{"uuid": "fe026380-c375-4ff6-b489-8b01e189972d", "vulnerability": {"vulnId": "CVE-2017-12542", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T13:11:03+00:00"}, "gcve": {"object_uuid": "fe026380-c375-4ff6-b489-8b01e189972d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2026-06-30T13:11:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T13:11:03+00:00", "first_seen_at": "2026-06-30T13:11:03+00:00"}, "scope": {"notes": "Affected: HP / HP iLO 4 | Class: device-management-platform | Severity: Critical (CVSS 10) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-12542", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12542"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "HP", "30d_avg": 0, "90d_avg": 0, "product": "HP iLO 4", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "798e4ec0-659a-427c-898b-25408fff3803", "vulnerability": {"vulnId": "CVE-2023-34659", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "798e4ec0-659a-427c-898b-25408fff3803", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:51+00:00"}, "scope": {"notes": "Affected: JEECG / jeecg-boot | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-34659", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34659"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "JEECG", "30d_avg": 5, "90d_avg": 2, "product": "jeecg-boot", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "91fb4a77-2fe2-42cc-b943-ea44b06d790d", "vulnerability": {"vulnId": "CVE-2025-25231", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "91fb4a77-2fe2-42cc-b943-ea44b06d790d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-12-28T09:58:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-28T09:58:08+00:00"}, "scope": {"notes": "Affected: Omnissa / Omnissa Workspace ONE UEM | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-25231", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25231"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Omnissa", "30d_avg": 4, "90d_avg": 1, "product": "Omnissa Workspace ONE UEM", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b18a7779-58cc-40ba-a795-077289fe2afd", "vulnerability": {"vulnId": "CVE-2022-38627", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b18a7779-58cc-40ba-a795-077289fe2afd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T16:15:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-13T16:15:17+00:00"}, "scope": {"notes": "Affected: Linear / eMerge E3-series | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-38627", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38627"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Linear", "30d_avg": 4, "90d_avg": 1, "product": "eMerge E3-series", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9f319a87-ef63-4b63-aaf3-376fbd9b4784", "vulnerability": {"vulnId": "CVE-2025-22214", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9f319a87-ef63-4b63-aaf3-376fbd9b4784", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 43}, "timestamps": {"asserted_at": "2025-11-28T10:56:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-28T10:56:25+00:00"}, "scope": {"notes": "Affected: Landray / Landray EIS | Class: other-software | Severity: Medium (CVSS 4.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-22214", "url": "https://www.cve.org/CVERecord?id=CVE-2025-22214"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Landray", "30d_avg": 5, "90d_avg": 1, "product": "Landray EIS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "78030535-ff22-41f8-8859-a6dfd0801c6f", "vulnerability": {"vulnId": "CVE-2020-10189", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "78030535-ff22-41f8-8859-a6dfd0801c6f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-07-21T12:36:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-07-21T12:36:01+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine Desktop Central (now Engine Central) | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10189", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10189"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Zoho", "30d_avg": 5, "90d_avg": 2, "product": "ManageEngine Desktop Central (now Engine Central)", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "27de3994-3412-4469-b9e4-4a6927b202c3", "vulnerability": {"vulnId": "CVE-2024-2330", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "27de3994-3412-4469-b9e4-4a6927b202c3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2024-09-26T15:34:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-26T15:34:13+00:00"}, "scope": {"notes": "Affected: Netentsec / NS-ASG Application Security Gateway | Class: firewall | Severity: Medium (CVSS 6.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-2330", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2330"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Netentsec", "30d_avg": 0, "90d_avg": 0, "product": "NS-ASG Application Security Gateway", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "d9ba8e8b-cb40-4a94-8693-3c9e62750a8a", "vulnerability": {"vulnId": "CVE-2021-27670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d9ba8e8b-cb40-4a94-8693-3c9e62750a8a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-21T08:39:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-21T08:39:37+00:00"}, "scope": {"notes": "Affected: Appspace / Appspace | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27670", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27670"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Appspace", "30d_avg": 5, "90d_avg": 1, "product": "Appspace", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e25a7e89-9e31-4cc0-bfa2-d2cdfe4152e0", "vulnerability": {"vulnId": "CVE-2022-25486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e25a7e89-9e31-4cc0-bfa2-d2cdfe4152e0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 78}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: CuppaCMS / CuppaCMS | Class: cms | Severity: High (CVSS 7.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-25486", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25486"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "CuppaCMS", "30d_avg": 5, "90d_avg": 2, "product": "CuppaCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.8, "vulnerability_severity": "High"}}]}
{"uuid": "6c846690-fcf6-4cc2-9834-effb3bd4bc9d", "vulnerability": {"vulnId": "CVE-2024-53944", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6c846690-fcf6-4cc2-9834-effb3bd4bc9d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-02T20:42:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-02T20:42:40+00:00"}, "scope": {"notes": "Affected: Tuoshi/Dionlink / Tuoshi/Dionlink LT15D 4G Wi-Fi | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 13", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-53944", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53944"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Tuoshi/Dionlink", "30d_avg": 0, "90d_avg": 0, "product": "Tuoshi/Dionlink LT15D 4G Wi-Fi", "cisa_kev": "no", "connections": 13, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "078d66c4-f021-45fa-ae5d-e8597f625323", "vulnerability": {"vulnId": "CVE-2023-43795", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "078d66c4-f021-45fa-ae5d-e8597f625323", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-07-22T15:24:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-07-22T15:24:54+00:00"}, "scope": {"notes": "Affected: GeoServer / GeoServer | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-43795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43795"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "GeoServer", "30d_avg": 8, "90d_avg": 3, "product": "GeoServer", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8a7dccd3-97eb-4bc5-8f6b-ae5d5937caa9", "vulnerability": {"vulnId": "CVE-2017-17215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8a7dccd3-97eb-4bc5-8f6b-ae5d5937caa9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2022-05-04T10:59:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2022-05-04T10:59:57+00:00"}, "scope": {"notes": "Affected: Huawei / Huawei Home Gateway HG532 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 5578", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-17215", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17215"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1661", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2067, "vendor": "Huawei", "30d_avg": 1748, "90d_avg": 1588, "product": "Huawei Home Gateway HG532", "cisa_kev": "no", "connections": 5578, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "fab19a2e-741d-48f5-a85a-f515a0752b4b", "vulnerability": {"vulnId": "CVE-2019-7238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fab19a2e-741d-48f5-a85a-f515a0752b4b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:12+00:00"}, "scope": {"notes": "Affected: Sonatype / Nexus Repository Manager | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-7238", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7238"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Sonatype", "30d_avg": 6, "90d_avg": 3, "product": "Nexus Repository Manager", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3f8aee59-58b8-48ae-9a44-1a532441fe6a", "vulnerability": {"vulnId": "CVE-2017-12635", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3f8aee59-58b8-48ae-9a44-1a532441fe6a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:18:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:18:34+00:00"}, "scope": {"notes": "Affected: Apache / CouchDB | Class: database | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-12635", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12635"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 3, "vendor": "Apache", "30d_avg": 4, "90d_avg": 2, "product": "CouchDB", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1f561a43-e0f5-4f1d-a729-65b58c66c82f", "vulnerability": {"vulnId": "CVE-2022-25369", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1f561a43-e0f5-4f1d-a729-65b58c66c82f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Dynamicweb Software / Dynamicweb | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-25369", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25369"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Dynamicweb Software", "30d_avg": 5, "90d_avg": 1, "product": "Dynamicweb", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "e3d326d7-dd79-478d-b974-a1edfbef1374", "vulnerability": {"vulnId": "CVE-2019-5128", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e3d326d7-dd79-478d-b974-a1edfbef1374", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:38+00:00"}, "scope": {"notes": "Affected: YouPHPTube / YouPHPTube Encoder | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-5128", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5128"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "YouPHPTube", "30d_avg": 14, "90d_avg": 5, "product": "YouPHPTube Encoder", "cisa_kev": "no", "connections": 11, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0b5cbe91-7dc9-4d59-8175-c88c42af8d9e", "vulnerability": {"vulnId": "CVE-2020-10148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0b5cbe91-7dc9-4d59-8175-c88c42af8d9e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: SolarWinds / SolarWinds Orion | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10148", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10148"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "SolarWinds", "30d_avg": 8, "90d_avg": 3, "product": "SolarWinds Orion", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fd44b14a-a797-471b-89f3-108d6573f0b9", "vulnerability": {"vulnId": "CVE-2023-27351", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fd44b14a-a797-471b-89f3-108d6573f0b9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-18T00:07:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-18T00:07:44+00:00"}, "scope": {"notes": "Affected: PaperCut / PaperCut MF/NG | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27351", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27351"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 18, "vendor": "PaperCut", "30d_avg": 11, "90d_avg": 4, "product": "PaperCut MF/NG", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "32d387e6-bf0e-4457-986f-060cf2af7de8", "vulnerability": {"vulnId": "CVE-2019-9874", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "32d387e6-bf0e-4457-986f-060cf2af7de8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-03-09T11:39:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T11:39:47+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix StoreFront Server | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-9874", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9874"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Citrix", "30d_avg": 5, "90d_avg": 2, "product": "Citrix StoreFront Server", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "81883113-0759-498f-b795-066b5172439e", "vulnerability": {"vulnId": "CVE-2024-4841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "81883113-0759-498f-b795-066b5172439e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 33}, "timestamps": {"asserted_at": "2026-03-11T07:12:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-11T07:12:50+00:00"}, "scope": {"notes": "Affected: parisneo / lollms-webui | Class: ai-system | Severity: Low (CVSS 3.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-4841", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4841"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 1, "vendor": "parisneo", "30d_avg": 1, "90d_avg": 0, "product": "lollms-webui", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 3.3, "vulnerability_severity": "Low"}}]}
{"uuid": "f4b530ba-b798-408b-9db4-995160766263", "vulnerability": {"vulnId": "CVE-2025-55346", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f4b530ba-b798-408b-9db4-995160766263", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-19T22:59:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-19T22:59:15+00:00"}, "scope": {"notes": "Affected: FlowiseAI / Flowise | Class: ai-system | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-55346", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55346"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 0, "vendor": "FlowiseAI", "30d_avg": 5, "90d_avg": 1, "product": "Flowise", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1489a5e7-a07a-4e91-ad0c-be5c8116a816", "vulnerability": {"vulnId": "CVE-2022-35653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1489a5e7-a07a-4e91-ad0c-be5c8116a816", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2024-02-15T14:49:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-15T14:49:48+00:00"}, "scope": {"notes": "Affected: Moodle / Moodle | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-35653", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35653"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Moodle", "30d_avg": 1, "90d_avg": 0, "product": "Moodle", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "51f93256-3b34-47c5-af3b-249a071d9c90", "vulnerability": {"vulnId": "CVE-2023-40748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "51f93256-3b34-47c5-af3b-249a071d9c90", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-25T19:05:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T19:05:45+00:00"}, "scope": {"notes": "Affected: PHPJabbers / PHPJabbers Food Delivery Script | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-40748", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40748"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "PHPJabbers", "30d_avg": 10, "90d_avg": 3, "product": "PHPJabbers Food Delivery Script", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a7f80075-1232-4084-a489-e934a0042f00", "vulnerability": {"vulnId": "CVE-2022-39960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a7f80075-1232-4084-a489-e934a0042f00", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-18T18:17:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:17:32+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-39960", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39960"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Atlassian", "30d_avg": 1, "90d_avg": 0, "product": "JIRA", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "4f2e6ba2-624c-443f-8795-87bb5427a866", "vulnerability": {"vulnId": "CNVD-2018-24942", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4f2e6ba2-624c-443f-8795-87bb5427a866", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:21:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:21:47+00:00"}, "scope": {"notes": "Affected: TopThink / ThinkPHP5 | Class: web-app-framework | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 558", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "128", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 131, "vendor": "TopThink", "30d_avg": 152, "90d_avg": 153, "product": "ThinkPHP5", "cisa_kev": "no", "connections": 558, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "1fb02370-7e47-430c-9eaa-edfd41bc9469", "vulnerability": {"vulnId": "CVE-2017-18368", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1fb02370-7e47-430c-9eaa-edfd41bc9469", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:02:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:02:40+00:00"}, "scope": {"notes": "Affected: Zyxel/Billion / ZyXEL P660HN-T1A v1, ZyXEL P660HN-T1A v2, Billion 5200W-T | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 144", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-18368", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18368"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "12", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 14, "vendor": "Zyxel/Billion", "30d_avg": 15, "90d_avg": 10, "product": "ZyXEL P660HN-T1A v1, ZyXEL P660HN-T1A v2, Billion 5200W-T", "cisa_kev": "yes", "connections": 144, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5200d781-9f3e-4b0b-8b9d-f53ac6aaf55e", "vulnerability": {"vulnId": "CVE-2014-8361", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5200d781-9f3e-4b0b-8b9d-f53ac6aaf55e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:03:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:03:28+00:00"}, "scope": {"notes": "Affected: Realtek / Realtek SDK | Class: embedded-system | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2085", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-8361", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8361"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "346", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 313, "vendor": "Realtek", "30d_avg": 371, "90d_avg": 320, "product": "Realtek SDK", "cisa_kev": "yes", "connections": 2085, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "41356e10-e0b0-4f03-b1e4-ce7db1f95cf1", "vulnerability": {"vulnId": "CVE-2023-20198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "41356e10-e0b0-4f03-b1e4-ce7db1f95cf1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-19T04:13:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T04:13:16+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco IOS XE | Class: router | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 5954", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-20198", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20198"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "245", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 293, "vendor": "Cisco", "30d_avg": 197, "90d_avg": 228, "product": "Cisco IOS XE", "cisa_kev": "yes", "connections": 5954, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "260df3b8-a6f8-4bba-8a5c-e5fdb10babe5", "vulnerability": {"vulnId": "CVE-2024-36401", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "260df3b8-a6f8-4bba-8a5c-e5fdb10babe5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-07-28T15:03:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-07-28T15:03:37+00:00"}, "scope": {"notes": "Affected: Geoserver / Geoserver | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 726", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-36401", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36401"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Geoserver", "30d_avg": 1, "90d_avg": 1, "product": "Geoserver", "cisa_kev": "yes", "connections": 726, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e7f68850-4d51-4eec-a469-29aeed210a25", "vulnerability": {"vulnId": "CVE-2020-11978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e7f68850-4d51-4eec-a469-29aeed210a25", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:52+00:00"}, "scope": {"notes": "Affected: Apache / Airflow | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11978", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11978"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Apache", "30d_avg": 11, "90d_avg": 4, "product": "Airflow", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "30f51e5d-ded8-447e-b17c-12e279f9e00e", "vulnerability": {"vulnId": "CVE-2024-3721", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "30f51e5d-ded8-447e-b17c-12e279f9e00e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-04-21T15:14:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-21T15:14:47+00:00"}, "scope": {"notes": "Affected: TBK / TBK DVR-4104/DVR-4216 | Class: video-system | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 45", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-3721", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3721"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 2, "vendor": "TBK", "30d_avg": 2, "90d_avg": 3, "product": "TBK DVR-4104/DVR-4216", "cisa_kev": "no", "connections": 45, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "82dd3c22-5af9-4e7c-bcd9-0a87d5c27000", "vulnerability": {"vulnId": "CVE-2017-9805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "82dd3c22-5af9-4e7c-bcd9-0a87d5c27000", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2023-10-14T14:55:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:46+00:00"}, "scope": {"notes": "Affected: Apache / Struts | Class: web-app-framework | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-9805", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9805"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 2, "vendor": "Apache", "30d_avg": 11, "90d_avg": 4, "product": "Struts", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "4398defa-701b-4a77-a25a-8a49dd8c83fe", "vulnerability": {"vulnId": "CVE-2023-49103", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4398defa-701b-4a77-a25a-8a49dd8c83fe", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-11-26T14:09:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-26T14:09:20+00:00"}, "scope": {"notes": "Affected: ownCloud / ownCloud | Class: file-transfer | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-49103", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49103"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 9, "vendor": "ownCloud", "30d_avg": 13, "90d_avg": 7, "product": "ownCloud", "cisa_kev": "yes", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "436e3755-7e0d-4d81-9594-7c1ca561980b", "vulnerability": {"vulnId": "CVE-2021-32030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "436e3755-7e0d-4d81-9594-7c1ca561980b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:57+00:00"}, "scope": {"notes": "Affected: ASUS / GT-AC2900 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-32030", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32030"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "ASUS", "30d_avg": 6, "90d_avg": 3, "product": "GT-AC2900", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ebedb22f-98b8-4a52-8d07-ad74c292cadd", "vulnerability": {"vulnId": "CVE-2016-6277", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ebedb22f-98b8-4a52-8d07-ad74c292cadd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-13T16:38:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:38:51+00:00"}, "scope": {"notes": "Affected: Netgear / NETGEAR R/D Series Routers | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 96", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-6277", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6277"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "96", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 93, "vendor": "Netgear", "30d_avg": 83, "90d_avg": 90, "product": "NETGEAR R/D Series Routers", "cisa_kev": "yes", "connections": 96, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "747a5bb3-872b-41a6-822d-4dd09c136b63", "vulnerability": {"vulnId": "CVE-2024-21887", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "747a5bb3-872b-41a6-822d-4dd09c136b63", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2024-01-18T01:04:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-18T01:04:36+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti Secure Connect and Policy Secure | Class: vpn | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-21887", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21887"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 7, "vendor": "Ivanti", "30d_avg": 11, "90d_avg": 9, "product": "Ivanti Secure Connect and Policy Secure", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "63d62870-7a7e-4f60-8637-f7958dee1499", "vulnerability": {"vulnId": "CVE-2023-35081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "63d62870-7a7e-4f60-8637-f7958dee1499", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2023-10-13T18:56:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T18:56:41+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 34", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-35081", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35081"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 6, "vendor": "Ivanti", "30d_avg": 5, "90d_avg": 6, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 34, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "88a2e9e0-43a4-440f-9eb7-fdbd0d3153d2", "vulnerability": {"vulnId": "CVE-2019-20074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "88a2e9e0-43a4-440f-9eb7-fdbd0d3153d2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-05-09T04:40:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-09T04:40:34+00:00"}, "scope": {"notes": "Affected: Netis / Netis DL4323 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-20074", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20074"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Netis", "30d_avg": 1, "90d_avg": 0, "product": "Netis DL4323", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "3d030beb-039c-4577-a9ab-1328ba22710d", "vulnerability": {"vulnId": "CVE-2023-0159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3d030beb-039c-4577-a9ab-1328ba22710d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-08-17T14:59:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-17T14:59:54+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Extensive VC Addons for WPBakery page builder plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-0159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0159"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Extensive VC Addons for WPBakery page builder plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "1e6745e4-20a5-4778-9732-ed588b0df237", "vulnerability": {"vulnId": "CVE-2020-35665", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1e6745e4-20a5-4778-9732-ed588b0df237", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: TerraMaster / TOS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-35665", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35665"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "TerraMaster", "30d_avg": 10, "90d_avg": 4, "product": "TOS", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "78d6e9ac-6bdf-407d-911e-6b424fe99b5f", "vulnerability": {"vulnId": "CVE-2021-34993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "78d6e9ac-6bdf-407d-911e-6b424fe99b5f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: Commvault / CommCell | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-34993", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34993"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Commvault", "30d_avg": 1, "90d_avg": 0, "product": "CommCell", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "de9b7e61-24a8-41f6-b517-7bf6bb3adf22", "vulnerability": {"vulnId": "CVE-2020-24581", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "de9b7e61-24a8-41f6-b517-7bf6bb3adf22", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 80}, "timestamps": {"asserted_at": "2023-10-14T14:56:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:54+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DSL-2888A | Class: router | Severity: High (CVSS 8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-24581", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24581"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "D-Link", "30d_avg": 11, "90d_avg": 4, "product": "D-Link DSL-2888A", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8, "vulnerability_severity": "High"}}]}
{"uuid": "ad20ad61-d934-402a-99f1-0c57fa772f0f", "vulnerability": {"vulnId": "EDB-44760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ad20ad61-d934-402a-99f1-0c57fa772f0f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T22:17:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T22:17:07+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DSL-2750B | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 45", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-44760", "url": "https://www.exploit-db.com/exploits/44760"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "12", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 15, "vendor": "D-Link", "30d_avg": 227, "90d_avg": 200, "product": "D-Link DSL-2750B", "cisa_kev": "no", "connections": 45, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "aaf8c9ef-6f8a-46db-a79e-3c1d4cff5ec1", "vulnerability": {"vulnId": "CVE-2022-25487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "aaf8c9ef-6f8a-46db-a79e-3c1d4cff5ec1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: The Digital Craft / AtomCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-25487", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25487"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "The Digital Craft", "30d_avg": 11, "90d_avg": 4, "product": "AtomCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6ceae747-75ea-41ab-90b0-be5fc5e57a80", "vulnerability": {"vulnId": "CVE-2020-17506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6ceae747-75ea-41ab-90b0-be5fc5e57a80", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:54:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:54:04+00:00"}, "scope": {"notes": "Affected: Artica / Artica Web Proxy | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-17506", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17506"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Artica", "30d_avg": 15, "90d_avg": 5, "product": "Artica Web Proxy", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "304bebda-28e5-430a-b094-5963c8cc1d6a", "vulnerability": {"vulnId": "CVE-2022-47945", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "304bebda-28e5-430a-b094-5963c8cc1d6a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-11T10:38:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-11T10:38:34+00:00"}, "scope": {"notes": "Affected: TopThink / ThinkPHP | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-47945", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47945"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "TopThink", "30d_avg": 8, "90d_avg": 2, "product": "ThinkPHP", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9aa2e1c7-a744-4ec0-b130-c7fbc671c43e", "vulnerability": {"vulnId": "CVE-2021-22502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9aa2e1c7-a744-4ec0-b130-c7fbc671c43e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:49+00:00"}, "scope": {"notes": "Affected: Micro Focus / Operations Bridge Reporter (OBR) | Class: database | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22502", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22502"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 4, "vendor": "Micro Focus", "30d_avg": 7, "90d_avg": 3, "product": "Operations Bridge Reporter (OBR)", "cisa_kev": "yes", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "01533ae5-2d1a-40f1-a1ef-5790900adbbd", "vulnerability": {"vulnId": "CVE-2020-24914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "01533ae5-2d1a-40f1-a1ef-5790900adbbd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-23T17:45:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T17:45:44+00:00"}, "scope": {"notes": "Affected: QCubed / QCubed | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-24914", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24914"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 1, "vendor": "QCubed", "30d_avg": 1, "90d_avg": 0, "product": "QCubed", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fa356700-95c1-4ff2-a204-4327845309d3", "vulnerability": {"vulnId": "CVE-2020-5847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fa356700-95c1-4ff2-a204-4327845309d3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:38+00:00"}, "scope": {"notes": "Affected: Lime Technology / Unraid | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 52", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-5847", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5847"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Lime Technology", "30d_avg": 6, "90d_avg": 2, "product": "Unraid", "cisa_kev": "yes", "connections": 52, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7665b944-c77c-48f7-aba4-1393867c36c0", "vulnerability": {"vulnId": "CVE-2023-20073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7665b944-c77c-48f7-aba4-1393867c36c0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-22T03:56:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-22T03:56:40+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers | Class: router | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-20073", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20073"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "333d2860-3f28-4382-a14d-03a56f3e082b", "vulnerability": {"vulnId": "CVE-2019-12986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "333d2860-3f28-4382-a14d-03a56f3e082b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:08:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:08:27+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix SD-WAN and NetScaler SD-WAN | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12986", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12986"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 2, "vendor": "Citrix", "30d_avg": 10, "90d_avg": 4, "product": "Citrix SD-WAN and NetScaler SD-WAN", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "df329a61-694f-4857-ab66-0dc1da3179da", "vulnerability": {"vulnId": "CVE-2022-24816", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "df329a61-694f-4857-ab66-0dc1da3179da", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Geoserver / Geoserver (JAI-EXT) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 106", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-24816", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24816"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "6", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 4, "vendor": "Geoserver", "30d_avg": 8, "90d_avg": 4, "product": "Geoserver (JAI-EXT)", "cisa_kev": "yes", "connections": 106, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "efbdda13-003b-465d-b551-db3076985b67", "vulnerability": {"vulnId": "CVE-2017-1000170", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "efbdda13-003b-465d-b551-db3076985b67", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:55:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:24+00:00"}, "scope": {"notes": "Affected: jQueryFileTree / jQueryFileTree | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-1000170", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000170"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "jQueryFileTree", "30d_avg": 6, "90d_avg": 2, "product": "jQueryFileTree", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "8c9089e1-35c3-4c83-92bd-28e42d607979", "vulnerability": {"vulnId": "CVE-2010-0219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8c9089e1-35c3-4c83-92bd-28e42d607979", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T13:54:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T13:54:56+00:00"}, "scope": {"notes": "Affected: Apache / Axis2 | Class: web-app-framework | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2010-0219", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0219"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 3, "vendor": "Apache", "30d_avg": 12, "90d_avg": 5, "product": "Axis2", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "39479272-ea67-41a1-91a6-cb27a4f782c5", "vulnerability": {"vulnId": "CVE-2019-19824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "39479272-ea67-41a1-91a6-cb27a4f782c5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:09+00:00"}, "scope": {"notes": "Affected: Totolink / TOTOLINK Realtek SDK based routers | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-19824", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19824"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 3, "vendor": "Totolink", "30d_avg": 6, "90d_avg": 3, "product": "TOTOLINK Realtek SDK based routers", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "c3c3f333-2fbf-4a85-8fb5-929b9e585b0b", "vulnerability": {"vulnId": "CVE-2023-29919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c3c3f333-2fbf-4a85-8fb5-929b9e585b0b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-14T14:57:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:48+00:00"}, "scope": {"notes": "Affected: CONTEC / SolarView Compact | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-29919", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29919"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "CONTEC", "30d_avg": 6, "90d_avg": 2, "product": "SolarView Compact", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "6de3d588-7f20-48df-86db-351a596d0f96", "vulnerability": {"vulnId": "CVE-2021-27931", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6de3d588-7f20-48df-86db-351a596d0f96", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-14T14:56:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:55+00:00"}, "scope": {"notes": "Affected: Lumis / LumisXP | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27931", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27931"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Lumis", "30d_avg": 5, "90d_avg": 2, "product": "LumisXP", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "f58568ac-1c3b-4523-84d0-c861952cabf4", "vulnerability": {"vulnId": "CVE-2023-45878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f58568ac-1c3b-4523-84d0-c861952cabf4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-05-19T13:16:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-19T13:16:32+00:00"}, "scope": {"notes": "Affected: Gibbon / Gibbon | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-45878", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45878"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Gibbon", "30d_avg": 5, "90d_avg": 2, "product": "Gibbon", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4102e3da-482e-4d70-87a4-2454a3c3d543", "vulnerability": {"vulnId": "CVE-2020-15568", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4102e3da-482e-4d70-87a4-2454a3c3d543", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:54:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:54:00+00:00"}, "scope": {"notes": "Affected: TerraMaster / TOS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-15568", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15568"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 2, "vendor": "TerraMaster", "30d_avg": 10, "90d_avg": 4, "product": "TOS", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "49eaa0d0-2732-4cc2-aa1a-6ace8e9ab3c4", "vulnerability": {"vulnId": "CVE-2021-33044", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "49eaa0d0-2732-4cc2-aa1a-6ace8e9ab3c4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:59+00:00"}, "scope": {"notes": "Affected: Dahua / Dahua (multiple products) | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-33044", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33044"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "Dahua", "30d_avg": 5, "90d_avg": 2, "product": "Dahua (multiple products)", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fda72200-a158-400e-9050-e42c0f5617cf", "vulnerability": {"vulnId": "CVE-2021-4191", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fda72200-a158-400e-9050-e42c0f5617cf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-17T22:27:31+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-17T22:27:31+00:00"}, "scope": {"notes": "Affected: GitLab / GitLab CE/EE | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-4191", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4191"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "GitLab", "30d_avg": 1, "90d_avg": 0, "product": "GitLab CE/EE", "cisa_kev": "no", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "0f4a2838-d3c7-4422-8b9c-bab81b9da965", "vulnerability": {"vulnId": "CVE-2023-26775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0f4a2838-d3c7-4422-8b9c-bab81b9da965", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 78}, "timestamps": {"asserted_at": "2024-02-10T14:25:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-10T14:25:05+00:00"}, "scope": {"notes": "Affected: Monitorr / Monitorr | Class: network-monitoring | Severity: High (CVSS 7.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26775"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 19, "vendor": "Monitorr", "30d_avg": 20, "90d_avg": 7, "product": "Monitorr", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.8, "vulnerability_severity": "High"}}]}
{"uuid": "b5c1300f-3cd9-4de7-beae-a27114f2b3d9", "vulnerability": {"vulnId": "CVE-2020-29597", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b5c1300f-3cd9-4de7-beae-a27114f2b3d9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: IncomCMS / IncomCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-29597", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29597"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "IncomCMS", "30d_avg": 7, "90d_avg": 2, "product": "IncomCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "27e79db0-adac-4ba1-b9c7-148768250aa2", "vulnerability": {"vulnId": "CVE-2020-11530", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "27e79db0-adac-4ba1-b9c7-148768250aa2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-27T04:52:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-27T04:52:24+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Chop Slider plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11530", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11530"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress Chop Slider plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e72196bb-e2b6-43d5-bdb7-b024f1d77a69", "vulnerability": {"vulnId": "CVE-2021-46422", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e72196bb-e2b6-43d5-bdb7-b024f1d77a69", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:56:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:56:55+00:00"}, "scope": {"notes": "Affected: Telesquare / Telesquare SDT-CW3B1 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-46422", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46422"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Telesquare", "30d_avg": 10, "90d_avg": 3, "product": "Telesquare SDT-CW3B1", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "06277a93-a0e2-4fc1-887c-7cf6fa84ab79", "vulnerability": {"vulnId": "CVE-2017-7921", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "06277a93-a0e2-4fc1-887c-7cf6fa84ab79", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-16T12:46:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-16T12:46:02+00:00"}, "scope": {"notes": "Affected: Hikvision / Hikvision DS series multiple products | Class: video-system | Severity: Critical (CVSS 10) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-7921", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7921"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 2, "vendor": "Hikvision", "30d_avg": 1, "90d_avg": 1, "product": "Hikvision DS series multiple products", "cisa_kev": "yes", "connections": 11, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "799735e4-2124-4f43-b103-789dff43c604", "vulnerability": {"vulnId": "CVE-2024-3400", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "799735e4-2124-4f43-b103-789dff43c604", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-17T02:07:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-17T02:07:44+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / GlobalProtect | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 52", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-3400", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3400"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 2, "vendor": "Palo Alto Networks", "30d_avg": 1, "90d_avg": 0, "product": "GlobalProtect", "cisa_kev": "yes", "connections": 52, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e399d56a-9e2c-4a1f-acfb-2bfb110594a4", "vulnerability": {"vulnId": "CVE-2019-5127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e399d56a-9e2c-4a1f-acfb-2bfb110594a4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:12+00:00"}, "scope": {"notes": "Affected: YouPHPTube / YouPHPTube Encoder | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 18", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-5127", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5127"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "YouPHPTube", "30d_avg": 10, "90d_avg": 4, "product": "YouPHPTube Encoder", "cisa_kev": "no", "connections": 18, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7ab4ec6b-a5b4-438a-9180-0d4abf70e339", "vulnerability": {"vulnId": "CVE-2019-1821", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7ab4ec6b-a5b4-438a-9180-0d4abf70e339", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:08+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-1821", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1821"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 2, "vendor": "Cisco", "30d_avg": 11, "90d_avg": 4, "product": "Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2081e08f-de5a-4976-848d-594d8890eb3a", "vulnerability": {"vulnId": "CVE-2017-1000486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2081e08f-de5a-4976-848d-594d8890eb3a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:15:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:15:09+00:00"}, "scope": {"notes": "Affected: PrimeFaces / PrimeTek | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 49", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-1000486", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000486"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "PrimeFaces", "30d_avg": 4, "90d_avg": 2, "product": "PrimeTek", "cisa_kev": "yes", "connections": 49, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "24d39e61-10d0-4213-a299-eebb115fff6c", "vulnerability": {"vulnId": "CVE-2023-43208", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "24d39e61-10d0-4213-a299-eebb115fff6c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 99}, "timestamps": {"asserted_at": "2024-05-25T19:12:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-05-25T19:12:55+00:00"}, "scope": {"notes": "Affected: NextGen Healthcare / Mirth Connect | Class: other-software | Severity: Critical (CVSS 9.9) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-43208", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43208"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "NextGen Healthcare", "30d_avg": 10, "90d_avg": 3, "product": "Mirth Connect", "cisa_kev": "yes", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.9, "vulnerability_severity": "Critical"}}]}
{"uuid": "c58124b8-1b53-414e-bb71-ddd5d5fc5c91", "vulnerability": {"vulnId": "CVE-2020-7796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c58124b8-1b53-414e-bb71-ddd5d5fc5c91", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:40+00:00"}, "scope": {"notes": "Affected: Zimbra / Zimbra Collaboration Suite | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-7796", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7796"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 2, "vendor": "Zimbra", "30d_avg": 6, "90d_avg": 2, "product": "Zimbra Collaboration Suite", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "16f7cb19-3ec4-42d7-83dc-3f26acde949c", "vulnerability": {"vulnId": "CVE-2018-3810", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "16f7cb19-3ec4-42d7-83dc-3f26acde949c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:54:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:54:52+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Oturia Smart Google Code Inserter plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-3810", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3810"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress Oturia Smart Google Code Inserter plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "763cac32-b347-4519-9576-9f802ece33fd", "vulnerability": {"vulnId": "CVE-2021-35464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "763cac32-b347-4519-9576-9f802ece33fd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:00+00:00"}, "scope": {"notes": "Affected: ForgeRock / ForgeRock Access Manager | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-35464", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35464"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "ForgeRock", "30d_avg": 5, "90d_avg": 2, "product": "ForgeRock Access Manager", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4bfcfa1c-7210-461a-a1d3-96a1bb08dab4", "vulnerability": {"vulnId": "CVE-2023-46347", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4bfcfa1c-7210-461a-a1d3-96a1bb08dab4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-19T18:19:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-19T18:19:01+00:00"}, "scope": {"notes": "Affected: PrestaShop / NDK Design for PrestaShop | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-46347", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46347"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "PrestaShop", "30d_avg": 5, "90d_avg": 2, "product": "NDK Design for PrestaShop", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "416345d4-79f6-4ca8-9ffd-01ec55746ae3", "vulnerability": {"vulnId": "CVE-2020-8193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "416345d4-79f6-4ca8-9ffd-01ec55746ae3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-13T18:37:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T18:37:22+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | Class: app-delivery-controller | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8193", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8193"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 2, "vendor": "Citrix", "30d_avg": 2, "90d_avg": 29, "product": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "47db41dc-dfd2-4347-872d-4392d9a4c37f", "vulnerability": {"vulnId": "CVE-2019-10758", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "47db41dc-dfd2-4347-872d-4392d9a4c37f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 99}, "timestamps": {"asserted_at": "2023-10-14T14:56:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:01+00:00"}, "scope": {"notes": "Affected: mongo-express / mongo-express | Class: database | Severity: Critical (CVSS 9.9) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-10758", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10758"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 1, "vendor": "mongo-express", "30d_avg": 4, "90d_avg": 2, "product": "mongo-express", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.9, "vulnerability_severity": "Critical"}}]}
{"uuid": "46d80051-d8a8-45be-ad8b-180934867bed", "vulnerability": {"vulnId": "CVE-2018-10942", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "46d80051-d8a8-45be-ad8b-180934867bed", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-28T00:01:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-28T00:01:52+00:00"}, "scope": {"notes": "Affected: PrestaShop / Attribute Wizard addon for PrestaShop | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-10942", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10942"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "PrestaShop", "30d_avg": 9, "90d_avg": 3, "product": "Attribute Wizard addon for PrestaShop", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f9590442-a7e0-47ad-9070-1eacfe13bf13", "vulnerability": {"vulnId": "CVE-2019-12990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f9590442-a7e0-47ad-9070-1eacfe13bf13", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:13:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:13:28+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix SD-WAN and NetScaler SD-WAN | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12990", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12990"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 2, "vendor": "Citrix", "30d_avg": 9, "90d_avg": 3, "product": "Citrix SD-WAN and NetScaler SD-WAN", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1e0e78c3-e80b-44b0-b2bb-be27f95e354c", "vulnerability": {"vulnId": "CVE-2020-4463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1e0e78c3-e80b-44b0-b2bb-be27f95e354c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 82}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: IBM / Maximo Asset Management | Class: device-management-platform | Severity: High (CVSS 8.2) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-4463", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4463"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 2, "vendor": "IBM", "30d_avg": 10, "90d_avg": 3, "product": "Maximo Asset Management", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.2, "vulnerability_severity": "High"}}]}
{"uuid": "4490bc83-ff15-42fa-868d-4b5d4248c732", "vulnerability": {"vulnId": "CVE-2020-8515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4490bc83-ff15-42fa-868d-4b5d4248c732", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:41+00:00"}, "scope": {"notes": "Affected: Draytek / Draytek Vigor2960, Vigor3900, Vigor300B | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8515", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8515"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Draytek", "30d_avg": 6, "90d_avg": 2, "product": "Draytek Vigor2960, Vigor3900, Vigor300B", "cisa_kev": "yes", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d1a0d476-8b33-4b26-a5f1-d32aceb52110", "vulnerability": {"vulnId": "CVE-2024-32735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d1a0d476-8b33-4b26-a5f1-d32aceb52110", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-01-22T16:42:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-22T16:42:58+00:00"}, "scope": {"notes": "Affected: CyberPanel / CyberPanel | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-32735", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32735"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "CyberPanel", "30d_avg": 6, "90d_avg": 2, "product": "CyberPanel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9fe5a6ec-47c0-491f-b192-2d05f0cc52e9", "vulnerability": {"vulnId": "CVE-2020-15920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9fe5a6ec-47c0-491f-b192-2d05f0cc52e9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:51:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:51:41+00:00"}, "scope": {"notes": "Affected: Mida Solutions / Mida eFramework | Class: ip-pbx | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-15920", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15920"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ip-pbx", "7d_avg": 0, "vendor": "Mida Solutions", "30d_avg": 5, "90d_avg": 1, "product": "Mida eFramework", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4973c4ca-1026-471e-805a-17f8f7fbc507", "vulnerability": {"vulnId": "CVE-2013-7091", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4973c4ca-1026-471e-805a-17f8f7fbc507", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-15T16:47:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T16:47:12+00:00"}, "scope": {"notes": "Affected: Synacor / Zimbra Collaboration Suite | Class: email | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2013-7091", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7091"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "Synacor", "30d_avg": 1, "90d_avg": 1, "product": "Zimbra Collaboration Suite", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "05b4804b-dce2-49bc-a5fb-b5ea030d0da6", "vulnerability": {"vulnId": "CVE-2024-4325", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "05b4804b-dce2-49bc-a5fb-b5ea030d0da6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2024-09-25T12:58:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-25T12:58:53+00:00"}, "scope": {"notes": "Affected: Gradio / Gradio | Class: ai-system | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-4325", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4325"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 1, "vendor": "Gradio", "30d_avg": 10, "90d_avg": 3, "product": "Gradio", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "591906b6-31ad-46b5-b4be-8f9cd6b72a2e", "vulnerability": {"vulnId": "CVE-2017-15944", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "591906b6-31ad-46b5-b4be-8f9cd6b72a2e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:18:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:18:28+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / PAN-OS | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-15944", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15944"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 2, "vendor": "Palo Alto Networks", "30d_avg": 4, "90d_avg": 2, "product": "PAN-OS", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b72c4a95-bc8e-48fa-bb3d-80c57858e059", "vulnerability": {"vulnId": "CVE-2025-24799", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b72c4a95-bc8e-48fa-bb3d-80c57858e059", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-04-17T13:56:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-04-17T13:56:12+00:00"}, "scope": {"notes": "Affected: GLPI / GLPI | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-24799", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24799"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "GLPI", "30d_avg": 3, "90d_avg": 1, "product": "GLPI", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "825b24fd-7ab9-4f3f-8a4b-2e1e61f296e4", "vulnerability": {"vulnId": "CVE-2019-12985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "825b24fd-7ab9-4f3f-8a4b-2e1e61f296e4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:20+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix SD-WAN and NetScaler SD-WAN | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12985", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12985"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 1, "vendor": "Citrix", "30d_avg": 10, "90d_avg": 3, "product": "Citrix SD-WAN and NetScaler SD-WAN", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7ec3e056-dcb7-490c-aee7-f4f184ca0c62", "vulnerability": {"vulnId": "CVE-2023-22515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7ec3e056-dcb7-490c-aee7-f4f184ca0c62", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:00:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:02+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 147", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-22515", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22515"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Atlassian", "30d_avg": 13, "90d_avg": 12, "product": "Confluence", "cisa_kev": "yes", "connections": 147, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7944a9c3-cf55-4604-b53e-c1617bc3444f", "vulnerability": {"vulnId": "CVE-2016-3088", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7944a9c3-cf55-4604-b53e-c1617bc3444f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:17:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:17:37+00:00"}, "scope": {"notes": "Affected: Apache / ActiveMQ | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-3088", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3088"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Apache", "30d_avg": 10, "90d_avg": 4, "product": "ActiveMQ", "cisa_kev": "yes", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a25300dd-7094-494d-ad95-86bbe342ad68", "vulnerability": {"vulnId": "CVE-2014-3206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a25300dd-7094-494d-ad95-86bbe342ad68", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:11:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:11:46+00:00"}, "scope": {"notes": "Affected: Seagate / BlackArmor NAS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-3206", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3206"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 2, "vendor": "Seagate", "30d_avg": 12, "90d_avg": 4, "product": "BlackArmor NAS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f89d2a1e-4178-4124-877b-053f7f4eb3ec", "vulnerability": {"vulnId": "CVE-2016-10108", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f89d2a1e-4178-4124-877b-053f7f4eb3ec", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-07T13:47:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-07T13:47:57+00:00"}, "scope": {"notes": "Affected: Western Digital / MyCloud NAS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-10108", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10108"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 2, "vendor": "Western Digital", "30d_avg": 6, "90d_avg": 2, "product": "MyCloud NAS", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8d6e1805-b8a1-4e8c-903c-d18ecabb573f", "vulnerability": {"vulnId": "CVE-2022-38840", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8d6e1805-b8a1-4e8c-903c-d18ecabb573f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-21T01:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-21T01:57:26+00:00"}, "scope": {"notes": "Affected: Guralp / Guralp MAN-EAM-0003 | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-38840", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38840"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Guralp", "30d_avg": 5, "90d_avg": 2, "product": "Guralp MAN-EAM-0003", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "17ef564e-7089-4a85-9f80-86ff8e4ba38b", "vulnerability": {"vulnId": "CVE-2024-29824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "17ef564e-7089-4a85-9f80-86ff8e4ba38b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 96}, "timestamps": {"asserted_at": "2024-06-19T03:03:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-19T03:03:18+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti EPM | Class: device-management-platform | Severity: Critical (CVSS 9.6) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-29824", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29824"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 6, "90d_avg": 2, "product": "Ivanti EPM", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.6, "vulnerability_severity": "Critical"}}]}
