a48"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-13T13:00:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-13T13:00:00+00:00"}, "scope": {"notes": "Affected: Rclone / Rclone | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Rclone", "30d_avg": 10, "90d_avg": 3, "product": "Rclone", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-41176", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41176"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "e6a09b04-dff7-4f1c-ac4b-09b604b41d19", "vulnerability": {"vulnId": "CVE-2019-13396", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "e6a09b04-dff7-4f1c-ac4b-09b604b41d19"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-11T14:26:48+00:00"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2026-05-11T14:26:48+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-11T14:26:48+00:00", "first_seen_at": "2026-05-11T14:26:48+00:00"}, "scope": {"notes": "Affected: FlightPath / FlightPath | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-11: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "FlightPath", "30d_avg": 0, "90d_avg": 0, "product": "FlightPath", "cisa_kev": "no", "connections": 2, "observation_date": "2026-05-11", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2019-13396", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13396"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "3c9bad09-d0d8-4160-86e5-df6a3a96b573", "vulnerability": {"vulnId": "CVE-2020-1956", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "3c9bad09-d0d8-4160-86e5-df6a3a96b573"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-05-11T07:31:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-11T07:31:41+00:00"}, "scope": {"notes": "Affected: Apache / Apache Kylin | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 10, "90d_avg": 3, "product": "Apache Kylin", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2020-1956", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1956"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "4b86132c-02fd-4a2f-8f7f-a02b59b5f821", "vulnerability": {"vulnId": "CVE-2025-34058", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "4b86132c-02fd-4a2f-8f7f-a02b59b5f821"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-03T16:22:57+00:00"}, "timestamps": {"asserted_at": "2026-05-03T16:22:57+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-03T16:22:57+00:00", "first_seen_at": "2026-05-03T16:22:57+00:00"}, "scope": {"notes": "Affected: Hikvision / Hikvision Streaming Media Management Server | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-03: 3", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Hikvision", "30d_avg": 0, "90d_avg": 0, "product": "Hikvision Streaming Media Management Server", "cisa_kev": "no", "connections": 3, "observation_date": "2026-05-03", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}], "references": [{"id": "CVE-2025-34058", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34058"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "66eb5610-e5cd-4679-b918-8dc27dd25083", "vulnerability": {"vulnId": "CVE-2023-6266", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "66eb5610-e5cd-4679-b918-8dc27dd25083"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-01T18:17:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-01T18:17:15+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Backup Migration plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Backup Migration plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2023-6266", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6266"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "2acffa01-35f3-454a-99cc-a856be6f2fe9", "vulnerability": {"vulnId": "CVE-2021-27358", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "2acffa01-35f3-454a-99cc-a856be6f2fe9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-01T17:07:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-01T17:07:58+00:00"}, "scope": {"notes": "Affected: Grafana / Grafana | Class: data-visualization | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "data-visualization", "7d_avg": 1, "vendor": "Grafana", "30d_avg": 6, "90d_avg": 2, "product": "Grafana", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2021-27358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27358"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "8d22024b-e155-4586-8605-f179ef65516d", "vulnerability": {"vulnId": "CVE-2023-6909", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "8d22024b-e155-4586-8605-f179ef65516d"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-30T18:23:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-30T18:23:58+00:00"}, "scope": {"notes": "Affected: MLflow / MLflow | Class: ai-system | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 2, "vendor": "MLflow", "30d_avg": 42, "90d_avg": 14, "product": "MLflow", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2023-6909", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6909"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "0b1130b7-b10a-4d31-aac7-594f67a11862", "vulnerability": {"vulnId": "CVE-2022-4059", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "0b1130b7-b10a-4d31-aac7-594f67a11862"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-30T15:35:33+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-30T15:35:33+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Cryptocurrency Widgets Pack plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 3, "product": "Wordpress Cryptocurrency Widgets Pack plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2022-4059", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4059"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "21a8978a-21e0-4be3-89e6-345fd2fb9409", "vulnerability": {"vulnId": "CVE-2026-41940", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "21a8978a-21e0-4be3-89e6-345fd2fb9409"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-30T13:55:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-30T13:55:53+00:00"}, "scope": {"notes": "Affected: cPanel / cPanel and WHM | Class: remote-access | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3454", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "240", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "remote-access", "7d_avg": 272, "vendor": "cPanel", "30d_avg": 417, "90d_avg": 234, "product": "cPanel and WHM", "cisa_kev": "yes", "connections": 3454, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-41940", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41940"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "525cfe08-a745-4ec2-9c16-5b76c7dc0f41", "vulnerability": {"vulnId": "CVE-2025-29635", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "525cfe08-a745-4ec2-9c16-5b76c7dc0f41"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2026-04-27T01:02:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-04-27T01:02:53+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-823X | Class: router | Severity: High (CVSS 7.2) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-21: 320", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-823X", "cisa_kev": "yes", "connections": 320, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2025-29635", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29635"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "3cb4c8a6-94b8-42f3-beaa-028790aa7528", "vulnerability": {"vulnId": "CVE-2023-3793", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "3cb4c8a6-94b8-42f3-beaa-028790aa7528"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-26T02:13:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-26T02:13:53+00:00"}, "scope": {"notes": "Affected: Weaver / Weaver E-cology | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Weaver", "30d_avg": 1, "90d_avg": 0, "product": "Weaver