{"uuid": "c45bf0ab-a092-48ca-b336-b81e91277abf", "vulnerability": {"vulnId": "CVE-2020-36112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c45bf0ab-a092-48ca-b336-b81e91277abf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: CSE Bookstore / CSE Bookstore | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-36112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36112"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "CSE Bookstore", "30d_avg": 5, "90d_avg": 2, "product": "CSE Bookstore", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1e02f07f-e9d9-411e-aae8-61eb18a7c09d", "vulnerability": {"vulnId": "CVE-2019-7256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1e02f07f-e9d9-411e-aae8-61eb18a7c09d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T14:56:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:12+00:00"}, "scope": {"notes": "Affected: Linear / eMerge E3-Series | Class: other-software | Severity: Critical (CVSS 10) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-7256", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7256"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Linear", "30d_avg": 13, "90d_avg": 5, "product": "eMerge E3-Series", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "1a16670a-abfe-4dbe-a288-ea5ff1309363", "vulnerability": {"vulnId": "CVE-2021-41266", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1a16670a-abfe-4dbe-a288-ea5ff1309363", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:35:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:35:27+00:00"}, "scope": {"notes": "Affected: MiniIO / MiniIO Console | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-41266", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41266"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "MiniIO", "30d_avg": 5, "90d_avg": 2, "product": "MiniIO Console", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b858083d-c39a-424a-a4a1-cfcc08f71f4d", "vulnerability": {"vulnId": "EDB-50321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b858083d-c39a-424a-a4a1-cfcc08f71f4d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-19T02:17:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T02:17:00+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress 3DPrint Lite plugin | Class: cms | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-50321", "url": "https://www.exploit-db.com/exploits/50321"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress 3DPrint Lite plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "e48395de-997f-4226-b4f5-89f9fd2478da", "vulnerability": {"vulnId": "CVE-2017-18378", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e48395de-997f-4226-b4f5-89f9fd2478da", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T22:25:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T22:25:59+00:00"}, "scope": {"notes": "Affected: NETGEAR / NETGEAR ReadyNAS Surveillance | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-18378", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18378"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "NETGEAR", "30d_avg": 5, "90d_avg": 1, "product": "NETGEAR ReadyNAS Surveillance", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "59764b63-96e9-4015-b553-4ee38110bf90", "vulnerability": {"vulnId": "CVE-2021-31755", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "59764b63-96e9-4015-b553-4ee38110bf90", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:58+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda AC11 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-31755", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31755"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 4, "vendor": "Tenda", "30d_avg": 7, "90d_avg": 3, "product": "Tenda AC11", "cisa_kev": "yes", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f71ddbce-41ae-4c58-87b7-6d01560b771c", "vulnerability": {"vulnId": "CVE-2021-24499", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f71ddbce-41ae-4c58-87b7-6d01560b771c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:51+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Block and Stop Bad Bots plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24499", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24499"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress Block and Stop Bad Bots plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2ec8f2e8-3d91-486e-b8b6-e6dec1cda48f", "vulnerability": {"vulnId": "CVE-2021-24284", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2ec8f2e8-3d91-486e-b8b6-e6dec1cda48f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:50+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Kaswara Modern VC Addons plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24284", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24284"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 4, "product": "Wordpress Kaswara Modern VC Addons plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6c97b1bf-e5d2-4952-be59-4cff77892488", "vulnerability": {"vulnId": "CVE-2022-2958", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6c97b1bf-e5d2-4952-be59-4cff77892488", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T18:14:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:14:07+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress BadgeOS plugin | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-2958", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2958"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress BadgeOS plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "81d272b2-340b-4ca7-bba9-e475d6bd23dc", "vulnerability": {"vulnId": "CVE-2018-12296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "81d272b2-340b-4ca7-bba9-e475d6bd23dc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T20:53:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:53:25+00:00"}, "scope": {"notes": "Affected: Seagate / Seagate NAS OS | Class: nas | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-12296", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12296"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 2, "vendor": "Seagate", "30d_avg": 6, "90d_avg": 2, "product": "Seagate NAS OS", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c99cac9d-251d-4c08-8068-3d89fd6298b8", "vulnerability": {"vulnId": "CVE-2022-38130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c99cac9d-251d-4c08-8068-3d89fd6298b8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-21T13:26:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-21T13:26:29+00:00"}, "scope": {"notes": "Affected: Keysight Technologies / Sensor Management Server | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-38130", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38130"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Keysight Technologies", "30d_avg": 5, "90d_avg": 2, "product": "Sensor Management Server", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2e935995-2877-4c7d-8d2b-58e240b4b2e4", "vulnerability": {"vulnId": "CVE-2023-41109", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2e935995-2877-4c7d-8d2b-58e240b4b2e4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-22T00:48:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-22T00:48:28+00:00"}, "scope": {"notes": "Affected: Patton / SmartNode SN200 | Class: voip | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-41109", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41109"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "voip", "7d_avg": 1, "vendor": "Patton", "30d_avg": 5, "90d_avg": 2, "product": "SmartNode SN200", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "61764908-907f-4990-b22f-14e8f7c92d41", "vulnerability": {"vulnId": "CVE-2022-47966", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "61764908-907f-4990-b22f-14e8f7c92d41", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:57:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:41+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine (multiple products) | Class: other-software | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-47966", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47966"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Zoho", "30d_avg": 5, "90d_avg": 2, "product": "ManageEngine (multiple products)", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "7a35156b-62ab-417f-9aab-6a5f18c4c61c", "vulnerability": {"vulnId": "CVE-2019-12593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7a35156b-62ab-417f-9aab-6a5f18c4c61c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:02+00:00"}, "scope": {"notes": "Affected: IceWarp / IceWarp Mail Server | Class: email | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12593", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12593"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "IceWarp", "30d_avg": 12, "90d_avg": 4, "product": "IceWarp Mail Server", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5054ebc8-6452-40de-bf9f-cc91b94feae4", "vulnerability": {"vulnId": "CVE-2019-15642", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5054ebc8-6452-40de-bf9f-cc91b94feae4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-01-16T02:49:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-16T02:49:11+00:00"}, "scope": {"notes": "Affected: Webmin / Webmin | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-15642", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15642"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Webmin", "30d_avg": 9, "90d_avg": 3, "product": "Webmin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "69e04253-a45e-4792-b209-f51184c95223", "vulnerability": {"vulnId": "CVE-2021-28149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "69e04253-a45e-4792-b209-f51184c95223", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-23T18:05:31+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:05:31+00:00"}, "scope": {"notes": "Affected: Hongdian / Hongdian H8922 | Class: router | Severity: Medium (CVSS 6.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28149"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Hongdian", "30d_avg": 1, "90d_avg": 0, "product": "Hongdian H8922", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "7a1f37ed-9acc-487c-8691-7ccee92378fa", "vulnerability": {"vulnId": "CVE-2019-18371", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7a1f37ed-9acc-487c-8691-7ccee92378fa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-01-02T17:03:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-02T17:03:28+00:00"}, "scope": {"notes": "Affected: Xiaomi / Xiaomi Mi WiFi R3G | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-18371", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18371"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Xiaomi", "30d_avg": 5, "90d_avg": 1, "product": "Xiaomi Mi WiFi R3G", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "4df18d42-6567-47f0-98c9-59f68f9c41ea", "vulnerability": {"vulnId": "CVE-2020-15415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4df18d42-6567-47f0-98c9-59f68f9c41ea", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-01T08:57:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-01T08:57:51+00:00"}, "scope": {"notes": "Affected: Draytek / Vigor3900, Vigor2960, Vigor300B | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-15415", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15415"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Draytek", "30d_avg": 5, "90d_avg": 2, "product": "Vigor3900, Vigor2960, Vigor300B", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5879d2b4-3a23-4580-a04b-01573c59898c", "vulnerability": {"vulnId": "CVE-2020-13942", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5879d2b4-3a23-4580-a04b-01573c59898c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:43:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:43:59+00:00"}, "scope": {"notes": "Affected: Apache / Unomi | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-13942", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13942"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Apache", "30d_avg": 10, "90d_avg": 3, "product": "Unomi", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e4e6ab77-fd87-404f-b21e-5bc5f7e6f57f", "vulnerability": {"vulnId": "CVE-2021-28151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e4e6ab77-fd87-404f-b21e-5bc5f7e6f57f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:55+00:00"}, "scope": {"notes": "Affected: Hongdian / H8922 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-28151", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28151"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 21, "vendor": "Hongdian", "30d_avg": 12, "90d_avg": 4, "product": "H8922", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "b5bae7b5-458c-4a60-bba4-df899b964865", "vulnerability": {"vulnId": "CVE-2023-26802", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b5bae7b5-458c-4a60-bba4-df899b964865", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-16T19:55:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-16T19:55:44+00:00"}, "scope": {"notes": "Affected: DCN (Digital China Networks) / DCBI-Netlog-LAB | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26802", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26802"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "DCN (Digital China Networks)", "30d_avg": 5, "90d_avg": 2, "product": "DCBI-Netlog-LAB", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e487466f-905d-479d-b78f-d8f884948311", "vulnerability": {"vulnId": "CVE-2019-9762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e487466f-905d-479d-b78f-d8f884948311", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-21T11:58:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-21T11:58:06+00:00"}, "scope": {"notes": "Affected: PHPSHE / PHPSHE | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-9762", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9762"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "PHPSHE", "30d_avg": 0, "90d_avg": 0, "product": "PHPSHE", "cisa_kev": "no", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "caec1612-5eaf-4f20-923d-bbaabcccd3f3", "vulnerability": {"vulnId": "CVE-2020-11546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "caec1612-5eaf-4f20-923d-bbaabcccd3f3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:17+00:00"}, "scope": {"notes": "Affected: Mirko B\u00c3\u00b6er Software Development / SuperWebMailer | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11546"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 2, "vendor": "Mirko B\u00c3\u00b6er Software Development", "30d_avg": 5, "90d_avg": 2, "product": "SuperWebMailer", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b7c5da59-e217-402c-934e-6d2ea36c777b", "vulnerability": {"vulnId": "CVE-2021-21975", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b7c5da59-e217-402c-934e-6d2ea36c777b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:48+00:00"}, "scope": {"notes": "Affected: VMware / vRealize Operations Manager API | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21975", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21975"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 2, "vendor": "VMware", "30d_avg": 6, "90d_avg": 2, "product": "vRealize Operations Manager API", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "fd4c05f2-d49c-41da-a91c-55ba1e523833", "vulnerability": {"vulnId": "CVE-2021-41649", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fd4c05f2-d49c-41da-a91c-55ba1e523833", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-10T12:51:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-10T12:51:24+00:00"}, "scope": {"notes": "Affected: PuneethReddyHC / PuneethReddyHC | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-41649", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41649"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "PuneethReddyHC", "30d_avg": 5, "90d_avg": 2, "product": "PuneethReddyHC", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "949da928-364c-4b77-a934-cd54a3ac0238", "vulnerability": {"vulnId": "CVE-2021-3577", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "949da928-364c-4b77-a934-cd54a3ac0238", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:57:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:00+00:00"}, "scope": {"notes": "Affected: Motorola / Binatone Hubble Camera | Class: video-system | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-3577", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3577"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "Motorola", "30d_avg": 5, "90d_avg": 2, "product": "Binatone Hubble Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "7d49a3bd-00af-4854-ac25-29b1e841bd65", "vulnerability": {"vulnId": "CVE-2022-39952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7d49a3bd-00af-4854-ac25-29b1e841bd65", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:38+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiNAC | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-39952", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Fortinet", "30d_avg": 6, "90d_avg": 2, "product": "FortiNAC", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a4a1fc0e-bef3-4865-ab35-0df9128d2108", "vulnerability": {"vulnId": "CVE-2023-33831", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a4a1fc0e-bef3-4865-ab35-0df9128d2108", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:50+00:00"}, "scope": {"notes": "Affected: frangoteam / FUXA | Class: data-visualization | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 23", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-33831", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33831"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "data-visualization", "7d_avg": 2, "vendor": "frangoteam", "30d_avg": 10, "90d_avg": 4, "product": "FUXA", "cisa_kev": "no", "connections": 23, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7991410c-b50f-4069-8ce5-42f7dba3fc03", "vulnerability": {"vulnId": "CVE-2019-8442", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7991410c-b50f-4069-8ce5-42f7dba3fc03", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-17T22:27:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-17T22:27:41+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-8442", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8442"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 0, "90d_avg": 0, "product": "JIRA", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "3b198cf6-29d9-4fb2-9c5a-fbe85592a0b2", "vulnerability": {"vulnId": "CVE-2021-40822", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3b198cf6-29d9-4fb2-9c5a-fbe85592a0b2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:10+00:00"}, "scope": {"notes": "Affected: GeoServer / GeoServer | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-40822", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40822"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "GeoServer", "30d_avg": 0, "90d_avg": 0, "product": "GeoServer", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "3a21aca1-b807-497e-b578-93e20e7a482b", "vulnerability": {"vulnId": "CVE-2020-11455", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3a21aca1-b807-497e-b578-93e20e7a482b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:16+00:00"}, "scope": {"notes": "Affected: LimeSurvey / LimeSurvey | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11455", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11455"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "LimeSurvey", "30d_avg": 5, "90d_avg": 1, "product": "LimeSurvey", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ccfea4ed-7e63-4d5a-99b7-4f4baabeacaa", "vulnerability": {"vulnId": "CVE-2021-20028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ccfea4ed-7e63-4d5a-99b7-4f4baabeacaa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-16T08:44:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-16T08:44:02+00:00"}, "scope": {"notes": "Affected: SonicWall / SonicWall Secure Remote Access | Class: vpn | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20028", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20028"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 1, "vendor": "SonicWall", "30d_avg": 5, "90d_avg": 2, "product": "SonicWall Secure Remote Access", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5ea00b2c-bae7-4c13-87aa-a2f1ff50153e", "vulnerability": {"vulnId": "CVE-2020-10546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5ea00b2c-bae7-4c13-87aa-a2f1ff50153e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-14T14:56:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:16+00:00"}, "scope": {"notes": "Affected: rConfig / rConfig | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10546"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "rConfig", "30d_avg": 4, "90d_avg": 1, "product": "rConfig", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "46c530bd-6d0a-4031-a773-64f1faffcf9e", "vulnerability": {"vulnId": "CVE-2022-26352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "46c530bd-6d0a-4031-a773-64f1faffcf9e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: dotCMS / dotCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-26352", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26352"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "dotCMS", "30d_avg": 10, "90d_avg": 3, "product": "dotCMS", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e1dc4ae0-5b4b-4c3a-a26b-92688a675b37", "vulnerability": {"vulnId": "CVE-2022-1390", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e1dc4ae0-5b4b-4c3a-a26b-92688a675b37", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:25:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:25:10+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Admin Word Count Column plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1390", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1390"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Admin Word Count Column plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8d91d7ad-2cb8-46fd-9422-98a3da4e0730", "vulnerability": {"vulnId": "CVE-2021-41293", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8d91d7ad-2cb8-46fd-9422-98a3da4e0730", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:14+00:00"}, "scope": {"notes": "Affected: ECOA / ECOA Building Automation System | Class: other-software | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-41293", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41293"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "ECOA", "30d_avg": 5, "90d_avg": 2, "product": "ECOA Building Automation System", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2436e653-5be3-431b-98b7-44f507a4b102", "vulnerability": {"vulnId": "CVE-2024-8963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2436e653-5be3-431b-98b7-44f507a4b102", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2024-11-06T19:17:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-11-06T19:17:38+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti CSA | Class: device-management-platform | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8963", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8963"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 5, "vendor": "Ivanti", "30d_avg": 10, "90d_avg": 8, "product": "Ivanti CSA", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "1920a1c4-16d5-44c8-9349-4049728ac00a", "vulnerability": {"vulnId": "CVE-2025-26319", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1920a1c4-16d5-44c8-9349-4049728ac00a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-31T18:14:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-03-31T18:14:14+00:00"}, "scope": {"notes": "Affected: FlowiseAI / Flowise | Class: ai-system | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-26319", "url": "https://www.cve.org/CVERecord?id=CVE-2025-26319"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 0, "vendor": "FlowiseAI", "30d_avg": 10, "90d_avg": 3, "product": "Flowise", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "576dc081-de31-44cd-bb4d-9f3af20d4368", "vulnerability": {"vulnId": "CVE-2021-24227", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "576dc081-de31-44cd-bb4d-9f3af20d4368", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:50+00:00"}, "scope": {"notes": "Affected: Wordpress / Patreon Wordpress plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24227", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24227"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Patreon Wordpress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "9ceec48f-2d87-48fd-8a3d-363e7415a9bb", "vulnerability": {"vulnId": "CVE-2022-34121", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9ceec48f-2d87-48fd-8a3d-363e7415a9bb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:35+00:00"}, "scope": {"notes": "Affected: CuppaCMS / CuppaCMS | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-34121", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34121"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "CuppaCMS", "30d_avg": 5, "90d_avg": 2, "product": "CuppaCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "8d00eea5-75a8-4e1a-92c9-ef0facf4d42d", "vulnerability": {"vulnId": "CVE-2022-29464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8d00eea5-75a8-4e1a-92c9-ef0facf4d42d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:30+00:00"}, "scope": {"notes": "Affected: WSO2 / WSO2 multiple products | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29464", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29464"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "WSO2", "30d_avg": 6, "90d_avg": 2, "product": "WSO2 multiple products", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4e185a23-0d95-4528-aa6e-c393cb586a96", "vulnerability": {"vulnId": "CVE-2022-0781", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4e185a23-0d95-4528-aa6e-c393cb586a96", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:12:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:12:28+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Nirweb support plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0781", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0781"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Nirweb support plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5772a941-7e15-44e6-8a2a-25fe52e1df14", "vulnerability": {"vulnId": "CVE-2021-31602", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5772a941-7e15-44e6-8a2a-25fe52e1df14", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:57+00:00"}, "scope": {"notes": "Affected: Hitachi Ventara / Pentaho Business Analytics | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-31602", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31602"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 17, "vendor": "Hitachi Ventara", "30d_avg": 11, "90d_avg": 4, "product": "Pentaho Business Analytics", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "42005679-8efc-4496-ad1e-d11ce93cb8e1", "vulnerability": {"vulnId": "CVE-2022-31137", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "42005679-8efc-4496-ad1e-d11ce93cb8e1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-03T11:09:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-03T11:09:05+00:00"}, "scope": {"notes": "Affected: Roxy-WI / Roxy-WI | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31137", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31137"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Roxy-WI", "30d_avg": 5, "90d_avg": 2, "product": "Roxy-WI", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "01a728f6-6797-43ee-b992-b89e09b9be99", "vulnerability": {"vulnId": "CVE-2024-4885", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "01a728f6-6797-43ee-b992-b89e09b9be99", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-06T02:47:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-06T02:47:11+00:00"}, "scope": {"notes": "Affected: Progress / WhatsUp Gold | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-4885", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4885"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Progress", "30d_avg": 5, "90d_avg": 2, "product": "WhatsUp Gold", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "93bce616-4268-4352-b8b6-8fe4a386c092", "vulnerability": {"vulnId": "CVE-2024-27956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "93bce616-4268-4352-b8b6-8fe4a386c092", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T06:27:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:26+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Automatic plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27956", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27956"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Automatic plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "76ed8f72-146d-49c0-b0ae-d488b754c12a", "vulnerability": {"vulnId": "CVE-2022-0826", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "76ed8f72-146d-49c0-b0ae-d488b754c12a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WP Video Gallery plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0826", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0826"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress WP Video Gallery plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2a3f5dfb-1134-49a0-9805-a886e1119a7f", "vulnerability": {"vulnId": "CVE-2023-26256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2a3f5dfb-1134-49a0-9805-a886e1119a7f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-19T08:11:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T08:11:51+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA STAGIL Navigation for Jira - Menu & Themes plugin | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26256", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26256"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 5, "90d_avg": 9, "product": "JIRA STAGIL Navigation for Jira - Menu & Themes plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "058866bb-84fd-4f28-9da8-7263d03b00eb", "vulnerability": {"vulnId": "CVE-2023-23333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "058866bb-84fd-4f28-9da8-7263d03b00eb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:44+00:00"}, "scope": {"notes": "Affected: CONTEC / SolarView Compact | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-23333", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23333"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "CONTEC", "30d_avg": 5, "90d_avg": 2, "product": "SolarView Compact", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9771138e-5437-4ddd-a103-e4f836b17460", "vulnerability": {"vulnId": "CVE-2022-29007", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9771138e-5437-4ddd-a103-e4f836b17460", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:28+00:00"}, "scope": {"notes": "Affected: Dairy Farm Shop Management System / Dairy Farm Shop Management System v1.0 | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29007", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29007"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Dairy Farm Shop Management System", "30d_avg": 9, "90d_avg": 3, "product": "Dairy Farm Shop Management System v1.0", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1b275fbf-271e-4a6f-8e66-bf580598a2ee", "vulnerability": {"vulnId": "CVE-2021-25864", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1b275fbf-271e-4a6f-8e66-bf580598a2ee", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:53+00:00"}, "scope": {"notes": "Affected: node-red-contrib-huemagic / node-red-contrib-huemagic (for Philips HUE | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-25864", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25864"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "node-red-contrib-huemagic", "30d_avg": 5, "90d_avg": 1, "product": "node-red-contrib-huemagic (for Philips HUE", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2a8f88e3-cb42-4843-a9d2-c3c91742f715", "vulnerability": {"vulnId": "CVE-2020-3452", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2a8f88e3-cb42-4843-a9d2-c3c91742f715", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco ASA and Cisco Firepower Threat Defense | Class: firewall | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 63", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-3452", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3452"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "6", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 4, "vendor": "Cisco", "30d_avg": 62, "90d_avg": 29, "product": "Cisco ASA and Cisco Firepower Threat Defense", "cisa_kev": "yes", "connections": 63, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5f3f56fd-6663-4392-abef-f07e857f46d0", "vulnerability": {"vulnId": "CVE-2023-1698", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5f3f56fd-6663-4392-abef-f07e857f46d0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:42+00:00"}, "scope": {"notes": "Affected: WAGO / WAGO products (multiple) | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-1698", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1698"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 1, "vendor": "WAGO", "30d_avg": 5, "90d_avg": 2, "product": "WAGO products (multiple)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2964a000-803b-4392-84a6-7546d82f0a08", "vulnerability": {"vulnId": "CVE-2019-11370", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2964a000-803b-4392-84a6-7546d82f0a08", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 54}, "timestamps": {"asserted_at": "2023-10-23T04:44:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T04:44:18+00:00"}, "scope": {"notes": "Affected: Carel / Carel pCOWeb | Class: embedded-system | Severity: Medium (CVSS 5.4) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-11370", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11370"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 2, "vendor": "Carel", "30d_avg": 1, "90d_avg": 0, "product": "Carel pCOWeb", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.4, "vulnerability_severity": "Medium"}}]}
{"uuid": "cb86d3c6-c4bd-4b14-9fb3-71960b4fe6be", "vulnerability": {"vulnId": "CVE-2022-27593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cb86d3c6-c4bd-4b14-9fb3-71960b4fe6be", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 90}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP NAS devices running Photo Station | Class: nas | Severity: Critical (CVSS 9) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-27593", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27593"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "QNAP", "30d_avg": 4, "90d_avg": 1, "product": "QNAP NAS devices running Photo Station", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9, "vulnerability_severity": "Critical"}}]}
{"uuid": "106e0d44-a140-4468-b47d-9b3e0c7ea9b0", "vulnerability": {"vulnId": "CVE-2022-3980", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "106e0d44-a140-4468-b47d-9b3e0c7ea9b0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:38+00:00"}, "scope": {"notes": "Affected: Sophos / Sophos Mobile | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-3980", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3980"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Sophos", "30d_avg": 5, "90d_avg": 2, "product": "Sophos Mobile", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0d2147a7-6ef3-48a8-8d5e-757ebee450bc", "vulnerability": {"vulnId": "CVE-2022-29153", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0d2147a7-6ef3-48a8-8d5e-757ebee450bc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:29+00:00"}, "scope": {"notes": "Affected: HashiCorp / Consul and Consul Enterprise | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29153", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29153"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 15, "vendor": "HashiCorp", "30d_avg": 11, "90d_avg": 3, "product": "Consul and Consul Enterprise", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d22095dc-d273-41e1-8ddb-649c9c88badb", "vulnerability": {"vulnId": "CVE-2022-1020", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d22095dc-d273-41e1-8ddb-649c9c88badb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:23:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:23:41+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Product Table for WooCommerce (wooproducttable) plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1020", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1020"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Product Table for WooCommerce (wooproducttable) plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "43b0e675-4de9-452c-8582-6e1a5b9fa523", "vulnerability": {"vulnId": "CVE-2024-53704", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "43b0e675-4de9-452c-8582-6e1a5b9fa523", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 82}, "timestamps": {"asserted_at": "2025-02-24T19:28:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-24T19:28:16+00:00"}, "scope": {"notes": "Affected: SonicWall / SonicOS | Class: firewall | Severity: High (CVSS 8.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 52", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-53704", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53704"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 4, "vendor": "SonicWall", "30d_avg": 7, "90d_avg": 3, "product": "SonicOS", "cisa_kev": "yes", "connections": 52, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.2, "vulnerability_severity": "High"}}]}
{"uuid": "ce2168c3-fc44-483d-a669-d7d36d2929a6", "vulnerability": {"vulnId": "CVE-2023-38205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ce2168c3-fc44-483d-a669-d7d36d2929a6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-10T13:01:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-10T13:01:38+00:00"}, "scope": {"notes": "Affected: Adobe / ColdFusion | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-38205", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38205"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "Adobe", "30d_avg": 4, "90d_avg": 1, "product": "ColdFusion", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "24ec216d-0d67-44ce-82ee-22dd7a4857db", "vulnerability": {"vulnId": "CVE-2024-6893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "24ec216d-0d67-44ce-82ee-22dd7a4857db", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-09-04T06:17:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-04T06:17:34+00:00"}, "scope": {"notes": "Affected: Journeyx / Journeyx | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6893"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Journeyx", "30d_avg": 5, "90d_avg": 2, "product": "Journeyx", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "e72e3c0e-7f2d-4189-8c51-bccd87a9f9f7", "vulnerability": {"vulnId": "CVE-2024-4443", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e72e3c0e-7f2d-4189-8c51-bccd87a9f9f7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-18T23:39:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-18T23:39:27+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Business Directory Plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-4443", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4443"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Business Directory Plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a4e9e581-fec1-47ee-8725-35cc8e0ab6ac", "vulnerability": {"vulnId": "CVE-2024-6205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a4e9e581-fec1-47ee-8725-35cc8e0ab6ac", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-01-22T16:43:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-22T16:43:50+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress PayPlus Payment Gateway plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6205", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6205"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress PayPlus Payment Gateway plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "84190efc-fded-4b83-a6df-dca1ca624460", "vulnerability": {"vulnId": "CVE-2024-35219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "84190efc-fded-4b83-a6df-dca1ca624460", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 83}, "timestamps": {"asserted_at": "2024-12-05T06:27:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:26+00:00"}, "scope": {"notes": "Affected: OpenAPI Tools / OpenAPI Generator | Class: other-software | Severity: High (CVSS 8.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-35219", "url": "https://www.cve.org/CVERecord?id=CVE-2024-35219"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 21, "vendor": "OpenAPI Tools", "30d_avg": 9, "90d_avg": 3, "product": "OpenAPI Generator", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.3, "vulnerability_severity": "High"}}]}
{"uuid": "b6ed94fc-e495-4d1a-a370-bb46ffde4dbb", "vulnerability": {"vulnId": "CVE-2022-0346", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b6ed94fc-e495-4d1a-a370-bb46ffde4dbb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T18:21:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:21:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Google XML Sitemap Generator plugin | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0346", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0346"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 1, "90d_avg": 0, "product": "Wordpress Google XML Sitemap Generator plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "6e9cdb65-125d-4287-98fe-09534cb10828", "vulnerability": {"vulnId": "CVE-2024-7593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6e9cdb65-125d-4287-98fe-09534cb10828", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-06T20:24:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-06T20:24:02+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti Virtual Traffic Manager (vTM) | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7593", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7593"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 11, "90d_avg": 4, "product": "Ivanti Virtual Traffic Manager (vTM)", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d764c4f9-47cc-4387-a97b-2489b31048e4", "vulnerability": {"vulnId": "CVE-2024-38653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d764c4f9-47cc-4387-a97b-2489b31048e4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-12-12T14:20:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-12T14:20:09+00:00"}, "scope": {"notes": "Affected: Ivanti / Avalanche | Class: mobile-device-management | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-38653", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38653"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 5, "90d_avg": 1, "product": "Avalanche", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "6624e003-a7d5-4ce3-ac2f-3a879405e259", "vulnerability": {"vulnId": "CVE-2024-6396", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6624e003-a7d5-4ce3-ac2f-3a879405e259", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-16T09:57:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-16T09:57:34+00:00"}, "scope": {"notes": "Affected: AimStack / Aim | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6396", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6396"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "AimStack", "30d_avg": 1, "90d_avg": 0, "product": "Aim", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e51aea36-aee8-4348-9ee0-9494c6e57813", "vulnerability": {"vulnId": "CVE-2024-9047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e51aea36-aee8-4348-9ee0-9494c6e57813", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-21T10:21:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-21T10:21:42+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress File Upload plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9047", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9047"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress File Upload plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "867de3f6-b5a9-453f-a2a6-0af3cd4edca9", "vulnerability": {"vulnId": "CVE-2021-21234", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "867de3f6-b5a9-453f-a2a6-0af3cd4edca9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 77}, "timestamps": {"asserted_at": "2023-10-14T14:56:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:47+00:00"}, "scope": {"notes": "Affected: Spring Boot Actuator Logview / Spring Boot Actuator Logview | Class: other-software | Severity: High (CVSS 7.7) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 13", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21234", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21234"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Spring Boot Actuator Logview", "30d_avg": 12, "90d_avg": 4, "product": "Spring Boot Actuator Logview", "cisa_kev": "no", "connections": 13, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.7, "vulnerability_severity": "High"}}]}
{"uuid": "5e834979-9c1d-4786-870c-dc5b1c5beedf", "vulnerability": {"vulnId": "CVE-2024-38475", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5e834979-9c1d-4786-870c-dc5b1c5beedf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2025-07-17T18:30:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-17T18:30:06+00:00"}, "scope": {"notes": "Affected: Apache / Apache HTTP Server | Class: web-server | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-38475", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38475"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "Apache HTTP Server", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "9a3eee03-659d-4313-b304-4c8c360834ac", "vulnerability": {"vulnId": "CVE-2024-7097", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9a3eee03-659d-4313-b304-4c8c360834ac", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 43}, "timestamps": {"asserted_at": "2025-02-02T13:21:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-02T13:21:23+00:00"}, "scope": {"notes": "Affected: WSO2 / WSO2 API Manager, WSO2 Identity Server, WSO2 Identity Server as Key Manager | Class: security-management-platform | Severity: Medium (CVSS 4.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7097", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7097"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "WSO2", "30d_avg": 0, "90d_avg": 0, "product": "WSO2 API Manager, WSO2 Identity Server, WSO2 Identity Server as Key Manager", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "b5f7b425-c2b1-47a3-a658-8c292f6db0b1", "vulnerability": {"vulnId": "CVE-2024-36857", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b5f7b425-c2b1-47a3-a658-8c292f6db0b1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-08-15T08:02:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-15T08:02:37+00:00"}, "scope": {"notes": "Affected: Homebrew Computer Company / Jan | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-36857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36857"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Homebrew Computer Company", "30d_avg": 0, "90d_avg": 0, "product": "Jan", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "94da9043-ddc1-4031-88f4-5a69553771da", "vulnerability": {"vulnId": "CVE-2024-32737", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "94da9043-ddc1-4031-88f4-5a69553771da", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-01-22T16:42:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-22T16:42:58+00:00"}, "scope": {"notes": "Affected: CyberPanel / CyberPanel | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-32737", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32737"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "CyberPanel", "30d_avg": 5, "90d_avg": 1, "product": "CyberPanel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5bedbb41-716f-4fa6-bf51-6d2f1584fd7b", "vulnerability": {"vulnId": "CVE-2023-29298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5bedbb41-716f-4fa6-bf51-6d2f1584fd7b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:48+00:00"}, "scope": {"notes": "Affected: Adobe / ColdFusion | Class: app-server | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-29298", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29298"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 1, "vendor": "Adobe", "30d_avg": 10, "90d_avg": 3, "product": "ColdFusion", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "15d7c72c-405e-4aa2-8363-3b8f54a94920", "vulnerability": {"vulnId": "CVE-2022-24716", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "15d7c72c-405e-4aa2-8363-3b8f54a94920", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:41+00:00"}, "scope": {"notes": "Affected: Icinga / Icinga Web 2 | Class: network-monitoring | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-24716", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24716"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 0, "vendor": "Icinga", "30d_avg": 10, "90d_avg": 3, "product": "Icinga Web 2", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5b1b2391-e286-45fa-85e4-31996e4dc077", "vulnerability": {"vulnId": "CVE-2024-27497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5b1b2391-e286-45fa-85e4-31996e4dc077", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-03-19T15:53:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-19T15:53:17+00:00"}, "scope": {"notes": "Affected: Linksys / Linksys E2000 | Class: router | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27497", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27497"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Linksys", "30d_avg": 5, "90d_avg": 1, "product": "Linksys E2000", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "aa199aea-b618-4750-be9c-5cb31928b103", "vulnerability": {"vulnId": "CVE-2020-17453", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "aa199aea-b618-4750-be9c-5cb31928b103", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T18:34:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:34:28+00:00"}, "scope": {"notes": "Affected: WSO2 / WSO2 Management Console | Class: security-management-platform | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-17453", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17453"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "WSO2", "30d_avg": 0, "90d_avg": 0, "product": "WSO2 Management Console", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "a7c6d367-0e9c-4bce-8deb-3e474f7d34a9", "vulnerability": {"vulnId": "CVE-2021-27855", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a7c6d367-0e9c-4bce-8deb-3e474f7d34a9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-22T11:15:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-22T11:15:43+00:00"}, "scope": {"notes": "Affected: FatPipe / FatPipe WARP/IPVPN/MPVPN  | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27855", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27855"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "FatPipe", "30d_avg": 5, "90d_avg": 2, "product": "FatPipe WARP/IPVPN/MPVPN ", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "498c0a66-1e25-4ee0-9ae3-d6c4c7131a4c", "vulnerability": {"vulnId": "CVE-2023-6114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "498c0a66-1e25-4ee0-9ae3-d6c4c7131a4c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-04-11T20:16:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-11T20:16:56+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Duplicator/Duplicator Pro plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6114", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6114"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 20, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 4, "product": "Wordpress Duplicator/Duplicator Pro plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "9c97e846-70d4-4dc8-bfee-784ad531888b", "vulnerability": {"vulnId": "CVE-2023-2796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9c97e846-70d4-4dc8-bfee-784ad531888b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-23T23:23:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T23:23:34+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress EventON plugin | Class: cms | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-2796", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2796"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress EventON plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "1e57d93b-99fa-43f5-8ebd-01cbdeac4060", "vulnerability": {"vulnId": "CVE-2019-12276", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1e57d93b-99fa-43f5-8ebd-01cbdeac4060", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:02+00:00"}, "scope": {"notes": "Affected: GrandNode / GrandNode | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12276", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12276"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "GrandNode", "30d_avg": 5, "90d_avg": 1, "product": "GrandNode", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "a68f6125-7257-418b-931e-8ae4f135ec6f", "vulnerability": {"vulnId": "CVE-2021-43778", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a68f6125-7257-418b-931e-8ae4f135ec6f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:15+00:00"}, "scope": {"notes": "Affected: Barcode / Barcode (GLPI plugin) | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-43778", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43778"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Barcode", "30d_avg": 5, "90d_avg": 1, "product": "Barcode (GLPI plugin)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5a2ac969-b5f8-4933-9f00-78876966be85", "vulnerability": {"vulnId": "CVE-2021-44427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5a2ac969-b5f8-4933-9f00-78876966be85", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-18T00:54:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-18T00:54:56+00:00"}, "scope": {"notes": "Affected: RosarioSIS / RosarioSIS | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-44427", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44427"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "RosarioSIS", "30d_avg": 5, "90d_avg": 2, "product": "RosarioSIS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1427ddc0-956b-4ede-b092-c573d6fafde9", "vulnerability": {"vulnId": "CVE-2023-30258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1427ddc0-956b-4ede-b092-c573d6fafde9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-28T18:07:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-28T18:07:19+00:00"}, "scope": {"notes": "Affected: MagnusSolution / magnusbilling | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-30258", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30258"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "MagnusSolution", "30d_avg": 12, "90d_avg": 4, "product": "magnusbilling", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a9c77a29-9054-4d8a-8737-0562bec881b8", "vulnerability": {"vulnId": "CVE-2024-25735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a9c77a29-9054-4d8a-8737-0562bec881b8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-03-03T18:46:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-03T18:46:48+00:00"}, "scope": {"notes": "Affected: WyreStorm / WyreStorm Apollo VX20 | Class: video-system | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-25735", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25735"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "WyreStorm", "30d_avg": 4, "90d_avg": 1, "product": "WyreStorm Apollo VX20", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "fd9d4c2d-03cd-4dff-b276-11f3aa4c8353", "vulnerability": {"vulnId": "CVE-2025-30567", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fd9d4c2d-03cd-4dff-b276-11f3aa4c8353", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-16T09:04:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-16T09:04:08+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WP01 plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-30567", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30567"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 9, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress WP01 plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "4e960046-6399-43ac-a1e4-3da9198f1353", "vulnerability": {"vulnId": "CVE-2024-27954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4e960046-6399-43ac-a1e4-3da9198f1353", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-29T18:41:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-29T18:41:22+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Automatic plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27954", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27954"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress Automatic plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9219f3bb-7717-4815-850a-402c992224af", "vulnerability": {"vulnId": "CVE-2025-4270", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9219f3bb-7717-4815-850a-402c992224af", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-07-30T12:48:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-30T12:48:45+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A720R | Class: router | Severity: Medium (CVSS 5.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 50", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-4270", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4270"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Totolink", "30d_avg": 1, "90d_avg": 0, "product": "Totolink A720R", "cisa_kev": "no", "connections": 50, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "91934e2f-bc20-423c-bea6-e24567e5ca49", "vulnerability": {"vulnId": "CVE-2023-4490", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "91934e2f-bc20-423c-bea6-e24567e5ca49", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-03T18:43:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-03T18:43:20+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WP Job Portal plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4490", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4490"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress WP Job Portal plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b41d3ead-7602-474e-8e58-7f3620f7d8fd", "vulnerability": {"vulnId": "CVE-2022-0142", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b41d3ead-7602-474e-8e58-7f3620f7d8fd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-12-01T11:35:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-01T11:35:49+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Visual Form Builder plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0142", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0142"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 1, "90d_avg": 0, "product": "Wordpress Visual Form Builder plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a4b3479b-d187-4f5d-a9e9-b9627a9c566d", "vulnerability": {"vulnId": "CVE-2024-9193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a4b3479b-d187-4f5d-a9e9-b9627a9c566d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-20T15:41:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-20T15:41:28+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WHMpress - WHMCS WordPress Integration Plugin plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9193", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9193"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress WHMpress - WHMCS WordPress Integration Plugin plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2cc2652e-f2cf-4e64-a5cc-301e2e4f382e", "vulnerability": {"vulnId": "CVE-2024-49380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2cc2652e-f2cf-4e64-a5cc-301e2e4f382e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-11-29T02:00:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-29T02:00:35+00:00"}, "scope": {"notes": "Affected: plentico / plenti | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-49380", "url": "https://www.cve.org/CVERecord?id=CVE-2024-49380"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "plentico", "30d_avg": 11, "90d_avg": 3, "product": "plenti", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "5da32c39-d339-4f8f-8956-58f22544bdad", "vulnerability": {"vulnId": "CVE-2023-7309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5da32c39-d339-4f8f-8956-58f22544bdad", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-09-23T17:18:33+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-09-23T17:18:33+00:00"}, "scope": {"notes": "Affected: Dahua / Dahua Smart Park Integrated Management Platform | Class: device-management-platform | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-7309", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7309"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Dahua", "30d_avg": 1, "90d_avg": 0, "product": "Dahua Smart Park Integrated Management Platform", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "5714fa11-bde1-47a5-add2-f0dd64d15ba6", "vulnerability": {"vulnId": "CVE-2024-55457", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5714fa11-bde1-47a5-add2-f0dd64d15ba6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-06-27T11:03:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-27T11:03:21+00:00"}, "scope": {"notes": "Affected: MasterSAM / MasterSAM Star Gate | Class: device-management-platform | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-55457", "url": "https://www.cve.org/CVERecord?id=CVE-2024-55457"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "MasterSAM", "30d_avg": 5, "90d_avg": 1, "product": "MasterSAM Star Gate", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "da962d71-ba1e-4f91-be50-c940e7d9fce8", "vulnerability": {"vulnId": "CVE-2023-6329", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "da962d71-ba1e-4f91-be50-c940e7d9fce8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-10T15:45:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-10T15:45:53+00:00"}, "scope": {"notes": "Affected: Control iD / Control iD iDSecure | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6329", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6329"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Control iD", "30d_avg": 11, "90d_avg": 4, "product": "Control iD iDSecure", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a78f545b-188c-497d-a23b-c9df2647fb77", "vulnerability": {"vulnId": "CVE-2022-1006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a78f545b-188c-497d-a23b-c9df2647fb77", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2025-07-20T12:58:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-20T12:58:50+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Advanced Booking Calendar plugin | Class: cms | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1006", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1006"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 1, "90d_avg": 0, "product": "Wordpress Advanced Booking Calendar plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "7a8503ee-5538-4a89-8c27-4b057a6d47eb", "vulnerability": {"vulnId": "CVE-2024-8425", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7a8503ee-5538-4a89-8c27-4b057a6d47eb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-14T03:28:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-14T03:28:53+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WooCommerce Ultimate Gift Card plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8425", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8425"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress WooCommerce Ultimate Gift Card plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "11a7a458-b921-4938-96c3-46a51b066dd4", "vulnerability": {"vulnId": "CVE-2018-19410", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "11a7a458-b921-4938-96c3-46a51b066dd4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-11-26T03:19:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-26T03:19:00+00:00"}, "scope": {"notes": "Affected: Paessler / PRTG Network Monitor | Class: network-monitoring | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-19410", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19410"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 2, "vendor": "Paessler", "30d_avg": 5, "90d_avg": 2, "product": "PRTG Network Monitor", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "b5693a39-f290-4c6f-a630-ca4613b6cc90", "vulnerability": {"vulnId": "CVE-2019-18952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b5693a39-f290-4c6f-a630-ca4613b6cc90", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-12-31T08:19:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-31T08:19:43+00:00"}, "scope": {"notes": "Affected: SibSoft / Xfilesharing | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-18952", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18952"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 2, "vendor": "SibSoft", "30d_avg": 10, "90d_avg": 4, "product": "Xfilesharing", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f356dd72-1259-44ee-a471-46e459aa5017", "vulnerability": {"vulnId": "CVE-2020-26948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f356dd72-1259-44ee-a471-46e459aa5017", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-18T13:25:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-18T13:25:03+00:00"}, "scope": {"notes": "Affected: Emby / Emby Server | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-26948", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26948"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Emby", "30d_avg": 5, "90d_avg": 1, "product": "Emby Server", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f899d5d0-3a26-441b-8cc0-e8307b1b2eee", "vulnerability": {"vulnId": "CVE-2024-37393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f899d5d0-3a26-441b-8cc0-e8307b1b2eee", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-11-12T14:27:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-12T14:27:56+00:00"}, "scope": {"notes": "Affected: SecurEnvoy / SecurEnvoy MFA | Class: security-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-37393", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37393"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "SecurEnvoy", "30d_avg": 5, "90d_avg": 2, "product": "SecurEnvoy MFA", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b273dd65-2193-4756-bc17-b363680edf8c", "vulnerability": {"vulnId": "CVE-2023-38433", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b273dd65-2193-4756-bc17-b363680edf8c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-08-17T23:40:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-17T23:40:29+00:00"}, "scope": {"notes": "Affected: Fujitsu / Fujitsu Real-time Video Transmission Gear \\\"IP series\\\"  | Class: video-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-38433", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38433"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 5, "vendor": "Fujitsu", "30d_avg": 7, "90d_avg": 2, "product": "Fujitsu Real-time Video Transmission Gear \\\"IP series\\\" ", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "a209bba6-3dc8-4689-a605-bbb9f3a816dd", "vulnerability": {"vulnId": "CVE-2025-15503", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a209bba6-3dc8-4689-a605-bbb9f3a816dd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T17:11:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T17:11:06+00:00"}, "scope": {"notes": "Affected: Sangfor / Sangfor Operation and Maintenance Management System | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-15503", "url": "https://www.cve.org/CVERecord?id=CVE-2025-15503"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Sangfor", "30d_avg": 4, "90d_avg": 1, "product": "Sangfor Operation and Maintenance Management System", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3bac1558-ab9d-457f-b03e-0dc943c9691a", "vulnerability": {"vulnId": "CVE-2023-27163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3bac1558-ab9d-457f-b03e-0dc943c9691a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-10-13T10:50:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-13T10:50:22+00:00"}, "scope": {"notes": "Affected: Request Baskets / Request Baskets | Class: other-software | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27163", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27163"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Request Baskets", "30d_avg": 0, "90d_avg": 0, "product": "Request Baskets", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "41f55103-c0ae-4854-8453-465f86704bd3", "vulnerability": {"vulnId": "CVE-2025-1302", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "41f55103-c0ae-4854-8453-465f86704bd3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-19T22:56:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-19T22:56:47+00:00"}, "scope": {"notes": "Affected: JSONPath-Plus / JSONPath-plus | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-1302", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "JSONPath-Plus", "30d_avg": 5, "90d_avg": 2, "product": "JSONPath-plus", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0ef6c4b8-b259-424d-9b81-d6488d22e181", "vulnerability": {"vulnId": "CVE-2024-22927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0ef6c4b8-b259-424d-9b81-d6488d22e181", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2026-04-21T11:16:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-21T11:16:38+00:00"}, "scope": {"notes": "Affected: weng-xianhu / EyouCMS | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-22927", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22927"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "weng-xianhu", "30d_avg": 0, "90d_avg": 0, "product": "EyouCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "c658c8a3-6d6d-49f3-b2b2-ed8379e1ee02", "vulnerability": {"vulnId": "CVE-2025-53118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c658c8a3-6d6d-49f3-b2b2-ed8379e1ee02", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-10T11:24:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-10T11:24:04+00:00"}, "scope": {"notes": "Affected: Securden / Securden Unified PAM | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 128", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-53118", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53118"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Securden", "30d_avg": 11, "90d_avg": 4, "product": "Securden Unified PAM", "cisa_kev": "no", "connections": 128, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b3462007-fed0-4cc6-bdfa-4a9d32ba630c", "vulnerability": {"vulnId": "CVE-2020-36728", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b3462007-fed0-4cc6-bdfa-4a9d32ba630c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-18T08:10:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-18T08:10:21+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Adning Advertising plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-36728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36728"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 1, "90d_avg": 0, "product": "Wordpress Adning Advertising plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1837d5e9-dc11-4553-a10e-2f60c9f48795", "vulnerability": {"vulnId": "CVE-2023-2648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1837d5e9-dc11-4553-a10e-2f60c9f48795", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-07T15:46:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-07T15:46:05+00:00"}, "scope": {"notes": "Affected: Weaver / Weaver E-Office | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-2648", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2648"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Weaver", "30d_avg": 12, "90d_avg": 4, "product": "Weaver E-Office", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "35b74f3c-c238-4046-901f-a3d7d1e7cb4c", "vulnerability": {"vulnId": "CVE-2019-12780", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "35b74f3c-c238-4046-901f-a3d7d1e7cb4c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:09:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:09:23+00:00"}, "scope": {"notes": "Affected: Belkin / Wemo | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 144", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12780", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12780"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "115", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 120, "vendor": "Belkin", "30d_avg": 113, "90d_avg": 134, "product": "Wemo", "cisa_kev": "no", "connections": 144, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ecb6cc50-8f76-4418-ae1d-1db721a27226", "vulnerability": {"vulnId": "CVE-2022-30525", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ecb6cc50-8f76-4418-ae1d-1db721a27226", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:30+00:00"}, "scope": {"notes": "Affected: Zyxel / USG FLEX 100, 100W, 200, 500, 700, USG20-VPN, USG20W-VPN, ATP 100, 200, 500, 700, 800 | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-30525", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30525"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "Zyxel", "30d_avg": 5, "90d_avg": 2, "product": "USG FLEX 100, 100W, 200, 500, 700, USG20-VPN, USG20W-VPN, ATP 100, 200, 500, 700, 800", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "404a74f2-19c5-4a27-b582-cedd5c1a2d78", "vulnerability": {"vulnId": "CVE-2022-23347", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "404a74f2-19c5-4a27-b582-cedd5c1a2d78", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:28+00:00"}, "scope": {"notes": "Affected: BigAnt Software / BigAnt Server | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-23347", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23347"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "BigAnt Software", "30d_avg": 5, "90d_avg": 1, "product": "BigAnt Server", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2bc14c8f-ebd9-4875-a8ed-50fc1c1705bf", "vulnerability": {"vulnId": "CVE-2026-1603", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2bc14c8f-ebd9-4875-a8ed-50fc1c1705bf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-02-17T05:44:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-17T05:44:54+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti EPM | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-1603", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1603"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 7, "90d_avg": 14, "product": "Ivanti EPM", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b621640a-7593-4bcb-9a3c-542c18305364", "vulnerability": {"vulnId": "CVE-2024-6671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b621640a-7593-4bcb-9a3c-542c18305364", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-02-23T14:21:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-23T14:21:53+00:00"}, "scope": {"notes": "Affected: Progress / WhatsUp Gold | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6671", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6671"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Progress", "30d_avg": 11, "90d_avg": 3, "product": "WhatsUp Gold", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7cd2b97f-5b5c-45c2-b132-69f3d1c971f7", "vulnerability": {"vulnId": "CVE-2024-45309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7cd2b97f-5b5c-45c2-b132-69f3d1c971f7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-16T15:14:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T15:14:18+00:00"}, "scope": {"notes": "Affected: OneDev / OneDev | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-45309", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45309"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 18, "vendor": "OneDev", "30d_avg": 9, "90d_avg": 3, "product": "OneDev", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "79b7b167-efe3-48df-b7e0-1c7d1b1ebe34", "vulnerability": {"vulnId": "CVE-2023-34993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "79b7b167-efe3-48df-b7e0-1c7d1b1ebe34", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-14T19:21:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-14T19:21:36+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiWLM | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-34993", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34993"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Fortinet", "30d_avg": 5, "90d_avg": 2, "product": "FortiWLM", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "95729499-cdb5-45c3-b4a3-09a936d3795a", "vulnerability": {"vulnId": "CVE-2022-0785", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "95729499-cdb5-45c3-b4a3-09a936d3795a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:43:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:43:02+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Daily Prayer Time plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0785"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress Daily Prayer Time plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fc2429a6-7fba-4c8b-9b74-0c2fc7f0bd1a", "vulnerability": {"vulnId": "CVE-2023-3836", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fc2429a6-7fba-4c8b-9b74-0c2fc7f0bd1a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T20:33:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:33:36+00:00"}, "scope": {"notes": "Affected: Dahua / Smart Park Management | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-3836", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3836"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "Dahua", "30d_avg": 10, "90d_avg": 3, "product": "Smart Park Management", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6d29019a-5aca-4e3c-8419-c0b69004e46e", "vulnerability": {"vulnId": "CVE-2017-9506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6d29019a-5aca-4e3c-8419-c0b69004e46e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2026-04-15T08:29:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-15T08:29:24+00:00"}, "scope": {"notes": "Affected: Atlassian / Atlassian OAuth Plugin | Class: security-management-platform | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-9506", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9506"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 2, "vendor": "Atlassian", "30d_avg": 1, "90d_avg": 0, "product": "Atlassian OAuth Plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "d7f1d34f-6c01-47a3-90cc-5394d2496ae9", "vulnerability": {"vulnId": "CVE-2023-51467", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d7f1d34f-6c01-47a3-90cc-5394d2496ae9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-03T14:20:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-03T14:20:20+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-51467", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51467"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "OFBiz", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c7d75b0f-13f0-40e3-9c35-b716cb041e9f", "vulnerability": {"vulnId": "CVE-2020-9314", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c7d75b0f-13f0-40e3-9c35-b716cb041e9f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 48}, "timestamps": {"asserted_at": "2026-05-16T21:20:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T21:20:08+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle iPlanet Web Server | Class: web-server | Severity: Medium (CVSS 4.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-9314", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9314"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "Oracle iPlanet Web Server", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.8, "vulnerability_severity": "Medium"}}]}
{"uuid": "a756f2ef-b6e5-4fd8-990a-1a0f164e2a32", "vulnerability": {"vulnId": "CVE-2020-12800", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a756f2ef-b6e5-4fd8-990a-1a0f164e2a32", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:19+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Plugin drag-and-drop-multiple-file-upload-contact-form-7  | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-12800", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12800"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 4, "product": "Wordpress Plugin drag-and-drop-multiple-file-upload-contact-form-7 ", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "21fa1770-43f2-48b3-aa57-d4273c4c9634", "vulnerability": {"vulnId": "CVE-2023-37999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "21fa1770-43f2-48b3-aa57-d4273c4c9634", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-18T03:38:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-18T03:38:57+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress HasThemes HT Mega | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-37999", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37999"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress HasThemes HT Mega", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "98d31fef-b6bf-4a96-adc5-86cff98e4201", "vulnerability": {"vulnId": "CVE-2021-40539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "98d31fef-b6bf-4a96-adc5-86cff98e4201", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine ADSelfService Plus | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-40539", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40539"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Zoho", "30d_avg": 12, "90d_avg": 4, "product": "ManageEngine ADSelfService Plus", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "675695a4-8240-4ad0-bdbd-b495c071a804", "vulnerability": {"vulnId": "CVE-2022-22897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "675695a4-8240-4ad0-bdbd-b495c071a804", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-06T02:12:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-06T02:12:13+00:00"}, "scope": {"notes": "Affected: PrestaShop / PrestaShop ApolloTheme AP PageBuilder module | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22897", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22897"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "PrestaShop", "30d_avg": 11, "90d_avg": 4, "product": "PrestaShop ApolloTheme AP PageBuilder module", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "74e2a913-bbd6-49c3-9cc9-2095a25e7331", "vulnerability": {"vulnId": "CVE-2020-5902", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "74e2a913-bbd6-49c3-9cc9-2095a25e7331", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:38+00:00"}, "scope": {"notes": "Affected: F5 / F5 Big-IP | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 67", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-5902", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5902"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "10", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 7, "vendor": "F5", "30d_avg": 14, "90d_avg": 5, "product": "F5 Big-IP", "cisa_kev": "yes", "connections": 67, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "049484a9-e7f6-4015-8e7f-c200ab004df5", "vulnerability": {"vulnId": "CVE-2019-1653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "049484a9-e7f6-4015-8e7f-c200ab004df5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-13T16:08:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:08:08+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco RV320/RV325 | Class: router | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1424", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-1653", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1653"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "81", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 68, "vendor": "Cisco", "30d_avg": 54, "90d_avg": 60, "product": "Cisco RV320/RV325", "cisa_kev": "yes", "connections": 1424, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d8a3dc08-4c4e-4790-9247-c475d9567d55", "vulnerability": {"vulnId": "CVE-2021-44228", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d8a3dc08-4c4e-4790-9247-c475d9567d55", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-13T17:58:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T17:58:35+00:00"}, "scope": {"notes": "Affected: Apache / Log4j | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 685", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-44228", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "35", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 38, "vendor": "Apache", "30d_avg": 46, "90d_avg": 45, "product": "Log4j", "cisa_kev": "yes", "connections": 685, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "9f94ff00-92e4-4be4-9f63-d02b4da4f13d", "vulnerability": {"vulnId": "CVE-2021-20124", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9f94ff00-92e4-4be4-9f63-d02b4da4f13d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-09-03T21:53:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-03T21:53:03+00:00"}, "scope": {"notes": "Affected: Draytek / VigorConnect | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20124", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20124"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Draytek", "30d_avg": 11, "90d_avg": 4, "product": "VigorConnect", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "7327798e-c29d-4e83-87e2-f070aa5a6b9c", "vulnerability": {"vulnId": "CVE-2018-1000130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7327798e-c29d-4e83-87e2-f070aa5a6b9c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2023-10-14T20:53:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:53:19+00:00"}, "scope": {"notes": "Affected: Jolokia / Jolokia | Class: other-software | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-1000130", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000130"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Jolokia", "30d_avg": 6, "90d_avg": 2, "product": "Jolokia", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "1725d216-0864-4994-902b-6890dda65108", "vulnerability": {"vulnId": "CVE-2019-12987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1725d216-0864-4994-902b-6890dda65108", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:38+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix SD-WAN and NetScaler SD-WAN | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12987", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12987"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 1, "vendor": "Citrix", "30d_avg": 1, "90d_avg": 0, "product": "Citrix SD-WAN and NetScaler SD-WAN", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3beb0f08-f6d9-4abc-b648-4de72d2b20e3", "vulnerability": {"vulnId": "CVE-2023-36844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3beb0f08-f6d9-4abc-b648-4de72d2b20e3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-14T16:00:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T16:00:38+00:00"}, "scope": {"notes": "Affected: Juniper / Junos OS (J-Web) | Class: router | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-36844", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36844"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Juniper", "30d_avg": 1, "90d_avg": 10, "product": "Junos OS (J-Web)", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "1587a3aa-ac36-4b1f-aad0-86ffe7499732", "vulnerability": {"vulnId": "CVE-2020-17496", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1587a3aa-ac36-4b1f-aad0-86ffe7499732", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:56:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:06+00:00"}, "scope": {"notes": "Affected: vBulletin / vBulletin | Class: cms | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 65", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-17496", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17496"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "7", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 6, "vendor": "vBulletin", "30d_avg": 12, "90d_avg": 5, "product": "vBulletin", "cisa_kev": "yes", "connections": 65, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "abbf9d88-f877-4012-a9ae-df916dbc61b8", "vulnerability": {"vulnId": "CVE-2020-13117", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "abbf9d88-f877-4012-a9ae-df916dbc61b8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:20+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WN575A4 and WN579X3 | Class: wireless-extender | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-13117", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13117"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 2, "vendor": "WAVLINK", "30d_avg": 5, "90d_avg": 2, "product": "WAVLINK WN575A4 and WN579X3", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "482804d0-63fc-466a-b713-72cbf564d342", "vulnerability": {"vulnId": "CVE-2020-8209", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "482804d0-63fc-466a-b713-72cbf564d342", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:41+00:00"}, "scope": {"notes": "Affected: Citrix  / XenMobile Server | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8209", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8209"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Citrix ", "30d_avg": 5, "90d_avg": 2, "product": "XenMobile Server", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b323ea4a-44fa-4659-b6b2-3695d69237e9", "vulnerability": {"vulnId": "CVE-2021-21307", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b323ea4a-44fa-4659-b6b2-3695d69237e9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:13+00:00"}, "scope": {"notes": "Affected: Lucee / Lucee Server | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21307", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21307"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 2, "vendor": "Lucee", "30d_avg": 10, "90d_avg": 4, "product": "Lucee Server", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "605b89b7-384c-45f6-97d7-866f35ca0170", "vulnerability": {"vulnId": "CVE-2017-14135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "605b89b7-384c-45f6-97d7-866f35ca0170", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:18:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:18:28+00:00"}, "scope": {"notes": "Affected: OpenDreamBox / Plugin WebAdmin | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-14135", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14135"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 2, "vendor": "OpenDreamBox", "30d_avg": 4, "90d_avg": 1, "product": "Plugin WebAdmin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f9a18d24-254d-48a5-8241-f3cb4e68f7aa", "vulnerability": {"vulnId": "CVE-2023-27350", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f9a18d24-254d-48a5-8241-f3cb4e68f7aa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:47+00:00"}, "scope": {"notes": "Affected: PaperCut / PaperCut MF/NG | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27350", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27350"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "PaperCut", "30d_avg": 9, "90d_avg": 3, "product": "PaperCut MF/NG", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "045fdeaf-6cda-469f-bd04-b1992bf08c71", "vulnerability": {"vulnId": "CVE-2022-31126", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "045fdeaf-6cda-469f-bd04-b1992bf08c71", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:30+00:00"}, "scope": {"notes": "Affected: Roxy-WI / Roxy-WI | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31126", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31126"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Roxy-WI", "30d_avg": 5, "90d_avg": 2, "product": "Roxy-WI", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c3996947-f80c-4f43-a86a-735c0710bc47", "vulnerability": {"vulnId": "CVE-2020-17505", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c3996947-f80c-4f43-a86a-735c0710bc47", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:49+00:00"}, "scope": {"notes": "Affected: Artica / Artica Web Proxy | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-17505", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17505"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Artica", "30d_avg": 10, "90d_avg": 3, "product": "Artica Web Proxy", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "67de1171-6349-46c6-8777-5122a788c2bc", "vulnerability": {"vulnId": "CVE-2020-35476", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "67de1171-6349-46c6-8777-5122a788c2bc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: OpenTSDB / OpenTSDB | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-35476", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35476"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "OpenTSDB", "30d_avg": 5, "90d_avg": 1, "product": "OpenTSDB", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e80911ff-6055-4134-93d1-fa21fb0666d4", "vulnerability": {"vulnId": "EDB-28713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e80911ff-6055-4134-93d1-fa21fb0666d4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:24:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:24:42+00:00"}, "scope": {"notes": "Affected: RedHat / JBoss | Class: app-server | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-28713", "url": "https://www.exploit-db.com/exploits/28713"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 2, "vendor": "RedHat", "30d_avg": 9, "90d_avg": 3, "product": "JBoss", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "f3c13813-3d7e-489e-8341-5a1f27c54b8f", "vulnerability": {"vulnId": "CVE-2018-14839", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f3c13813-3d7e-489e-8341-5a1f27c54b8f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:34:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:34:12+00:00"}, "scope": {"notes": "Affected: LG / NAS N1A1 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-14839", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14839"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 2, "vendor": "LG", "30d_avg": 11, "90d_avg": 4, "product": "NAS N1A1", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8dba658d-c6b1-41b9-bfed-ef23e1f771f0", "vulnerability": {"vulnId": "CVE-2017-9833", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8dba658d-c6b1-41b9-bfed-ef23e1f771f0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:55:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:46+00:00"}, "scope": {"notes": "Affected: Boa / Boa | Class: embedded-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-9833", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9833"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "Boa", "30d_avg": 5, "90d_avg": 1, "product": "Boa", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "741cd936-4c15-424f-8995-257060188656", "vulnerability": {"vulnId": "CVE-2023-4634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "741cd936-4c15-424f-8995-257060188656", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T20:38:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:38:53+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Media Library Assistant plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4634", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4634"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress Media Library Assistant plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ffa941a3-0229-4c4d-bbb2-22146de449ae", "vulnerability": {"vulnId": "CVE-2018-1273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ffa941a3-0229-4c4d-bbb2-22146de449ae", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:34:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:34:43+00:00"}, "scope": {"notes": "Affected: Spring / Spring Data Commons | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-1273", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1273"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 2, "vendor": "Spring", "30d_avg": 9, "90d_avg": 3, "product": "Spring Data Commons", "cisa_kev": "yes", "connections": 4, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fd29902e-73cb-4ec3-95ab-397fc6466291", "vulnerability": {"vulnId": "CVE-2023-24488", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fd29902e-73cb-4ec3-95ab-397fc6466291", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-17T08:13:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-17T08:13:43+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ADC and Citrix Gateway | Class: app-delivery-controller | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-24488", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24488"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 7, "vendor": "Citrix", "30d_avg": 6, "90d_avg": 20, "product": "Citrix ADC and Citrix Gateway", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "a50cd44b-34ab-4b14-920b-a736b5a89ca4", "vulnerability": {"vulnId": "CVE-2018-17246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a50cd44b-34ab-4b14-920b-a736b5a89ca4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:43:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:43:15+00:00"}, "scope": {"notes": "Affected: Elastic / Kibana | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-17246", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17246"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Elastic", "30d_avg": 5, "90d_avg": 1, "product": "Kibana", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "44e384b9-2d7f-49e5-808d-3ccfb4efb935", "vulnerability": {"vulnId": "CVE-2019-17270", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "44e384b9-2d7f-49e5-808d-3ccfb4efb935", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:07+00:00"}, "scope": {"notes": "Affected: Yachtcontrol / Yachtcontrol | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-17270", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17270"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Yachtcontrol", "30d_avg": 5, "90d_avg": 1, "product": "Yachtcontrol", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6389bb07-c65e-4735-b48a-5cd6559622ae", "vulnerability": {"vulnId": "CVE-2020-11991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6389bb07-c65e-4735-b48a-5cd6559622ae", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:18+00:00"}, "scope": {"notes": "Affected: Apache / Cocoon | Class: web-app-framework | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11991", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11991"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 2, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "Cocoon", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "f497c929-8ee5-4914-9b13-086d03d6c4d4", "vulnerability": {"vulnId": "CVE-2021-33690", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f497c929-8ee5-4914-9b13-086d03d6c4d4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 99}, "timestamps": {"asserted_at": "2023-12-10T12:50:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-10T12:50:04+00:00"}, "scope": {"notes": "Affected: SAP / NetWeaver Development Infrastructure | Class: other-software | Severity: Critical (CVSS 9.9) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-33690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33690"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "SAP", "30d_avg": 5, "90d_avg": 2, "product": "NetWeaver Development Infrastructure", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.9, "vulnerability_severity": "Critical"}}]}
{"uuid": "ebfe0902-7c46-4747-a1fb-526fb8368da6", "vulnerability": {"vulnId": "CVE-2020-6287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ebfe0902-7c46-4747-a1fb-526fb8368da6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T14:56:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:39+00:00"}, "scope": {"notes": "Affected: SAP / NetWeaver AS JAVA (LM Configuration Wizard) | Class: app-server | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-6287", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6287"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 2, "vendor": "SAP", "30d_avg": 6, "90d_avg": 2, "product": "NetWeaver AS JAVA (LM Configuration Wizard)", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "737a16c6-ad18-4ef0-839a-d44cc9c61cfd", "vulnerability": {"vulnId": "CVE-2021-25003", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "737a16c6-ad18-4ef0-839a-d44cc9c61cfd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:29+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WPCargo Track & Trace plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-25003", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25003"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 12, "90d_avg": 4, "product": "Wordpress WPCargo Track & Trace plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "abfd9763-617b-4c7d-864b-20a6f2737100", "vulnerability": {"vulnId": "CVE-2020-24589", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "abfd9763-617b-4c7d-864b-20a6f2737100", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-14T16:03:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T16:03:14+00:00"}, "scope": {"notes": "Affected: WSO2 / WSO2 API Manager, API Microgateway | Class: security-management-platform | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-24589", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24589"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "WSO2", "30d_avg": 5, "90d_avg": 2, "product": "WSO2 API Manager, API Microgateway", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "55411e14-7821-491a-813f-93c66e9fc674", "vulnerability": {"vulnId": "CVE-2020-19625", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "55411e14-7821-491a-813f-93c66e9fc674", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:54:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:54:29+00:00"}, "scope": {"notes": "Affected: oria / gridx | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-19625", "url": "https://www.cve.org/CVERecord?id=CVE-2020-19625"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "oria", "30d_avg": 4, "90d_avg": 1, "product": "gridx", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "da52cdd2-268f-44e4-b903-e8c58be29e73", "vulnerability": {"vulnId": "CVE-2022-0784", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "da52cdd2-268f-44e4-b903-e8c58be29e73", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:20:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:20:42+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Title Experiments Free plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0784", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0784"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Title Experiments Free plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a5c1582a-3f9e-432e-a5bb-6509c8363b4f", "vulnerability": {"vulnId": "CVE-2020-23575", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a5c1582a-3f9e-432e-a5bb-6509c8363b4f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T04:58:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T04:58:42+00:00"}, "scope": {"notes": "Affected: Kyocera / Kyocera Printer d-COPIA253MF plus | Class: other-software | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-23575", "url": "https://www.cve.org/CVERecord?id=CVE-2020-23575"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Kyocera", "30d_avg": 5, "90d_avg": 1, "product": "Kyocera Printer d-COPIA253MF plus", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b86ebb47-69f5-4d97-abd9-58953f3a2ca3", "vulnerability": {"vulnId": "CVE-2017-15363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b86ebb47-69f5-4d97-abd9-58953f3a2ca3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:55:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:25+00:00"}, "scope": {"notes": "Affected: Luracast / Luracast Restler | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-15363", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15363"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Luracast", "30d_avg": 5, "90d_avg": 1, "product": "Luracast Restler", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d7fa0aab-5bec-4753-a9af-f85a75d9ab42", "vulnerability": {"vulnId": "CVE-2019-2588", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d7fa0aab-5bec-4753-a9af-f85a75d9ab42", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 49}, "timestamps": {"asserted_at": "2023-10-23T11:01:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T11:01:11+00:00"}, "scope": {"notes": "Affected: Oracle / BI Publisher (Oracle Fusion Middleware) | Class: other-software | Severity: Medium (CVSS 4.9) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-2588", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2588"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "BI Publisher (Oracle Fusion Middleware)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.9, "vulnerability_severity": "Medium"}}]}
{"uuid": "f268fe71-6b4b-4de2-a247-5a62abd2c466", "vulnerability": {"vulnId": "CVE-2021-35587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f268fe71-6b4b-4de2-a247-5a62abd2c466", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:00+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Access Manager (Oracle Fusion Middleware) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 52", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-35587", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35587"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Oracle", "30d_avg": 6, "90d_avg": 2, "product": "Oracle Access Manager (Oracle Fusion Middleware)", "cisa_kev": "yes", "connections": 52, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e3eaa61d-e43e-41c6-9084-6dcf755f304e", "vulnerability": {"vulnId": "CVE-2022-37042", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e3eaa61d-e43e-41c6-9084-6dcf755f304e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:03:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:03:52+00:00"}, "scope": {"notes": "Affected: Synacor / Zimbra Collaboration Suite | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1608", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-37042", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37042"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 6, "vendor": "Synacor", "30d_avg": 16, "90d_avg": 10, "product": "Zimbra Collaboration Suite", "cisa_kev": "yes", "connections": 1608, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d0ffaf1e-ecd1-4aa7-9a90-22124fe6cbca", "vulnerability": {"vulnId": "CVE-2019-11248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d0ffaf1e-ecd1-4aa7-9a90-22124fe6cbca", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 82}, "timestamps": {"asserted_at": "2023-10-14T14:56:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:19+00:00"}, "scope": {"notes": "Affected: Kubernetes / Kubernetes (Kubelet) | Class: other-software | Severity: High (CVSS 8.2) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-11248", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11248"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Kubernetes", "30d_avg": 10, "90d_avg": 3, "product": "Kubernetes (Kubelet)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.2, "vulnerability_severity": "High"}}]}
{"uuid": "e4d03d6a-ebbc-43a9-a56d-d7ca052e20f8", "vulnerability": {"vulnId": "CVE-2020-22165", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e4d03d6a-ebbc-43a9-a56d-d7ca052e20f8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:37+00:00"}, "scope": {"notes": "Affected: PHPGurukul / Hospital Management System | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-22165", "url": "https://www.cve.org/CVERecord?id=CVE-2020-22165"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "PHPGurukul", "30d_avg": 5, "90d_avg": 2, "product": "Hospital Management System", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "ff5a3946-3e17-494f-99bd-e348ed21bb62", "vulnerability": {"vulnId": "CVE-2020-26073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ff5a3946-3e17-494f-99bd-e348ed21bb62", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:38+00:00"}, "scope": {"notes": "Affected: Cisco / SD-WAN vManage | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-26073", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26073"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 5, "90d_avg": 1, "product": "SD-WAN vManage", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c9637d24-3d33-4f41-ae21-0b3241df1071", "vulnerability": {"vulnId": "CVE-2022-0747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c9637d24-3d33-4f41-ae21-0b3241df1071", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:28:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:28:13+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Infographic Maker plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0747", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0747"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 4, "product": "Wordpress Infographic Maker plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "825b3e83-f923-46b7-9513-43ee723aa447", "vulnerability": {"vulnId": "CVE-2022-28079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "825b3e83-f923-46b7-9513-43ee723aa447", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:57:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:28+00:00"}, "scope": {"notes": "Affected: College Management System / College Management System v1.0 | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28079", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28079"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "College Management System", "30d_avg": 5, "90d_avg": 2, "product": "College Management System v1.0", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "6856e606-96b7-44f7-b929-73b4035a2fc7", "vulnerability": {"vulnId": "CVE-2023-23489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6856e606-96b7-44f7-b929-73b4035a2fc7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:44+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Easy Digital Downloads plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-23489", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23489"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 9, "90d_avg": 3, "product": "Wordpress Easy Digital Downloads plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6929a5b6-84c9-4d13-893e-16b020ad6ca5", "vulnerability": {"vulnId": "CVE-2023-28432", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6929a5b6-84c9-4d13-893e-16b020ad6ca5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-14T14:57:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:48+00:00"}, "scope": {"notes": "Affected: MinIO / MinIO | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-28432", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28432"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "MinIO", "30d_avg": 6, "90d_avg": 2, "product": "MinIO", "cisa_kev": "yes", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "178b5c56-8b58-4fb5-9c09-66a38158febd", "vulnerability": {"vulnId": "CVE-2022-24112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "178b5c56-8b58-4fb5-9c09-66a38158febd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:27+00:00"}, "scope": {"notes": "Affected: Apache / APISIX | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-24112", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24112"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 10, "90d_avg": 3, "product": "APISIX", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7c24a0b8-57ec-4dcd-9ceb-455c5b901530", "vulnerability": {"vulnId": "CVE-2021-27964", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7c24a0b8-57ec-4dcd-9ceb-455c5b901530", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:59+00:00"}, "scope": {"notes": "Affected: Sonlogger / Sonlogger | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27964", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27964"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Sonlogger", "30d_avg": 22, "90d_avg": 8, "product": "Sonlogger", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "21bb1118-19a8-4ac0-b500-afe01fa3bc84", "vulnerability": {"vulnId": "CVE-2021-45967", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "21bb1118-19a8-4ac0-b500-afe01fa3bc84", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:55:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:55:59+00:00"}, "scope": {"notes": "Affected: Pascom / Pascom Cloud Phone System | Class: ip-pbx | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-45967", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45967"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ip-pbx", "7d_avg": 0, "vendor": "Pascom", "30d_avg": 4, "90d_avg": 1, "product": "Pascom Cloud Phone System", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0ea6ea66-f50f-4b12-8809-824b2c35173f", "vulnerability": {"vulnId": "CVE-2023-5830", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0ea6ea66-f50f-4b12-8809-824b2c35173f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-11T20:14:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-11T20:14:38+00:00"}, "scope": {"notes": "Affected: ColumbiaSoft / Document Locator | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5830", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5830"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "ColumbiaSoft", "30d_avg": 5, "90d_avg": 2, "product": "Document Locator", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2817bc71-2cc2-488b-91a9-6602fd706140", "vulnerability": {"vulnId": "CVE-2023-1434", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2817bc71-2cc2-488b-91a9-6602fd706140", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-23T18:48:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:48:28+00:00"}, "scope": {"notes": "Affected: Odoo / Odoo | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-1434", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1434"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Odoo", "30d_avg": 0, "90d_avg": 0, "product": "Odoo", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "8afa5564-19d1-44db-bbf2-1adca74f66f3", "vulnerability": {"vulnId": "CVE-2023-25573", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8afa5564-19d1-44db-bbf2-1adca74f66f3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:45+00:00"}, "scope": {"notes": "Affected: metersphere / metersphere | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-25573", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25573"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "metersphere", "30d_avg": 5, "90d_avg": 2, "product": "metersphere", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "aa93a1da-2dd0-47ff-b3d3-8ffd48ffde16", "vulnerability": {"vulnId": "CVE-2016-0457", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "aa93a1da-2dd0-47ff-b3d3-8ffd48ffde16", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 50}, "timestamps": {"asserted_at": "2023-10-19T22:53:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T22:53:14+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle E-Business Suite | Class: other-software | Severity: Medium (CVSS 5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-0457", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0457"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Oracle", "30d_avg": 1, "90d_avg": 0, "product": "Oracle E-Business Suite", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5, "vulnerability_severity": "Medium"}}]}
{"uuid": "aad97af1-6aa9-4ef9-919e-c0840927b32d", "vulnerability": {"vulnId": "CVE-2023-0552", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "aad97af1-6aa9-4ef9-919e-c0840927b32d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 54}, "timestamps": {"asserted_at": "2023-10-23T18:47:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:47:20+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Registration Forms plugin | Class: cms | Severity: Medium (CVSS 5.4) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-0552", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0552"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Registration Forms plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.4, "vulnerability_severity": "Medium"}}]}