E-cology", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2023-3793", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3793"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "19f17ba8-cf2a-44c9-8921-e9a4914cf293", "vulnerability": {"vulnId": "CVE-2026-1340", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "19f17ba8-cf2a-44c9-8921-e9a4914cf293"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-19T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-26T00:27:43+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-19T00:00:00+00:00", "first_seen_at": "2026-04-26T00:27:43+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-19: 11", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 0, "vendor": "Ivanti", "30d_avg": 0, "90d_avg": 0, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 11, "observation_date": "2026-06-19", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-1340", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1340"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "7ed2d866-dc9d-4cda-a76b-d9d20fa22a05", "vulnerability": {"vulnId": "CVE-2026-34197", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "7ed2d866-dc9d-4cda-a76b-d9d20fa22a05"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-04-24T16:01:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-24T16:01:56+00:00"}, "scope": {"notes": "Affected: Apache / ActiveMQ | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 9, "90d_avg": 3, "product": "ActiveMQ", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2026-34197", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34197"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "8d65bad5-c28c-4c80-8b5b-9a90e428b13a", "vulnerability": {"vulnId": "CVE-2021-22017", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "8d65bad5-c28c-4c80-8b5b-9a90e428b13a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2026-04-21T12:54:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-21T12:54:50+00:00"}, "scope": {"notes": "Affected: VMware / vCenter Server | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "VMware", "30d_avg": 1, "90d_avg": 0, "product": "vCenter Server", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2021-22017", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22017"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "0ef6c4b8-b259-424d-9b81-d6488d22e181", "vulnerability": {"vulnId": "CVE-2024-22927", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "0ef6c4b8-b259-424d-9b81-d6488d22e181"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2026-04-21T11:16:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-21T11:16:38+00:00"}, "scope": {"notes": "Affected: weng-xianhu / EyouCMS | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "weng-xianhu", "30d_avg": 0, "90d_avg": 0, "product": "EyouCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2024-22927", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22927"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "21fa1770-43f2-48b3-aa57-d4273c4c9634", "vulnerability": {"vulnId": "CVE-2023-37999", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "21fa1770-43f2-48b3-aa57-d4273c4c9634"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-18T03:38:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-18T03:38:57+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress HasThemes HT Mega | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress HasThemes HT Mega", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2023-37999", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37999"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "fd44b14a-a797-471b-89f3-108d6573f0b9", "vulnerability": {"vulnId": "CVE-2023-27351", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "fd44b14a-a797-471b-89f3-108d6573f0b9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-18T00:07:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-18T00:07:44+00:00"}, "scope": {"notes": "Affected: PaperCut / PaperCut MF/NG | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 18, "vendor": "PaperCut", "30d_avg": 11, "90d_avg": 4, "product": "PaperCut MF/NG", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2023-27351", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27351"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "6d29019a-5aca-4e3c-8419-c0b69004e46e", "vulnerability": {"vulnId": "CVE-2017-9506", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "6d29019a-5aca-4e3c-8419-c0b69004e46e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2026-04-15T08:29:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-15T08:29:24+00:00"}, "scope": {"notes": "Affected: Atlassian / Atlassian OAuth Plugin | Class: security-management-platform | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 2, "vendor": "Atlassian", "30d_avg": 1, "90d_avg": 0, "product": "Atlassian OAuth Plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2017-9506", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9506"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "e4d2f061-cdd6-477e-84bf-0ef3db2704b0", "vulnerability": {"vulnId": "CVE-2024-22768", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "e4d2f061-cdd6-477e-84bf-0ef3db2704b0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-12T22:07:42+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-12T22:07:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-04-12T22:07:42+00:00", "first_seen_at": "2026-04-12T22:07:42+00:00"}, "scope": {"notes": "Affected: Hitron Systems / Hitron Systems DVR | Class: video-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-04-12: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Hitron Systems", "30d_avg": 0, "90d_avg": 0, "product": "Hitron Systems DVR", "cisa_kev": "no", "connections": 1, "observation_date": "2026-04-12", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2024-22768", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22768"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "25a2dc4d-e899-4445-beef-c09221a27e58", "vulnerability": {"vulnId": "CVE-2023-2806", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "25a2dc4d-e899-4445-beef-c09221a27e58"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-04-09T15:11:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-09T15:11:01+00:00"}, "scope": {"notes": "Affected: Weaver / Weaver e-cology | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Weaver", "30d_avg": 0, "90d_avg": 0, "product": "Weaver e-cology", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2023-2806", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2806"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "bfcf4d11-1b74-43b8-ba70-48b8f99ae678", "vulnerability": {"vulnId": "CVE-2025-1338", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "bfcf4d11-1b74-43b8-ba70-48b8f99ae678"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2026-04-09T04:17:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-09T04:17:32+00:00"}, "scope": {"notes": "Affected: NUUO / NUUO Camera | Class: video-system | Severity: High (CVSS 7.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "NUUO", "30d_avg": 5, "90d_avg": 2, "product": "NUUO Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2025-1338", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1338"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "362ad072-2944-4b59-9091-b9b4a12bb56c", "vulnerability": {"vulnId": "CVE-2026-1405", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "362ad072-2944-4b59-9091-b9b4a12bb56c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-06T18:37:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-06T18:37:12+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Slider Future plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Slider Future plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-1405", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1405"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "257c2934-0c5e-46bc-a1a6-bec5782e8c26", "vulnerability": {"vulnId": "CVE-2026-3965", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "257c2934-0c5e-46bc-a1a6-bec5782e8c26"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-06T00:00:00+00:00"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2026-04-06T15:52:30+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-06T00:00:00+00:00", "first_seen_at": "2026-04-06T15:52:30+00:00"}, "scope": {"notes": "Affected: whyour / qinglong | Class: device-management-platform | Severity: Medium (CVSS 6.