{"uuid": "05b7f8c8-3df7-441d-9cd0-255a3d7c8cd9", "vulnerability": {"vulnId": "CVE-2022-43939", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "05b7f8c8-3df7-441d-9cd0-255a3d7c8cd9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:40+00:00"}, "scope": {"notes": "Affected: Hitachi Vantara / Pentaho Business Analytics Server | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-43939", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43939"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Hitachi Vantara", "30d_avg": 5, "90d_avg": 2, "product": "Pentaho Business Analytics Server", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7e636a6d-949c-455e-8cbe-4e72cd643c53", "vulnerability": {"vulnId": "CVE-2022-4328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7e636a6d-949c-455e-8cbe-4e72cd643c53", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:40+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WooCommerce Checkout Field Manager plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4328", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4328"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress WooCommerce Checkout Field Manager plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "be3c5036-5656-45e5-b377-2173ad5da3cc", "vulnerability": {"vulnId": "CVE-2021-29441", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "be3c5036-5656-45e5-b377-2173ad5da3cc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T21:07:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T21:07:05+00:00"}, "scope": {"notes": "Affected: Alibaba / Nacos | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-29441", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29441"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Alibaba", "30d_avg": 5, "90d_avg": 10, "product": "Nacos", "cisa_kev": "no", "connections": 4, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "da2029e5-0be5-4610-9006-3f57148e5555", "vulnerability": {"vulnId": "CVE-2019-2768", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "da2029e5-0be5-4610-9006-3f57148e5555", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-22T08:12:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-22T08:12:20+00:00"}, "scope": {"notes": "Affected: Oracle / BI Publisher (Oracle Fusion Middleware) | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-2768", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2768"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "BI Publisher (Oracle Fusion Middleware)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "8dfa074c-2cfc-4d8b-9f02-6e85c097cdd3", "vulnerability": {"vulnId": "CVE-2019-2616", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8dfa074c-2cfc-4d8b-9f02-6e85c097cdd3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2023-10-14T14:56:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:10+00:00"}, "scope": {"notes": "Affected: Oracle / BI Publisher (Oracle Fusion Middleware) | Class: other-software | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-2616", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2616"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Oracle", "30d_avg": 5, "90d_avg": 2, "product": "BI Publisher (Oracle Fusion Middleware)", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "d23c95a4-7d08-4016-9e6b-47112a3c98a6", "vulnerability": {"vulnId": "CVE-2018-11686", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d23c95a4-7d08-4016-9e6b-47112a3c98a6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T18:13:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:13:41+00:00"}, "scope": {"notes": "Affected: FlexPaper (Flowpaper) / FlexPaper (Flowpaper) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-11686", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11686"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "FlexPaper (Flowpaper)", "30d_avg": 11, "90d_avg": 4, "product": "FlexPaper (Flowpaper)", "cisa_kev": "no", "connections": 10, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "99fb9157-56b0-4b45-9d2f-41ce03291ae9", "vulnerability": {"vulnId": "CVE-2022-28005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "99fb9157-56b0-4b45-9d2f-41ce03291ae9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-19T15:51:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T15:51:57+00:00"}, "scope": {"notes": "Affected: 3CX / 3CX Phone System Management Console | Class: ip-pbx | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28005", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28005"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ip-pbx", "7d_avg": 0, "vendor": "3CX", "30d_avg": 0, "90d_avg": 1, "product": "3CX Phone System Management Console", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "65344378-efce-4e76-9226-93fce10beb7a", "vulnerability": {"vulnId": "CVE-2021-40870", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "65344378-efce-4e76-9226-93fce10beb7a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:35:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:35:29+00:00"}, "scope": {"notes": "Affected: Aviatrix / Aviatrix Controller | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-40870", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40870"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Aviatrix", "30d_avg": 10, "90d_avg": 3, "product": "Aviatrix Controller", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "52debc0a-adb3-43cd-9a0d-e55524c676f6", "vulnerability": {"vulnId": "CVE-2023-26255", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "52debc0a-adb3-43cd-9a0d-e55524c676f6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:46+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA STAGIL Navigation for Jira - Menu & Themes plugin | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26255", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26255"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 5, "90d_avg": 2, "product": "JIRA STAGIL Navigation for Jira - Menu & Themes plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "0ffc15d9-5c9a-4034-9809-1aca0e2cae9e", "vulnerability": {"vulnId": "CVE-2023-30625", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0ffc15d9-5c9a-4034-9809-1aca0e2cae9e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-23T18:54:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:54:46+00:00"}, "scope": {"notes": "Affected: RudderStack / Rudder Server | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-30625", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30625"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "RudderStack", "30d_avg": 5, "90d_avg": 2, "product": "Rudder Server", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "04b86876-5026-42aa-82e0-4ad6e20777fb", "vulnerability": {"vulnId": "CVE-2018-10737", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "04b86876-5026-42aa-82e0-4ad6e20777fb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2023-10-17T22:27:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-17T22:27:51+00:00"}, "scope": {"notes": "Affected: Nagios / Nagios XI | Class: other-software | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-10737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10737"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Nagios", "30d_avg": 6, "90d_avg": 2, "product": "Nagios XI", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "e77abe11-5323-40b9-9f85-a301bc7cd6e0", "vulnerability": {"vulnId": "CVE-2022-33891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e77abe11-5323-40b9-9f85-a301bc7cd6e0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-11-24T01:57:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-24T01:57:15+00:00"}, "scope": {"notes": "Affected: Apache / Spark | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-33891", "url": "https://www.cve.org/CVERecord?id=CVE-2022-33891"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Apache", "30d_avg": 5, "90d_avg": 1, "product": "Spark", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "7e42fb4e-c6de-48a3-9df3-a39ace72425c", "vulnerability": {"vulnId": "CVE-2023-46747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7e42fb4e-c6de-48a3-9df3-a39ace72425c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-31T22:47:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-31T22:47:14+00:00"}, "scope": {"notes": "Affected: F5 / BIG-IP | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-46747", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46747"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 1, "vendor": "F5", "30d_avg": 12, "90d_avg": 4, "product": "BIG-IP", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "46054288-1e9c-493b-9f35-868eee4d4727", "vulnerability": {"vulnId": "CVE-2023-5074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "46054288-1e9c-493b-9f35-868eee4d4727", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-25T22:35:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-25T22:35:32+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link D-View 8 | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5074", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5074"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 2, "product": "D-Link D-View 8", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "832de27e-0b3c-4931-95b0-207cb6cdf2fa", "vulnerability": {"vulnId": "CVE-2016-5674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "832de27e-0b3c-4931-95b0-207cb6cdf2fa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-12T12:17:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-12T12:17:27+00:00"}, "scope": {"notes": "Affected: NETGEAR/NUUO / NETGEAR ReadyNAS Surveillance,  NUUO NVRmini, NUUO NVRsolo | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-5674", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5674"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 2, "vendor": "NETGEAR/NUUO", "30d_avg": 11, "90d_avg": 4, "product": "NETGEAR ReadyNAS Surveillance,  NUUO NVRmini, NUUO NVRsolo", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ffe8bc36-363e-40d1-97b8-36c7ab363b7d", "vulnerability": {"vulnId": "CVE-2024-25852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ffe8bc36-363e-40d1-97b8-36c7ab363b7d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-09-25T12:18:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-25T12:18:32+00:00"}, "scope": {"notes": "Affected: Linksys / Linksys RE7000 | Class: wireless-extender | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-25852", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25852"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 1, "vendor": "Linksys", "30d_avg": 4, "90d_avg": 1, "product": "Linksys RE7000", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "e00674e3-c68e-4324-93da-a19636462f54", "vulnerability": {"vulnId": "CVE-2022-36509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e00674e3-c68e-4324-93da-a19636462f54", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 78}, "timestamps": {"asserted_at": "2023-12-04T17:07:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-04T17:07:58+00:00"}, "scope": {"notes": "Affected: H3C / H3C GR3200 | Class: router | Severity: High (CVSS 7.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-36509", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36509"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 10, "vendor": "H3C", "30d_avg": 9, "90d_avg": 3, "product": "H3C GR3200", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.8, "vulnerability_severity": "High"}}]}
{"uuid": "db0edb56-a1e5-48b9-8f4b-9a2fd5aa8ec1", "vulnerability": {"vulnId": "CVE-2023-22527", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "db0edb56-a1e5-48b9-8f4b-9a2fd5aa8ec1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-01-22T09:33:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-22T09:33:05+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 97", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-22527", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22527"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "12", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 10, "vendor": "Atlassian", "30d_avg": 15, "90d_avg": 21, "product": "Confluence", "cisa_kev": "yes", "connections": 97, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "8274f61f-1ec2-45e3-8f48-b2a4f105fceb", "vulnerability": {"vulnId": "CVE-2019-14223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8274f61f-1ec2-45e3-8f48-b2a4f105fceb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-12-11T19:57:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-11T19:57:20+00:00"}, "scope": {"notes": "Affected: Alfresco / Alfresco Community Edition (Alfresco Share) | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-14223", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14223"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Alfresco", "30d_avg": 1, "90d_avg": 0, "product": "Alfresco Community Edition (Alfresco Share)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "015331fa-2e8a-4887-8bae-3b3da9b1676e", "vulnerability": {"vulnId": "CVE-2024-23692", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "015331fa-2e8a-4887-8bae-3b3da9b1676e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-11-13T22:23:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-11-13T22:23:05+00:00"}, "scope": {"notes": "Affected: Rejetto / Rejetto HTTP File Server | Class: web-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-23692", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23692"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "Rejetto", "30d_avg": 5, "90d_avg": 1, "product": "Rejetto HTTP File Server", "cisa_kev": "yes", "connections": 4, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2d399445-6641-4f92-8373-b69afbd1580d", "vulnerability": {"vulnId": "CVE-2022-0540", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2d399445-6641-4f92-8373-b69afbd1580d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-30T16:33:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-30T16:33:29+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA Seraph | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0540", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0540"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 9, "90d_avg": 3, "product": "JIRA Seraph", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "65109bbb-c030-4de4-8b16-c367dc0e934a", "vulnerability": {"vulnId": "CVE-2018-20470", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "65109bbb-c030-4de4-8b16-c367dc0e934a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-12-28T11:44:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-28T11:44:03+00:00"}, "scope": {"notes": "Affected: Sahi Pro / Sahi Pro | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-20470", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20470"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Sahi Pro", "30d_avg": 5, "90d_avg": 1, "product": "Sahi Pro", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b1182979-fff6-460f-ad2d-353855a30379", "vulnerability": {"vulnId": "CVE-2024-1212", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b1182979-fff6-460f-ad2d-353855a30379", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-03-29T09:59:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-29T09:59:22+00:00"}, "scope": {"notes": "Affected: Progress / Kemp LoadMaster | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-1212", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1212"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Progress", "30d_avg": 5, "90d_avg": 2, "product": "Kemp LoadMaster", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "49105fc7-63a3-411b-ab9a-1f54cc6181e8", "vulnerability": {"vulnId": "CVE-2018-6961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "49105fc7-63a3-411b-ab9a-1f54cc6181e8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2023-12-12T21:38:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-12T21:38:58+00:00"}, "scope": {"notes": "Affected: VMware / VMware NSX SD-WAN Edge | Class: app-delivery-controller | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-6961", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6961"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 2, "vendor": "VMware", "30d_avg": 11, "90d_avg": 4, "product": "VMware NSX SD-WAN Edge", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "6952e0ec-2b2e-4cec-a068-dc97d07f7cbc", "vulnerability": {"vulnId": "CVE-2022-45835", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6952e0ec-2b2e-4cec-a068-dc97d07f7cbc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-12-05T06:27:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:19+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress PhonePe Payment Solutions plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-45835", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45835"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress PhonePe Payment Solutions plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d016abb3-1514-4c93-a1f5-224f6be71361", "vulnerability": {"vulnId": "CVE-2023-47218", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d016abb3-1514-4c93-a1f5-224f6be71361", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-16T05:56:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-16T05:56:10+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP QTS and QuTS Hero | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-47218", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47218"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "QNAP", "30d_avg": 1, "90d_avg": 0, "product": "QNAP QTS and QuTS Hero", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "975fabc4-e5e3-431c-8eca-664c92b183dc", "vulnerability": {"vulnId": "CVE-2024-1698", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "975fabc4-e5e3-431c-8eca-664c92b183dc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-29T18:41:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-29T18:41:21+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress NotificationX plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-1698", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1698"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress NotificationX plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7098f5a0-3b59-4bef-b5c4-80550447941e", "vulnerability": {"vulnId": "CVE-2020-13379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7098f5a0-3b59-4bef-b5c4-80550447941e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 82}, "timestamps": {"asserted_at": "2024-03-07T21:04:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-07T21:04:13+00:00"}, "scope": {"notes": "Affected: Grafana / Grafana | Class: data-visualization | Severity: High (CVSS 8.2) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-13379", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13379"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "data-visualization", "7d_avg": 0, "vendor": "Grafana", "30d_avg": 12, "90d_avg": 4, "product": "Grafana", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.2, "vulnerability_severity": "High"}}]}
{"uuid": "71aedf91-5854-4cc5-963e-a89363acac97", "vulnerability": {"vulnId": "CVE-2021-31250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "71aedf91-5854-4cc5-963e-a89363acac97", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 54}, "timestamps": {"asserted_at": "2024-04-08T00:30:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-08T00:30:51+00:00"}, "scope": {"notes": "Affected: CHIYU Technology / CHIYU BF-430, BF-431 and BF-450M | Class: other-software | Severity: Medium (CVSS 5.4) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-31250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31250"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "CHIYU Technology", "30d_avg": 0, "90d_avg": 0, "product": "CHIYU BF-430, BF-431 and BF-450M", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.4, "vulnerability_severity": "Medium"}}]}
{"uuid": "21a8978a-21e0-4be3-89e6-345fd2fb9409", "vulnerability": {"vulnId": "CVE-2026-41940", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "21a8978a-21e0-4be3-89e6-345fd2fb9409", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-30T13:55:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-30T13:55:53+00:00"}, "scope": {"notes": "Affected: cPanel / cPanel and WHM | Class: remote-access | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3454", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-41940", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41940"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "240", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "remote-access", "7d_avg": 272, "vendor": "cPanel", "30d_avg": 417, "90d_avg": 234, "product": "cPanel and WHM", "cisa_kev": "yes", "connections": 3454, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d93937cc-2a3c-4fc7-bcf7-01cd58c62abf", "vulnerability": {"vulnId": "CVE-2024-48455", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d93937cc-2a3c-4fc7-bcf7-01cd58c62abf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 27}, "timestamps": {"asserted_at": "2025-02-04T21:15:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-04T21:15:52+00:00"}, "scope": {"notes": "Affected: Netis / Netis routers multiple models | Class: router | Severity: Low (CVSS 2.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 54", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-48455", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48455"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Netis", "30d_avg": 6, "90d_avg": 2, "product": "Netis routers multiple models", "cisa_kev": "no", "connections": 54, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 2.7, "vulnerability_severity": "Low"}}]}
{"uuid": "a93f163c-ec67-4b45-bf9e-4e3861e444cd", "vulnerability": {"vulnId": "CVE-2019-9978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a93f163c-ec67-4b45-bf9e-4e3861e444cd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-19T08:22:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T08:22:38+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Social Warfare plugin | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-9978", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9978"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 4, "vendor": "Wordpress", "30d_avg": 2, "90d_avg": 1, "product": "Wordpress Social Warfare plugin", "cisa_kev": "yes", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "1bc808b1-d6a0-41d4-983f-6153872bae5d", "vulnerability": {"vulnId": "CVE-2022-31814", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1bc808b1-d6a0-41d4-983f-6153872bae5d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-26T03:28:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-26T03:28:15+00:00"}, "scope": {"notes": "Affected: pfSense / pfSense pfBlockerNG | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31814", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31814"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "pfSense", "30d_avg": 6, "90d_avg": 2, "product": "pfSense pfBlockerNG", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e888e8d2-04d1-416f-8ea9-afc65d216c65", "vulnerability": {"vulnId": "CVE-2021-30118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e888e8d2-04d1-416f-8ea9-afc65d216c65", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-23T03:28:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-23T03:28:19+00:00"}, "scope": {"notes": "Affected: Kaseya / VSA | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-30118", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30118"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Kaseya", "30d_avg": 8, "90d_avg": 3, "product": "VSA", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1537466c-7703-407e-9410-dbb1330cc991", "vulnerability": {"vulnId": "CVE-2021-36260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1537466c-7703-407e-9410-dbb1330cc991", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:01+00:00"}, "scope": {"notes": "Affected: Hikvision / Hikvision Web Server | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 5779", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-36260", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36260"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "7", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 4, "vendor": "Hikvision", "30d_avg": 12, "90d_avg": 7, "product": "Hikvision Web Server", "cisa_kev": "yes", "connections": 5779, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "63174ad7-d7d8-44e8-ba11-ae52ad84d101", "vulnerability": {"vulnId": "CVE-2024-50498", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "63174ad7-d7d8-44e8-ba11-ae52ad84d101", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-06-08T20:31:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-08T20:31:06+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WP Query Console plugin | Class: cms | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-50498", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50498"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress WP Query Console plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "d3077264-421d-4e72-92fc-dc6906a52c69", "vulnerability": {"vulnId": "CVE-2022-26134", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d3077264-421d-4e72-92fc-dc6906a52c69", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T18:19:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T18:19:11+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 110", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-26134", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26134"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "6", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 11, "vendor": "Atlassian", "30d_avg": 27, "90d_avg": 17, "product": "Confluence", "cisa_kev": "yes", "connections": 110, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "723a70a7-d7ee-4168-99d4-c0672640acc2", "vulnerability": {"vulnId": "CVE-2021-37291", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "723a70a7-d7ee-4168-99d4-c0672640acc2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T22:14:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T22:14:32+00:00"}, "scope": {"notes": "Affected: KevinLAB / Building Energy Management System | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-37291", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37291"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "KevinLAB", "30d_avg": 6, "90d_avg": 2, "product": "Building Energy Management System", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f5b0dab2-c9e3-4252-a48b-f3e9efb3a334", "vulnerability": {"vulnId": "CVE-2024-7339", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f5b0dab2-c9e3-4252-a48b-f3e9efb3a334", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2024-09-14T10:47:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-14T10:47:15+00:00"}, "scope": {"notes": "Affected: TVT/Provision-ISR / Multiple DVR models | Class: video-system | Severity: Medium (CVSS 5.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 54", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7339", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7339"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 2, "vendor": "TVT/Provision-ISR", "30d_avg": 2, "90d_avg": 1, "product": "Multiple DVR models", "cisa_kev": "no", "connections": 54, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "994369ff-96cf-442b-a5de-c0dd0dd733e5", "vulnerability": {"vulnId": "CVE-2021-24931", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "994369ff-96cf-442b-a5de-c0dd0dd733e5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-15T18:13:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T18:13:42+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Secure Copy Content Protection and Content Locking plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24931", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24931"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 5, "vendor": "Wordpress", "30d_avg": 13, "90d_avg": 5, "product": "Wordpress Secure Copy Content Protection and Content Locking plugin", "cisa_kev": "no", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "631487ec-433c-428f-bfb5-9def749af631", "vulnerability": {"vulnId": "CVE-2020-8191", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "631487ec-433c-428f-bfb5-9def749af631", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2024-04-06T16:31:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-06T16:31:49+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP | Class: app-delivery-controller | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 61", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8191", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8191"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "6", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 5, "vendor": "Citrix", "30d_avg": 3, "90d_avg": 1, "product": "Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP", "cisa_kev": "no", "connections": 61, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "b0d0a2ff-f278-4c7b-b0d3-d19a98fb65b7", "vulnerability": {"vulnId": "CVE-2022-1388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b0d0a2ff-f278-4c7b-b0d3-d19a98fb65b7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:37+00:00"}, "scope": {"notes": "Affected: F5 / BIG-IP | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 65", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1388", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1388"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 2, "vendor": "F5", "30d_avg": 12, "90d_avg": 4, "product": "BIG-IP", "cisa_kev": "yes", "connections": 65, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "06133fad-5c9c-4447-b57b-eb6f84bcf071", "vulnerability": {"vulnId": "CVE-2023-26801", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "06133fad-5c9c-4447-b57b-eb6f84bcf071", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:00:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:48+00:00"}, "scope": {"notes": "Affected: LB-LINK / LB-LINK BL-AC1900_2.0, LB-LINK BL-WR9000, LB-LINK BL-X26, LB-LINK BL-LTE300 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 3533", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26801", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26801"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "LB-LINK", "30d_avg": 2, "90d_avg": 2, "product": "LB-LINK BL-AC1900_2.0, LB-LINK BL-WR9000, LB-LINK BL-X26, LB-LINK BL-LTE300", "cisa_kev": "no", "connections": 3533, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c1e7d4c7-5c13-433b-bd5a-b0c724badfd6", "vulnerability": {"vulnId": "CVE-2019-16920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c1e7d4c7-5c13-433b-bd5a-b0c724badfd6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:49+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link  DIR-615, DIR-655C, DIR-825, DIR-835, DIR-855L, DIR-866L, DIR-652, DIR-862L, DHP-1565, DAP-1533 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-16920", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16920"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 3, "vendor": "D-Link", "30d_avg": 11, "90d_avg": 4, "product": "D-Link  DIR-615, DIR-655C, DIR-825, DIR-835, DIR-855L, DIR-866L, DIR-652, DIR-862L, DHP-1565, DAP-1533", "cisa_kev": "yes", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "cbeda0df-4f06-49a9-8c20-1400f87d2e32", "vulnerability": {"vulnId": "CVE-2018-15961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cbeda0df-4f06-49a9-8c20-1400f87d2e32", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:42:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:42:04+00:00"}, "scope": {"notes": "Affected: Apache / ColdFusion | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-15961", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15961"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 2, "vendor": "Apache", "30d_avg": 9, "90d_avg": 3, "product": "ColdFusion", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1b13ba76-3aec-43a0-9c4e-ecab37b30f32", "vulnerability": {"vulnId": "CVE-2024-36858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1b13ba76-3aec-43a0-9c4e-ecab37b30f32", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-15T08:02:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-15T08:02:30+00:00"}, "scope": {"notes": "Affected: Homebrew Computer Company / Jan | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-36858", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36858"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Homebrew Computer Company", "30d_avg": 0, "90d_avg": 0, "product": "Jan", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "204cf922-dfb9-4835-ab71-c2dec637d03f", "vulnerability": {"vulnId": "CVE-2019-25141", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "204cf922-dfb9-4835-ab71-c2dec637d03f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:28:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:28:38+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Easy WP SMTP plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-25141", "url": "https://www.cve.org/CVERecord?id=CVE-2019-25141"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress Easy WP SMTP plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c727387f-d0d9-419d-bcfb-c7e459b01676", "vulnerability": {"vulnId": "CVE-2024-24919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c727387f-d0d9-419d-bcfb-c7e459b01676", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-05-31T15:47:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-05-31T15:47:40+00:00"}, "scope": {"notes": "Affected: Check Point / Check Point Security Gateway | Class: firewall | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 54", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-24919", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24919"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 11, "vendor": "Check Point", "30d_avg": 12, "90d_avg": 10, "product": "Check Point Security Gateway", "cisa_kev": "yes", "connections": 54, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "49d4cf77-1564-4460-bc2c-fc3d3e2326b0", "vulnerability": {"vulnId": "CVE-2023-22620", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "49d4cf77-1564-4460-bc2c-fc3d3e2326b0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:44+00:00"}, "scope": {"notes": "Affected: SecurePoint / SecurePoint UTM | Class: firewall | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-22620", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22620"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 17, "vendor": "SecurePoint", "30d_avg": 11, "90d_avg": 4, "product": "SecurePoint UTM", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "0ea00070-fbbe-45aa-bbe4-48e9e6ce4f19", "vulnerability": {"vulnId": "CVE-2024-32738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0ea00070-fbbe-45aa-bbe4-48e9e6ce4f19", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-01-22T16:42:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-22T16:42:59+00:00"}, "scope": {"notes": "Affected: CyberPanel / CyberPanel | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-32738", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32738"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "CyberPanel", "30d_avg": 5, "90d_avg": 1, "product": "CyberPanel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "f1bf7728-5697-4ef0-bf87-6e46b8f2e37c", "vulnerability": {"vulnId": "CVE-2023-2523", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f1bf7728-5697-4ef0-bf87-6e46b8f2e37c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-13T13:12:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-13T13:12:02+00:00"}, "scope": {"notes": "Affected: Weaver / Weave E-Office | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-2523", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2523"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Weaver", "30d_avg": 0, "90d_avg": 0, "product": "Weave E-Office", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "47318424-b4b2-4852-abc8-362c5eefd2d3", "vulnerability": {"vulnId": "CVE-2022-2486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "47318424-b4b2-4852-abc8-362c5eefd2d3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WN535K2 and WN535K3 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-2486", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2486"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "WAVLINK", "30d_avg": 6, "90d_avg": 2, "product": "WAVLINK WN535K2 and WN535K3", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1a1dd043-a9e6-4b8c-8e09-d2e008878837", "vulnerability": {"vulnId": "CVE-2024-32739", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1a1dd043-a9e6-4b8c-8e09-d2e008878837", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-01-22T16:43:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-22T16:43:00+00:00"}, "scope": {"notes": "Affected: CyberPanel / CyberPanel | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-32739", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32739"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "CyberPanel", "30d_avg": 4, "90d_avg": 1, "product": "CyberPanel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "685e1420-7b02-40fa-a91e-62267d1bd9ad", "vulnerability": {"vulnId": "CVE-2021-33357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "685e1420-7b02-40fa-a91e-62267d1bd9ad", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:59+00:00"}, "scope": {"notes": "Affected: RaspAP / RaspAP | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-33357", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33357"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "RaspAP", "30d_avg": 5, "90d_avg": 1, "product": "RaspAP", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "70364673-1493-453c-97ac-078d70b86e67", "vulnerability": {"vulnId": "CVE-2020-13638", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "70364673-1493-453c-97ac-078d70b86e67", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T16:28:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T16:28:49+00:00"}, "scope": {"notes": "Affected: rConfig / rConfig | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-13638", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13638"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "rConfig", "30d_avg": 11, "90d_avg": 4, "product": "rConfig", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "246a4b42-70d9-4f6b-ae8b-12ee124156cc", "vulnerability": {"vulnId": "CVE-2021-26855", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "246a4b42-70d9-4f6b-ae8b-12ee124156cc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:08:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:08:44+00:00"}, "scope": {"notes": "Affected: Microsoft / Exchange | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 628", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-26855", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26855"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "16", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 9, "vendor": "Microsoft", "30d_avg": 13, "90d_avg": 8, "product": "Exchange", "cisa_kev": "yes", "connections": 628, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a7cb0949-11a1-4ced-bce1-e8fde5cd5a50", "vulnerability": {"vulnId": "CVE-2025-4210", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a7cb0949-11a1-4ced-bce1-e8fde5cd5a50", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2026-03-08T21:53:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-08T21:53:18+00:00"}, "scope": {"notes": "Affected: Casdoor / Casdoor | Class: ai-system | Severity: High (CVSS 7.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-4210", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4210"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 2, "vendor": "Casdoor", "30d_avg": 6, "90d_avg": 2, "product": "Casdoor", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}]}
{"uuid": "b2774ab2-ac77-4154-97c8-9352dc5e8e3f", "vulnerability": {"vulnId": "CVE-2023-38192", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b2774ab2-ac77-4154-97c8-9352dc5e8e3f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2024-12-05T06:27:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:22+00:00"}, "scope": {"notes": "Affected: Mirko B\u00c3\u00b6er Software Development / SuperWebMailer | Class: email | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-38192", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38192"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "Mirko B\u00c3\u00b6er Software Development", "30d_avg": 1, "90d_avg": 0, "product": "SuperWebMailer", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "80ef334d-0a4e-44c4-9227-ff326d5b121f", "vulnerability": {"vulnId": "CVE-2021-42237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "80ef334d-0a4e-44c4-9227-ff326d5b121f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:42:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:42:58+00:00"}, "scope": {"notes": "Affected: Sitecore / Sitecore XP | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-42237", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42237"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Sitecore", "30d_avg": 5, "90d_avg": 2, "product": "Sitecore XP", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "922f1fc1-174c-49af-85b1-d69034928aff", "vulnerability": {"vulnId": "CVE-2017-18349", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "922f1fc1-174c-49af-85b1-d69034928aff", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T21:36:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T21:36:53+00:00"}, "scope": {"notes": "Affected: Alibaba / Fastjson | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-18349", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18349"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Alibaba", "30d_avg": 0, "90d_avg": 0, "product": "Fastjson", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6f671ede-e6c1-4085-b588-710218e55141", "vulnerability": {"vulnId": "CVE-2020-7980", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6f671ede-e6c1-4085-b588-710218e55141", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:40+00:00"}, "scope": {"notes": "Affected: Intellian / Intellian Aptus Web | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-7980", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7980"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 2, "vendor": "Intellian", "30d_avg": 5, "90d_avg": 2, "product": "Intellian Aptus Web", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "54fcb1fd-b43d-45a0-8ba1-3ff325957449", "vulnerability": {"vulnId": "CVE-2020-14882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "54fcb1fd-b43d-45a0-8ba1-3ff325957449", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:48:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:48:26+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Weblogic Server | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-14882", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14882"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 1, "vendor": "Oracle", "30d_avg": 5, "90d_avg": 2, "product": "Oracle Weblogic Server", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "480c650d-e634-4c01-ab72-03c7559ccad9", "vulnerability": {"vulnId": "CVE-2021-1497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "480c650d-e634-4c01-ab72-03c7559ccad9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:44+00:00"}, "scope": {"notes": "Affected: Cisco / HyperFlex HX | Class: router | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-1497", "url": "https://www.cve.org/CVERecord?id=CVE-2021-1497"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Cisco", "30d_avg": 6, "90d_avg": 2, "product": "HyperFlex HX", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "01455517-67c6-4a06-acf3-f4a252c212c9", "vulnerability": {"vulnId": "CVE-2024-6235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "01455517-67c6-4a06-acf3-f4a252c212c9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-10-25T19:23:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-25T19:23:19+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix NetScaler Console | Class: device-management-platform | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6235", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6235"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 6, "90d_avg": 2, "product": "Citrix NetScaler Console", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "15d05eb4-b890-44be-95e6-239c732eadb2", "vulnerability": {"vulnId": "CVE-2022-47075", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "15d05eb4-b890-44be-95e6-239c732eadb2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-05-12T23:29:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-12T23:29:25+00:00"}, "scope": {"notes": "Affected: Smart Office Payroll / Smart Office Web | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-47075", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47075"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Smart Office Payroll", "30d_avg": 6, "90d_avg": 2, "product": "Smart Office Web", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "1ef82ee7-8472-4ef6-ab70-c56a52f48afb", "vulnerability": {"vulnId": "CVE-2019-3929", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1ef82ee7-8472-4ef6-ab70-c56a52f48afb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:12+00:00"}, "scope": {"notes": "Affected: Barco/AWIND / Barco/AWIND OEM | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-3929", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3929"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 1, "vendor": "Barco/AWIND", "30d_avg": 5, "90d_avg": 2, "product": "Barco/AWIND OEM", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8444d9c3-949d-4ba2-9db8-9d4b995613b1", "vulnerability": {"vulnId": "CVE-2021-21315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8444d9c3-949d-4ba2-9db8-9d4b995613b1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 78}, "timestamps": {"asserted_at": "2023-10-14T14:56:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:47+00:00"}, "scope": {"notes": "Affected: Node.js / Node.js | Class: other-software | Severity: High (CVSS 7.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21315", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21315"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Node.js", "30d_avg": 5, "90d_avg": 1, "product": "Node.js", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.8, "vulnerability_severity": "High"}}]}
{"uuid": "ce894f90-a200-443f-9ee8-70141935c492", "vulnerability": {"vulnId": "CVE-2022-0948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ce894f90-a200-443f-9ee8-70141935c492", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T19:10:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T19:10:59+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Order Listener for WooCommerce WordPress plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0948", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0948"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress Order Listener for WooCommerce WordPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a6284218-8593-48a2-84a3-e8a056913cd6", "vulnerability": {"vulnId": "CVE-2023-45038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a6284218-8593-48a2-84a3-e8a056913cd6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-08-16T05:15:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-16T05:15:47+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP Music Station | Class: nas | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-45038", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45038"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "QNAP", "30d_avg": 1, "90d_avg": 0, "product": "QNAP Music Station", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "b8323768-476b-4581-9098-2397ac4e0426", "vulnerability": {"vulnId": "CVE-2023-32117", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b8323768-476b-4581-9098-2397ac4e0426", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-26T08:35:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-26T08:35:58+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress SoftLab Integrate Google Drive | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-32117", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32117"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress SoftLab Integrate Google Drive", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b90aac9b-a9e9-4d40-ab7b-68e69de81b92", "vulnerability": {"vulnId": "CVE-2022-2488", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b90aac9b-a9e9-4d40-ab7b-68e69de81b92", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WN535K2 and WN535K3 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-2488", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2488"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "WAVLINK", "30d_avg": 5, "90d_avg": 2, "product": "WAVLINK WN535K2 and WN535K3", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9c85ec13-9796-4340-8992-26843e7dd2be", "vulnerability": {"vulnId": "CVE-2020-8982", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9c85ec13-9796-4340-8992-26843e7dd2be", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:42+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ShareFile StorageZones (aka storage zones) Controller | Class: app-delivery-controller | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8982", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8982"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 5, "90d_avg": 1, "product": "Citrix ShareFile StorageZones (aka storage zones) Controller", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "8eb85a07-cf50-436e-97f1-c80de18767bb", "vulnerability": {"vulnId": "CVE-2020-35713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8eb85a07-cf50-436e-97f1-c80de18767bb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: Linksys / RE6500 Series | Class: wireless-extender | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-35713", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35713"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 1, "vendor": "Linksys", "30d_avg": 5, "90d_avg": 2, "product": "RE6500 Series", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0dfa78b1-673f-46fb-8b4e-da2391535151", "vulnerability": {"vulnId": "CVE-2022-29014", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0dfa78b1-673f-46fb-8b4e-da2391535151", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:29+00:00"}, "scope": {"notes": "Affected: Razer / Razer Sila | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29014", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29014"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Razer", "30d_avg": 5, "90d_avg": 2, "product": "Razer Sila", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "ea8fb450-5f4e-42f0-bdfb-a4ea4474f86e", "vulnerability": {"vulnId": "CVE-2024-38514", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ea8fb450-5f4e-42f0-bdfb-a4ea4474f86e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 74}, "timestamps": {"asserted_at": "2025-02-25T23:16:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-25T23:16:16+00:00"}, "scope": {"notes": "Affected: NextChat (ChatGPT-Next-Web) / NextChat (ChatGPT-Next-Web) | Class: ai-system | Severity: High (CVSS 7.4) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-38514", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38514"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 1, "vendor": "NextChat (ChatGPT-Next-Web)", "30d_avg": 5, "90d_avg": 1, "product": "NextChat (ChatGPT-Next-Web)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.4, "vulnerability_severity": "High"}}]}
{"uuid": "4a8a7f95-37af-4284-914a-313edc7709df", "vulnerability": {"vulnId": "CVE-2017-6090", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4a8a7f95-37af-4284-914a-313edc7709df", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:55:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:43+00:00"}, "scope": {"notes": "Affected: phpCollab / phpCollab | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-6090", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6090"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "phpCollab", "30d_avg": 11, "90d_avg": 4, "product": "phpCollab", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "edd2454e-1398-4fb6-bdea-f5fbe6890361", "vulnerability": {"vulnId": "CVE-2021-45422", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "edd2454e-1398-4fb6-bdea-f5fbe6890361", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2025-06-05T01:49:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-05T01:49:18+00:00"}, "scope": {"notes": "Affected: Reprise / Reprise License Manager | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-45422", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45422"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Reprise", "30d_avg": 0, "90d_avg": 0, "product": "Reprise License Manager", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "78da6e12-97a6-421b-b3f8-63b7a1b530e4", "vulnerability": {"vulnId": "CVE-2019-11581", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "78da6e12-97a6-421b-b3f8-63b7a1b530e4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T18:05:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T18:05:55+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-11581", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11581"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Atlassian", "30d_avg": 5, "90d_avg": 1, "product": "JIRA", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a45128a4-3c12-4146-a606-6113ab475435", "vulnerability": {"vulnId": "CVE-2022-38296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a45128a4-3c12-4146-a606-6113ab475435", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-06T23:04:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-06T23:04:04+00:00"}, "scope": {"notes": "Affected: CuppaCMS / CuppaCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-38296", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38296"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "CuppaCMS", "30d_avg": 11, "90d_avg": 4, "product": "CuppaCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ffd8b25a-3e81-47ad-811c-9da089d85499", "vulnerability": {"vulnId": "CVE-2018-9995", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ffd8b25a-3e81-47ad-811c-9da089d85499", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:00:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:00+00:00"}, "scope": {"notes": "Affected: TBK / DVR4104/DVR4216 and multiple re-branded versions | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-9995", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9995"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 2, "vendor": "TBK", "30d_avg": 2, "90d_avg": 2, "product": "DVR4104/DVR4216 and multiple re-branded versions", "cisa_kev": "no", "connections": 12, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a75e717e-2767-4fff-8624-d767805af5c2", "vulnerability": {"vulnId": "CVE-2026-21643", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a75e717e-2767-4fff-8624-d767805af5c2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-04T23:51:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-04T23:51:07+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiClientEMS | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-21643", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21643"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Fortinet", "30d_avg": 12, "90d_avg": 4, "product": "FortiClientEMS", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c8262c0e-c379-48d3-824d-f042c2115730", "vulnerability": {"vulnId": "CVE-2022-34753", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c8262c0e-c379-48d3-824d-f042c2115730", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:57:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:36+00:00"}, "scope": {"notes": "Affected: Schneider Electric / SpaceLogic C-Bus Home Controller (5200WHC2) | Class: other-software | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-34753", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34753"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Schneider Electric", "30d_avg": 5, "90d_avg": 2, "product": "SpaceLogic C-Bus Home Controller (5200WHC2)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "71a9f88b-1065-42ba-89a4-e980a438d7f5", "vulnerability": {"vulnId": "CVE-2024-22319", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "71a9f88b-1065-42ba-89a4-e980a438d7f5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-17T20:10:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-17T20:10:12+00:00"}, "scope": {"notes": "Affected: IBM / IBM Operational Decision Manager | Class: business-intelligence | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 26", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-22319", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22319"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "business-intelligence", "7d_avg": 0, "vendor": "IBM", "30d_avg": 5, "90d_avg": 2, "product": "IBM Operational Decision Manager", "cisa_kev": "no", "connections": 26, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3485beb0-b28d-4aa6-896d-890e489acac2", "vulnerability": {"vulnId": "CVE-2025-10204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3485beb0-b28d-4aa6-896d-890e489acac2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 71}, "timestamps": {"asserted_at": "2025-12-31T08:04:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-31T08:04:20+00:00"}, "scope": {"notes": "Affected: LG / LG AC Smart II | Class: device-management-platform | Severity: High (CVSS 7.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-10204", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10204"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "LG", "30d_avg": 3, "90d_avg": 1, "product": "LG AC Smart II", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.1, "vulnerability_severity": "High"}}]}
{"uuid": "b68a9d6d-dca2-427c-8a0c-781b68c78c66", "vulnerability": {"vulnId": "CVE-2023-22478", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b68a9d6d-dca2-427c-8a0c-781b68c78c66", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:43+00:00"}, "scope": {"notes": "Affected: FIT2CLOUD / KubePi | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-22478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22478"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "FIT2CLOUD", "30d_avg": 6, "90d_avg": 2, "product": "KubePi", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b325ed99-3666-4219-8499-6ab790032c1e", "vulnerability": {"vulnId": "CVE-2024-20440", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b325ed99-3666-4219-8499-6ab790032c1e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-11-17T08:34:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-17T08:34:36+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco Smart Licensing Utility | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-20440", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20440"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 4, "90d_avg": 1, "product": "Cisco Smart Licensing Utility", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d08fe5f0-9383-4a28-9ee0-51d2896093e0", "vulnerability": {"vulnId": "CVE-2023-42793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d08fe5f0-9383-4a28-9ee0-51d2896093e0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T20:10:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T20:10:58+00:00"}, "scope": {"notes": "Affected: JetBrains / TeamCity | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-42793", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42793"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "JetBrains", "30d_avg": 12, "90d_avg": 14, "product": "TeamCity", "cisa_kev": "yes", "connections": 11, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "63c63b5e-4168-476f-9006-a881cde537f8", "vulnerability": {"vulnId": "CVE-2018-15517", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "63c63b5e-4168-476f-9006-a881cde537f8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2023-10-14T20:53:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:53:30+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link Central WiFiManager CWM-100 | Class: device-management-platform | Severity: High (CVSS 8.6) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-15517", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15517"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 1, "product": "D-Link Central WiFiManager CWM-100", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "76c67a18-7ae6-4759-81a1-ff80bac5a8e4", "vulnerability": {"vulnId": "CVE-2023-27482", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "76c67a18-7ae6-4759-81a1-ff80bac5a8e4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T04:05:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T04:05:25+00:00"}, "scope": {"notes": "Affected: Home Assistant / Home Assistance (Supervisor) | Class: device-management-platform | Severity: Critical (CVSS 10) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27482", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27482"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 3, "vendor": "Home Assistant", "30d_avg": 12, "90d_avg": 4, "product": "Home Assistance (Supervisor)", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "e49ee6ac-fa8e-4d1b-a950-cb816ec74505", "vulnerability": {"vulnId": "CVE-2023-20887", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e49ee6ac-fa8e-4d1b-a950-cb816ec74505", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:43+00:00"}, "scope": {"notes": "Affected: VMware / Aria Operations for Networks | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-20887", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20887"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "VMware", "30d_avg": 5, "90d_avg": 1, "product": "Aria Operations for Networks", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9bf17763-47dc-422b-8ae1-8db6a53ce3a0", "vulnerability": {"vulnId": "CVE-2024-28995", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9bf17763-47dc-422b-8ae1-8db6a53ce3a0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-06-25T21:58:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-25T21:58:01+00:00"}, "scope": {"notes": "Affected: SolarWinds / SolarWinds Serv-U | Class: file-transfer | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 20", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-28995", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28995"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "14", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 29, "vendor": "SolarWinds", "30d_avg": 17, "90d_avg": 9, "product": "SolarWinds Serv-U", "cisa_kev": "yes", "connections": 20, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "9631ac58-d167-4442-921b-bdbce0f4fc15", "vulnerability": {"vulnId": "CVE-2025-55182", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9631ac58-d167-4442-921b-bdbce0f4fc15", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-12-08T12:31:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-08T12:31:55+00:00"}, "scope": {"notes": "Affected: Meta / React Server Components | Class: web-app-framework | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 21176", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-55182", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "54", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 143, "vendor": "Meta", "30d_avg": 79, "90d_avg": 62, "product": "React Server Components", "cisa_kev": "yes", "connections": 21176, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "8954e77f-2d1d-4ff5-a086-339b9c8b6b2e", "vulnerability": {"vulnId": "CVE-2023-35082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8954e77f-2d1d-4ff5-a086-339b9c8b6b2e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T14:57:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:51+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 27", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-35082", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35082"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 9, "vendor": "Ivanti", "30d_avg": 11, "90d_avg": 18, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 27, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "3d1a5bf6-6df5-48d5-925e-0d964897138a", "vulnerability": {"vulnId": "CVE-2025-25034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3d1a5bf6-6df5-48d5-925e-0d964897138a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2025-10-26T14:03:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-26T14:03:30+00:00"}, "scope": {"notes": "Affected: SugarCRM / SugarCRM | Class: other-software | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 41", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-25034", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25034"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "SugarCRM", "30d_avg": 5, "90d_avg": 2, "product": "SugarCRM", "cisa_kev": "no", "connections": 41, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "abd67f9d-959e-4219-ac8c-ad6d6e33ec8e", "vulnerability": {"vulnId": "CVE-2025-61882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "abd67f9d-959e-4219-ac8c-ad6d6e33ec8e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-09T10:38:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-09T10:38:59+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle E-Business Suite (Oracle Concurrent Processing) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 54", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-61882", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61882"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Oracle", "30d_avg": 6, "90d_avg": 2, "product": "Oracle E-Business Suite (Oracle Concurrent Processing)", "cisa_kev": "yes", "connections": 54, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "99da59a9-923f-41c7-a49e-22c73ceb8022", "vulnerability": {"vulnId": "CVE-2020-4427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "99da59a9-923f-41c7-a49e-22c73ceb8022", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-12T11:56:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-12T11:56:35+00:00"}, "scope": {"notes": "Affected: IBM / IBM Data Risk Manager | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 52", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-4427", "url": "https://www.cve.org/CVERecord?id=CVE-2020-4427"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 2, "vendor": "IBM", "30d_avg": 6, "90d_avg": 2, "product": "IBM Data Risk Manager", "cisa_kev": "yes", "connections": 52, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5f5fbd21-8e3a-4ed2-a4aa-cefa3c16cd58", "vulnerability": {"vulnId": "CVE-2020-17518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5f5fbd21-8e3a-4ed2-a4aa-cefa3c16cd58", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-15T01:09:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T01:09:26+00:00"}, "scope": {"notes": "Affected: Apache / Flink | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-17518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17518"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 11, "90d_avg": 4, "product": "Flink", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "29e354c8-6971-4ca6-a6e5-b4209a82a91b", "vulnerability": {"vulnId": "CVE-2022-28363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "29e354c8-6971-4ca6-a6e5-b4209a82a91b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2025-06-05T02:56:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-05T02:56:14+00:00"}, "scope": {"notes": "Affected: Reprise / Reprise License Manager | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28363"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Reprise", "30d_avg": 0, "90d_avg": 0, "product": "Reprise License Manager", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "3809cc80-3dbf-4b00-8a06-62028854b045", "vulnerability": {"vulnId": "CVE-2021-27850", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3809cc80-3dbf-4b00-8a06-62028854b045", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:55+00:00"}, "scope": {"notes": "Affected: Apache / Tapestry | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27850", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27850"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 1, "vendor": "Apache", "30d_avg": 10, "90d_avg": 3, "product": "Tapestry", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1da73fb9-a3d8-4316-bab3-1c17b57fdc4c", "vulnerability": {"vulnId": "CVE-2018-0127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1da73fb9-a3d8-4316-bab3-1c17b57fdc4c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:29:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:29:43+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco RV132W/RV134W | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-0127", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0127"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 5, "90d_avg": 2, "product": "Cisco RV132W/RV134W", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fa10b8fd-aec1-47a9-a1b1-17e836e7e2c0", "vulnerability": {"vulnId": "CVE-2018-6605", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fa10b8fd-aec1-47a9-a1b1-17e836e7e2c0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:25:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:25:45+00:00"}, "scope": {"notes": "Affected:  Open Source Matters, Inc/Joomla community / Joomla Zh BaiduMap component | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-6605", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6605"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 3, "vendor": " Open Source Matters, Inc/Joomla community", "30d_avg": 6, "90d_avg": 2, "product": "Joomla Zh BaiduMap component", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "102867c6-ab6b-4591-bac7-ace933552e50", "vulnerability": {"vulnId": "CVE-2022-36642", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "102867c6-ab6b-4591-bac7-ace933552e50", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:37+00:00"}, "scope": {"notes": "Affected: Telos Alliance / Omnia MPX Node | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-36642", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36642"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Telos Alliance", "30d_avg": 11, "90d_avg": 4, "product": "Omnia MPX Node", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6ddb20c4-2bf4-4d3d-8f74-aac113bb1895", "vulnerability": {"vulnId": "CVE-2019-13101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6ddb20c4-2bf4-4d3d-8f74-aac113bb1895", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-19T10:05:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-19T10:05:49+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-600M | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-13101", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13101"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "D-Link", "30d_avg": 10, "90d_avg": 4, "product": "D-Link DIR-600M", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "aecafc14-6972-4095-82f7-ccba5b13b096", "vulnerability": {"vulnId": "CVE-2025-31324", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "aecafc14-6972-4095-82f7-ccba5b13b096", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-04-27T22:21:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-04-27T22:21:09+00:00"}, "scope": {"notes": "Affected: SAP / NetWeaver | Class: app-server | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 47", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-31324", "url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 1, "vendor": "SAP", "30d_avg": 4, "90d_avg": 1, "product": "NetWeaver", "cisa_kev": "yes", "connections": 47, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "e6468fa1-9649-4252-a62a-7b750b6d8519", "vulnerability": {"vulnId": "CVE-2019-5129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e6468fa1-9649-4252-a62a-7b750b6d8519", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:54+00:00"}, "scope": {"notes": "Affected: YouPHPTube / YouPHPTube Encoder | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 13", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-5129", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5129"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "YouPHPTube", "30d_avg": 13, "90d_avg": 5, "product": "YouPHPTube Encoder", "cisa_kev": "no", "connections": 13, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "56554fd2-0a4a-40fd-ba97-1bd39f6ca1d5", "vulnerability": {"vulnId": "CVE-2019-12989", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "56554fd2-0a4a-40fd-ba97-1bd39f6ca1d5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-31T00:06:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-31T00:06:09+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix SD-WAN and NetScaler SD-WAN | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12989", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12989"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 2, "vendor": "Citrix", "30d_avg": 5, "90d_avg": 2, "product": "Citrix SD-WAN and NetScaler SD-WAN", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "55d6dbb3-11f0-42de-832b-23c5607e2cba", "vulnerability": {"vulnId": "CVE-2023-1020", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "55d6dbb3-11f0-42de-832b-23c5607e2cba", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:42+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Steveas WP Live Chat Shoutbox plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-1020", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1020"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Steveas WP Live Chat Shoutbox plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "23905698-afce-4e17-9ad2-02fbac9829c5", "vulnerability": {"vulnId": "CVE-2018-17431", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "23905698-afce-4e17-9ad2-02fbac9829c5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-19T14:52:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-19T14:52:02+00:00"}, "scope": {"notes": "Affected: Comodo / Comodo UTM Firewall | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-17431", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17431"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 2, "vendor": "Comodo", "30d_avg": 9, "90d_avg": 3, "product": "Comodo UTM Firewall", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a6bad076-33ca-4f29-b69b-8ece7b8dc545", "vulnerability": {"vulnId": "CVE-2023-52028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a6bad076-33ca-4f29-b69b-8ece7b8dc545", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-07T21:47:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-07T21:47:11+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A3700R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-52028", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52028"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Totolink", "30d_avg": 8, "90d_avg": 3, "product": "Totolink A3700R", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "44b211e5-3d48-48bf-a0c1-c8cf0e5c70ea", "vulnerability": {"vulnId": "CVE-2023-0669", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "44b211e5-3d48-48bf-a0c1-c8cf0e5c70ea", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-14T14:57:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:42+00:00"}, "scope": {"notes": "Affected: Fortra / GoAnywhere MFT | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 20", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-0669", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0669"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Fortra", "30d_avg": 5, "90d_avg": 2, "product": "GoAnywhere MFT", "cisa_kev": "yes", "connections": 20, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "a2d6251a-505a-4f25-8d7a-790048468d41", "vulnerability": {"vulnId": "CVE-2024-30269", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a2d6251a-505a-4f25-8d7a-790048468d41", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-06-28T23:22:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-28T23:22:52+00:00"}, "scope": {"notes": "Affected: DataEase / DataEase | Class: business-intelligence | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-30269", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30269"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "business-intelligence", "7d_avg": 0, "vendor": "DataEase", "30d_avg": 0, "90d_avg": 0, "product": "DataEase", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "be4d92a2-ab79-4da5-8f50-d19f16ce049b", "vulnerability": {"vulnId": "CVE-2024-13981", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "be4d92a2-ab79-4da5-8f50-d19f16ce049b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-10-22T02:53:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-22T02:53:48+00:00"}, "scope": {"notes": "Affected: Fujian Apex Software / LiveBOS | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-13981", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13981"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Fujian Apex Software", "30d_avg": 0, "90d_avg": 0, "product": "LiveBOS", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "b760a7d4-aaa1-4ae8-82d1-7962782a14aa", "vulnerability": {"vulnId": "CVE-2024-46938", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b760a7d4-aaa1-4ae8-82d1-7962782a14aa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-20T12:17:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-20T12:17:12+00:00"}, "scope": {"notes": "Affected: Sitecore / Sitecore Experience Manager (XM), Experience Platform (XP), Experience | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 26", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-46938", "url": "https://www.cve.org/CVERecord?id=CVE-2024-46938"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Sitecore", "30d_avg": 0, "90d_avg": 0, "product": "Sitecore Experience Manager (XM), Experience Platform (XP), Experience", "cisa_kev": "no", "connections": 26, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "dff517b0-fbd6-40d2-86b8-9baea1a5bfcf", "vulnerability": {"vulnId": "CVE-2024-57049", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "dff517b0-fbd6-40d2-86b8-9baea1a5bfcf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-05-09T04:40:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-09T04:40:08+00:00"}, "scope": {"notes": "Affected: TP-Link / TP-Link Archer C20 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-57049", "url": "https://www.cve.org/CVERecord?id=CVE-2024-57049"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "TP-Link", "30d_avg": 5, "90d_avg": 2, "product": "TP-Link Archer C20", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b5f15a1d-61d0-4630-aa36-0dc9a19e4e79", "vulnerability": {"vulnId": "CVE-2024-9465", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b5f15a1d-61d0-4630-aa36-0dc9a19e4e79", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2024-11-13T13:52:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-11-13T13:52:55+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / Palo Alto Networks Expedition | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9465", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9465"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Palo Alto Networks", "30d_avg": 5, "90d_avg": 2, "product": "Palo Alto Networks Expedition", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "02d8202f-3e34-4c4a-b0e4-39a818abda89", "vulnerability": {"vulnId": "CVE-2022-0769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "02d8202f-3e34-4c4a-b0e4-39a818abda89", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Users Ultra plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0769", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0769"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Users Ultra plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d5da5e73-7796-49ff-8be6-4e3ad97fa12b", "vulnerability": {"vulnId": "CVE-2024-32640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d5da5e73-7796-49ff-8be6-4e3ad97fa12b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-05-16T10:40:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-05-16T10:40:01+00:00"}, "scope": {"notes": "Affected: MASA CMS / MASA CMS | Class: cms | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-32640", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32640"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "MASA CMS", "30d_avg": 5, "90d_avg": 2, "product": "MASA CMS", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "ec101e30-f3d4-477f-af91-59512c531245", "vulnerability": {"vulnId": "CVE-2025-25257", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ec101e30-f3d4-477f-af91-59512c531245", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-07-13T15:01:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-13T15:01:08+00:00"}, "scope": {"notes": "Affected: Fortinet / Fortinet FortiWeb | Class: firewall | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-25257", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25257"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "Fortinet", "30d_avg": 6, "90d_avg": 2, "product": "Fortinet FortiWeb", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "04a34a71-55a8-4f61-8b10-5d943019e6c3", "vulnerability": {"vulnId": "CVE-2025-12480", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "04a34a71-55a8-4f61-8b10-5d943019e6c3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-26T14:32:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-26T14:32:22+00:00"}, "scope": {"notes": "Affected: Gladinet / Gladinet CentreStack & Triofox | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-12480", "url": "https://www.cve.org/CVERecord?id=CVE-2025-12480"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 1, "vendor": "Gladinet", "30d_avg": 6, "90d_avg": 2, "product": "Gladinet CentreStack & Triofox", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "12f944e0-a409-4a1a-b2a9-c31988e73d60", "vulnerability": {"vulnId": "CVE-2022-28365", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "12f944e0-a409-4a1a-b2a9-c31988e73d60", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-06-05T02:33:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-05T02:33:43+00:00"}, "scope": {"notes": "Affected: Reprise / Reprise License Manager | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28365", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28365"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Reprise", "30d_avg": 0, "90d_avg": 0, "product": "Reprise License Manager", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "f3ea5c04-6be9-45a8-b50e-783d6b080ba7", "vulnerability": {"vulnId": "CVE-2021-29203", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f3ea5c04-6be9-45a8-b50e-783d6b080ba7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:56+00:00"}, "scope": {"notes": "Affected: HPE / HPE Edgeline Infrastructure Manager | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-29203", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29203"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "HPE", "30d_avg": 10, "90d_avg": 3, "product": "HPE Edgeline Infrastructure Manager", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "546c0f54-c11e-4814-b7d7-5da0d6b22048", "vulnerability": {"vulnId": "CVE-2024-4358", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "546c0f54-c11e-4814-b7d7-5da0d6b22048", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-07T11:19:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-07T11:19:49+00:00"}, "scope": {"notes": "Affected: Progress / Telerik Report Server | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-4358", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4358"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Progress", "30d_avg": 9, "90d_avg": 3, "product": "Telerik Report Server", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "dfeb02f9-8469-4f5b-aca6-e1393e034c38", "vulnerability": {"vulnId": "CVE-2021-40875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "dfeb02f9-8469-4f5b-aca6-e1393e034c38", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-08-18T07:58:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-18T07:58:09+00:00"}, "scope": {"notes": "Affected: Gurock (Sembi) / TestRail | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-40875", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40875"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 20, "vendor": "Gurock (Sembi)", "30d_avg": 12, "90d_avg": 4, "product": "TestRail", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "43ff9821-dc2e-4b6d-bbae-c0f9c471d4ee", "vulnerability": {"vulnId": "CVE-2024-6670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "43ff9821-dc2e-4b6d-bbae-c0f9c471d4ee", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-20T14:39:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-20T14:39:24+00:00"}, "scope": {"notes": "Affected: Progress / WhatsUp Gold | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6670", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6670"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Progress", "30d_avg": 10, "90d_avg": 3, "product": "WhatsUp Gold", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f48b682d-235f-4a68-819e-7d4722a91d7d", "vulnerability": {"vulnId": "CVE-2018-0296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f48b682d-235f-4a68-819e-7d4722a91d7d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T20:53:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:53:19+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco ASA and Cisco Firepower Threat Defense | Class: firewall | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-0296", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0296"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 5, "90d_avg": 2, "product": "Cisco ASA and Cisco Firepower Threat Defense", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "7df66516-446f-4a8b-b2a9-1b32ca8602a3", "vulnerability": {"vulnId": "CVE-2021-44868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7df66516-446f-4a8b-b2a9-1b32ca8602a3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:56:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:56:05+00:00"}, "scope": {"notes": "Affected: ming-soft / MCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-44868", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44868"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "ming-soft", "30d_avg": 11, "90d_avg": 4, "product": "MCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ffb78a74-cd85-4ffb-8147-54cae54c9044", "vulnerability": {"vulnId": "CVE-2022-3481", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ffb78a74-cd85-4ffb-8147-54cae54c9044", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-21T01:58:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-21T01:58:03+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WooCommerce Dropshipping plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-3481", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3481"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress WooCommerce Dropshipping plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0f5a3ec8-f987-47da-b342-3c6f261bbc62", "vulnerability": {"vulnId": "CVE-2021-41653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0f5a3ec8-f987-47da-b342-3c6f261bbc62", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:42:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:42:00+00:00"}, "scope": {"notes": "Affected: TP-Link / TP-Link TL-WR840N EU v5 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-41653", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41653"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "TP-Link", "30d_avg": 11, "90d_avg": 4, "product": "TP-Link TL-WR840N EU v5", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "302dab5f-3c00-45d5-9847-35432d22d841", "vulnerability": {"vulnId": "CVE-2024-45507", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "302dab5f-3c00-45d5-9847-35432d22d841", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T06:27:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:27+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-45507", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45507"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "OFBiz", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a7d6a9e4-2efe-4c30-8781-400be972a5ec", "vulnerability": {"vulnId": "CVE-2022-41412", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a7d6a9e4-2efe-4c30-8781-400be972a5ec", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2025-03-17T07:46:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-03-17T07:46:52+00:00"}, "scope": {"notes": "Affected: perfSONAR / perfSONAR | Class: network-monitoring | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-41412", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41412"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 0, "vendor": "perfSONAR", "30d_avg": 5, "90d_avg": 1, "product": "perfSONAR", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "3cb4c8a6-94b8-42f3-beaa-028790aa7528", "vulnerability": {"vulnId": "CVE-2023-3793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3cb4c8a6-94b8-42f3-beaa-028790aa7528", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-26T02:13:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-26T02:13:53+00:00"}, "scope": {"notes": "Affected: Weaver / Weaver E-cology | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-3793", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3793"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Weaver", "30d_avg": 1, "90d_avg": 0, "product": "Weaver E-cology", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3647bbf6-8417-4397-82ec-2fb4f5a06fc1", "vulnerability": {"vulnId": "CVE-2024-45388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3647bbf6-8417-4397-82ec-2fb4f5a06fc1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-12-05T03:40:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T03:40:39+00:00"}, "scope": {"notes": "Affected: SpectoLabs / HoverFly | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-45388", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45388"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "SpectoLabs", "30d_avg": 5, "90d_avg": 1, "product": "HoverFly", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2739e962-ea87-47ea-b64d-c27de78fc5b3", "vulnerability": {"vulnId": "CVE-2024-48766", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2739e962-ea87-47ea-b64d-c27de78fc5b3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-05-12T13:24:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-12T13:24:50+00:00"}, "scope": {"notes": "Affected: NetAlertX / NetAlertX | Class: network-monitoring | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-48766", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48766"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 1, "vendor": "NetAlertX", "30d_avg": 5, "90d_avg": 1, "product": "NetAlertX", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "1f3a9c79-f97a-45f7-af9e-e3a03569ba3a", "vulnerability": {"vulnId": "CVE-2024-36111", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1f3a9c79-f97a-45f7-af9e-e3a03569ba3a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2024-12-03T15:59:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-03T15:59:30+00:00"}, "scope": {"notes": "Affected: FIT2CLOUD / KubePi | Class: device-management-platform | Severity: Medium (CVSS 6.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-36111", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36111"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "FIT2CLOUD", "30d_avg": 5, "90d_avg": 2, "product": "KubePi", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "179d8cbb-ed4b-41f9-9a45-4a0f1e653683", "vulnerability": {"vulnId": "CVE-2021-39312", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "179d8cbb-ed4b-41f9-9a45-4a0f1e653683", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-06-03T17:16:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-03T17:16:36+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress The True Ranker plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-39312", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39312"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress The True Ranker plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "1f51ccc7-a294-4855-9cbb-98b2ec65c6e3", "vulnerability": {"vulnId": "CVE-2023-39026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1f51ccc7-a294-4855-9cbb-98b2ec65c6e3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-19T00:13:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T00:13:41+00:00"}, "scope": {"notes": "Affected: FileMage / FileMage Gateway | Class: file-transfer | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-39026", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39026"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 0, "vendor": "FileMage", "30d_avg": 5, "90d_avg": 1, "product": "FileMage Gateway", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d00008b4-3cad-4037-bafc-52d0b58e7585", "vulnerability": {"vulnId": "CVE-2025-0107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d00008b4-3cad-4037-bafc-52d0b58e7585", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 77}, "timestamps": {"asserted_at": "2026-01-15T19:26:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-15T19:26:03+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / Palo Alto Networks Expedition | Class: other-software | Severity: High (CVSS 7.7) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-0107", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0107"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Palo Alto Networks", "30d_avg": 5, "90d_avg": 2, "product": "Palo Alto Networks Expedition", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.7, "vulnerability_severity": "High"}}]}
{"uuid": "843f709a-8b02-44d3-be2a-3ed5ac99aba5", "vulnerability": {"vulnId": "CVE-2024-8856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "843f709a-8b02-44d3-be2a-3ed5ac99aba5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-21T10:21:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-21T10:21:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Backup and Staging by WP Time Capsule plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8856", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8856"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 9, "90d_avg": 3, "product": "Wordpress Backup and Staging by WP Time Capsule plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "01174b10-9983-486b-b6f7-9dae0ed99f78", "vulnerability": {"vulnId": "CVE-2023-5815", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "01174b10-9983-486b-b6f7-9dae0ed99f78", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-21T21:31:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-21T21:31:41+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress News & Blog Designer Pack plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5815", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5815"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 1, "90d_avg": 0, "product": "Wordpress News & Blog Designer Pack plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "47671e25-a80b-4030-bffb-108e9c9a8ec4", "vulnerability": {"vulnId": "CVE-2021-45092", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "47671e25-a80b-4030-bffb-108e9c9a8ec4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:51:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:51:59+00:00"}, "scope": {"notes": "Affected: Cybele Software / Thinfinity VirtualUI | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-45092", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45092"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Cybele Software", "30d_avg": 4, "90d_avg": 1, "product": "Thinfinity VirtualUI", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "74cdb574-4c8f-420e-853a-736173c3d039", "vulnerability": {"vulnId": "CVE-2024-8877", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "74cdb574-4c8f-420e-853a-736173c3d039", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-15T07:12:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-10-15T07:12:30+00:00"}, "scope": {"notes": "Affected: Riello UPS / Netman 2024 | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8877", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8877"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Riello UPS", "30d_avg": 5, "90d_avg": 1, "product": "Netman 2024", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2cd11be5-9f58-4029-adab-a8cbb5834710", "vulnerability": {"vulnId": "CVE-2021-28799", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2cd11be5-9f58-4029-adab-a8cbb5834710", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-14T00:17:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-14T00:17:44+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP NAS running HBS 3 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-28799", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28799"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "QNAP", "30d_avg": 5, "90d_avg": 2, "product": "QNAP NAS running HBS 3", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "bb1d9432-69ef-457d-9b5b-c7f981266bcb", "vulnerability": {"vulnId": "CVE-2019-13462", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bb1d9432-69ef-457d-9b5b-c7f981266bcb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2025-01-22T16:27:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-22T16:27:29+00:00"}, "scope": {"notes": "Affected: Lansweeper / Lansweeper | Class: device-management-platform | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-13462", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13462"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Lansweeper", "30d_avg": 5, "90d_avg": 1, "product": "Lansweeper", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "8291f022-16cd-41a2-a207-d4dd6e982a44", "vulnerability": {"vulnId": "CVE-2023-1177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8291f022-16cd-41a2-a207-d4dd6e982a44", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T19:47:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T19:47:04+00:00"}, "scope": {"notes": "Affected: MLflow / MLflow | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-1177", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1177"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "MLflow", "30d_avg": 21, "90d_avg": 7, "product": "MLflow", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8d65bad5-c28c-4c80-8b5b-9a90e428b13a", "vulnerability": {"vulnId": "CVE-2021-22017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8d65bad5-c28c-4c80-8b5b-9a90e428b13a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2026-04-21T12:54:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-21T12:54:50+00:00"}, "scope": {"notes": "Affected: VMware / vCenter Server | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22017", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22017"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "VMware", "30d_avg": 1, "90d_avg": 0, "product": "vCenter Server", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "165a3241-55bf-472e-a6a8-3c0d39737dcd", "vulnerability": {"vulnId": "CVE-2022-31656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "165a3241-55bf-472e-a6a8-3c0d39737dcd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:31+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:31+00:00"}, "scope": {"notes": "Affected: VMware / Workspace ONE Access, Identity Manager and vRealize Automation | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31656", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31656"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "VMware", "30d_avg": 5, "90d_avg": 1, "product": "Workspace ONE Access, Identity Manager and vRealize Automation", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2957d125-2673-4aae-9ef1-7ac089430eb0", "vulnerability": {"vulnId": "CVE-2023-26258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2957d125-2673-4aae-9ef1-7ac089430eb0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-19T06:22:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-19T06:22:58+00:00"}, "scope": {"notes": "Affected: Arcserve / Arcserve Unified Data Protection (UDP) | Class: backup | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26258", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26258"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "backup", "7d_avg": 1, "vendor": "Arcserve", "30d_avg": 11, "90d_avg": 4, "product": "Arcserve Unified Data Protection (UDP)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "362ad072-2944-4b59-9091-b9b4a12bb56c", "vulnerability": {"vulnId": "CVE-2026-1405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "362ad072-2944-4b59-9091-b9b4a12bb56c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-06T18:37:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-06T18:37:12+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Slider Future plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-1405", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1405"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Slider Future plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fcbf12dc-9ee2-4a67-a133-50786fa1e696", "vulnerability": {"vulnId": "CVE-2021-21402", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fcbf12dc-9ee2-4a67-a133-50786fa1e696", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-17T22:27:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-17T22:27:40+00:00"}, "scope": {"notes": "Affected: Jellyfin / Jellyfin | Class: other-software | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21402", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21402"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Jellyfin", "30d_avg": 1, "90d_avg": 0, "product": "Jellyfin", "cisa_kev": "no", "connections": 10, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "e8ee18e0-e94b-43a1-b1a5-d810997b2e7f", "vulnerability": {"vulnId": "CVE-2021-42013", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e8ee18e0-e94b-43a1-b1a5-d810997b2e7f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-07-19T09:11:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-07-19T09:11:20+00:00"}, "scope": {"notes": "Affected: Apache / Apache HTTP Server | Class: web-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1345", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-42013", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "212", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 217, "vendor": "Apache", "30d_avg": 252, "90d_avg": 249, "product": "Apache HTTP Server", "cisa_kev": "yes", "connections": 1345, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4acfa73f-b8ed-43a3-8890-33b359ab46e1", "vulnerability": {"vulnId": "CVE-2024-12847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4acfa73f-b8ed-43a3-8890-33b359ab46e1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-07T22:39:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-07T22:39:52+00:00"}, "scope": {"notes": "Affected: Netgear / Netgear DGN1000 | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 266", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-12847", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12847"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "256", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 280, "vendor": "Netgear", "30d_avg": 241, "90d_avg": 263, "product": "Netgear DGN1000", "cisa_kev": "no", "connections": 266, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "8e019067-9b5f-4ebc-88d7-0a9f05578c31", "vulnerability": {"vulnId": "CVE-2017-9841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8e019067-9b5f-4ebc-88d7-0a9f05578c31", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:00:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:00+00:00"}, "scope": {"notes": "Affected: PHPUnit - Sebastian Bergmann / PHPUnit | Class: other-software | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3057", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-9841", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9841"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "220", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 219, "vendor": "PHPUnit - Sebastian Bergmann", "30d_avg": 252, "90d_avg": 240, "product": "PHPUnit", "cisa_kev": "yes", "connections": 3057, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "f34a7434-f756-49f5-8280-5e653184d223", "vulnerability": {"vulnId": "CVE-2018-10562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f34a7434-f756-49f5-8280-5e653184d223", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:01:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:01:38+00:00"}, "scope": {"notes": "Affected: Dasan / Dasan GPON Home Router | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 308", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-10562", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10562"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "286", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 281, "vendor": "Dasan", "30d_avg": 638, "90d_avg": 431, "product": "Dasan GPON Home Router", "cisa_kev": "yes", "connections": 308, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "dac33fd4-e1c8-456d-8b0f-c3b0868d6f20", "vulnerability": {"vulnId": "CVE-2026-3055", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "dac33fd4-e1c8-456d-8b0f-c3b0868d6f20", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-31T14:47:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-31T14:47:50+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix NetScaler ADC and NetScaler Gateway | Class: app-delivery-controller | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 25", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-3055", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3055"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 11, "vendor": "Citrix", "30d_avg": 26, "90d_avg": 29, "product": "Citrix NetScaler ADC and NetScaler Gateway", "cisa_kev": "yes", "connections": 25, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "90688bba-7c2a-4822-9488-c5bc8e114543", "vulnerability": {"vulnId": "CVE-2022-29303", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "90688bba-7c2a-4822-9488-c5bc8e114543", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:29+00:00"}, "scope": {"notes": "Affected: CONTEC / SolarView Compact ver.6.00 | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29303", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29303"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "CONTEC", "30d_avg": 6, "90d_avg": 2, "product": "SolarView Compact ver.6.00", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "676be02c-5154-4815-afd5-46d9ec4427af", "vulnerability": {"vulnId": "EDB-41471", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "676be02c-5154-4815-afd5-46d9ec4427af", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:03:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:03:09+00:00"}, "scope": {"notes": "Affected: MVPower / MVPower DVR | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1402", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-41471", "url": "https://www.exploit-db.com/exploits/41471"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "168", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 157, "vendor": "MVPower", "30d_avg": 465, "90d_avg": 292, "product": "MVPower DVR", "cisa_kev": "no", "connections": 1402, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "44c7009b-7fc1-42ae-829e-cb42f9dcea85", "vulnerability": {"vulnId": "CVE-2018-2894", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "44c7009b-7fc1-42ae-829e-cb42f9dcea85", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:17+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Weblogic Server | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-2894", "url": "https://www.cve.org/CVERecord?id=CVE-2018-2894"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 3, "vendor": "Oracle", "30d_avg": 9, "90d_avg": 3, "product": "Oracle Weblogic Server", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7a9dade9-fe64-49fd-b8a4-90ff4d7cf845", "vulnerability": {"vulnId": "CVE-2023-38646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7a9dade9-fe64-49fd-b8a4-90ff4d7cf845", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-13T16:00:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:19+00:00"}, "scope": {"notes": "Affected: Metabase / Metabase | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 676", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-38646", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38646"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "147", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 146, "vendor": "Metabase", "30d_avg": 143, "90d_avg": 129, "product": "Metabase", "cisa_kev": "no", "connections": 676, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "b9b0b367-d52c-4186-96d5-512eb25e3f8d", "vulnerability": {"vulnId": "CVE-2024-0012", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b9b0b367-d52c-4186-96d5-512eb25e3f8d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-11-19T11:11:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-11-19T11:11:53+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / PAN-OS | Class: firewall | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 53", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0012", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0012"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 7, "vendor": "Palo Alto Networks", "30d_avg": 15, "90d_avg": 7, "product": "PAN-OS", "cisa_kev": "yes", "connections": 53, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "f1be6bb7-4084-43e9-9e0b-6ab89344f370", "vulnerability": {"vulnId": "CVE-2025-58360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f1be6bb7-4084-43e9-9e0b-6ab89344f370", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-12-16T18:10:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-16T18:10:01+00:00"}, "scope": {"notes": "Affected: Geoserver / Geoserver | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 5608", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-58360", "url": "https://www.cve.org/CVERecord?id=CVE-2025-58360"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "12", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 6, "vendor": "Geoserver", "30d_avg": 4, "90d_avg": 5, "product": "Geoserver", "cisa_kev": "yes", "connections": 5608, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0dae763d-7200-43dd-a014-07ac693cd6ec", "vulnerability": {"vulnId": "CVE-2025-34036", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0dae763d-7200-43dd-a014-07ac693cd6ec", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-07T23:26:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-07T23:26:50+00:00"}, "scope": {"notes": "Affected: Shenzhen TVT / CCTV-DVR (rebranded by multiple vendors) | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 124", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34036", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34036"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "122", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 141, "vendor": "Shenzhen TVT", "30d_avg": 124, "90d_avg": 135, "product": "CCTV-DVR (rebranded by multiple vendors)", "cisa_kev": "no", "connections": 124, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "25a2dc4d-e899-4445-beef-c09221a27e58", "vulnerability": {"vulnId": "CVE-2023-2806", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "25a2dc4d-e899-4445-beef-c09221a27e58", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-04-09T15:11:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-09T15:11:01+00:00"}, "scope": {"notes": "Affected: Weaver / Weaver e-cology | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-2806", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2806"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Weaver", "30d_avg": 0, "90d_avg": 0, "product": "Weaver e-cology", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "b71029f6-2282-48c1-9507-9c20578b7b9d", "vulnerability": {"vulnId": "CVE-2025-34043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b71029f6-2282-48c1-9507-9c20578b7b9d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-07T22:44:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-07T22:44:11+00:00"}, "scope": {"notes": "Affected: Vacron / Network Video Recorder (NVR) | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 87", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34043", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34043"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "87", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 81, "vendor": "Vacron", "30d_avg": 80, "90d_avg": 87, "product": "Network Video Recorder (NVR)", "cisa_kev": "no", "connections": 87, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "f2157018-e462-4254-a87c-6a9828ccec09", "vulnerability": {"vulnId": "CVE-2025-0108", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f2157018-e462-4254-a87c-6a9828ccec09", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-02-13T21:18:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-13T21:18:14+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / PAN-OS | Class: firewall | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 53", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-0108", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0108"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 13, "vendor": "Palo Alto Networks", "30d_avg": 16, "90d_avg": 12, "product": "PAN-OS", "cisa_kev": "yes", "connections": 53, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "d91d0e73-e8b3-4711-9caf-125c36ef1e02", "vulnerability": {"vulnId": "CVE-2021-22986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d91d0e73-e8b3-4711-9caf-125c36ef1e02", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:50+00:00"}, "scope": {"notes": "Affected: F5 / BIG-IP | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22986", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22986"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 8, "vendor": "F5", "30d_avg": 25, "90d_avg": 11, "product": "BIG-IP", "cisa_kev": "yes", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b0d43b83-922a-46e1-a627-904d3a7786df", "vulnerability": {"vulnId": "CVE-2025-5777", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b0d43b83-922a-46e1-a627-904d3a7786df", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-07-02T10:06:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-02T10:06:43+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix NetScaler | Class: app-delivery-controller | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 4124", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-5777", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "75", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 78, "vendor": "Citrix", "30d_avg": 74, "90d_avg": 72, "product": "Citrix NetScaler", "cisa_kev": "yes", "connections": 4124, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "94e54bd6-b757-4335-9259-77f1e355dd01", "vulnerability": {"vulnId": "CVE-2018-13379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "94e54bd6-b757-4335-9259-77f1e355dd01", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:00:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:00+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiOS | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 40058", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-13379", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13379"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "37", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 26, "vendor": "Fortinet", "30d_avg": 58, "90d_avg": 32, "product": "FortiOS", "cisa_kev": "yes", "connections": 40058, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e97f5e75-c3aa-47b6-91e2-856c61b05959", "vulnerability": {"vulnId": "CVE-2018-11759", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e97f5e75-c3aa-47b6-91e2-856c61b05959", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-12-19T00:01:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-19T00:01:07+00:00"}, "scope": {"notes": "Affected: Apache / libapache-mod-jk | Class: web-server | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 64", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-11759", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11759"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "6", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 2, "vendor": "Apache", "30d_avg": 11, "90d_avg": 4, "product": "libapache-mod-jk", "cisa_kev": "no", "connections": 64, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2861ce75-1375-4257-8e72-9953acfaed9b", "vulnerability": {"vulnId": "CVE-2025-34037", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2861ce75-1375-4257-8e72-9953acfaed9b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-09T08:18:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-09T08:18:11+00:00"}, "scope": {"notes": "Affected: Linksys / Linksys E-Series | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 113", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34037", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34037"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "10", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 9, "vendor": "Linksys", "30d_avg": 10, "90d_avg": 3, "product": "Linksys E-Series", "cisa_kev": "no", "connections": 113, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "c1675f51-52c0-4968-9037-ff8de81abe57", "vulnerability": {"vulnId": "CVE-2025-2825", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c1675f51-52c0-4968-9037-ff8de81abe57", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-30T01:07:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-03-30T01:07:37+00:00"}, "scope": {"notes": "Affected: CrushFTP / CrushFTP | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 22758", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-2825", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2825"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "13", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 5, "vendor": "CrushFTP", "30d_avg": 12, "90d_avg": 9, "product": "CrushFTP", "cisa_kev": "no", "connections": 22758, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "20692b3b-b594-4663-8b5e-6cc27bc9c4da", "vulnerability": {"vulnId": "CVE-2023-47246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "20692b3b-b594-4663-8b5e-6cc27bc9c4da", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-01T07:54:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-01T07:54:55+00:00"}, "scope": {"notes": "Affected: SysAid / SysAid On-Premise | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-47246", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47246"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "SysAid", "30d_avg": 11, "90d_avg": 4, "product": "SysAid On-Premise", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "78cd51b4-3240-496b-aef9-0d629b53becd", "vulnerability": {"vulnId": "CVE-2025-64446", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "78cd51b4-3240-496b-aef9-0d629b53becd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-15T00:44:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-15T00:44:04+00:00"}, "scope": {"notes": "Affected: Fortinet / Fortinet FortiWeb | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-64446", "url": "https://www.cve.org/CVERecord?id=CVE-2025-64446"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Fortinet", "30d_avg": 4, "90d_avg": 1, "product": "Fortinet FortiWeb", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "87b6d652-1406-4c45-af2a-12da39db2c63", "vulnerability": {"vulnId": "CVE-2025-34039", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "87b6d652-1406-4c45-af2a-12da39db2c63", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T11:00:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-08T11:00:16+00:00"}, "scope": {"notes": "Affected: Yonyou / NC BeanShell | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34039", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34039"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Yonyou", "30d_avg": 2, "90d_avg": 1, "product": "NC BeanShell", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "cc9aebe0-1a42-4f95-bdc4-dbd559789f29", "vulnerability": {"vulnId": "CVE-2022-24990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cc9aebe0-1a42-4f95-bdc4-dbd559789f29", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Terramaster / TOS | Class: nas | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 52", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-24990", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24990"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 3, "vendor": "Terramaster", "30d_avg": 7, "90d_avg": 2, "product": "TOS", "cisa_kev": "yes", "connections": 52, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "0786cf9f-54bd-4b9d-aeb0-818837e1cb99", "vulnerability": {"vulnId": "CVE-2019-11510", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0786cf9f-54bd-4b9d-aeb0-818837e1cb99", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T14:56:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:01+00:00"}, "scope": {"notes": "Affected: Pulse Secure / Pulse Secure VPN | Class: vpn | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-11510", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11510"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 6, "vendor": "Pulse Secure", "30d_avg": 9, "90d_avg": 7, "product": "Pulse Secure VPN", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "84dc98b8-8836-4a01-889c-bd5fb4897f57", "vulnerability": {"vulnId": "CVE-2024-29059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "84dc98b8-8836-4a01-889c-bd5fb4897f57", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-04-27T04:54:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-27T04:54:55+00:00"}, "scope": {"notes": "Affected: Microsoft / .NET Framework | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-29059", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29059"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 22, "vendor": "Microsoft", "30d_avg": 13, "90d_avg": 7, "product": ".NET Framework", "cisa_kev": "yes", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "94e3d9bc-90ce-4d7c-8899-e4c9fb28ac86", "vulnerability": {"vulnId": "CVE-2020-15505", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "94e3d9bc-90ce-4d7c-8899-e4c9fb28ac86", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:51:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T15:51:12+00:00"}, "scope": {"notes": "Affected: MobileIron / MobileIron Mobile Device Management (MDM) | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-15505", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15505"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 4, "vendor": "MobileIron", "30d_avg": 8, "90d_avg": 9, "product": "MobileIron Mobile Device Management (MDM)", "cisa_kev": "yes", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "bc0969d3-bacf-42a1-a424-05120274bf6c", "vulnerability": {"vulnId": "CVE-2021-39226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bc0969d3-bacf-42a1-a424-05120274bf6c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2023-10-14T14:57:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:13+00:00"}, "scope": {"notes": "Affected: Grafana / Grafana | Class: other-software | Severity: High (CVSS 7.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-39226", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39226"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Grafana", "30d_avg": 5, "90d_avg": 1, "product": "Grafana", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}]}
{"uuid": "0dd3c057-a9bb-4634-bcde-529baa6f6c47", "vulnerability": {"vulnId": "CVE-2019-11580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0dd3c057-a9bb-4634-bcde-529baa6f6c47", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-08T06:47:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-08T06:47:28+00:00"}, "scope": {"notes": "Affected: Atlassian / Crowd/Crowd Data Center | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-11580", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11580"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 2, "vendor": "Atlassian", "30d_avg": 12, "90d_avg": 4, "product": "Crowd/Crowd Data Center", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ff83b6cf-b169-4e72-b0f9-01615c866c06", "vulnerability": {"vulnId": "CVE-2016-1555", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ff83b6cf-b169-4e72-b0f9-01615c866c06", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:14:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:14:43+00:00"}, "scope": {"notes": "Affected: NETGEAR / WN604, WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 56", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-1555", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1555"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 22, "vendor": "NETGEAR", "30d_avg": 10, "90d_avg": 4, "product": "WN604, WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660", "cisa_kev": "yes", "connections": 56, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "bc73e5ab-cb71-4321-bc69-06c1c11ab97d", "vulnerability": {"vulnId": "CVE-2021-39144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bc73e5ab-cb71-4321-bc69-06c1c11ab97d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 85}, "timestamps": {"asserted_at": "2023-10-23T22:59:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T22:59:24+00:00"}, "scope": {"notes": "Affected: VMware / VMware NSX Manager XStream | Class: device-management-platform | Severity: High (CVSS 8.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-39144", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39144"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "VMware", "30d_avg": 1, "90d_avg": 0, "product": "VMware NSX Manager XStream", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.5, "vulnerability_severity": "High"}}]}