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-06: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 4, "vendor": "whyour", "30d_avg": 2, "90d_avg": 0, "product": "qinglong", "cisa_kev": "no", "connections": 1, "observation_date": "2026-05-06", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2026-3965", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3965"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "b673f709-b649-49db-8c9a-25a64208caec", "vulnerability": {"vulnId": "CVE-2023-39964", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "b673f709-b649-49db-8c9a-25a64208caec"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-16T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-06T15:15:06+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-04-16T00:00:00+00:00", "first_seen_at": "2026-04-06T15:15:06+00:00"}, "scope": {"notes": "Affected: 1Panel / !Panel | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-04-16: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "1Panel", "30d_avg": 0, "90d_avg": 0, "product": "!Panel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-04-16", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2023-39964", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39964"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "a75e717e-2767-4fff-8624-d767805af5c2", "vulnerability": {"vulnId": "CVE-2026-21643", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "a75e717e-2767-4fff-8624-d767805af5c2"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-04T23:51:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-04T23:51:07+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiClientEMS | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Fortinet", "30d_avg": 12, "90d_avg": 4, "product": "FortiClientEMS", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-21643", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21643"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "de195e77-97c9-4cd8-9f4f-d79a5c6e4d85", "vulnerability": {"vulnId": "CVE-2018-0125", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "de195e77-97c9-4cd8-9f4f-d79a5c6e4d85"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-02T18:11:50+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-02T18:11:50+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-04-02T18:11:50+00:00", "first_seen_at": "2026-04-02T18:11:50+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco RV132W/RV134W | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-04-02: 34", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "13", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco RV132W/RV134W", "cisa_kev": "yes", "connections": 34, "observation_date": "2026-04-02", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2018-0125", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0125"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "dac33fd4-e1c8-456d-8b0f-c3b0868d6f20", "vulnerability": {"vulnId": "CVE-2026-3055", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "dac33fd4-e1c8-456d-8b0f-c3b0868d6f20"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-31T14:47:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-31T14:47:50+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix NetScaler ADC and NetScaler Gateway | Class: app-delivery-controller | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 25", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 11, "vendor": "Citrix", "30d_avg": 26, "90d_avg": 29, "product": "Citrix NetScaler ADC and NetScaler Gateway", "cisa_kev": "yes", "connections": 25, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-3055", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3055"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "2ae4f942-b1cb-46d1-b522-f9427342d6a7", "vulnerability": {"vulnId": "CVE-2025-4322", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "2ae4f942-b1cb-46d1-b522-f9427342d6a7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-29T01:13:46+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-29T01:13:46+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Motors theme | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 6", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 6, "vendor": "Wordpress", "30d_avg": 3, "90d_avg": 1, "product": "Wordpress Motors theme", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2025-4322", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4322"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "eac9514e-35f6-4e03-9893-a883512e2d30", "vulnerability": {"vulnId": "CVE-2025-34152", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "eac9514e-35f6-4e03-9893-a883512e2d30"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "characteristics": {"severity": 94}, "timestamps": {"asserted_at": "2026-03-25T17:41:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2026-03-25T17:41:53+00:00"}, "scope": {"notes": "Affected: Shenzhen Aitemi / Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) | Class: router | Severity: Critical (CVSS 9.4) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 8, "vendor": "Shenzhen Aitemi", "30d_avg": 4, "90d_avg": 1, "product": "Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02)", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.4, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2025-34152", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34152"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "9dd5ab82-f2c7-4b86-991e-e7d7c362fa6a", "vulnerability": {"vulnId": "CVE-2023-47253", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "9dd5ab82-f2c7-4b86-991e-e7d7c362fa6a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-24T19:42:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-24T19:42:39+00:00"}, "scope": {"notes": "Affected: Qualitor / Qualitor ITSM | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Qualitor", "30d_avg": 5, "90d_avg": 2, "product": "Qualitor ITSM", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2023-47253", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47253"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "d996b643-4fcd-4951-a083-250b748e4220", "vulnerability": {"vulnId": "CVE-2021-44515", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "d996b643-4fcd-4951-a083-250b748e4220"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-24T04:43:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-24T04:43:07+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine Desktop Central | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Zoho", "30d_avg": 6, "90d_avg": 2, "product": "ManageEngine Desktop Central", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2021-44515", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44515"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "44d4433e-d398-4628-850c-3b82aef559c2", "vulnerability": {"vulnId": "CVE-2025-32814", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "44d4433e-d398-4628-850c-3b82aef559c2"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-14T16:01:41+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2026-03-14T16:01:41+00:00"}, "scope": {"notes": "Affected: Infoblox / Infoblox NETMRI | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "Infoblox", "30d_avg": 4, "90d_avg": 1, "product": "Infoblox NETMRI", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2025-32814", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32814"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "31b30098-0d0d-4b72-a437-21f60327d962", "vulnerability": {"vulnId": "CVE-2026-21902", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "31b30098-0d0d-4b72-a437-21f60327d962"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-19T00:00:00+00:00"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-14T11:28:11+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-19T00:00:00+00:00", "first_seen_at": "2026-03-14T11:28:11+00:00"}, "scope": {"notes": "Affected: Juniper / Junos OS Evolved on PTX Series | Class: embedded-system | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-19: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "Juniper", "30d_avg": 0, "90d_avg": 0, "product": "Junos OS Evolved on PTX Series", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-19", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-21902", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21902"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "3c28a786-b52f-44be-92fb-c5c363781be6", "vulnerability": {"vulnId": "CVE-2019-12314", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "3c28a786-b52f-44be-92fb-c5c363781be6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-12T18:48:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-12T18:48:37+00:00"}, "scope": {"notes": "Affected: Deltek / Deltek Maconomy | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Deltek", "30d_avg": 4, "90d_avg": 1, "product": "Deltek Maconomy", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2019-12314", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12314"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "60d0f1e8-7f58-4a81-8935-1526aa19d447", "vulnerability": {"vulnId": "CVE-2018-25114", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "60d0f1e8-7f58-4a81-8935-1526aa19d447"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-12T16:28:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-12T16:28:08+00:00"}, "scope": {"notes": "Affected: osCommerce / osCommerce Online Merchant | Class: other-software | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "osCommerce", "30d_avg": 10, "90d_avg": 4, "product": "osCommerce Online Merchant", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2018-25114", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25114"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "99da59a9-923f-41c7-a49e-22c73ceb8022", "vulnerability": {"vulnId": "CVE-2020-4427", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "99da59a9-923f-41c7-a49e-22c73ceb8022"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-12T11:56:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-12T11:56:35+00:00"}, "scope": {"notes": "Affected: IBM / IBM Data Risk Manager | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 52", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 2, "vendor": "IBM", "30d_avg": 6, "90d_avg": 2, "product": "IBM Data Risk Manager", "cisa_kev": "yes", "connections": 52, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2020-4427", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4427"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "81883113-0759-498f-b795-066b5172439e", "vulnerability": {"vulnId": "CVE-2024-4841", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "81883113-0759-498f-b795-066b5172439e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 33}, "timestamps": {"asserted_at": "2026-03-11T07:12:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-11T07:12:50+00:00"}, "scope": {"notes": "Affected: parisneo / lollms-webui | Class: ai-system | Severity: Low (CVSS 3.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 1, "vendor": "parisneo", "30d_avg": 1, "90d_avg": 0, "product": "lollms-webui", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 3.3, "vulnerability_severity": "Low"}}], "references": [{"id": "CVE-2024-4841", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4841"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "4d376872-b419-4fc6-b801-4e3bd9b971c6", "vulnerability": {"vulnId": "CVE-2021-38154", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "4d376872-b419-4fc6-b801-4e3bd9b971c6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-03-11T05:09:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-11T05:09:48+00:00"}, "scope": {"notes": "Affected: Canon / Canon devices (various) | Class: printer | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "printer", "7d_avg": 18, "vendor": "Canon", "30d_avg": 11, "90d_avg": 4, "product": "Canon devices (various)", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2021-38154", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38154"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "a209bba6-3dc8-4689-a605-bbb9f3a816dd", "vulnerability": {"vulnId": "CVE-2025-15503", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "a209bba6-3dc8-4689-a605-bbb9f3a816dd"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T17:11:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T17:11:06+00:00"}, "scope": {"notes": "Affected: Sangfor / Sangfor Operation and Maintenance Management System | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Sangfor", "30d_avg": 4, "90d_avg": 1, "product": "Sangfor Operation and Maintenance Management System", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2025-15503", "url": "https://www.cve.org/CVERecord?id=CVE-2025-15503"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "9aa05788-1442-4257-aec6-43d70482e778", "vulnerability": {"vulnId": "CVE-2025-10353", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "9aa05788-1442-4257-aec6-43d70482e778"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-10T17:10:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T17:10:34+00:00"}, "scope": {"notes": "Affected: Melis Technology / Melis Platform | Class: other-software | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Melis Technology", "30d_avg": 7, "90d_avg": 2, "product": "Melis Platform", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2025-10353", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10353"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "7df66516-446f-4a8b-b2a9-1b32ca8602a3", "vulnerability": {"vulnId": "CVE-2021-44868", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "7df66516-446f-4a8b-b2a9-1b32ca8602a3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:56:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:56:05+00:00"}, "scope": {"notes": "Affected: ming-soft / MCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "ming-soft", "30d_avg": 11, "90d_avg": 4, "product": "MCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2021-44868", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44868"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "95729499-cdb5-45c3-b4a3-09a936d3795a", "vulnerability": {"vulnId": "CVE-2022-0785", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "95729499-cdb5-45c3-b4a3-09a936d3795a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:43:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:43:02+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Daily Prayer Time plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress Daily Prayer Time plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2022-0785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0785"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "e78e6779-0d8c-4a3f-8b86-72e4003559f9", "vulnerability": {"vulnId": "CVE-2021-24943", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "e78e6779-0d8c-4a3f-8b86-72e4003559f9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:37:39+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-10T16:37:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Registrations for the Events Calendar plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 15", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Registrations for the Events Calendar plugin", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2021-24943", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24943"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "cc289b13-a981-4516-8d45-2a46c84244e9", "vulnerability": {"vulnId": "CVE-2021-24915", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "cc289b13-a981-4516-8d45-2a46c84244e9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:37:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:37:37+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Contest Gallery plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Contest Gallery plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2021-24915", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24915"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "5855783e-cdb4-42ac-b587-f8f20b877559", "vulnerability": {"vulnId": "CVE-2021-4458", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "5855783e-cdb4-42ac-b587-f8f20b877559"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:37:34+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-10T16:37:34+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Modern Events Calendar Lite plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 15", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Modern Events Calendar Lite plugin", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2021-4458", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4458"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "d1891784-0718-4a5a-a192-e5a8fa4560a7", "vulnerability": {"vulnId": "CVE-2020-8656", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "d1891784-0718-4a5a-a192-e5a8fa4560a7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:35:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:35:22+00:00"}, "scope": {"notes": "Affected: EyesOfNetwork / EyesOfNetwork | Class: network-monitoring | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 1, "vendor": "EyesOfNetwork", "30d_avg": 9, "90d_avg": 3, "product": "EyesOfNetwork", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2020-8656", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8656"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "204cf922-dfb9-4835-ab71-c2dec637d03f", "vulnerability": {"vulnId": "CVE-2019-25141", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "204cf922-dfb9-4835-ab71-c2dec637d03f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:28:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:28:38+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Easy WP SMTP plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress Easy WP SMTP plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2019-25141", "url": "https://www.cve.org/CVERecord?id=CVE-2019-25141"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "fa10b8fd-aec1-47a9-a1b1-17e836e7e2c0", "vulnerability": {"vulnId": "CVE-2018-6605", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "fa10b8fd-aec1-47a9-a1b1-17e836e7e2c0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:25:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:25:45+00:00"}, "scope": {"notes": "Affected:  Open Source Matters, Inc/Joomla community / Joomla Zh BaiduMap component | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 3, "vendor": " Open Source Matters, Inc/Joomla community", "30d_avg": 6, "90d_avg": 2, "product": "Joomla Zh BaiduMap component", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2018-6605", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6605"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "ce894f90-a200-443f-9ee8-70141935c492", "vulnerability": {"vulnId": "CVE-2022-0948", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "ce894f90-a200-443f-9ee8-70141935c492"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T19:10:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T19:10:59+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Order Listener for WooCommerce WordPress plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress Order Listener for WooCommerce WordPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2022-0948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0948"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "43636851-cad0-4295-83ce-757b47491d27", "vulnerability": {"vulnId": "CVE-2021-4374", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "43636851-cad0-4295-83ce-757b47491d27"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T15:36:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T15:36:35+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Automatic Plugin for WordPress | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 9, "90d_avg": 3, "product": "Wordpress Automatic Plugin for WordPress", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2021-4374", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4374"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "0eef7698-3495-4265-92a5-bd177e4c8431", "vulnerability": {"vulnId": "CVE-2021-36888", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "0eef7698-3495-4265-92a5-bd177e4c8431"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T15:34:16+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-09T15:34:16+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Image Hover Effects Ultimate plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 22", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Image Hover Effects Ultimate plugin", "cisa_kev": "no", "connections": 22, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2021-36888", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36888"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "060d2e69-b22c-499e-bd3f-8f5c4daa7ba7", "vulnerability": {"vulnId": "CVE-2023-3368", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "060d2e69-b22c-499e-bd3f-8f5c4daa7ba7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T12:09:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T12:09:19+00:00"}, "scope": {"notes": "Affected: Chamilo / Chamilo | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Chamilo", "30d_avg": 5, "90d_avg": 2, "product": "Chamilo", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2023-3368", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3368"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "32d387e6-bf0e-4457-986f-060cf2af7de8", "vulnerability": {"vulnId": "CVE-2019-9874", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "32d387e6-bf0e-4457-986f-060cf2af7de8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-03-09T11:39:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T11:39:47+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix StoreFront Server | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Citrix", "30d_avg": 5, "90d_avg": 2, "product": "Citrix StoreFront Server", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2019-9874", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9874"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "326cc699-021e-4c24-9940-132cfb96140d", "vulnerability": {"vulnId": "CVE-2019-5434", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "326cc699-021e-4c24-9940-132cfb96140d"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T11:38:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-09T11:38:53+00:00"}, "scope": {"notes": "Affected: Revive / Revive Adserver | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 15", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Revive", "30d_avg": 5, "90d_avg": 2, "product": "Revive Adserver", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2019-5434", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5434"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "a7cb0949-11a1-4ced-bce1-e8fde5cd5a50", "vulnerability": {"vulnId": "CVE-2025-4210", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "a7cb0949-11a1-4ced-bce1-e8fde5cd5a50"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2026-03-08T21:53:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-08T21:53:18+00:00"}, "scope": {"notes": "Affected: Casdoor / Casdoor | Class: ai-system | Severity: High (CVSS 7.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 2, "vendor": "Casdoor", "30d_avg": 6, "90d_avg": 2, "product": "Casdoor", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2025-4210", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4210"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "e1cf2e6b-94bc-4591-9973-1c1cde9ec1bc", "vulnerability": {"vulnId": "CVE-2025-27222", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "e1cf2e6b-94bc-4591-9973-1c1cde9ec1bc"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2026-03-07T03:41:05+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-07T03:41:05+00:00"}, "scope": {"notes": "Affected: Rocket Software / Rocket TRUfusion Enterprise | Class: other-software | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 3", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 10, "vendor": "Rocket Software", "30d_avg": 5, "90d_avg": 1, "product": "Rocket TRUfusion Enterprise", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2025-27222", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27222"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "43fb76bb-32d7-48c2-9ab2-3fe8ae2204da", "vulnerability": {"vulnId": "CVE-2026-23744", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "43fb76bb-32d7-48c2-9ab2-3fe8ae2204da"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2026-03-07T00:11:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-07T00:11:29+00:00"}, "scope": {"notes": "Affected: MCPJam / MCPJam Inspector | Class: ai-system | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 0, "vendor": "MCPJam", "30d_avg": 3, "90d_avg": 1, "product": "MCPJam Inspector", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}], "references": [{"id": "CVE-2026-23744", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23744"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "d72e98cc-9fe2-4ae1-bc77-e1f38307f3ab", "vulnerability": {"vulnId": "CVE-2026-21891", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "d72e98cc-9fe2-4ae1-bc77-e1f38307f3ab"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-07T00:11:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-07T00:11:18+00:00"}, "scope": {"notes": "Affected: IceWhaleTech / ZimaOS | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 1, "vendor": "IceWhaleTech", "30d_avg": 4, "90d_avg": 2, "product": "ZimaOS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-21891", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21891"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "cf1ec218-7410-408d-8234-7cab5b283d05", "vulnerability": {"vulnId": "CVE-2022-47615", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "cf1ec218-7410-408d-8234-7cab5b283d05"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-06T23:05:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-06T23:05:06+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress LearnPress plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress LearnPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2022-47615", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47615"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "a45128a4-3c12-4146-a606-6113ab475435", "vulnerability": {"vulnId": "CVE-2022-38296", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "a45128a4-3c12-4146-a606-6113ab475435"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-06T23:04:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-06T23:04:04+00:00"}, "scope": {"notes": "Affected: CuppaCMS / CuppaCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "CuppaCMS", "30d_avg": 11, "90d_avg": 4, "product": "CuppaCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2022-38296", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38296"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "47fdb12a-12c7-4ddc-9401-48b4bfa282eb", "vulnerability": {"vulnId": "CVE-2026-20128", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "47fdb12a-12c7-4ddc-9401-48b4bfa282eb"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-20T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-03-06T22:35:44+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-03-20T00:00:00+00:00", "first_seen_at": "2026-03-06T22:35:44+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco SD-WAN Manager | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-03-20: 11", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 1, "90d_avg": 0, "product": "Cisco SD-WAN Manager", "cisa_kev": "no", "connections": 11, "observation_date": "2026-03-20", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2026-20128", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20128"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "5613beea-185a-46e0-8255-db8b688988a7", "vulnerability": {"vulnId": "CVE-2018-25120", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "5613beea-185a-46e0-8255-db8b688988a7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-08T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-02-24T23:13:26+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-03-08T00:00:00+00:00", "first_seen_at": "2026-02-24T23:13:26+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DNS-343 ShareCenter | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-03-08: 193", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DNS-343 ShareCenter", "cisa_kev": "no", "connections": 193, "observation_date": "2026-03-08", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2018-25120", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25120"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "33acd7cc-101d-4d2c-902f-6d624f64c19f", "vulnerability": {"vulnId": "CVE-2025-64095", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "33acd7cc-101d-4d2c-902f-6d624f64c19f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-02-23T14:33:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-23T14:33:28+00:00"}, "scope": {"notes": "Affected: DNN Corp / DNN (DotNetNuke) | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "DNN Corp", "30d_avg": 3, "90d_avg": 1, "product": "DNN (DotNetNuke)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2025-64095", "url": "https://www.cve.org/CVERecord?id=CVE-2025-64095"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "b621640a-7593-4bcb-9a3c-542c18305364", "vulnerability": {"vulnId": "CVE-2024-6671", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "b621640a-7593-4bcb-9a3c-542c18305364"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-02-23T14:21:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-23T14:21:53+00:00"}, "scope": {"notes": "Affected: Progress / WhatsUp Gold | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Progress", "30d_avg": 11, "90d_avg": 3, "product": "WhatsUp Gold", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2024-6671", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6671"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "2bc14c8f-ebd9-4875-a8ed-50fc1c1705bf", "vulnerability": {"vulnId": "CVE-2026-1603", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "2bc14c8f-ebd9-4875-a8ed-50fc1c1705bf"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-02-17T05:44:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-17T05:44:54+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti EPM | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 7, "90d_avg": 14, "product": "Ivanti EPM", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2026-1603", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1603"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "f8535bd6-83b5-452b-a6c8-4471886f39fa", "vulnerability": {"vulnId": "CVE-2025-34042", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "f8535bd6-83b5-452b-a6c8-4471886f39fa"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-09T23:23:54+00:00"}, "timestamps": {"asserted_at": "2026-02-09T23:23:54+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-09T23:23:54+00:00", "first_seen_at": "2026-02-09T23:23:54+00:00"}, "scope": {"notes": "Affected: BEWARD / BEWARD N100 H.264 VGA IP Camera | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-09: 4", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "BEWARD", "30d_avg": 0, "90d_avg": 0, "product": "BEWARD N100 H.264 VGA IP Camera", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-09", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}], "references": [{"id": "CVE-2025-34042", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34042"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "12792309-3edc-44f9-9e8d-300d664b3fe0", "vulnerability": {"vulnId": "CVE-2020-24219", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "12792309-3edc-44f9-9e8d-300d664b3fe0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-04T16:36:18+00:00"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-02-04T16:36:18+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-04T16:36:18+00:00", "first_seen_at": "2026-02-04T16:36:18+00:00"}, "scope": {"notes": "Affected: HiSilicon / HiSilicon based hardware video encoders (multiple vendors) | Class: embedded-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-04: 3", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "HiSilicon", "30d_avg": 0, "90d_avg": 0, "product": "HiSilicon based hardware video encoders (multiple vendors)", "cisa_kev": "no", "connections": 3, "observation_date": "2026-02-04", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2020-24219", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24219"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "46d0b2f1-93f7-424d-8537-27d98ba010ad", "vulnerability": {"vulnId": "CVE-2024-20404", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "46d0b2f1-93f7-424d-8537-27d98ba010ad"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2026-02-04T04:17:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-04T04:17:11+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco Finesse | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco Finesse", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2024-20404", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20404"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "070d503a-b725-41aa-a26e-b0de0ae36c93", "vulnerability": {"vulnId": "CVE-2025-10211", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "070d503a-b725-41aa-a26e-b0de0ae36c93"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2026-01-31T16:30:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-31T16:30:54+00:00"}, "scope": {"notes": "Affected: ChanCMS / ChanCMS | Class: cms | Severity: Medium (CVSS 6.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "ChanCMS", "30d_avg": 0, "90d_avg": 0, "product": "ChanCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2025-10211", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10211"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "949d42f5-e581-453a-b20b-cd3608b9117e", "vulnerability": {"vulnId": "CVE-2015-10145", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "949d42f5-e581-453a-b20b-cd3608b9117e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "characteristics": {"severity": 87}, "timestamps": {"asserted_at": "2026-01-31T14:30:16+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-10T00:00:00+00:00", "first_seen_at": "2026-01-31T14:30:16+00:00"}, "scope": {"notes": "Affected: Gargoyle / Gargoyle Router | Class: router | Severity: High (CVSS 8.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-10: 7", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Gargoyle", "30d_avg": 0, "90d_avg": 0, "product": "Gargoyle Router", "cisa_kev": "no", "connections": 7, "observation_date": "2026-02-10", "vulnerability_class": "CVSS", "vulnerability_score": 8.7, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2015-10145", "url": "https://www.cve.org/CVERecord?id=CVE-2015-10145"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "bd76c590-b86b-4de9-a606-74bd12f5e2e6", "vulnerability": {"vulnId": "CVE-2026-1281", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "bd76c590-b86b-4de9-a606-74bd12f5e2e6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-19T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-31T10:10:41+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-19T00:00:00+00:00", "first_seen_at": "2026-01-31T10:10:41+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-19: 93", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 0, "vendor": "Ivanti", "30d_avg": 0, "90d_avg": 0, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 93, "observation_date": "2026-06-19", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-1281", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1281"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "b30a874b-1fb0-40f3-888a-27f1ae3bb022", "vulnerability": {"vulnId": "CVE-2025-34022", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "b30a874b-1fb0-40f3-888a-27f1ae3bb022"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-01-29T17:29:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-29T17:29:16+00:00"}, "scope": {"notes": "Affected: Selea / Selea Targa IP OCR-ANPR Camera | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Selea", "30d_avg": 0, "90d_avg": 0, "product": "Selea Targa IP OCR-ANPR Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}], "references": [{"id": "CVE-2025-34022", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34022"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "da5da84c-79e8-45d5-9a9f-92afe3352c8b", "vulnerability": {"vulnId": "CVE-2025-34048", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "da5da84c-79e8-45d5-9a9f-92afe3352c8b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-01-29T17:09:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-29T17:09:04+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DSL-2730U/2750U/2750E | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 1, "product": "D-Link DSL-2730U/2750U/2750E", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}], "references": [{"id": "CVE-2025-34048", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34048"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "88acf6a6-ade9-443d-a830-5de9ff6a5da5", "vulnerability": {"vulnId": "CVE-2025-34044", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "88acf6a6-ade9-443d-a830-5de9ff6a5da5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "timestamps": {"asserted_at": "2026-01-29T16:41:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-29T16:41:59+00:00"}, "scope": {"notes": "Affected: Shenzhen Lingkong Technology / WIFISKY 7-layer flow control router | Class: router | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Shenzhen Lingkong Technology", "30d_avg": 0, "90d_avg": 0, "product": "WIFISKY 7-layer flow control router", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}], "references": [{"id": "CVE-2025-34044", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34044"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "8b908c93-7d68-4f36-a0e2-85b9ec4a177e", "vulnerability": {"vulnId": "CVE-2025-44846", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "8b908c93-7d68-4f36-a0e2-85b9ec4a177e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2026-01-29T10:41:36+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-12T00:00:00+00:00", "first_seen_at": "2026-01-29T10:41:36+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink CA600-PoE | Class: router | Severity: Medium (CVSS 6.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-12: 4", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink CA600-PoE", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2025-44846", "url": "https://www.cve.org/CVERecord?id=CVE-2025-44846"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "d76136dd-af7d-40f2-91d5-475ab853cd25", "vulnerability": {"vulnId": "CVE-2020-20300", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "d76136dd-af7d-40f2-91d5-475ab853cd25"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-28T06:31:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-28T06:31:59+00:00"}, "scope": {"notes": "Affected: WeiPHP / WeiPHP | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 12", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "WeiPHP", "30d_avg": 5, "90d_avg": 1, "product": "WeiPHP", "cisa_kev": "no", "connections": 12, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2020-20300", "url": "https://www.cve.org/CVERecord?id=CVE-2020-20300"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "78f8157b-48ab-4003-a833-8f5cfbfb955f", "vulnerability": {"vulnId": "CVE-2025-47188", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "78f8157b-48ab-4003-a833-8f5cfbfb955f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2026-01-28T06:25:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-28T06:25:40+00:00"}, "scope": {"notes": "Affected: Mitel / Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, 6970 Conference Unit | Class: voip | Severity: Medium (CVSS 6.