{"uuid": "8cd1370a-970c-4479-b093-35221bf037b7", "vulnerability": {"vulnId": "CVE-2024-1709", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8cd1370a-970c-4479-b093-35221bf037b7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-21T21:28:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-21T21:28:13+00:00"}, "scope": {"notes": "Affected: ConnectWise / ScreenConnect | Class: remote-access | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3263", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-1709", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1709"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "remote-access", "7d_avg": 6, "vendor": "ConnectWise", "30d_avg": 7, "90d_avg": 4, "product": "ScreenConnect", "cisa_kev": "yes", "connections": 3263, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "669649a0-79c4-442f-a7ce-7f49819ee9db", "vulnerability": {"vulnId": "CVE-2021-36380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "669649a0-79c4-442f-a7ce-7f49819ee9db", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:31:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:31:22+00:00"}, "scope": {"notes": "Affected: Sunhillo / Sureline | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-36380", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36380"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 4, "vendor": "Sunhillo", "30d_avg": 6, "90d_avg": 2, "product": "Sureline", "cisa_kev": "yes", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2d1e1391-23f4-4da8-86ad-ae0bd163cb35", "vulnerability": {"vulnId": "CVE-2018-6530", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2d1e1391-23f4-4da8-86ad-ae0bd163cb35", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-24T07:01:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-24T07:01:19+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link multiple routers | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 57", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-6530", "url": "https://www.cve.org/CVERecord?id=CVE-2018-6530"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 5, "vendor": "D-Link", "30d_avg": 7, "90d_avg": 3, "product": "D-Link multiple routers", "cisa_kev": "yes", "connections": 57, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6eb15c8b-a6d1-41ef-a883-97520beef30c", "vulnerability": {"vulnId": "CVE-2020-10173", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6eb15c8b-a6d1-41ef-a883-97520beef30c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-03-13T07:41:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-13T07:41:50+00:00"}, "scope": {"notes": "Affected: Comtrend / Comtrend VR-3033 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10173", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10173"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 4, "vendor": "Comtrend", "30d_avg": 5, "90d_avg": 108, "product": "Comtrend VR-3033", "cisa_kev": "no", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "57b93934-558a-431a-8682-69cd6815ecc4", "vulnerability": {"vulnId": "CVE-2020-9054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "57b93934-558a-431a-8682-69cd6815ecc4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:43+00:00"}, "scope": {"notes": "Affected: ZyXEL / ZyXEL NAS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 51", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-9054", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9054"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 3, "vendor": "ZyXEL", "30d_avg": 6, "90d_avg": 2, "product": "ZyXEL NAS", "cisa_kev": "yes", "connections": 51, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "830d0342-b044-4e8f-9ca0-55ee097201fe", "vulnerability": {"vulnId": "CVE-2021-40438", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "830d0342-b044-4e8f-9ca0-55ee097201fe", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 90}, "timestamps": {"asserted_at": "2023-10-14T17:31:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:31:29+00:00"}, "scope": {"notes": "Affected: Apache / Apache HTTP Server | Class: web-server | Severity: Critical (CVSS 9) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 203", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-40438", "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 1, "vendor": "Apache", "30d_avg": 5, "90d_avg": 3, "product": "Apache HTTP Server", "cisa_kev": "yes", "connections": 203, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9, "vulnerability_severity": "Critical"}}]}
{"uuid": "fc5e6282-829c-4b57-8f41-bf97e1ffc8dc", "vulnerability": {"vulnId": "CVE-2020-25506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fc5e6282-829c-4b57-8f41-bf97e1ffc8dc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T17:47:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T17:47:42+00:00"}, "scope": {"notes": "Affected: D-Link / DNS-320 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 54", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-25506", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25506"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 4, "vendor": "D-Link", "30d_avg": 12, "90d_avg": 4, "product": "DNS-320", "cisa_kev": "yes", "connections": 54, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e43f37da-c2c3-4eb9-b07a-9ef083568a52", "vulnerability": {"vulnId": "CVE-2023-4966", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e43f37da-c2c3-4eb9-b07a-9ef083568a52", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-25T05:38:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-25T05:38:24+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ADC and Citrix Gateway | Class: app-delivery-controller | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4966", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4966"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "7", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 7, "vendor": "Citrix", "30d_avg": 9, "90d_avg": 18, "product": "Citrix ADC and Citrix Gateway", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2d2ad358-fced-405b-b568-e943547869a7", "vulnerability": {"vulnId": "CVE-2025-34057", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2d2ad358-fced-405b-b568-e943547869a7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-10T07:08:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-10T07:08:23+00:00"}, "scope": {"notes": "Affected: Ruijie Networks / Ruijie NBR routers | Class: router | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34057", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34057"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Ruijie Networks", "30d_avg": 2, "90d_avg": 1, "product": "Ruijie NBR routers", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "f5bf0d3c-3b59-4618-bf56-67bc603364af", "vulnerability": {"vulnId": "CVE-2020-11738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f5bf0d3c-3b59-4618-bf56-67bc603364af", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:17+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Duplicator plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 53", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11738", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11738"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 12, "90d_avg": 4, "product": "Wordpress Duplicator plugin", "cisa_kev": "yes", "connections": 53, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d86d5c14-e8e4-4e7a-9d23-3ed1893d7ce5", "vulnerability": {"vulnId": "CVE-2021-34473", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d86d5c14-e8e4-4e7a-9d23-3ed1893d7ce5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:24:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:24:52+00:00"}, "scope": {"notes": "Affected: Microsoft / Exchange | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 273", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-34473", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34473"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "6", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 2, "vendor": "Microsoft", "30d_avg": 11, "90d_avg": 4, "product": "Exchange", "cisa_kev": "yes", "connections": 273, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "bcc9faff-a152-483a-a04d-6f6ae36d2ee5", "vulnerability": {"vulnId": "CVE-2020-36870", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bcc9faff-a152-483a-a04d-6f6ae36d2ee5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T10:56:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-08T10:56:29+00:00"}, "scope": {"notes": "Affected: Ruijie Networks / NBR | Class: router | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-36870", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36870"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Ruijie Networks", "30d_avg": 2, "90d_avg": 1, "product": "NBR", "cisa_kev": "no", "connections": 11, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "cd52844f-e3ab-4128-a607-71ff10f73d1a", "vulnerability": {"vulnId": "CVE-2018-3760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cd52844f-e3ab-4128-a607-71ff10f73d1a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:00+00:00"}, "scope": {"notes": "Affected: Ruby on Rails / Sprockets | Class: web-app-framework | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-3760", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3760"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 3, "vendor": "Ruby on Rails", "30d_avg": 11, "90d_avg": 4, "product": "Sprockets", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b72de948-72ff-43dd-acbd-f45cffd57f72", "vulnerability": {"vulnId": "CVE-2021-26084", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b72de948-72ff-43dd-acbd-f45cffd57f72", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T16:40:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T16:40:42+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 105", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-26084", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26084"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 5, "vendor": "Atlassian", "30d_avg": 8, "90d_avg": 10, "product": "Confluence", "cisa_kev": "yes", "connections": 105, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6523e6fc-4a9f-4e30-9f7e-9e6dea316df4", "vulnerability": {"vulnId": "CVE-2019-17506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6523e6fc-4a9f-4e30-9f7e-9e6dea316df4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:07+00:00"}, "scope": {"notes": "Affected: D-Link / DIR-868L/DIR-817LW | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-17506", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17506"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 3, "vendor": "D-Link", "30d_avg": 11, "90d_avg": 4, "product": "DIR-868L/DIR-817LW", "cisa_kev": "no", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "25b7f7fb-3d95-4003-af4e-44ae77a382c7", "vulnerability": {"vulnId": "CVE-2025-34041", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "25b7f7fb-3d95-4003-af4e-44ae77a382c7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T08:38:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-21T08:38:28+00:00"}, "scope": {"notes": "Affected: Sangfor / Sangfor EDR | Class: security-management-platform | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34041", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34041"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Sangfor", "30d_avg": 1, "90d_avg": 0, "product": "Sangfor EDR", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "a9dad99f-8400-4777-a88e-30c5b209ca5a", "vulnerability": {"vulnId": "CVE-2019-16278", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a9dad99f-8400-4777-a88e-30c5b209ca5a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:05+00:00"}, "scope": {"notes": "Affected: nostromo / nhttpd | Class: web-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-16278", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16278"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 3, "vendor": "nostromo", "30d_avg": 5, "90d_avg": 2, "product": "nhttpd", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1dc01734-0d06-4010-a8f2-54fabdde49fc", "vulnerability": {"vulnId": "CVE-2021-26086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1dc01734-0d06-4010-a8f2-54fabdde49fc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-26T23:27:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-26T23:27:19+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 16", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-26086", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26086"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Atlassian", "30d_avg": 0, "90d_avg": 0, "product": "JIRA", "cisa_kev": "yes", "connections": 16, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "936de7fb-786a-4ee9-8455-399d55d57727", "vulnerability": {"vulnId": "CVE-2020-7209", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "936de7fb-786a-4ee9-8455-399d55d57727", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:39+00:00"}, "scope": {"notes": "Affected: HPE / LinuxKI | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 53", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-7209", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7209"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "HPE", "30d_avg": 6, "90d_avg": 2, "product": "LinuxKI", "cisa_kev": "no", "connections": 53, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "40e4dce5-1628-4a47-9335-8890ddf3af58", "vulnerability": {"vulnId": "CVE-2025-34047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "40e4dce5-1628-4a47-9335-8890ddf3af58", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T10:50:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-08T10:50:51+00:00"}, "scope": {"notes": "Affected: Beijing NetGuard Nebula Information Technology / Leadsec VPN | Class: vpn | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34047", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34047"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 1, "vendor": "Beijing NetGuard Nebula Information Technology", "30d_avg": 2, "90d_avg": 1, "product": "Leadsec VPN", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "7349296f-1932-4503-8ec3-d6daaf5754f5", "vulnerability": {"vulnId": "CVE-2021-43287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7349296f-1932-4503-8ec3-d6daaf5754f5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-17T22:27:33+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-17T22:27:33+00:00"}, "scope": {"notes": "Affected: ThoughtWorks / GoCD | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-43287", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43287"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "ThoughtWorks", "30d_avg": 0, "90d_avg": 0, "product": "GoCD", "cisa_kev": "no", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2a749af2-36d1-481b-b869-c4a283227498", "vulnerability": {"vulnId": "CVE-2023-3606", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2a749af2-36d1-481b-b869-c4a283227498", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T16:59:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-21T16:59:51+00:00"}, "scope": {"notes": "Affected: TamronOS / TamronOS IPTV/VOD | Class: other-software | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 13", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-3606", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3606"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "TamronOS", "30d_avg": 1, "90d_avg": 0, "product": "TamronOS IPTV/VOD", "cisa_kev": "no", "connections": 13, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "d0454ca4-3d7e-4a2a-8c3f-8e013c219aa8", "vulnerability": {"vulnId": "CVE-2020-17519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d0454ca4-3d7e-4a2a-8c3f-8e013c219aa8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:49+00:00"}, "scope": {"notes": "Affected: Apache / Flink | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-17519", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17519"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Apache", "30d_avg": 15, "90d_avg": 5, "product": "Flink", "cisa_kev": "yes", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d919150c-865b-47db-a88f-d10870cc1a53", "vulnerability": {"vulnId": "CVE-2022-4447", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d919150c-865b-47db-a88f-d10870cc1a53", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:40+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Fontsy plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4447"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Fontsy plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1d109610-a948-4996-bf33-03e3c443f35e", "vulnerability": {"vulnId": "CVE-2020-10199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1d109610-a948-4996-bf33-03e3c443f35e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-18T18:19:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:19:27+00:00"}, "scope": {"notes": "Affected: Sonatype / Nexus Repository Manager | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10199", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10199"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Sonatype", "30d_avg": 0, "90d_avg": 0, "product": "Nexus Repository Manager", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "9c750b23-8ed0-4cf1-a337-81cd2d622025", "vulnerability": {"vulnId": "CVE-2019-3396", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9c750b23-8ed0-4cf1-a337-81cd2d622025", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T21:01:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T21:01:48+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-3396", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3396"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Atlassian", "30d_avg": 7, "90d_avg": 10, "product": "Confluence", "cisa_kev": "yes", "connections": 10, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "63208b3e-4c9a-4766-95af-d63b0ba279e4", "vulnerability": {"vulnId": "CVE-2024-27198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "63208b3e-4c9a-4766-95af-d63b0ba279e4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-03-05T10:57:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-05T10:57:53+00:00"}, "scope": {"notes": "Affected: JetBrains / TeamCity | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27198", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27198"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "JetBrains", "30d_avg": 6, "90d_avg": 16, "product": "TeamCity", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "4ac66d19-00e7-487f-81f1-ce6f7b2cc53d", "vulnerability": {"vulnId": "CVE-2021-22214", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4ac66d19-00e7-487f-81f1-ce6f7b2cc53d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2023-10-24T10:23:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-24T10:23:48+00:00"}, "scope": {"notes": "Affected: GitLab / GitLab CE/EE | Class: other-software | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22214", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22214"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "GitLab", "30d_avg": 0, "90d_avg": 0, "product": "GitLab CE/EE", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "ac2e1f78-4210-4656-8b08-d376f87cce99", "vulnerability": {"vulnId": "CVE-2023-28771", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ac2e1f78-4210-4656-8b08-d376f87cce99", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:00:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:48+00:00"}, "scope": {"notes": "Affected: Zyxel | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 69", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-28771", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28771"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "ikev2-scan", "class": null, "7d_avg": 0, "vendor": "Zyxel", "30d_avg": 0, "90d_avg": 0, "product": "", "cisa_kev": "yes", "connections": 69, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ccd88ef7-f42b-4586-b4f5-fe64d1965101", "vulnerability": {"vulnId": "CVE-2025-34046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ccd88ef7-f42b-4586-b4f5-fe64d1965101", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T10:56:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-08T10:56:58+00:00"}, "scope": {"notes": "Affected: Shanghai Fanwei Network Technology / Panwei e-office | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34046", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34046"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Shanghai Fanwei Network Technology", "30d_avg": 2, "90d_avg": 1, "product": "Panwei e-office", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "e16f47e7-69f2-4301-b0fd-6cdab9f74bf2", "vulnerability": {"vulnId": "CVE-2018-7700", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e16f47e7-69f2-4301-b0fd-6cdab9f74bf2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-18T18:15:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:15:06+00:00"}, "scope": {"notes": "Affected: DedeCMS / DedeCMS | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-7700", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7700"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "DedeCMS", "30d_avg": 0, "90d_avg": 0, "product": "DedeCMS", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "244b057c-124a-41ab-85d2-dc0f8245ab90", "vulnerability": {"vulnId": "CVE-2023-41265", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "244b057c-124a-41ab-85d2-dc0f8245ab90", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-28T18:07:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-28T18:07:43+00:00"}, "scope": {"notes": "Affected: Qlik / Qlik Sense | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-41265", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41265"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Qlik", "30d_avg": 5, "90d_avg": 16, "product": "Qlik Sense", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "27d480f0-5e90-461a-bb7e-f4898993277c", "vulnerability": {"vulnId": "CVE-2018-17532", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "27d480f0-5e90-461a-bb7e-f4898993277c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-02T12:15:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-02T12:15:40+00:00"}, "scope": {"notes": "Affected: Teltonika / Teltonika RUT9XX series | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-17532", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17532"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Teltonika", "30d_avg": 0, "90d_avg": 0, "product": "Teltonika RUT9XX series", "cisa_kev": "no", "connections": 12, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6d609d13-c3b3-4bbc-a946-e398039ed020", "vulnerability": {"vulnId": "CVE-2024-23897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6d609d13-c3b3-4bbc-a946-e398039ed020", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-30T06:06:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-30T06:06:30+00:00"}, "scope": {"notes": "Affected: Jenkins / Jenkins | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 102", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-23897", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23897"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "11", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 8, "vendor": "Jenkins", "30d_avg": 3, "90d_avg": 1, "product": "Jenkins", "cisa_kev": "yes", "connections": 102, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "071d6b9f-196f-4b43-a905-81b99f6b728d", "vulnerability": {"vulnId": "CVE-2019-16662", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "071d6b9f-196f-4b43-a905-81b99f6b728d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:05+00:00"}, "scope": {"notes": "Affected: rConfig / rConfig | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 13", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-16662", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16662"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "rConfig", "30d_avg": 5, "90d_avg": 2, "product": "rConfig", "cisa_kev": "no", "connections": 13, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ee26f14d-3c13-46e5-873c-bc652ef4176f", "vulnerability": {"vulnId": "EDB-43143", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ee26f14d-3c13-46e5-873c-bc652ef4176f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T19:00:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T19:00:45+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link 850L | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-43143", "url": "https://www.exploit-db.com/exploits/43143"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link 850L", "cisa_kev": "no", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "0153d0e8-ec5b-474e-a48b-2ad59c7f387f", "vulnerability": {"vulnId": "CVE-2020-21650", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0153d0e8-ec5b-474e-a48b-2ad59c7f387f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T22:21:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T22:21:49+00:00"}, "scope": {"notes": "Affected: Myucms / Myucms | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-21650", "url": "https://www.cve.org/CVERecord?id=CVE-2020-21650"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Myucms", "30d_avg": 1, "90d_avg": 0, "product": "Myucms", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "4fb0ce02-84f6-41df-8ebc-71bc6de2a906", "vulnerability": {"vulnId": "EDB-50637", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4fb0ce02-84f6-41df-8ebc-71bc6de2a906", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:57:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:27+00:00"}, "scope": {"notes": "Affected: OpenSIS / Student Information System v8 | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-50637", "url": "https://www.exploit-db.com/exploits/50637"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 14, "vendor": "OpenSIS", "30d_avg": 9, "90d_avg": 3, "product": "Student Information System v8", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "f62ef4b7-0a18-480b-9ef3-28e92ddd591b", "vulnerability": {"vulnId": "CVE-2023-27159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f62ef4b7-0a18-480b-9ef3-28e92ddd591b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:46+00:00"}, "scope": {"notes": "Affected: Appwrite / Appwrite | Class: web-app-framework | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27159", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27159"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "Appwrite", "30d_avg": 5, "90d_avg": 1, "product": "Appwrite", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "e8d91e0a-d109-464e-91d4-edc39fdcad48", "vulnerability": {"vulnId": "CVE-2021-25646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e8d91e0a-d109-464e-91d4-edc39fdcad48", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:53+00:00"}, "scope": {"notes": "Affected: Apache / Druid | Class: database | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 13", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-25646", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25646"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 3, "vendor": "Apache", "30d_avg": 11, "90d_avg": 4, "product": "Druid", "cisa_kev": "no", "connections": 13, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "df59f21d-666c-4ae0-ae18-89ebfde83735", "vulnerability": {"vulnId": "CVE-2023-43177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "df59f21d-666c-4ae0-ae18-89ebfde83735", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-01T04:09:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-01T04:09:23+00:00"}, "scope": {"notes": "Affected: CrushFTP / CrushFTP | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-43177", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43177"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 0, "vendor": "CrushFTP", "30d_avg": 0, "90d_avg": 0, "product": "CrushFTP", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d9a792c7-dff7-4808-a394-c93dc049537f", "vulnerability": {"vulnId": "CVE-2018-14558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d9a792c7-dff7-4808-a394-c93dc049537f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-28T08:28:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-28T08:28:44+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda AC7/AC9/AC10 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 50", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-14558", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14558"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Tenda", "30d_avg": 1, "90d_avg": 1, "product": "Tenda AC7/AC9/AC10", "cisa_kev": "yes", "connections": 50, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "cfbbc90b-9586-47a0-9979-2cb167e3f044", "vulnerability": {"vulnId": "CVE-2021-26295", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cfbbc90b-9586-47a0-9979-2cb167e3f044", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:54+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-26295", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26295"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Apache", "30d_avg": 14, "90d_avg": 5, "product": "OFBiz", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d72e98cc-9fe2-4ae1-bc77-e1f38307f3ab", "vulnerability": {"vulnId": "CVE-2026-21891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d72e98cc-9fe2-4ae1-bc77-e1f38307f3ab", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-07T00:11:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-07T00:11:18+00:00"}, "scope": {"notes": "Affected: IceWhaleTech / ZimaOS | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-21891", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21891"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 1, "vendor": "IceWhaleTech", "30d_avg": 4, "90d_avg": 2, "product": "ZimaOS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "341e3a45-eed5-4124-be91-366680770732", "vulnerability": {"vulnId": "CVE-2024-36991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "341e3a45-eed5-4124-be91-366680770732", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-11-03T07:55:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-11-03T07:55:59+00:00"}, "scope": {"notes": "Affected: Splunk / Splunk Enterprise on Windows | Class: database | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-36991", "url": "https://www.cve.org/CVERecord?id=CVE-2024-36991"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 0, "vendor": "Splunk", "30d_avg": 0, "90d_avg": 0, "product": "Splunk Enterprise on Windows", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c69e7a25-272e-4b81-9973-3907aa4b7755", "vulnerability": {"vulnId": "CVE-2021-29442", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c69e7a25-272e-4b81-9973-3907aa4b7755", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:56+00:00"}, "scope": {"notes": "Affected: Nacos / Nacos | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-29442", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29442"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Nacos", "30d_avg": 24, "90d_avg": 9, "product": "Nacos", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "f0de8c97-3ae0-471e-af51-f05d476ae250", "vulnerability": {"vulnId": "CVE-2025-34045", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f0de8c97-3ae0-471e-af51-f05d476ae250", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-18T08:20:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-18T08:20:47+00:00"}, "scope": {"notes": "Affected: WeiPHP / WeiPHP | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34045", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34045"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "WeiPHP", "30d_avg": 11, "90d_avg": 4, "product": "WeiPHP", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "758b95bf-6504-4e2f-a209-5ed69660a438", "vulnerability": {"vulnId": "CVE-2022-22947", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "758b95bf-6504-4e2f-a209-5ed69660a438", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-20T16:58:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-20T16:58:23+00:00"}, "scope": {"notes": "Affected: Spring / Spring Cloud Gateway | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22947", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22947"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "Spring", "30d_avg": 0, "90d_avg": 0, "product": "Spring Cloud Gateway", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3ae0b386-41bd-42d4-aa24-74cb1dfc920b", "vulnerability": {"vulnId": "CVE-2017-1000028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3ae0b386-41bd-42d4-aa24-74cb1dfc920b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-18T18:16:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:16:21+00:00"}, "scope": {"notes": "Affected: Oracle / GlassFish | Class: app-server | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-1000028", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000028"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "GlassFish", "cisa_kev": "no", "connections": 4, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5b4583d7-a0e3-48d8-ad23-d689dabae609", "vulnerability": {"vulnId": "CVE-2020-27986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5b4583d7-a0e3-48d8-ad23-d689dabae609", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:38+00:00"}, "scope": {"notes": "Affected: SonarQube / SonarQube | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-27986", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27986"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "SonarQube", "30d_avg": 5, "90d_avg": 3, "product": "SonarQube", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "efe7f820-59e1-4429-8018-9bf034c0bc35", "vulnerability": {"vulnId": "CVE-2023-46805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "efe7f820-59e1-4429-8018-9bf034c0bc35", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 31}, "timestamps": {"asserted_at": "2024-01-18T00:33:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-18T00:33:51+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti Secure Connect and Policy Secure | Class: vpn | Severity: Low (CVSS 3.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 14", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-46805", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46805"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 14, "vendor": "Ivanti", "30d_avg": 9, "90d_avg": 4, "product": "Ivanti Secure Connect and Policy Secure", "cisa_kev": "yes", "connections": 14, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 3.1, "vulnerability_severity": "Low"}}]}
{"uuid": "cc070f3d-3de2-46eb-9c2c-d12c986225fa", "vulnerability": {"vulnId": "CVE-2018-7600", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cc070f3d-3de2-46eb-9c2c-d12c986225fa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:52:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:52:42+00:00"}, "scope": {"notes": "Affected: Drupal / Drupal | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-7600", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7600"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 3, "vendor": "Drupal", "30d_avg": 7, "90d_avg": 3, "product": "Drupal", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fadad181-82ab-426a-ba4c-2c3f04ebfc8d", "vulnerability": {"vulnId": "CVE-2024-0204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fadad181-82ab-426a-ba4c-2c3f04ebfc8d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-25T08:15:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-25T08:15:17+00:00"}, "scope": {"notes": "Affected: Fortra / GoAnywhere MFT | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0204", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0204"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 4, "vendor": "Fortra", "30d_avg": 7, "90d_avg": 20, "product": "GoAnywhere MFT", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8954c338-a26b-4e62-8e73-8cadb9ab980c", "vulnerability": {"vulnId": "CVE-2019-7192", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8954c338-a26b-4e62-8e73-8cadb9ab980c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T20:10:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T20:10:39+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP NAS devices running Photo Station | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-7192", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7192"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 2, "vendor": "QNAP", "30d_avg": 25, "90d_avg": 9, "product": "QNAP NAS devices running Photo Station", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "76f7400f-4eb5-46d4-8002-c956eaff9cf2", "vulnerability": {"vulnId": "CVE-2023-7334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "76f7400f-4eb5-46d4-8002-c956eaff9cf2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-01-17T03:38:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-17T03:38:41+00:00"}, "scope": {"notes": "Affected: Changjetong / Changjetong T+ | Class: other-software | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-7334", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7334"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Changjetong", "30d_avg": 1, "90d_avg": 1, "product": "Changjetong T+", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "e53ef693-1d89-4e23-998d-4eb6dfab3cbe", "vulnerability": {"vulnId": "CVE-2023-35078", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e53ef693-1d89-4e23-998d-4eb6dfab3cbe", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-13T18:56:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T18:56:58+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 30", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-35078", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35078"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 10, "vendor": "Ivanti", "30d_avg": 12, "90d_avg": 37, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 30, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "5af37308-04f4-4614-9956-0af7291e845e", "vulnerability": {"vulnId": "CVE-2024-7120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5af37308-04f4-4614-9956-0af7291e845e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-21T19:13:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-21T19:13:28+00:00"}, "scope": {"notes": "Affected: RAISECOM / RAISECOM MSG1200, MSG2100E, MSG2200 and MSG2300 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7120", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7120"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "RAISECOM", "30d_avg": 1, "90d_avg": 0, "product": "RAISECOM MSG1200, MSG2100E, MSG2200 and MSG2300", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "820366ed-208b-44d8-89ec-2f36177cc316", "vulnerability": {"vulnId": "CVE-2025-68645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "820366ed-208b-44d8-89ec-2f36177cc316", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-14T19:46:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-14T19:46:49+00:00"}, "scope": {"notes": "Affected: Zimbra / Zimbra Collaboration Suite | Class: email | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 952", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-68645", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68645"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 1, "vendor": "Zimbra", "30d_avg": 6, "90d_avg": 2, "product": "Zimbra Collaboration Suite", "cisa_kev": "yes", "connections": 952, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "c7f2c156-a3d3-4d07-a93d-8f272911c5ee", "vulnerability": {"vulnId": "CVE-2018-1217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c7f2c156-a3d3-4d07-a93d-8f272911c5ee", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-02-11T14:58:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-11T14:58:19+00:00"}, "scope": {"notes": "Affected: Dell / Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 102", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-1217", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1217"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 4, "vendor": "Dell", "30d_avg": 8, "90d_avg": 3, "product": "Dell EMC Avamar Server and Dell EMC Integrated Data Protection Appliance", "cisa_kev": "no", "connections": 102, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "eafd1b8e-4c90-4394-9280-91c359550df9", "vulnerability": {"vulnId": "CVE-2019-15107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "eafd1b8e-4c90-4394-9280-91c359550df9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:04+00:00"}, "scope": {"notes": "Affected: Webmin / Webmin | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-15107", "url": "https://www.cve.org/CVERecord?id=CVE-2019-15107"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Webmin", "30d_avg": 6, "90d_avg": 2, "product": "Webmin", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8251c953-c529-4c45-953a-499ba3bdd81b", "vulnerability": {"vulnId": "CVE-2025-34040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8251c953-c529-4c45-953a-499ba3bdd81b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-19T15:19:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-19T15:19:25+00:00"}, "scope": {"notes": "Affected: Zhiyuan / Zhiyuan OA | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34040", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34040"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Zhiyuan", "30d_avg": 1, "90d_avg": 0, "product": "Zhiyuan OA", "cisa_kev": "no", "connections": 10, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "b696537a-0af4-41c8-b49b-c457ad5c8be7", "vulnerability": {"vulnId": "CVE-2023-1389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b696537a-0af4-41c8-b49b-c457ad5c8be7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-13T16:14:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:14:26+00:00"}, "scope": {"notes": "Affected: TP-Link / TP-Link Archer AX21 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 88", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-1389", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1389"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "TP-Link", "30d_avg": 6, "90d_avg": 3, "product": "TP-Link Archer AX21", "cisa_kev": "yes", "connections": 88, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "c58f57be-890d-4864-8c17-0f4db9e2ea3a", "vulnerability": {"vulnId": "CVE-2017-5638", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c58f57be-890d-4864-8c17-0f4db9e2ea3a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-13T17:49:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T17:49:40+00:00"}, "scope": {"notes": "Affected: Apache / Struts | Class: web-app-framework | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-5638", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5638"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 1, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "Struts", "cisa_kev": "yes", "connections": 4, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "6ff7adcb-3e70-4953-be2c-b9deab253aea", "vulnerability": {"vulnId": "CVE-2021-45420", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6ff7adcb-3e70-4953-be2c-b9deab253aea", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T22:01:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T22:01:37+00:00"}, "scope": {"notes": "Affected: Emerson Dixell / XWEB-500 | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-45420", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45420"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Emerson Dixell", "30d_avg": 7, "90d_avg": 2, "product": "XWEB-500", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "92e5eb7a-c00b-420a-bac9-737aaea62004", "vulnerability": {"vulnId": "CVE-2019-19781", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "92e5eb7a-c00b-420a-bac9-737aaea62004", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:09+00:00"}, "scope": {"notes": "Affected: Citrix / Application Delivery Controller | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-19781", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19781"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 5, "vendor": "Citrix", "30d_avg": 10, "90d_avg": 6, "product": "Application Delivery Controller", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "88e8e030-9001-4b8a-a1dd-55c1c4a602de", "vulnerability": {"vulnId": "CVE-2021-21972", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "88e8e030-9001-4b8a-a1dd-55c1c4a602de", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-17T22:28:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-17T22:28:30+00:00"}, "scope": {"notes": "Affected: VMWare / vCenter Server | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21972", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21972"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "VMWare", "30d_avg": 0, "90d_avg": 0, "product": "vCenter Server", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "45b51f67-15c1-4c1d-8b23-929db68464d7", "vulnerability": {"vulnId": "CVE-2021-45382", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "45b51f67-15c1-4c1d-8b23-929db68464d7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:04:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:04:42+00:00"}, "scope": {"notes": "Affected: D-Link / DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-45382", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45382"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 4, "vendor": "D-Link", "30d_avg": 6, "90d_avg": 2, "product": "DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, DIR-836L", "cisa_kev": "yes", "connections": 55, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "53bae138-9892-4348-a330-8972060eb95c", "vulnerability": {"vulnId": "CVE-2024-7314", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "53bae138-9892-4348-a330-8972060eb95c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T10:50:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-08T10:50:54+00:00"}, "scope": {"notes": "Affected: anji-plus / AJ-Report | Class: business-intelligence | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7314", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7314"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "business-intelligence", "7d_avg": 2, "vendor": "anji-plus", "30d_avg": 7, "90d_avg": 3, "product": "AJ-Report", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "770d78fa-9b57-40a4-a2c2-ca50cd86f19c", "vulnerability": {"vulnId": "CVE-2015-2051", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "770d78fa-9b57-40a4-a2c2-ca50cd86f19c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:15:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:15:09+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-645, DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR | Class: router | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 146", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2015-2051", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2051"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "140", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 144, "vendor": "D-Link", "30d_avg": 130, "90d_avg": 139, "product": "D-Link DIR-645, DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR", "cisa_kev": "yes", "connections": 146, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "d76136dd-af7d-40f2-91d5-475ab853cd25", "vulnerability": {"vulnId": "CVE-2020-20300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d76136dd-af7d-40f2-91d5-475ab853cd25", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-28T06:31:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-28T06:31:59+00:00"}, "scope": {"notes": "Affected: WeiPHP / WeiPHP | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-20300", "url": "https://www.cve.org/CVERecord?id=CVE-2020-20300"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "WeiPHP", "30d_avg": 5, "90d_avg": 1, "product": "WeiPHP", "cisa_kev": "no", "connections": 12, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b7411584-834b-488a-9b9c-25b317c23e1a", "vulnerability": {"vulnId": "CVE-2019-19825", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b7411584-834b-488a-9b9c-25b317c23e1a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-23T21:36:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-23T21:36:39+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink Realtek SDK based routers | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-19825", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19825"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 3, "vendor": "Totolink", "30d_avg": 7, "90d_avg": 3, "product": "Totolink Realtek SDK based routers", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e1152c8e-2d3f-4589-9446-74d7b6e33d0e", "vulnerability": {"vulnId": "CVE-2021-33544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e1152c8e-2d3f-4589-9446-74d7b6e33d0e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2023-10-13T16:02:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:02:46+00:00"}, "scope": {"notes": "Affected: UDP Technology / video camera firmware for multiple vendors | Class: video-system | Severity: High (CVSS 7.2) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-33544", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33544"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "UDP Technology", "30d_avg": 6, "90d_avg": 2, "product": "video camera firmware for multiple vendors", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "3969f1a3-a3ea-4e99-b20d-105ad9f22c22", "vulnerability": {"vulnId": "CVE-2021-3129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3969f1a3-a3ea-4e99-b20d-105ad9f22c22", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T21:35:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T21:35:15+00:00"}, "scope": {"notes": "Affected: Laravel / Ignition | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-3129", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3129"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 5, "vendor": "Laravel", "30d_avg": 14, "90d_avg": 6, "product": "Ignition", "cisa_kev": "yes", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "552e8ddf-9d7b-4754-8ac3-2ad272a84986", "vulnerability": {"vulnId": "CVE-2024-13985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "552e8ddf-9d7b-4754-8ac3-2ad272a84986", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-09-23T17:25:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-09-23T17:25:57+00:00"}, "scope": {"notes": "Affected: Dahua / Dahua EIMS | Class: device-management-platform | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-13985", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13985"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Dahua", "30d_avg": 0, "90d_avg": 0, "product": "Dahua EIMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "44a74bce-2b36-4e60-b631-4eb0c981f021", "vulnerability": {"vulnId": "CVE-2001-0537", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "44a74bce-2b36-4e60-b631-4eb0c981f021", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2023-10-14T13:53:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T13:53:03+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco IOS | Class: router | Severity: High (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2001-0537", "url": "https://www.cve.org/CVERecord?id=CVE-2001-0537"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 21, "vendor": "Cisco", "30d_avg": 10, "90d_avg": 4, "product": "Cisco IOS", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "High"}}]}
{"uuid": "369692a3-8e77-4d70-98f0-940f68c59d9c", "vulnerability": {"vulnId": "CVE-2023-22518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "369692a3-8e77-4d70-98f0-940f68c59d9c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-03T23:19:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-03T23:19:30+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-22518", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22518"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Atlassian", "30d_avg": 5, "90d_avg": 8, "product": "Confluence", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6ad1892b-4709-4dc3-a8f8-ae4df6085bd4", "vulnerability": {"vulnId": "CVE-2011-3600", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6ad1892b-4709-4dc3-a8f8-ae4df6085bd4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:00+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2011-3600", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3600"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Apache", "30d_avg": 8, "90d_avg": 3, "product": "OFBiz", "cisa_kev": "no", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "8cf6a302-9e47-4374-b99f-e74b003abffc", "vulnerability": {"vulnId": "CVE-2017-7927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8cf6a302-9e47-4374-b99f-e74b003abffc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2023-10-14T14:26:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:26:42+00:00"}, "scope": {"notes": "Affected: Dahua / Dahua DVR/NVR/IPC | Class: video-system | Severity: High (CVSS 7.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-7927", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7927"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 2, "vendor": "Dahua", "30d_avg": 6, "90d_avg": 2, "product": "Dahua DVR/NVR/IPC", "cisa_kev": "no", "connections": 10, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}]}
{"uuid": "7cdeaf45-3193-4bed-a896-264722ad97af", "vulnerability": {"vulnId": "CVE-2021-3223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7cdeaf45-3193-4bed-a896-264722ad97af", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:58+00:00"}, "scope": {"notes": "Affected: Node-RED / Node-RED-Dashboard | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-3223", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3223"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 20, "vendor": "Node-RED", "30d_avg": 12, "90d_avg": 4, "product": "Node-RED-Dashboard", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "ce7af91c-57ff-4dd2-aa96-fe02a5c7d677", "vulnerability": {"vulnId": "CVE-2021-21985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ce7af91c-57ff-4dd2-aa96-fe02a5c7d677", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:48+00:00"}, "scope": {"notes": "Affected: VMware / vCenter | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21985", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21985"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "VMware", "30d_avg": 6, "90d_avg": 2, "product": "vCenter", "cisa_kev": "yes", "connections": 4, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "56dadadb-b706-4f99-b232-33a235216156", "vulnerability": {"vulnId": "CVE-2025-34068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "56dadadb-b706-4f99-b232-33a235216156", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T08:38:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-21T08:38:22+00:00"}, "scope": {"notes": "Affected: Samsung / WLAN AP WEA453e | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34068", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34068"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Samsung", "30d_avg": 1, "90d_avg": 0, "product": "WLAN AP WEA453e", "cisa_kev": "no", "connections": 10, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "0e3eace8-c366-4b58-baa5-a2d529e9dc7b", "vulnerability": {"vulnId": "EDB-45025", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0e3eace8-c366-4b58-baa5-a2d529e9dc7b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:00:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:38+00:00"}, "scope": {"notes": "Affected: Apache / Hadoop (YARN ResourceManager) | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 23621", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-45025", "url": "https://www.exploit-db.com/exploits/45025"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Apache", "30d_avg": 4, "90d_avg": 5, "product": "Hadoop (YARN ResourceManager)", "cisa_kev": "no", "connections": 23621, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "ae2245ef-a9eb-4d1c-be6f-0f5cc808909a", "vulnerability": {"vulnId": "CVE-2021-33564", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ae2245ef-a9eb-4d1c-be6f-0f5cc808909a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T17:23:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T17:23:14+00:00"}, "scope": {"notes": "Affected: Ruby Dragonfly / Ruby Dragonfly | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-33564", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33564"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Ruby Dragonfly", "30d_avg": 10, "90d_avg": 3, "product": "Ruby Dragonfly", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "45d15af4-202a-4704-a2fe-fa84bd150a87", "vulnerability": {"vulnId": "CVE-2024-7928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "45d15af4-202a-4704-a2fe-fa84bd150a87", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 43}, "timestamps": {"asserted_at": "2024-08-29T16:49:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-29T16:49:59+00:00"}, "scope": {"notes": "Affected: FastAdmin / FastAdmin | Class: other-software | Severity: Medium (CVSS 4.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7928", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7928"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "FastAdmin", "30d_avg": 1, "90d_avg": 0, "product": "FastAdmin", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "4e30cbaa-7031-4d1e-9ad3-3ef25f3f8c61", "vulnerability": {"vulnId": "CVE-2025-34059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4e30cbaa-7031-4d1e-9ad3-3ef25f3f8c61", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T10:50:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-08T10:50:55+00:00"}, "scope": {"notes": "Affected: Dahua / Dahua Intelligent Cloud Gateway Registration Management Platform | Class: device-management-platform | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34059", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34059"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Dahua", "30d_avg": 2, "90d_avg": 1, "product": "Dahua Intelligent Cloud Gateway Registration Management Platform", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "08c659c8-a56e-4b59-85af-7cf64a147155", "vulnerability": {"vulnId": "CVE-2017-10271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "08c659c8-a56e-4b59-85af-7cf64a147155", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-13T19:27:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T19:27:19+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Weblogic Server | Class: app-server | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 29", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-10271", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10271"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 3, "vendor": "Oracle", "30d_avg": 11, "90d_avg": 4, "product": "Oracle Weblogic Server", "cisa_kev": "yes", "connections": 29, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "76babfcc-7787-47ad-ad0b-dd3dcf67d1bc", "vulnerability": {"vulnId": "CVE-2020-35131", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "76babfcc-7787-47ad-ad0b-dd3dcf67d1bc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: Cockpit / Cockpit | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-35131", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35131"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Cockpit", "30d_avg": 22, "90d_avg": 8, "product": "Cockpit", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fd585ce9-cd1a-4e4c-bfef-0d9326f984f3", "vulnerability": {"vulnId": "CVE-2025-59474", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fd585ce9-cd1a-4e4c-bfef-0d9326f984f3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-10-27T10:43:33+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-27T10:43:33+00:00"}, "scope": {"notes": "Affected: Jenkins / Jenkins | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 68", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-59474", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59474"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Jenkins", "30d_avg": 0, "90d_avg": 0, "product": "Jenkins", "cisa_kev": "no", "connections": 68, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "f48881c7-c129-4e63-ace0-de4232977652", "vulnerability": {"vulnId": "CVE-2019-18394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f48881c7-c129-4e63-ace0-de4232977652", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:08+00:00"}, "scope": {"notes": "Affected: Ignite Realtime / Openfire | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-18394", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18394"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Ignite Realtime", "30d_avg": 5, "90d_avg": 2, "product": "Openfire", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "43fb76bb-32d7-48c2-9ab2-3fe8ae2204da", "vulnerability": {"vulnId": "CVE-2026-23744", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "43fb76bb-32d7-48c2-9ab2-3fe8ae2204da", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2026-03-07T00:11:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-07T00:11:29+00:00"}, "scope": {"notes": "Affected: MCPJam / MCPJam Inspector | Class: ai-system | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-23744", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23744"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 0, "vendor": "MCPJam", "30d_avg": 3, "90d_avg": 1, "product": "MCPJam Inspector", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "bc0cf2c2-8723-4074-b211-40cf47929087", "vulnerability": {"vulnId": "CVE-2014-2321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bc0cf2c2-8723-4074-b211-40cf47929087", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T06:22:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T06:22:32+00:00"}, "scope": {"notes": "Affected: ZTE / ZTE F460,F660 | Class: router | Severity: High (CVSS 10) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-2321", "url": "https://www.cve.org/CVERecord?id=CVE-2014-2321"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "ZTE", "30d_avg": 0, "90d_avg": 0, "product": "ZTE F460,F660", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "High"}}]}
{"uuid": "7ab263ab-3587-401c-b733-d2fd271557ef", "vulnerability": {"vulnId": "CVE-2024-7029", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7ab263ab-3587-401c-b733-d2fd271557ef", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-09-01T05:08:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-01T05:08:12+00:00"}, "scope": {"notes": "Affected: AVTECH / AVTECH IP camera | Class: video-system | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7029", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7029"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "AVTECH", "30d_avg": 5, "90d_avg": 2, "product": "AVTECH IP camera", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "604a06bf-dbc4-4a34-a79d-65c12bb49993", "vulnerability": {"vulnId": "CVE-2021-41277", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "604a06bf-dbc4-4a34-a79d-65c12bb49993", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:14+00:00"}, "scope": {"notes": "Affected: Metabase / Metabase | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 18", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-41277", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41277"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 21, "vendor": "Metabase", "30d_avg": 12, "90d_avg": 4, "product": "Metabase", "cisa_kev": "yes", "connections": 18, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "bfcf4d11-1b74-43b8-ba70-48b8f99ae678", "vulnerability": {"vulnId": "CVE-2025-1338", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bfcf4d11-1b74-43b8-ba70-48b8f99ae678", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2026-04-09T04:17:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-09T04:17:32+00:00"}, "scope": {"notes": "Affected: NUUO / NUUO Camera | Class: video-system | Severity: High (CVSS 7.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-1338", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1338"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "NUUO", "30d_avg": 5, "90d_avg": 2, "product": "NUUO Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}]}
{"uuid": "83e52432-8d3f-42dd-9e82-3dad98deaa09", "vulnerability": {"vulnId": "CVE-2022-4984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "83e52432-8d3f-42dd-9e82-3dad98deaa09", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T10:50:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-08T10:50:57+00:00"}, "scope": {"notes": "Affected: Qingdao Easysoft / ZenTao | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4984", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4984"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Qingdao Easysoft", "30d_avg": 2, "90d_avg": 1, "product": "ZenTao", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "2f70e1ac-3595-4f38-b329-098af14432d9", "vulnerability": {"vulnId": "CVE-2015-1427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2f70e1ac-3595-4f38-b329-098af14432d9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T20:52:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:52:26+00:00"}, "scope": {"notes": "Affected: Elastic / Elasticsearch | Class: database | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2015-1427", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 2, "vendor": "Elastic", "30d_avg": 7, "90d_avg": 3, "product": "Elasticsearch", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "a909371c-2a8e-4572-8f98-b4dd21f96108", "vulnerability": {"vulnId": "CVE-2024-22024", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a909371c-2a8e-4572-8f98-b4dd21f96108", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 83}, "timestamps": {"asserted_at": "2024-02-10T09:26:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-10T09:26:32+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti Connect Secure, Policy Secure and ZTA | Class: vpn | Severity: High (CVSS 8.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-22024", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22024"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 3, "90d_avg": 1, "product": "Ivanti Connect Secure, Policy Secure and ZTA", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.3, "vulnerability_severity": "High"}}]}
{"uuid": "2a0aa945-4f62-46e9-af84-567ba88ab046", "vulnerability": {"vulnId": "CVE-2023-37679", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2a0aa945-4f62-46e9-af84-567ba88ab046", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-05-25T19:12:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-05-25T19:12:29+00:00"}, "scope": {"notes": "Affected: NextGen Healthcare / Mirth Connect | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-37679", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37679"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "NextGen Healthcare", "30d_avg": 11, "90d_avg": 13, "product": "Mirth Connect", "cisa_kev": "no", "connections": 12, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b5bfc2f4-fdd7-4733-a246-07a283c9b7f9", "vulnerability": {"vulnId": "CVE-2017-5521", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b5bfc2f4-fdd7-4733-a246-07a283c9b7f9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2025-05-08T20:35:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-08T20:35:23+00:00"}, "scope": {"notes": "Affected: NETGEAR / NETGEAR (multiple routers) | Class: router | Severity: High (CVSS 8.1) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-5521", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5521"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "NETGEAR", "30d_avg": 5, "90d_avg": 2, "product": "NETGEAR (multiple routers)", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "0ba14e96-eaa9-4703-918a-1be98fe9c42b", "vulnerability": {"vulnId": "CVE-2022-22965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0ba14e96-eaa9-4703-918a-1be98fe9c42b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:27+00:00"}, "scope": {"notes": "Affected: Spring / Spring Framework | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22965", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 2, "vendor": "Spring", "30d_avg": 10, "90d_avg": 4, "product": "Spring Framework", "cisa_kev": "yes", "connections": 8, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f4e279be-7177-49cf-970b-8032829a1c6d", "vulnerability": {"vulnId": "CVE-2025-24893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f4e279be-7177-49cf-970b-8032829a1c6d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-04-20T02:43:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-04-20T02:43:13+00:00"}, "scope": {"notes": "Affected: XWiki / XWiki Platform | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-24893", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24893"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "XWiki", "30d_avg": 5, "90d_avg": 2, "product": "XWiki Platform", "cisa_kev": "yes", "connections": 7, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d996b643-4fcd-4951-a083-250b748e4220", "vulnerability": {"vulnId": "CVE-2021-44515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d996b643-4fcd-4951-a083-250b748e4220", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-24T04:43:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-24T04:43:07+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine Desktop Central | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-44515", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44515"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Zoho", "30d_avg": 6, "90d_avg": 2, "product": "ManageEngine Desktop Central", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "60d0f1e8-7f58-4a81-8935-1526aa19d447", "vulnerability": {"vulnId": "CVE-2018-25114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "60d0f1e8-7f58-4a81-8935-1526aa19d447", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-12T16:28:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-12T16:28:08+00:00"}, "scope": {"notes": "Affected: osCommerce / osCommerce Online Merchant | Class: other-software | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-25114", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25114"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "osCommerce", "30d_avg": 10, "90d_avg": 4, "product": "osCommerce Online Merchant", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "d5fb2aa4-6f93-4249-bffd-07857c414719", "vulnerability": {"vulnId": "CVE-2022-0679", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d5fb2aa4-6f93-4249-bffd-07857c414719", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:04:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:04:58+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Narnoo Distributor plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0679", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0679"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Narnoo Distributor plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e5af9fa6-6314-4752-a503-73db9421ced9", "vulnerability": {"vulnId": "CVE-2022-40684", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e5af9fa6-6314-4752-a503-73db9421ced9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 96}, "timestamps": {"asserted_at": "2023-10-14T00:41:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T00:41:44+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiOS, FortiProxy, and FortiSwitchManager | Class: firewall | Severity: Critical (CVSS 9.6) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 9423", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-40684", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40684"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "33", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 13, "vendor": "Fortinet", "30d_avg": 23, "90d_avg": 13, "product": "FortiOS, FortiProxy, and FortiSwitchManager", "cisa_kev": "yes", "connections": 9423, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.6, "vulnerability_severity": "Critical"}}]}
{"uuid": "775a5121-5177-4d22-bfe6-77eede0db399", "vulnerability": {"vulnId": "CVE-2021-35250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "775a5121-5177-4d22-bfe6-77eede0db399", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-11-13T17:38:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-13T17:38:10+00:00"}, "scope": {"notes": "Affected: SolarWinds / Serv-U | Class: file-transfer | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-35250", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35250"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 1, "vendor": "SolarWinds", "30d_avg": 5, "90d_avg": 2, "product": "Serv-U", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "32b21251-06b5-404f-b9a2-d59a2fa537ac", "vulnerability": {"vulnId": "CVE-2019-18818", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "32b21251-06b5-404f-b9a2-d59a2fa537ac", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:09+00:00"}, "scope": {"notes": "Affected: strapi / strapi | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-18818", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18818"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "strapi", "30d_avg": 5, "90d_avg": 2, "product": "strapi", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7f967491-3c44-4e52-b38e-8b98fa42ff31", "vulnerability": {"vulnId": "CVE-2018-15138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7f967491-3c44-4e52-b38e-8b98fa42ff31", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:19+00:00"}, "scope": {"notes": "Affected: Ericsson-LG / iPECS NMS 30M | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-15138", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15138"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Ericsson-LG", "30d_avg": 10, "90d_avg": 3, "product": "iPECS NMS 30M", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c2cb8c5d-ce74-44c0-b04c-733575816bc5", "vulnerability": {"vulnId": "CVE-2021-4462", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c2cb8c5d-ce74-44c0-b04c-733575816bc5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-15T16:44:31+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-15T16:44:31+00:00"}, "scope": {"notes": "Affected: skittles / Simple Employee Records System 1.0 | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-4462", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4462"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "skittles", "30d_avg": 14, "90d_avg": 5, "product": "Simple Employee Records System 1.0", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "077daf93-3257-4cfe-8fcc-c7886c9c917b", "vulnerability": {"vulnId": "CVE-2019-9670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "077daf93-3257-4cfe-8fcc-c7886c9c917b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:03:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:03:21+00:00"}, "scope": {"notes": "Affected: Synacor / Zimbra Collaboration Suite | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1130", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-9670", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9670"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 2, "vendor": "Synacor", "30d_avg": 6, "90d_avg": 6, "product": "Zimbra Collaboration Suite", "cisa_kev": "yes", "connections": 1130, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5fce2773-c576-441e-9133-211cf9dcf594", "vulnerability": {"vulnId": "CVE-2023-23752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5fce2773-c576-441e-9133-211cf9dcf594", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:00:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:00:01+00:00"}, "scope": {"notes": "Affected: Open Source Matters, Inc/Joomla community / Joomla | Class: cms | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 29", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-23752", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23752"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Open Source Matters, Inc/Joomla community", "30d_avg": 2, "90d_avg": 3, "product": "Joomla", "cisa_kev": "yes", "connections": 29, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "91fe6cc6-07b9-46ff-9694-16fca5e5d659", "vulnerability": {"vulnId": "CVE-2024-43360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "91fe6cc6-07b9-46ff-9694-16fca5e5d659", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-08T20:30:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-08T20:30:51+00:00"}, "scope": {"notes": "Affected: ZoneMinder / ZoneMinder | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-43360", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43360"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "ZoneMinder", "30d_avg": 5, "90d_avg": 2, "product": "ZoneMinder", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1d0eeda7-4995-487e-92e3-4be507164e60", "vulnerability": {"vulnId": "CVE-2021-46381", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1d0eeda7-4995-487e-92e3-4be507164e60", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:19+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DAP-1620 | Class: wireless-extender | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-46381", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46381"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 2, "product": "D-Link DAP-1620", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "f73216af-c781-4afd-ab01-68dce388f779", "vulnerability": {"vulnId": "CVE-2024-38289", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f73216af-c781-4afd-ab01-68dce388f779", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-14T12:28:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-14T12:28:14+00:00"}, "scope": {"notes": "Affected: R-HUB / TurboMeeting | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-38289", "url": "https://www.cve.org/CVERecord?id=CVE-2024-38289"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "R-HUB", "30d_avg": 12, "90d_avg": 4, "product": "TurboMeeting", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "dfa2c338-f000-4320-aacd-e12da560b4e5", "vulnerability": {"vulnId": "CVE-2024-31750", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "dfa2c338-f000-4320-aacd-e12da560b4e5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-07-03T10:48:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-07-03T10:48:56+00:00"}, "scope": {"notes": "Affected: F-Logic / DataCube3 | Class: other-software | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-31750", "url": "https://www.cve.org/CVERecord?id=CVE-2024-31750"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "F-Logic", "30d_avg": 5, "90d_avg": 2, "product": "DataCube3", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "3cd2f4d1-5884-49dc-810e-a4e3575f0b2b", "vulnerability": {"vulnId": "CVE-2021-37580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3cd2f4d1-5884-49dc-810e-a4e3575f0b2b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:02+00:00"}, "scope": {"notes": "Affected: Apache / ShenYu | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-37580", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37580"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "ShenYu", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "bdbc3052-1c8f-45b7-92aa-9c3a12a5150d", "vulnerability": {"vulnId": "CVE-2024-34257", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bdbc3052-1c8f-45b7-92aa-9c3a12a5150d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-08-13T22:56:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-13T22:56:46+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink EX1800T | Class: wireless-extender | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-34257", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34257"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 1, "vendor": "Totolink", "30d_avg": 5, "90d_avg": 1, "product": "Totolink EX1800T", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "ff80dc5e-c5d5-40c3-ad2f-dfb6a0eb614b", "vulnerability": {"vulnId": "CVE-2024-8752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ff80dc5e-c5d5-40c3-ad2f-dfb6a0eb614b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-10-07T11:45:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-10-07T11:45:01+00:00"}, "scope": {"notes": "Affected: WebIQ / WebIQ | Class: cms | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8752", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8752"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "WebIQ", "30d_avg": 3, "90d_avg": 1, "product": "WebIQ", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "9dd5ab82-f2c7-4b86-991e-e7d7c362fa6a", "vulnerability": {"vulnId": "CVE-2023-47253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9dd5ab82-f2c7-4b86-991e-e7d7c362fa6a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-24T19:42:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-24T19:42:39+00:00"}, "scope": {"notes": "Affected: Qualitor / Qualitor ITSM | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-47253", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47253"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Qualitor", "30d_avg": 5, "90d_avg": 2, "product": "Qualitor ITSM", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2f3e7c8b-8a7d-46e4-a17d-74456de051ad", "vulnerability": {"vulnId": "CVE-2018-1335", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2f3e7c8b-8a7d-46e4-a17d-74456de051ad", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2023-10-14T20:53:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:53:27+00:00"}, "scope": {"notes": "Affected: Apache / Tika | Class: other-software | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-1335", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1335"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Apache", "30d_avg": 6, "90d_avg": 2, "product": "Tika", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "f1b6bdf0-988e-40ad-bf92-2bbc10507d56", "vulnerability": {"vulnId": "CVE-2020-13167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f1b6bdf0-988e-40ad-bf92-2bbc10507d56", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:20+00:00"}, "scope": {"notes": "Affected: Netsweeper / Netsweeper | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-13167", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13167"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 2, "vendor": "Netsweeper", "30d_avg": 11, "90d_avg": 4, "product": "Netsweeper", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6ae0d9f1-0631-4c43-82ec-71cc28e17507", "vulnerability": {"vulnId": "CVE-2024-29973", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6ae0d9f1-0631-4c43-82ec-71cc28e17507", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-27T11:11:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-27T11:11:38+00:00"}, "scope": {"notes": "Affected: Zyxel / Zyxel NAS326 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-29973", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29973"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "Zyxel", "30d_avg": 5, "90d_avg": 2, "product": "Zyxel NAS326", "cisa_kev": "no", "connections": 5, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "087a2260-a7e2-4a3a-a30e-de4947182831", "vulnerability": {"vulnId": "CVE-2018-16763", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "087a2260-a7e2-4a3a-a30e-de4947182831", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:41:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:41:37+00:00"}, "scope": {"notes": "Affected: Daylight Studio / FUEL CMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-16763", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16763"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Daylight Studio", "30d_avg": 6, "90d_avg": 2, "product": "FUEL CMS", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3f8cbc9f-e798-48c3-a927-bcce37c0322e", "vulnerability": {"vulnId": "CVE-2024-48248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3f8cbc9f-e798-48c3-a927-bcce37c0322e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2025-03-16T13:39:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-03-16T13:39:36+00:00"}, "scope": {"notes": "Affected: NAKIVO / NAKIVO Backup & Replication | Class: backup | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-48248", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48248"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "backup", "7d_avg": 1, "vendor": "NAKIVO", "30d_avg": 4, "90d_avg": 1, "product": "NAKIVO Backup & Replication", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "3ca59b9b-fc0e-4134-b916-71fc7e5f9623", "vulnerability": {"vulnId": "CVE-2018-11511", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3ca59b9b-fc0e-4134-b916-71fc7e5f9623", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-26T03:18:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-26T03:18:26+00:00"}, "scope": {"notes": "Affected: ASUSTOR / ASUSTOR ADM | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-11511", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11511"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "ASUSTOR", "30d_avg": 5, "90d_avg": 2, "product": "ASUSTOR ADM", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "476000c5-fae9-4bcc-ae74-eb9c95f9d79e", "vulnerability": {"vulnId": "CVE-2021-3297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "476000c5-fae9-4bcc-ae74-eb9c95f9d79e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 78}, "timestamps": {"asserted_at": "2025-08-19T11:59:12+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-19T11:59:12+00:00"}, "scope": {"notes": "Affected: Zyxel / Zyxel NBG2105 | Class: router | Severity: High (CVSS 7.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-3297", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3297"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Zyxel", "30d_avg": 6, "90d_avg": 2, "product": "Zyxel NBG2105", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.8, "vulnerability_severity": "High"}}]}
{"uuid": "a0ad90fd-d5e7-49a9-93a5-2a3701629d84", "vulnerability": {"vulnId": "CVE-2022-1026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a0ad90fd-d5e7-49a9-93a5-2a3701629d84", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2024-06-08T02:44:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-08T02:44:27+00:00"}, "scope": {"notes": "Affected: Kyocera / Kyocera Multifunction Printers | Class: printer | Severity: High (CVSS 8.6) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1026", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1026"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "printer", "7d_avg": 1, "vendor": "Kyocera", "30d_avg": 5, "90d_avg": 2, "product": "Kyocera Multifunction Printers", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "fe39d1b3-65b0-4156-aa5d-c5d9b2c56017", "vulnerability": {"vulnId": "CVE-2025-28367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fe39d1b3-65b0-4156-aa5d-c5d9b2c56017", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-06-24T22:01:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-24T22:01:26+00:00"}, "scope": {"notes": "Affected: i7MEDIA / mojoPortal | Class: cms | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-28367", "url": "https://www.cve.org/CVERecord?id=CVE-2025-28367"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "i7MEDIA", "30d_avg": 0, "90d_avg": 0, "product": "mojoPortal", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "c09f07b0-434a-4cb3-a887-1856fc5ad6d9", "vulnerability": {"vulnId": "CVE-2024-5827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c09f07b0-434a-4cb3-a887-1856fc5ad6d9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-12-05T06:27:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:28+00:00"}, "scope": {"notes": "Affected: Vanna / Vanna | Class: ai-system | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-5827", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5827"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 1, "vendor": "Vanna", "30d_avg": 11, "90d_avg": 4, "product": "Vanna", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "f8bc4fa9-8656-45a2-b0ac-b9638eb8cd52", "vulnerability": {"vulnId": "CVE-2022-0827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f8bc4fa9-8656-45a2-b0ac-b9638eb8cd52", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:16:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:16:26+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Bestbooks plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0827", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0827"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Bestbooks plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8d22024b-e155-4586-8605-f179ef65516d", "vulnerability": {"vulnId": "CVE-2023-6909", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8d22024b-e155-4586-8605-f179ef65516d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-30T18:23:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-30T18:23:58+00:00"}, "scope": {"notes": "Affected: MLflow / MLflow | Class: ai-system | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6909", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6909"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 2, "vendor": "MLflow", "30d_avg": 42, "90d_avg": 14, "product": "MLflow", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "a974e499-c2c9-4322-ad1d-4e52a7a00f36", "vulnerability": {"vulnId": "CVE-2022-0952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a974e499-c2c9-4322-ad1d-4e52a7a00f36", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:57:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:35+00:00"}, "scope": {"notes": "Affected: Wordpress / Sitemap by click5 WordPress plugin | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0952", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0952"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 12, "90d_avg": 4, "product": "Sitemap by click5 WordPress plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "af422ff0-74f8-4794-92e8-91afe2d7481f", "vulnerability": {"vulnId": "CVE-2025-34023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "af422ff0-74f8-4794-92e8-91afe2d7481f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-15T19:41:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-15T19:41:19+00:00"}, "scope": {"notes": "Affected: Karel / Karel IP Phone IP1211 | Class: other-software | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34023", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34023"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Karel", "30d_avg": 9, "90d_avg": 3, "product": "Karel IP Phone IP1211", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "0edf4bb1-2dcf-4155-b16a-a32025dfd89f", "vulnerability": {"vulnId": "CVE-2023-46574", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0edf4bb1-2dcf-4155-b16a-a32025dfd89f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-09T02:55:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-09T02:55:29+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A3700R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-46574", "url": "https://www.cve.org/CVERecord?id=CVE-2023-46574"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Totolink", "30d_avg": 11, "90d_avg": 4, "product": "Totolink A3700R", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d1891784-0718-4a5a-a192-e5a8fa4560a7", "vulnerability": {"vulnId": "CVE-2020-8656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d1891784-0718-4a5a-a192-e5a8fa4560a7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:35:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:35:22+00:00"}, "scope": {"notes": "Affected: EyesOfNetwork / EyesOfNetwork | Class: network-monitoring | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8656", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8656"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 1, "vendor": "EyesOfNetwork", "30d_avg": 9, "90d_avg": 3, "product": "EyesOfNetwork", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "db4d77e7-2fa1-4994-9312-4b68d902a222", "vulnerability": {"vulnId": "CVE-2023-22897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "db4d77e7-2fa1-4994-9312-4b68d902a222", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-23T18:49:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:49:49+00:00"}, "scope": {"notes": "Affected: SecurePoint / SecurePoint UTM | Class: firewall | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-22897", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22897"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "SecurePoint", "30d_avg": 1, "90d_avg": 0, "product": "SecurePoint UTM", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "a6e27b75-98de-41ef-af99-45c045048f84", "vulnerability": {"vulnId": "CVE-2024-41713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a6e27b75-98de-41ef-af99-45c045048f84", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2024-12-11T23:12:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-11T23:12:34+00:00"}, "scope": {"notes": "Affected: Mitel / MiCollab | Class: voip | Severity: Critical (CVSS 9.1) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-41713", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41713"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "voip", "7d_avg": 1, "vendor": "Mitel", "30d_avg": 19, "90d_avg": 6, "product": "MiCollab", "cisa_kev": "yes", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "a928dc0f-2f08-4085-bbeb-e155ed5c98c8", "vulnerability": {"vulnId": "CVE-2022-2376", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a928dc0f-2f08-4085-bbeb-e155ed5c98c8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-23T18:28:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:28:11+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Directorist plugin | Class: cms | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-2376", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2376"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Directorist plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "74e17659-a21d-4ec0-bea1-236ef9bb9fdf", "vulnerability": {"vulnId": "CVE-2024-48307", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "74e17659-a21d-4ec0-bea1-236ef9bb9fdf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-24T07:06:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-24T07:06:45+00:00"}, "scope": {"notes": "Affected: JEECG / jeecg-boot | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-48307", "url": "https://www.cve.org/CVERecord?id=CVE-2024-48307"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "JEECG", "30d_avg": 9, "90d_avg": 3, "product": "jeecg-boot", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4d376872-b419-4fc6-b801-4e3bd9b971c6", "vulnerability": {"vulnId": "CVE-2021-38154", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4d376872-b419-4fc6-b801-4e3bd9b971c6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-03-11T05:09:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-11T05:09:48+00:00"}, "scope": {"notes": "Affected: Canon / Canon devices (various) | Class: printer | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-38154", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38154"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "printer", "7d_avg": 18, "vendor": "Canon", "30d_avg": 11, "90d_avg": 4, "product": "Canon devices (various)", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "1c50134f-c0ff-4d93-98d4-6d91614656a1", "vulnerability": {"vulnId": "CVE-2023-32563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1c50134f-c0ff-4d93-98d4-6d91614656a1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:50+00:00"}, "scope": {"notes": "Affected: Ivanti / Avalanche | Class: mobile-device-management | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-32563", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32563"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 9, "90d_avg": 3, "product": "Avalanche", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4b57d490-3af8-425d-acc3-fed3826bc7fa", "vulnerability": {"vulnId": "CVE-2024-45195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4b57d490-3af8-425d-acc3-fed3826bc7fa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-12-05T06:27:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:27+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-45195", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45195"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "OFBiz", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "ae670efa-9a8d-4ef0-ab36-f8f2a1c132cf", "vulnerability": {"vulnId": "CVE-2024-8181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ae670efa-9a8d-4ef0-ab36-f8f2a1c132cf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2024-09-29T21:40:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-29T21:40:59+00:00"}, "scope": {"notes": "Affected: FlowiseAI / Flowise | Class: ai-system | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8181", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8181"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 1, "vendor": "FlowiseAI", "30d_avg": 4, "90d_avg": 1, "product": "Flowise", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "07b02210-6b9e-4827-93fe-459ca31b18cc", "vulnerability": {"vulnId": "CVE-2024-7954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "07b02210-6b9e-4827-93fe-459ca31b18cc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-22T13:59:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-22T13:59:53+00:00"}, "scope": {"notes": "Affected: SPIP / SPIP | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7954", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7954"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "SPIP", "30d_avg": 5, "90d_avg": 2, "product": "SPIP", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3c43c66b-86aa-4151-9ae1-bd6f76602018", "vulnerability": {"vulnId": "CVE-2022-0592", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3c43c66b-86aa-4151-9ae1-bd6f76602018", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-08T21:43:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-08T21:43:23+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress MapSVG plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0592", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0592"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress MapSVG plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "915bd704-9de2-49d4-9af7-34317474b37b", "vulnerability": {"vulnId": "CVE-2022-1916", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "915bd704-9de2-49d4-9af7-34317474b37b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T18:26:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:26:06+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Active Products Tables for WooCommerce | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1916", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1916"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Active Products Tables for WooCommerce", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "6f51c4f0-0d01-4e79-b198-7e88eb0c814c", "vulnerability": {"vulnId": "CVE-2021-22053", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6f51c4f0-0d01-4e79-b198-7e88eb0c814c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:49+00:00"}, "scope": {"notes": "Affected: Spring / Spring Cloud Netflix | Class: web-app-framework | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22053", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22053"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "Spring", "30d_avg": 11, "90d_avg": 4, "product": "Spring Cloud Netflix", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "b9db9736-dc25-46f6-ac9a-e50441bfac6c", "vulnerability": {"vulnId": "CVE-2019-14251", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b9db9736-dc25-46f6-ac9a-e50441bfac6c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-01-14T22:01:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-14T22:01:10+00:00"}, "scope": {"notes": "Affected: Temenos / Temenos T24 | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-14251", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14251"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Temenos", "30d_avg": 11, "90d_avg": 4, "product": "Temenos T24", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "0621acab-e3ca-4ad9-8070-dab3ac96d5a7", "vulnerability": {"vulnId": "CVE-2023-5914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0621acab-e3ca-4ad9-8070-dab3ac96d5a7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2024-05-08T05:28:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-05-08T05:28:10+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix StoreFront | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5914", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5914"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 1, "90d_avg": 0, "product": "Citrix StoreFront", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "c4f8f434-f65e-43cf-a981-2954276ae613", "vulnerability": {"vulnId": "CVE-2020-5775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c4f8f434-f65e-43cf-a981-2954276ae613", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 58}, "timestamps": {"asserted_at": "2023-10-23T17:48:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T17:48:47+00:00"}, "scope": {"notes": "Affected: Canvas / Canvas LMS | Class: other-software | Severity: Medium (CVSS 5.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-5775", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5775"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Canvas", "30d_avg": 0, "90d_avg": 0, "product": "Canvas LMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.8, "vulnerability_severity": "Medium"}}]}
{"uuid": "46d0b2f1-93f7-424d-8537-27d98ba010ad", "vulnerability": {"vulnId": "CVE-2024-20404", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "46d0b2f1-93f7-424d-8537-27d98ba010ad", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2026-02-04T04:17:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-04T04:17:11+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco Finesse | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-20404", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20404"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco Finesse", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "7ed2d866-dc9d-4cda-a76b-d9d20fa22a05", "vulnerability": {"vulnId": "CVE-2026-34197", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7ed2d866-dc9d-4cda-a76b-d9d20fa22a05", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-04-24T16:01:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-24T16:01:56+00:00"}, "scope": {"notes": "Affected: Apache / ActiveMQ | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-34197", "url": "https://www.cve.org/CVERecord?id=CVE-2026-34197"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 9, "90d_avg": 3, "product": "ActiveMQ", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "3340cf59-ed30-4b81-ae79-6cce4ad8dd51", "vulnerability": {"vulnId": "CVE-2023-34133", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3340cf59-ed30-4b81-ae79-6cce4ad8dd51", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:50+00:00"}, "scope": {"notes": "Affected: SonicWall / SonicWall GMS and Analytics | Class: security-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-34133", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34133"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "SonicWall", "30d_avg": 21, "90d_avg": 7, "product": "SonicWall GMS and Analytics", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "fd38f4ca-679f-4e3e-b069-1cfae0fc7324", "vulnerability": {"vulnId": "CVE-2025-61666", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fd38f4ca-679f-4e3e-b069-1cfae0fc7324", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 87}, "timestamps": {"asserted_at": "2025-11-17T12:03:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-17T12:03:57+00:00"}, "scope": {"notes": "Affected: Traccar / Traccar | Class: device-management-platform | Severity: High (CVSS 8.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-61666", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61666"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Traccar", "30d_avg": 5, "90d_avg": 1, "product": "Traccar", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.7, "vulnerability_severity": "High"}}]}
{"uuid": "c590fa77-5338-478c-886f-cbf8002b93af", "vulnerability": {"vulnId": "CVE-2022-1386", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c590fa77-5338-478c-886f-cbf8002b93af", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-15T22:57:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T22:57:37+00:00"}, "scope": {"notes": "Affected: Wordpress / WordPress Fusion Builder plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1386", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1386"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 3, "product": "WordPress Fusion Builder plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "edfe336a-ccc9-45b5-8108-e578127648fa", "vulnerability": {"vulnId": "CVE-2022-31847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "edfe336a-ccc9-45b5-8108-e578127648fa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:18+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WN579X3 | Class: wireless-extender | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31847", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31847"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 0, "vendor": "WAVLINK", "30d_avg": 14, "90d_avg": 5, "product": "WAVLINK WN579X3", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2ad2e93e-c224-45d0-99f8-275257fa12fe", "vulnerability": {"vulnId": "CVE-2022-50993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2ad2e93e-c224-45d0-99f8-275257fa12fe", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-15T14:34:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-15T14:34:44+00:00"}, "scope": {"notes": "Affected: Weaver / Weaver E-Office | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-50993", "url": "https://www.cve.org/CVERecord?id=CVE-2022-50993"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Weaver", "30d_avg": 1, "90d_avg": 0, "product": "Weaver E-Office", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "758a533c-9164-4e39-8432-caf7eef53d96", "vulnerability": {"vulnId": "CVE-2024-50603", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "758a533c-9164-4e39-8432-caf7eef53d96", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-02-03T22:15:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-03T22:15:05+00:00"}, "scope": {"notes": "Affected: Aviatrix / Aviatrix Network Controller | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-50603", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50603"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Aviatrix", "30d_avg": 5, "90d_avg": 1, "product": "Aviatrix Network Controller", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "693fa6af-756e-4fd2-8697-b19a8748b080", "vulnerability": {"vulnId": "CVE-2025-5605", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "693fa6af-756e-4fd2-8697-b19a8748b080", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 43}, "timestamps": {"asserted_at": "2025-12-14T10:16:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-14T10:16:03+00:00"}, "scope": {"notes": "Affected: WSO2 / WSO2 multiple products | Class: other-software | Severity: Medium (CVSS 4.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-5605", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5605"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "WSO2", "30d_avg": 0, "90d_avg": 0, "product": "WSO2 multiple products", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "06fbed1a-274d-4111-a9f1-90540f6a1329", "vulnerability": {"vulnId": "CVE-2022-28219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "06fbed1a-274d-4111-a9f1-90540f6a1329", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:28+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine ADAudit Plus | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28219", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28219"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "Zoho", "30d_avg": 5, "90d_avg": 2, "product": "ManageEngine ADAudit Plus", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "43216603-0102-4916-9a65-88b3f879bd77", "vulnerability": {"vulnId": "CVE-2025-69200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "43216603-0102-4916-9a65-88b3f879bd77", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-01-18T14:08:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-18T14:08:56+00:00"}, "scope": {"notes": "Affected: phpMyFAQ / phpMyFAQ | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-69200", "url": "https://www.cve.org/CVERecord?id=CVE-2025-69200"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "phpMyFAQ", "30d_avg": 6, "90d_avg": 2, "product": "phpMyFAQ", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c18fa008-5221-4826-811b-1d1ea3bf2bc2", "vulnerability": {"vulnId": "CVE-2023-28770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c18fa008-5221-4826-811b-1d1ea3bf2bc2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-19T12:30:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T12:30:00+00:00"}, "scope": {"notes": "Affected: Zyxel / Zyxel DX5401-B0 | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-28770", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28770"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Zyxel", "30d_avg": 1, "90d_avg": 0, "product": "Zyxel DX5401-B0", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "eff0b8f4-1e70-4db9-9515-30405f688e0a", "vulnerability": {"vulnId": "CVE-2023-51409", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "eff0b8f4-1e70-4db9-9515-30405f688e0a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-05T12:11:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-05T12:11:14+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Jordy Meow AI Engine: ChatGPT Chatbot plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-51409", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51409"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress Jordy Meow AI Engine: ChatGPT Chatbot plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ebd01fce-4f97-4258-ad2b-f9508b66f226", "vulnerability": {"vulnId": "CVE-2022-26138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ebd01fce-4f97-4258-ad2b-f9508b66f226", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-26138", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26138"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Atlassian", "30d_avg": 6, "90d_avg": 11, "product": "Confluence", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "647b1570-a7e5-4959-b096-e7ae75b35e04", "vulnerability": {"vulnId": "CVE-2023-35813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "647b1570-a7e5-4959-b096-e7ae75b35e04", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-28T18:07:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-28T18:07:30+00:00"}, "scope": {"notes": "Affected: Sitecore / Experience Manager, Experience Platform, and Experience Commerce | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-35813", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35813"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Sitecore", "30d_avg": 5, "90d_avg": 2, "product": "Experience Manager, Experience Platform, and Experience Commerce", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6700b22d-b265-445a-a9b7-8c020897496c", "vulnerability": {"vulnId": "CVE-2022-35914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6700b22d-b265-445a-a9b7-8c020897496c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:36+00:00"}, "scope": {"notes": "Affected: GLPI (teclib) / GLPI | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-35914", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35914"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "GLPI (teclib)", "30d_avg": 5, "90d_avg": 2, "product": "GLPI", "cisa_kev": "yes", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "cf1ec218-7410-408d-8234-7cab5b283d05", "vulnerability": {"vulnId": "CVE-2022-47615", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cf1ec218-7410-408d-8234-7cab5b283d05", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-06T23:05:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-06T23:05:06+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress LearnPress plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-47615", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47615"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress LearnPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3c28a786-b52f-44be-92fb-c5c363781be6", "vulnerability": {"vulnId": "CVE-2019-12314", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3c28a786-b52f-44be-92fb-c5c363781be6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-12T18:48:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-12T18:48:37+00:00"}, "scope": {"notes": "Affected: Deltek / Deltek Maconomy | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12314", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12314"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Deltek", "30d_avg": 4, "90d_avg": 1, "product": "Deltek Maconomy", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "46593bef-000b-411c-accd-2e01d016cb4d", "vulnerability": {"vulnId": "CVE-2025-34049", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "46593bef-000b-411c-accd-2e01d016cb4d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T08:37:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-21T08:37:59+00:00"}, "scope": {"notes": "Affected: OptiLink / ONT1GEW | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34049", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34049"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "OptiLink", "30d_avg": 0, "90d_avg": 0, "product": "ONT1GEW", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "feca8ad5-44ef-44e9-8dec-f5a704cdba1f", "vulnerability": {"vulnId": "CVE-2023-32235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "feca8ad5-44ef-44e9-8dec-f5a704cdba1f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:49+00:00"}, "scope": {"notes": "Affected: Ghost / Ghost | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-32235", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32235"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 20, "vendor": "Ghost", "30d_avg": 12, "90d_avg": 4, "product": "Ghost", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "1e1b2817-6a2f-4309-9a61-305104d7ca0b", "vulnerability": {"vulnId": "CVE-2021-47795", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1e1b2817-6a2f-4309-9a61-305104d7ca0b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 87}, "timestamps": {"asserted_at": "2026-01-25T11:38:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T11:38:11+00:00"}, "scope": {"notes": "Affected: GeoVision / GeoVision GeoWebServer | Class: embedded-system | Severity: High (CVSS 8.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-47795", "url": "https://www.cve.org/CVERecord?id=CVE-2021-47795"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "GeoVision", "30d_avg": 1, "90d_avg": 0, "product": "GeoVision GeoWebServer", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.7, "vulnerability_severity": "High"}}]}
{"uuid": "ceda9f95-9d18-41af-9075-f998f6d052b8", "vulnerability": {"vulnId": "CVE-2025-0868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ceda9f95-9d18-41af-9075-f998f6d052b8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-06-08T20:31:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-08T20:31:38+00:00"}, "scope": {"notes": "Affected: Arc53 / DocsGPT | Class: ai-system | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-0868", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0868"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 1, "vendor": "Arc53", "30d_avg": 5, "90d_avg": 1, "product": "DocsGPT", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "9fae41ff-9a5f-499c-889c-b4372d865e26", "vulnerability": {"vulnId": "CVE-2018-19276", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9fae41ff-9a5f-499c-889c-b4372d865e26", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-05-28T21:39:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-28T21:39:18+00:00"}, "scope": {"notes": "Affected: OpenMRS / OpenMRS | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-19276", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19276"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "OpenMRS", "30d_avg": 9, "90d_avg": 3, "product": "OpenMRS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f2ab7200-b591-4cf0-8e5e-b62c9e606c0c", "vulnerability": {"vulnId": "CVE-2023-6023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f2ab7200-b591-4cf0-8e5e-b62c9e606c0c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-09-11T17:53:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-11T17:53:07+00:00"}, "scope": {"notes": "Affected: VertaAI / ModelDB | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6023", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6023"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "VertaAI", "30d_avg": 5, "90d_avg": 2, "product": "ModelDB", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "7de1b5f5-618b-4f34-9fd9-a675d97b8966", "vulnerability": {"vulnId": "CVE-2024-27564", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7de1b5f5-618b-4f34-9fd9-a675d97b8966", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-04-27T04:54:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-27T04:54:55+00:00"}, "scope": {"notes": "Affected: dirk1983 / chatgpt | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27564", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27564"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 18, "vendor": "dirk1983", "30d_avg": 9, "90d_avg": 3, "product": "chatgpt", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "115ad228-1bed-4b3e-8428-a2dcc48ceace", "vulnerability": {"vulnId": "CVE-2021-42567", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "115ad228-1bed-4b3e-8428-a2dcc48ceace", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T18:16:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:16:06+00:00"}, "scope": {"notes": "Affected: Apereo / CAS | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-42567", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42567"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Apereo", "30d_avg": 1, "90d_avg": 0, "product": "CAS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "1110eb0a-8dba-45d9-9390-efdadb8556c1", "vulnerability": {"vulnId": "CVE-2019-20933", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1110eb0a-8dba-45d9-9390-efdadb8556c1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:10+00:00"}, "scope": {"notes": "Affected: InfluxData / InfluxDB | Class: database | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-20933", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20933"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 0, "vendor": "InfluxData", "30d_avg": 5, "90d_avg": 1, "product": "InfluxDB", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8dc4f41f-619f-4236-94d6-39d4b59eea99", "vulnerability": {"vulnId": "CVE-2024-39713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8dc4f41f-619f-4236-94d6-39d4b59eea99", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2024-11-07T19:27:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-11-07T19:27:09+00:00"}, "scope": {"notes": "Affected: Rocket.Chat / Rocket.Chat | Class: other-software | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-39713", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39713"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Rocket.Chat", "30d_avg": 5, "90d_avg": 2, "product": "Rocket.Chat", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "bda99d49-054b-4e2f-ac5b-9f319e071a50", "vulnerability": {"vulnId": "CVE-2022-0786", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "bda99d49-054b-4e2f-ac5b-9f319e071a50", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:13:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:13:03+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress KiviCare plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0786", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0786"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 6, "90d_avg": 2, "product": "Wordpress KiviCare plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "de7eee78-c3a9-449f-8aa1-332702774d1c", "vulnerability": {"vulnId": "CVE-2025-8085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "de7eee78-c3a9-449f-8aa1-332702774d1c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-11-14T03:31:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-14T03:31:47+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Ditty plugin | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-8085", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8085"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress Ditty plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "9cfcdcfb-2d0f-4106-8eb0-224605a38ece", "vulnerability": {"vulnId": "CVE-2022-29081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9cfcdcfb-2d0f-4106-8eb0-224605a38ece", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T18:14:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:14:14+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine Access Manager Plus, Password Manager Pro, PAM360 | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29081", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29081"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "Zoho", "30d_avg": 6, "90d_avg": 2, "product": "ManageEngine Access Manager Plus, Password Manager Pro, PAM360", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9c35ef38-7a67-4ff0-a3c5-5e29dcbbabb9", "vulnerability": {"vulnId": "CVE-2022-40843", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9c35ef38-7a67-4ff0-a3c5-5e29dcbbabb9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 49}, "timestamps": {"asserted_at": "2025-06-05T00:29:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-05T00:29:15+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda AC1200 V-W15Ev2 | Class: router | Severity: Medium (CVSS 4.9) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-40843", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40843"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Tenda", "30d_avg": 1, "90d_avg": 0, "product": "Tenda AC1200 V-W15Ev2", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 4.9, "vulnerability_severity": "Medium"}}]}