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "voip", "7d_avg": 0, "vendor": "Mitel", "30d_avg": 0, "90d_avg": 0, "product": "Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, 6970 Conference Unit", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}], "references": [{"id": "CVE-2025-47188", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47188"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "6c5b3e2c-a13c-43c1-979f-327168cdb0f1", "vulnerability": {"vulnId": "CVE-2026-21858", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "6c5b3e2c-a13c-43c1-979f-327168cdb0f1"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2026-01-27T23:40:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-27T23:40:56+00:00"}, "scope": {"notes": "Affected: n8n / n8n | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 26", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "n8n", "30d_avg": 0, "90d_avg": 0, "product": "n8n", "cisa_kev": "no", "connections": 26, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-21858", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21858"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "5daec079-b3aa-4761-91e4-39a3267795e7", "vulnerability": {"vulnId": "CVE-2022-40619", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "5daec079-b3aa-4761-91e4-39a3267795e7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-11T00:00:00+00:00"}, "characteristics": {"severity": 77}, "timestamps": {"asserted_at": "2026-01-26T20:12:10+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-11T00:00:00+00:00", "first_seen_at": "2026-01-26T20:12:10+00:00"}, "scope": {"notes": "Affected: NETGEAR / NETGEAR devices with FunJSQ | Class: router | Severity: High (CVSS 7.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-11: 4", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "NETGEAR", "30d_avg": 0, "90d_avg": 0, "product": "NETGEAR devices with FunJSQ", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-11", "vulnerability_class": "CVSS", "vulnerability_score": 7.7, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2022-40619", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40619"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "b8323768-476b-4581-9098-2397ac4e0426", "vulnerability": {"vulnId": "CVE-2023-32117", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "b8323768-476b-4581-9098-2397ac4e0426"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-26T08:35:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-26T08:35:58+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress SoftLab Integrate Google Drive | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress SoftLab Integrate Google Drive", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2023-32117", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32117"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "51f93256-3b34-47c5-af3b-249a071d9c90", "vulnerability": {"vulnId": "CVE-2023-40748", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "51f93256-3b34-47c5-af3b-249a071d9c90"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-25T19:05:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T19:05:45+00:00"}, "scope": {"notes": "Affected: PHPJabbers / PHPJabbers Food Delivery Script | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "PHPJabbers", "30d_avg": 10, "90d_avg": 3, "product": "PHPJabbers Food Delivery Script", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2023-40748", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40748"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "4e79aba6-0acf-486d-8df6-1914f671179c", "vulnerability": {"vulnId": "CVE-2022-22956", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "4e79aba6-0acf-486d-8df6-1914f671179c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-25T17:58:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T17:58:02+00:00"}, "scope": {"notes": "Affected: VMware / VMware Workspace ONE Access | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "VMware", "30d_avg": 11, "90d_avg": 4, "product": "VMware Workspace ONE Access", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2022-22956", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22956"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "1e1b2817-6a2f-4309-9a61-305104d7ca0b", "vulnerability": {"vulnId": "CVE-2021-47795", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "1e1b2817-6a2f-4309-9a61-305104d7ca0b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 87}, "timestamps": {"asserted_at": "2026-01-25T11:38:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T11:38:11+00:00"}, "scope": {"notes": "Affected: GeoVision / GeoVision GeoWebServer | Class: embedded-system | Severity: High (CVSS 8.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "GeoVision", "30d_avg": 1, "90d_avg": 0, "product": "GeoVision GeoWebServer", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.7, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2021-47795", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47795"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "d20e3ab9-15d7-4865-80e1-892a5de1b7d2", "vulnerability": {"vulnId": "CVE-2018-11714", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "d20e3ab9-15d7-4865-80e1-892a5de1b7d2"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-25T10:56:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T10:56:01+00:00"}, "scope": {"notes": "Affected: TP-Link / TP-Link TL-WR840N v5, TL-WR841N v13 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "TP-Link", "30d_avg": 5, "90d_avg": 2, "product": "TP-Link TL-WR840N v5, TL-WR841N v13", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2018-11714", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11714"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "b1f281e1-8357-4b1c-8990-28f89965aada", "vulnerability": {"vulnId": "CVE-2022-34538", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "b1f281e1-8357-4b1c-8990-28f89965aada"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-09T00:00:00+00:00"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-25T01:59:00+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-09T00:00:00+00:00", "first_seen_at": "2026-01-25T01:59:00+00:00"}, "scope": {"notes": "Affected: Digital Watchdog / Digital Watchdog DW MEGApix IP cameras | Class: video-system | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-09: 10", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Digital Watchdog", "30d_avg": 0, "90d_avg": 0, "product": "Digital Watchdog DW MEGApix IP cameras", "cisa_kev": "no", "connections": 10, "observation_date": "2026-02-09", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}], "references": [{"id": "CVE-2022-34538", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34538"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}, {"uuid": "3105c787-14eb-4989-88de-80b05b16f8c2", "vulnerability": {"vulnId": "CVE-2026-23760", "altId": []}, "gcve": {"origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "object_uuid": "3105c787-14eb-4989-88de-80b05b16f8c2"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-20T00:00:00+00:00"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-01-25T00:04:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-20T00:00:00+00:00", "first_seen_at": "2026-01-25T00:04:42+00:00"}, "scope": {"notes": "Affected: SmarterTools / SmarterMail | Class: email | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-05-20: 9", "asset_exposure": ["internet-facing"]}, "evidence": [{"type": "honeypot", "source": "shadowserver", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "SmarterTools", "30d_avg": 0, "90d_avg": 0, "product": "SmarterMail", "cisa_kev": "yes", "connections": 9, "observation_date": "2026-05-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}], "references": [{"id": "CVE-2026-23760", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23760"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}]}]}