{"uuid": "d451776f-25e5-4c7f-bc0f-fc957d075a48", "vulnerability": {"vulnId": "CVE-2026-41176", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d451776f-25e5-4c7f-bc0f-fc957d075a48", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-13T13:00:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-13T13:00:00+00:00"}, "scope": {"notes": "Affected: Rclone / Rclone | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-41176", "url": "https://www.cve.org/CVERecord?id=CVE-2026-41176"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Rclone", "30d_avg": 10, "90d_avg": 3, "product": "Rclone", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b8ca3087-06b5-45b9-969b-70085873f4f2", "vulnerability": {"vulnId": "CVE-2018-10823", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b8ca3087-06b5-45b9-969b-70085873f4f2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-02-06T12:28:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-06T12:28:44+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DWR series | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-10823", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10823"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 1, "product": "D-Link DWR series", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "78f8157b-48ab-4003-a833-8f5cfbfb955f", "vulnerability": {"vulnId": "CVE-2025-47188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "78f8157b-48ab-4003-a833-8f5cfbfb955f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2026-01-28T06:25:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-28T06:25:40+00:00"}, "scope": {"notes": "Affected: Mitel / Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, 6970 Conference Unit | Class: voip | Severity: Medium (CVSS 6.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-47188", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47188"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "voip", "7d_avg": 0, "vendor": "Mitel", "30d_avg": 0, "90d_avg": 0, "product": "Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, 6970 Conference Unit", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "cf44aef9-6847-41f7-9c7a-d9fc10802c7a", "vulnerability": {"vulnId": "CVE-2021-20123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cf44aef9-6847-41f7-9c7a-d9fc10802c7a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-09-04T13:41:46+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-04T13:41:46+00:00"}, "scope": {"notes": "Affected: Draytek / VigorConnect | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20123", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20123"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Draytek", "30d_avg": 11, "90d_avg": 3, "product": "VigorConnect", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "41cc127a-0292-487c-a902-be5053a8e114", "vulnerability": {"vulnId": "CVE-2024-20439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "41cc127a-0292-487c-a902-be5053a8e114", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-02T17:59:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-02T17:59:29+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco Smart Licensing Utility (CSLU) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-20439", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20439"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Cisco", "30d_avg": 6, "90d_avg": 2, "product": "Cisco Smart Licensing Utility (CSLU)", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3e7822c9-061b-4024-bc64-5c71c88e19cf", "vulnerability": {"vulnId": "CVE-2019-7254", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3e7822c9-061b-4024-bc64-5c71c88e19cf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: Linear / eMerge E3-Series | Class: other-software | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-7254", "url": "https://www.cve.org/CVERecord?id=CVE-2019-7254"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Linear", "30d_avg": 10, "90d_avg": 3, "product": "eMerge E3-Series", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "f3c49e71-0fc6-4bf2-8ae3-1ca6bdbd9010", "vulnerability": {"vulnId": "CVE-2024-50967", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f3c49e71-0fc6-4bf2-8ae3-1ca6bdbd9010", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-06-27T10:55:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-27T10:55:52+00:00"}, "scope": {"notes": "Affected: becon / DATAGERRY | Class: database | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-50967", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50967"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 0, "vendor": "becon", "30d_avg": 5, "90d_avg": 1, "product": "DATAGERRY", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "587b8733-afba-4411-8332-68822ad8c62a", "vulnerability": {"vulnId": "CVE-2021-35395", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "587b8733-afba-4411-8332-68822ad8c62a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-01T07:54:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-01T07:54:50+00:00"}, "scope": {"notes": "Affected: Realtek / Realtek SDK | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 60", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-35395", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35395"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 4, "vendor": "Realtek", "30d_avg": 7, "90d_avg": 3, "product": "Realtek SDK", "cisa_kev": "yes", "connections": 60, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3e52897a-2f22-47d9-ba70-9368ca880c5e", "vulnerability": {"vulnId": "CVE-2020-10770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3e52897a-2f22-47d9-ba70-9368ca880c5e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-23T16:04:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T16:04:20+00:00"}, "scope": {"notes": "Affected: Keycloak / Keycloak | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10770", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10770"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Keycloak", "30d_avg": 0, "90d_avg": 0, "product": "Keycloak", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "7ac5a1fb-2744-4270-ba4a-907ce510b1e6", "vulnerability": {"vulnId": "CVE-2018-14912", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7ac5a1fb-2744-4270-ba4a-907ce510b1e6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T20:53:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:53:29+00:00"}, "scope": {"notes": "Affected: CGit / CGit | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-14912", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14912"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "CGit", "30d_avg": 5, "90d_avg": 1, "product": "CGit", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "15390dce-ce0d-4e0a-8413-0c1f9ebfc08e", "vulnerability": {"vulnId": "CVE-2025-34067", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "15390dce-ce0d-4e0a-8413-0c1f9ebfc08e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T16:54:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-21T16:54:43+00:00"}, "scope": {"notes": "Affected: Hikvision / Management-Platform | Class: device-management-platform | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34067", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34067"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Hikvision", "30d_avg": 0, "90d_avg": 0, "product": "Management-Platform", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "3c9bad09-d0d8-4160-86e5-df6a3a96b573", "vulnerability": {"vulnId": "CVE-2020-1956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3c9bad09-d0d8-4160-86e5-df6a3a96b573", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-05-11T07:31:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-11T07:31:41+00:00"}, "scope": {"notes": "Affected: Apache / Apache Kylin | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-1956", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1956"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 10, "90d_avg": 3, "product": "Apache Kylin", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "7946377a-c969-4b91-aaac-482b4c01d880", "vulnerability": {"vulnId": "CVE-2022-1439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7946377a-c969-4b91-aaac-482b4c01d880", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T18:24:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:24:58+00:00"}, "scope": {"notes": "Affected: Microweber / Microweber | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1439", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1439"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Microweber", "30d_avg": 0, "90d_avg": 0, "product": "Microweber", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "645b4732-067e-4a76-9b00-a458d4329323", "vulnerability": {"vulnId": "CVE-2022-28290", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "645b4732-067e-4a76-9b00-a458d4329323", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2026-05-16T10:01:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T10:01:07+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Country Selector plugin | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28290", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28290"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 1, "90d_avg": 0, "product": "Wordpress Country Selector plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "ca03c7f5-96d6-4e4f-a5db-8122bad44024", "vulnerability": {"vulnId": "CVE-2021-22122", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ca03c7f5-96d6-4e4f-a5db-8122bad44024", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T17:56:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T17:56:07+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiWeb | Class: firewall | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22122", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22122"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Fortinet", "30d_avg": 0, "90d_avg": 0, "product": "FortiWeb", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "9715bc82-cf49-4a3e-917d-94ebf86750d9", "vulnerability": {"vulnId": "CVE-2025-34031", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9715bc82-cf49-4a3e-917d-94ebf86750d9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T08:42:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-21T08:42:43+00:00"}, "scope": {"notes": "Affected: Moodle / Moodle JSmol plugin | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34031", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34031"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Moodle", "30d_avg": 3, "90d_avg": 1, "product": "Moodle JSmol plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "7c59a795-de4b-4c7b-b3a7-747bf9e39b82", "vulnerability": {"vulnId": "CVE-2023-49070", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7c59a795-de4b-4c7b-b3a7-747bf9e39b82", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-28T18:07:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-28T18:07:49+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-49070", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49070"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "OFBiz", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fb598136-21d2-46cf-845f-8543153c279e", "vulnerability": {"vulnId": "CVE-2019-17503", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fb598136-21d2-46cf-845f-8543153c279e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-23T09:36:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T09:36:38+00:00"}, "scope": {"notes": "Affected: Kirona / Kirona Dynamic Resource Scheduling (DRS) | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-17503", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17503"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Kirona", "30d_avg": 0, "90d_avg": 0, "product": "Kirona Dynamic Resource Scheduling (DRS)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "db222f80-a5c0-4cfa-a24f-6d35bd54958e", "vulnerability": {"vulnId": "CVE-2022-23961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "db222f80-a5c0-4cfa-a24f-6d35bd54958e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-18T22:53:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T22:53:21+00:00"}, "scope": {"notes": "Affected: Thruk / Thruk | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-23961", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23961"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Thruk", "30d_avg": 1, "90d_avg": 0, "product": "Thruk", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "a45e45e1-5b1a-4193-9f56-bd53707952c5", "vulnerability": {"vulnId": "CVE-2021-21805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a45e45e1-5b1a-4193-9f56-bd53707952c5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:48+00:00"}, "scope": {"notes": "Affected: Advantech / R-SeeNet | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21805", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21805"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Advantech", "30d_avg": 5, "90d_avg": 1, "product": "R-SeeNet", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "466fadcd-435f-455f-9337-b455a9eb5b6b", "vulnerability": {"vulnId": "CVE-2024-8522", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "466fadcd-435f-455f-9337-b455a9eb5b6b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-06-08T12:12:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-06-08T12:12:59+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress LearnPress plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8522", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8522"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress LearnPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d4ee5da4-e442-4431-9e35-9cfbd7d86111", "vulnerability": {"vulnId": "CVE-2017-10974", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d4ee5da4-e442-4431-9e35-9cfbd7d86111", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:55:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:19+00:00"}, "scope": {"notes": "Affected: Yaws / Yaws | Class: web-server | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-10974", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10974"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "Yaws", "30d_avg": 5, "90d_avg": 1, "product": "Yaws", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "aabb6d8b-0b54-4deb-b0b3-6e4fe3a31a30", "vulnerability": {"vulnId": "CVE-2021-41569", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "aabb6d8b-0b54-4deb-b0b3-6e4fe3a31a30", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-11-25T22:42:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-25T22:42:16+00:00"}, "scope": {"notes": "Affected: SAS Institute / SAS/IntrNet | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-41569", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41569"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "SAS Institute", "30d_avg": 5, "90d_avg": 1, "product": "SAS/IntrNet", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2f34b1af-03af-4455-9216-0e051dca40ac", "vulnerability": {"vulnId": "CVE-2023-3710", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2f34b1af-03af-4455-9216-0e051dca40ac", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-06T20:33:11+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-06T20:33:11+00:00"}, "scope": {"notes": "Affected: Honeywell / Honeywell PM43 | Class: printer | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-3710", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3710"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "printer", "7d_avg": 1, "vendor": "Honeywell", "30d_avg": 5, "90d_avg": 2, "product": "Honeywell PM43", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "102285ae-a941-431d-b676-3211ac3ca0f2", "vulnerability": {"vulnId": "CVE-2023-26067", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "102285ae-a941-431d-b676-3211ac3ca0f2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2023-10-14T14:57:45+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:45+00:00"}, "scope": {"notes": "Affected: Lexmark / Lexmark | Class: printer | Severity: High (CVSS 8.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26067"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "printer", "7d_avg": 1, "vendor": "Lexmark", "30d_avg": 5, "90d_avg": 2, "product": "Lexmark", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "9d59f32d-6302-433c-97b0-4aeab4c579f2", "vulnerability": {"vulnId": "CVE-2020-14864", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9d59f32d-6302-433c-97b0-4aeab4c579f2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-01-10T09:56:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-10T09:56:13+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Business Intelligence (Oracle Fusion Middleware | Class: business-intelligence | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-14864", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14864"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "business-intelligence", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 10, "90d_avg": 3, "product": "Oracle Business Intelligence (Oracle Fusion Middleware", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "4d2bbd9b-ea1e-4f34-b7ba-1221575b8004", "vulnerability": {"vulnId": "CVE-2023-4542", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4d2bbd9b-ea1e-4f34-b7ba-1221575b8004", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-18T08:57:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-18T08:57:51+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DAR-8000-10 | Class: wireless-extender | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4542", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4542"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 1, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 2, "product": "D-Link DAR-8000-10", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "af022930-40ea-40b5-b355-9cbe38224001", "vulnerability": {"vulnId": "CVE-2020-8115", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "af022930-40ea-40b5-b355-9cbe38224001", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T17:49:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T17:49:58+00:00"}, "scope": {"notes": "Affected: Revive / Revive Adserver | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8115", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8115"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Revive", "30d_avg": 0, "90d_avg": 0, "product": "Revive Adserver", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "a5156856-c2ae-428b-97ec-a1323da2db7d", "vulnerability": {"vulnId": "CVE-2024-21893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a5156856-c2ae-428b-97ec-a1323da2db7d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 82}, "timestamps": {"asserted_at": "2024-02-03T01:58:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-03T01:58:22+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti Connect Secure, Policy Secure and Ivanti Neurons for ZTA | Class: vpn | Severity: High (CVSS 8.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-21893", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21893"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 2, "vendor": "Ivanti", "30d_avg": 3, "90d_avg": 1, "product": "Ivanti Connect Secure, Policy Secure and Ivanti Neurons for ZTA", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.2, "vulnerability_severity": "High"}}]}
{"uuid": "88f15c15-8631-4081-afae-fd4379ef9547", "vulnerability": {"vulnId": "CVE-2013-2678", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "88f15c15-8631-4081-afae-fd4379ef9547", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2025-08-21T07:51:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-21T07:51:59+00:00"}, "scope": {"notes": "Affected: Linksys / Linksys E Series | Class: router | Severity: High (CVSS 8.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2013-2678", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2678"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Linksys", "30d_avg": 0, "90d_avg": 0, "product": "Linksys E Series", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "c237076b-cae4-4929-b27e-670c8c7257c7", "vulnerability": {"vulnId": "CVE-2021-24285", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c237076b-cae4-4929-b27e-670c8c7257c7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:51+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Car Seller - Auto Classifieds Script plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24285", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24285"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 2, "product": "Wordpress Car Seller - Auto Classifieds Script plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7bd2b90e-27aa-4d6d-89ff-bdd22f22d9d4", "vulnerability": {"vulnId": "CVE-2018-16059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7bd2b90e-27aa-4d6d-89ff-bdd22f22d9d4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-19T18:02:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T18:02:19+00:00"}, "scope": {"notes": "Affected: Endress+Hauser / WirelessHART Fieldgate SWG70 | Class: router | Severity: Medium (CVSS 5.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-16059", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16059"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Endress+Hauser", "30d_avg": 1, "90d_avg": 0, "product": "WirelessHART Fieldgate SWG70", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "c8bdec4d-2798-4c63-b6c7-149077e8c0b5", "vulnerability": {"vulnId": "CVE-2023-27587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c8bdec4d-2798-4c63-b6c7-149077e8c0b5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-23T23:23:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T23:23:29+00:00"}, "scope": {"notes": "Affected: ReadtoMyShoe / ReadtoMyShoe | Class: other-software | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27587", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27587"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "ReadtoMyShoe", "30d_avg": 1, "90d_avg": 0, "product": "ReadtoMyShoe", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "ffbdcbec-0280-42b3-8cda-204fb0c41f27", "vulnerability": {"vulnId": "CVE-2023-35844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ffbdcbec-0280-42b3-8cda-204fb0c41f27", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-11-26T19:03:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-26T19:03:04+00:00"}, "scope": {"notes": "Affected: Lightdash / Lightdash | Class: business-intelligence | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-35844", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35844"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "business-intelligence", "7d_avg": 0, "vendor": "Lightdash", "30d_avg": 5, "90d_avg": 1, "product": "Lightdash", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c45fb8ed-e753-4d21-8594-6491bad37976", "vulnerability": {"vulnId": "CVE-2025-71284", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c45fb8ed-e753-4d21-8594-6491bad37976", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-05-15T14:34:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-15T14:34:17+00:00"}, "scope": {"notes": "Affected: Synway Information Engineering / Synway SMG Gateway Management Software | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-71284", "url": "https://www.cve.org/CVERecord?id=CVE-2025-71284"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Synway Information Engineering", "30d_avg": 0, "90d_avg": 0, "product": "Synway SMG Gateway Management Software", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fab34186-b5d4-4746-be8f-7e399bce80f3", "vulnerability": {"vulnId": "CVE-2023-1454", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fab34186-b5d4-4746-be8f-7e399bce80f3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:42+00:00"}, "scope": {"notes": "Affected: JEECG / jeecg-boot | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-1454", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1454"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "JEECG", "30d_avg": 5, "90d_avg": 2, "product": "jeecg-boot", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "88acf6a6-ade9-443d-a830-5de9ff6a5da5", "vulnerability": {"vulnId": "CVE-2025-34044", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "88acf6a6-ade9-443d-a830-5de9ff6a5da5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-29T16:41:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-29T16:41:59+00:00"}, "scope": {"notes": "Affected: Shenzhen Lingkong Technology / WIFISKY 7-layer flow control router | Class: router | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34044", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34044"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Shenzhen Lingkong Technology", "30d_avg": 0, "90d_avg": 0, "product": "WIFISKY 7-layer flow control router", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "1da436b9-e365-4632-b223-28e78e944f3f", "vulnerability": {"vulnId": "CVE-2024-28255", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1da436b9-e365-4632-b223-28e78e944f3f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-20T22:28:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-20T22:28:14+00:00"}, "scope": {"notes": "Affected: OpenMetadata / OpenMetadata | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-28255", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28255"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "OpenMetadata", "30d_avg": 5, "90d_avg": 2, "product": "OpenMetadata", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fe4d6b85-ce22-446f-bd7e-59e4b69db965", "vulnerability": {"vulnId": "CVE-2020-16846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fe4d6b85-ce22-446f-bd7e-59e4b69db965", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T00:28:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T00:28:16+00:00"}, "scope": {"notes": "Affected: SaltStack / Salt | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 24", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-16846", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16846"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 4, "vendor": "SaltStack", "30d_avg": 12, "90d_avg": 5, "product": "Salt", "cisa_kev": "yes", "connections": 24, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "28212077-72e6-42e2-9ef0-5039766f3793", "vulnerability": {"vulnId": "CVE-2023-35885", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "28212077-72e6-42e2-9ef0-5039766f3793", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-14T13:01:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-02-14T13:01:29+00:00"}, "scope": {"notes": "Affected: CloudPanel / CloudPanel | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-35885", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35885"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "CloudPanel", "30d_avg": 10, "90d_avg": 3, "product": "CloudPanel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "143f284d-8a4f-4627-9bcb-71c0b19ec736", "vulnerability": {"vulnId": "CVE-2025-25037", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "143f284d-8a4f-4627-9bcb-71c0b19ec736", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-18T05:25:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-18T05:25:24+00:00"}, "scope": {"notes": "Affected: Aquatronica / Aquatronica Control System | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-25037", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25037"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Aquatronica", "30d_avg": 6, "90d_avg": 2, "product": "Aquatronica Control System", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "39455aa1-fb3f-4027-82cf-8e98f5141862", "vulnerability": {"vulnId": "CVE-2021-39211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "39455aa1-fb3f-4027-82cf-8e98f5141862", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-18T18:13:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:13:54+00:00"}, "scope": {"notes": "Affected: GLPI / GLPI | Class: device-management-platform | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-39211", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39211"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "GLPI", "30d_avg": 0, "90d_avg": 0, "product": "GLPI", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "8f15b100-3c1c-4b3d-bc96-20cd1f135d9c", "vulnerability": {"vulnId": "CVE-2016-10372", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8f15b100-3c1c-4b3d-bc96-20cd1f135d9c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:01:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:01:26+00:00"}, "scope": {"notes": "Affected: Zyxel / Eir D1000 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 338", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-10372", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10372"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "279", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 279, "vendor": "Zyxel", "30d_avg": 245, "90d_avg": 263, "product": "Eir D1000", "cisa_kev": "no", "connections": 338, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "81f087dc-3f2d-4aa6-a703-cd4be8fc6f62", "vulnerability": {"vulnId": "CVE-2024-29895", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "81f087dc-3f2d-4aa6-a703-cd4be8fc6f62", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-06T02:53:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-06T02:53:16+00:00"}, "scope": {"notes": "Affected: Cacti / Cacti | Class: network-monitoring | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-29895", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29895"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 0, "vendor": "Cacti", "30d_avg": 5, "90d_avg": 1, "product": "Cacti", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c1eb5521-93cf-45f9-bf45-05700c21f94b", "vulnerability": {"vulnId": "CVE-2022-39986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c1eb5521-93cf-45f9-bf45-05700c21f94b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:38+00:00"}, "scope": {"notes": "Affected: RaspAP / RaspAP | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-39986", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39986"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "RaspAP", "30d_avg": 5, "90d_avg": 2, "product": "RaspAP", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "83cc57e5-42ef-41db-a3c3-4a90d09f3b49", "vulnerability": {"vulnId": "CVE-2025-6205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "83cc57e5-42ef-41db-a3c3-4a90d09f3b49", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2025-11-17T12:03:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-17T12:03:44+00:00"}, "scope": {"notes": "Affected: Dassualt Systems / DELMIA Apriso | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-6205", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6205"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Dassualt Systems", "30d_avg": 14, "90d_avg": 4, "product": "DELMIA Apriso", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "5d38831c-d447-4597-83f1-5209fc378b73", "vulnerability": {"vulnId": "CVE-2020-13158", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5d38831c-d447-4597-83f1-5209fc378b73", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:20+00:00"}, "scope": {"notes": "Affected: Artica / Artica Proxy | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-13158", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13158"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Artica", "30d_avg": 5, "90d_avg": 1, "product": "Artica Proxy", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "9f647ea8-75e1-4196-a0e0-b53e9accbd18", "vulnerability": {"vulnId": "CVE-2024-37032", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9f647ea8-75e1-4196-a0e0-b53e9accbd18", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-08-22T07:13:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-22T07:13:35+00:00"}, "scope": {"notes": "Affected: Ollama / Ollama | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-37032", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37032"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Ollama", "30d_avg": 5, "90d_avg": 1, "product": "Ollama", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "2acffa01-35f3-454a-99cc-a856be6f2fe9", "vulnerability": {"vulnId": "CVE-2021-27358", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2acffa01-35f3-454a-99cc-a856be6f2fe9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-01T17:07:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-01T17:07:58+00:00"}, "scope": {"notes": "Affected: Grafana / Grafana | Class: data-visualization | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27358"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "data-visualization", "7d_avg": 1, "vendor": "Grafana", "30d_avg": 6, "90d_avg": 2, "product": "Grafana", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "0fb50dc8-e858-4c50-9d0b-734fdc40a722", "vulnerability": {"vulnId": "CVE-2023-31059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0fb50dc8-e858-4c50-9d0b-734fdc40a722", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-01-13T05:23:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-13T05:23:42+00:00"}, "scope": {"notes": "Affected: Hot-World GmbH / Repetier Server | Class: printer | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-31059", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31059"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "printer", "7d_avg": 0, "vendor": "Hot-World GmbH", "30d_avg": 5, "90d_avg": 1, "product": "Repetier Server", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "eddbb260-fa33-4730-b574-3545b6b0f334", "vulnerability": {"vulnId": "CVE-2024-52875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "eddbb260-fa33-4730-b574-3545b6b0f334", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-02-06T17:41:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-02-06T17:41:26+00:00"}, "scope": {"notes": "Affected: GFI / Kerio Control | Class: firewall | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-52875", "url": "https://www.cve.org/CVERecord?id=CVE-2024-52875"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "GFI", "30d_avg": 9, "90d_avg": 3, "product": "Kerio Control", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "19e9acc0-f581-4f83-a2df-7468531f7fad", "vulnerability": {"vulnId": "CVE-2023-31465", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "19e9acc0-f581-4f83-a2df-7468531f7fad", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-15T03:36:06+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-15T03:36:06+00:00"}, "scope": {"notes": "Affected: FSMLabs / TimeKeeper | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-31465", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31465"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "FSMLabs", "30d_avg": 5, "90d_avg": 2, "product": "TimeKeeper", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "da06397a-ad48-417a-9c50-6eca54e72ab2", "vulnerability": {"vulnId": "CVE-2022-1574", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "da06397a-ad48-417a-9c50-6eca54e72ab2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-18T08:50:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-18T08:50:24+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress HTML2WP plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1574", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1574"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 9, "90d_avg": 3, "product": "Wordpress HTML2WP plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "83bd92e5-c94e-44e9-aba5-40d943de390f", "vulnerability": {"vulnId": "CVE-2023-45852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "83bd92e5-c94e-44e9-aba5-40d943de390f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-01T13:57:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-01T13:57:35+00:00"}, "scope": {"notes": "Affected: Viessmann / Vitogate 300 BN/MB | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-45852", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45852"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Viessmann", "30d_avg": 5, "90d_avg": 2, "product": "Vitogate 300 BN/MB", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "29967157-8117-47ef-a76f-296a9fbffc5e", "vulnerability": {"vulnId": "CVE-2022-40022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "29967157-8117-47ef-a76f-296a9fbffc5e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:38+00:00"}, "scope": {"notes": "Affected: Microchip Technology (Microsemi) / SyncServer | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-40022", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40022"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Microchip Technology (Microsemi)", "30d_avg": 5, "90d_avg": 2, "product": "SyncServer", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c15aca77-ad9d-469f-be59-11e53c683d8d", "vulnerability": {"vulnId": "CVE-2021-36356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c15aca77-ad9d-469f-be59-11e53c683d8d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:01+00:00"}, "scope": {"notes": "Affected: Kramer / VIAware | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-36356", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36356"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 2, "vendor": "Kramer", "30d_avg": 21, "90d_avg": 7, "product": "VIAware", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4b96b412-1e44-4c88-9918-a02f19810cfb", "vulnerability": {"vulnId": "CVE-2025-20362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4b96b412-1e44-4c88-9918-a02f19810cfb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-10-13T09:31:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-13T09:31:52+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco ASA and Cisco Firepower Threat Defense | Class: firewall | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-20362", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20362"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "Cisco", "30d_avg": 1, "90d_avg": 0, "product": "Cisco ASA and Cisco Firepower Threat Defense", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "fcd06e9b-a078-4965-ad1f-d936904df4c9", "vulnerability": {"vulnId": "CVE-2022-0760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fcd06e9b-a078-4965-ad1f-d936904df4c9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:09:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:09:43+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Simple Link Directory plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0760", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0760"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Simple Link Directory plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6c5b3e2c-a13c-43c1-979f-327168cdb0f1", "vulnerability": {"vulnId": "CVE-2026-21858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6c5b3e2c-a13c-43c1-979f-327168cdb0f1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2026-01-27T23:40:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-27T23:40:56+00:00"}, "scope": {"notes": "Affected: n8n / n8n | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 26", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-21858", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21858"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "n8n", "30d_avg": 0, "90d_avg": 0, "product": "n8n", "cisa_kev": "no", "connections": 26, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "26e32a17-fa60-4019-b093-0a38fbbdf124", "vulnerability": {"vulnId": "CVE-2018-18852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "26e32a17-fa60-4019-b093-0a38fbbdf124", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-08-15T08:02:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-15T08:02:00+00:00"}, "scope": {"notes": "Affected: CERIO / CERIO DT-300N | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-18852", "url": "https://www.cve.org/CVERecord?id=CVE-2018-18852"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "CERIO", "30d_avg": 1, "90d_avg": 0, "product": "CERIO DT-300N", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "69010bd9-ed03-4693-b27f-5c527d0b3d55", "vulnerability": {"vulnId": "EDB-48061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "69010bd9-ed03-4693-b27f-5c527d0b3d55", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-19T01:15:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T01:15:15+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress wordfence plugin | Class: cms | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-48061", "url": "https://www.exploit-db.com/exploits/48061"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress wordfence plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "c55dcffc-bb10-4d60-b7cf-af14d241131b", "vulnerability": {"vulnId": "CVE-2021-3708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c55dcffc-bb10-4d60-b7cf-af14d241131b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 55}, "timestamps": {"asserted_at": "2023-10-20T03:23:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-20T03:23:18+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DSL-2750U | Class: router | Severity: Medium (CVSS 5.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-3708", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3708"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DSL-2750U", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "15df7343-fa90-4538-baf6-f5ca5432c674", "vulnerability": {"vulnId": "CVE-2025-57819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "15df7343-fa90-4538-baf6-f5ca5432c674", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-17T13:49:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-17T13:49:22+00:00"}, "scope": {"notes": "Affected: FreePBX / FreePBX | Class: ip-pbx | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-57819", "url": "https://www.cve.org/CVERecord?id=CVE-2025-57819"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ip-pbx", "7d_avg": 0, "vendor": "FreePBX", "30d_avg": 4, "90d_avg": 1, "product": "FreePBX", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f6744628-91d3-4236-af3a-0b3ec1aaa027", "vulnerability": {"vulnId": "CVE-2019-2725", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f6744628-91d3-4236-af3a-0b3ec1aaa027", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T06:00:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T06:00:24+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Weblogic Server | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-2725", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 3, "vendor": "Oracle", "30d_avg": 21, "90d_avg": 8, "product": "Oracle Weblogic Server", "cisa_kev": "yes", "connections": 12, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6035a601-1b4d-42a0-bdb0-52404ff395e1", "vulnerability": {"vulnId": "CVE-2021-46379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6035a601-1b4d-42a0-bdb0-52404ff395e1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T18:19:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:19:18+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR850 | Class: router | Severity: Medium (CVSS 6.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-46379", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46379"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR850", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "872cbd8c-aa7a-4098-a3d0-2a12b6e52ada", "vulnerability": {"vulnId": "CVE-2020-26879", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "872cbd8c-aa7a-4098-a3d0-2a12b6e52ada", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-11T17:59:33+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-11T17:59:33+00:00"}, "scope": {"notes": "Affected: Ruckus / Ruckus vRioT | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-26879", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26879"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Ruckus", "30d_avg": 6, "90d_avg": 2, "product": "Ruckus vRioT", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "736f5716-be8d-453e-a018-17dcb89fc446", "vulnerability": {"vulnId": "CVE-2023-41642", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "736f5716-be8d-453e-a018-17dcb89fc446", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2024-07-24T07:59:10+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-07-24T07:59:10+00:00"}, "scope": {"notes": "Affected: GruppoSCAI / RealGimm | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-41642", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41642"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "GruppoSCAI", "30d_avg": 0, "90d_avg": 0, "product": "RealGimm", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "070d503a-b725-41aa-a26e-b0de0ae36c93", "vulnerability": {"vulnId": "CVE-2025-10211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "070d503a-b725-41aa-a26e-b0de0ae36c93", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2026-01-31T16:30:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-31T16:30:54+00:00"}, "scope": {"notes": "Affected: ChanCMS / ChanCMS | Class: cms | Severity: Medium (CVSS 6.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-10211", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10211"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "ChanCMS", "30d_avg": 0, "90d_avg": 0, "product": "ChanCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "5fcb7903-6a89-45d7-9b06-f83ebc512725", "vulnerability": {"vulnId": "CVE-2023-1671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5fcb7903-6a89-45d7-9b06-f83ebc512725", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:42+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:42+00:00"}, "scope": {"notes": "Affected: Sophos / Sophos Web Appliance | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-1671", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1671"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "Sophos", "30d_avg": 5, "90d_avg": 2, "product": "Sophos Web Appliance", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "41d68fb7-9e97-4783-9b1b-2bfa513630b9", "vulnerability": {"vulnId": "CVE-2023-33246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "41d68fb7-9e97-4783-9b1b-2bfa513630b9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-15T00:37:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T00:37:13+00:00"}, "scope": {"notes": "Affected: Apache | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-33246", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33246"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "rocketmq-scan", "class": null, "7d_avg": 1, "vendor": "Apache", "30d_avg": 1, "90d_avg": 0, "product": "", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0565c3e3-acd8-4c88-a909-73b1e59e57aa", "vulnerability": {"vulnId": "CVE-2023-36934", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0565c3e3-acd8-4c88-a909-73b1e59e57aa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-14T14:57:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:52+00:00"}, "scope": {"notes": "Affected: Progress / MOVEit Transfer | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-36934", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36934"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Progress", "30d_avg": 10, "90d_avg": 3, "product": "MOVEit Transfer", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "0345101e-acf5-4a68-876b-033e61eb9704", "vulnerability": {"vulnId": "CVE-2022-25485", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0345101e-acf5-4a68-876b-033e61eb9704", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 78}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: CuppaCMS / CuppaCMS | Class: cms | Severity: High (CVSS 7.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-25485", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25485"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "CuppaCMS", "30d_avg": 5, "90d_avg": 2, "product": "CuppaCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.8, "vulnerability_severity": "High"}}]}
{"uuid": "430a46d9-5d7d-49d2-b27b-00e4a1a13a13", "vulnerability": {"vulnId": "CVE-2022-1768", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "430a46d9-5d7d-49d2-b27b-00e4a1a13a13", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:28+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress RSVPMaker plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1768", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1768"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress RSVPMaker plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "4e51fa89-edc1-43b9-bec4-5d8d90d9277a", "vulnerability": {"vulnId": "CVE-2024-20767", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4e51fa89-edc1-43b9-bec4-5d8d90d9277a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 82}, "timestamps": {"asserted_at": "2024-04-11T20:09:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-11T20:09:49+00:00"}, "scope": {"notes": "Affected: Adobe / ColdFusion | Class: app-server | Severity: High (CVSS 8.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-20767", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20767"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 18, "vendor": "Adobe", "30d_avg": 9, "90d_avg": 3, "product": "ColdFusion", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.2, "vulnerability_severity": "High"}}]}
{"uuid": "d5926c84-9008-4c1a-82f3-a35d85c9fe06", "vulnerability": {"vulnId": "CVE-2022-40881", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d5926c84-9008-4c1a-82f3-a35d85c9fe06", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:39+00:00"}, "scope": {"notes": "Affected: CONTEC / SolarView Compact | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-40881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40881"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "CONTEC", "30d_avg": 5, "90d_avg": 2, "product": "SolarView Compact", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5601f963-09d3-490a-85ee-7fe1ecaffe69", "vulnerability": {"vulnId": "CVE-2025-53364", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "5601f963-09d3-490a-85ee-7fe1ecaffe69", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-12-01T11:35:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-12-01T11:35:18+00:00"}, "scope": {"notes": "Affected: Parse Community / Parse Server | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-53364", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53364"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Parse Community", "30d_avg": 1, "90d_avg": 0, "product": "Parse Server", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "c561e829-7c26-4c48-ab09-03038b820c01", "vulnerability": {"vulnId": "CVE-2023-27640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c561e829-7c26-4c48-ab09-03038b820c01", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-04-27T04:54:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-27T04:54:26+00:00"}, "scope": {"notes": "Affected: PrestaShop / PrestaShop tshirtecommerce | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27640", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27640"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "PrestaShop", "30d_avg": 4, "90d_avg": 1, "product": "PrestaShop tshirtecommerce", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "4e79aba6-0acf-486d-8df6-1914f671179c", "vulnerability": {"vulnId": "CVE-2022-22956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4e79aba6-0acf-486d-8df6-1914f671179c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-25T17:58:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T17:58:02+00:00"}, "scope": {"notes": "Affected: VMware / VMware Workspace ONE Access | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22956", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22956"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "VMware", "30d_avg": 11, "90d_avg": 4, "product": "VMware Workspace ONE Access", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "cd476a05-8b80-4f62-8fef-a867f7cea803", "vulnerability": {"vulnId": "CVE-2021-24442", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cd476a05-8b80-4f62-8fef-a867f7cea803", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-06T20:33:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-06T20:33:15+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Poll, Survey, Questionnaire and Voting system plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24442", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24442"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Poll, Survey, Questionnaire and Voting system plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e373da88-0959-426a-8926-8be53c4cba9c", "vulnerability": {"vulnId": "CVE-2021-38647", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e373da88-0959-426a-8926-8be53c4cba9c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:57:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:02+00:00"}, "scope": {"notes": "Affected: Microsoft / Open Management Infrastructure (OMI) | Class: device-management-platform | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-38647", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38647"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Microsoft", "30d_avg": 5, "90d_avg": 2, "product": "Open Management Infrastructure (OMI)", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "4e9dafa6-cf38-4244-93f2-2424342a9ac0", "vulnerability": {"vulnId": "CVE-2018-7841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4e9dafa6-cf38-4244-93f2-2424342a9ac0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-24T04:56:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-24T04:56:24+00:00"}, "scope": {"notes": "Affected: Schneider Electric / Schneider Electric U.Motion Builder | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-7841", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7841"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Schneider Electric", "30d_avg": 5, "90d_avg": 2, "product": "Schneider Electric U.Motion Builder", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a58ae321-3d6d-4787-beb5-12788032a740", "vulnerability": {"vulnId": "CVE-2018-11222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a58ae321-3d6d-4787-beb5-12788032a740", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:55:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:27+00:00"}, "scope": {"notes": "Affected: Artica / Pandora FMS | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-11222", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11222"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Artica", "30d_avg": 5, "90d_avg": 1, "product": "Pandora FMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2ce59267-b63f-4bdc-9650-e23b35b55d0e", "vulnerability": {"vulnId": "CVE-2022-4050", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2ce59267-b63f-4bdc-9650-e23b35b55d0e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress JoomSport plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4050", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4050"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress JoomSport plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3639f41c-2c58-4d18-b119-eacf609af79a", "vulnerability": {"vulnId": "CVE-2023-31446", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3639f41c-2c58-4d18-b119-eacf609af79a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-21T16:46:52+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-21T16:46:52+00:00"}, "scope": {"notes": "Affected: Cassia / Cassia Gateway | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-31446", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31446"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Cassia", "30d_avg": 5, "90d_avg": 2, "product": "Cassia Gateway", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "61b8d6a8-8044-4846-a3d8-1c9a346e329c", "vulnerability": {"vulnId": "CVE-2021-21087", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "61b8d6a8-8044-4846-a3d8-1c9a346e329c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 54}, "timestamps": {"asserted_at": "2023-10-18T18:15:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T18:15:55+00:00"}, "scope": {"notes": "Affected: Adobe / ColdFusion | Class: app-server | Severity: Medium (CVSS 5.4) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21087", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21087"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "Adobe", "30d_avg": 0, "90d_avg": 0, "product": "ColdFusion", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.4, "vulnerability_severity": "Medium"}}]}
{"uuid": "66eb5610-e5cd-4679-b918-8dc27dd25083", "vulnerability": {"vulnId": "CVE-2023-6266", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "66eb5610-e5cd-4679-b918-8dc27dd25083", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-01T18:17:15+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-01T18:17:15+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Backup Migration plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6266", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6266"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Backup Migration plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "47857901-0979-431a-99d9-0e4e0511deec", "vulnerability": {"vulnId": "CVE-2023-43654", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "47857901-0979-431a-99d9-0e4e0511deec", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-26T03:32:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-26T03:32:02+00:00"}, "scope": {"notes": "Affected: PyTorch / PyTorch TorchServe | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-43654", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43654"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "PyTorch", "30d_avg": 5, "90d_avg": 1, "product": "PyTorch TorchServe", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b9dca629-5684-4c19-a578-74e54b6f40ca", "vulnerability": {"vulnId": "CVE-2024-32736", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b9dca629-5684-4c19-a578-74e54b6f40ca", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-01-22T16:42:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-01-22T16:42:58+00:00"}, "scope": {"notes": "Affected: CyberPanel / CyberPanel | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-32736", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32736"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "CyberPanel", "30d_avg": 4, "90d_avg": 1, "product": "CyberPanel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "07b08181-4339-4c99-a842-6a6aeaf83487", "vulnerability": {"vulnId": "CVE-2022-4063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "07b08181-4339-4c99-a842-6a6aeaf83487", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-19T00:13:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T00:13:22+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress InPost Gallery plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4063", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4063"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress InPost Gallery plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "127c8bab-77f9-4b20-b159-de4d6ed2ba73", "vulnerability": {"vulnId": "CNVD-2023-27598", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "127c8bab-77f9-4b20-b159-de4d6ed2ba73", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T21:26:05+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T21:26:05+00:00"}, "scope": {"notes": "Affected: Apache / Solr | Class: database | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 1, "vendor": "Apache", "30d_avg": 1, "90d_avg": 0, "product": "Solr", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "4a10fd25-1ae6-4b93-a4b2-69753077ff7a", "vulnerability": {"vulnId": "CVE-2021-27561", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4a10fd25-1ae6-4b93-a4b2-69753077ff7a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:17:18+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-13T16:17:18+00:00"}, "scope": {"notes": "Affected: Yealink / Yealink Device Management (DM) | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27561", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27561"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Yealink", "30d_avg": 5, "90d_avg": 2, "product": "Yealink Device Management (DM)", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6c9bcb78-e8db-492d-a2c2-441ce37bc4c2", "vulnerability": {"vulnId": "CVE-2021-43711", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6c9bcb78-e8db-492d-a2c2-441ce37bc4c2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Totolink / EX200 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-43711", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43711"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Totolink", "30d_avg": 12, "90d_avg": 4, "product": "EX200", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "33acd7cc-101d-4d2c-902f-6d624f64c19f", "vulnerability": {"vulnId": "CVE-2025-64095", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "33acd7cc-101d-4d2c-902f-6d624f64c19f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-02-23T14:33:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-02-23T14:33:28+00:00"}, "scope": {"notes": "Affected: DNN Corp / DNN (DotNetNuke) | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-64095", "url": "https://www.cve.org/CVERecord?id=CVE-2025-64095"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "DNN Corp", "30d_avg": 3, "90d_avg": 1, "product": "DNN (DotNetNuke)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "419ee5e8-9e53-46da-959f-f53fdfdc2db3", "vulnerability": {"vulnId": "CVE-2019-13372", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "419ee5e8-9e53-46da-959f-f53fdfdc2db3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-10T15:47:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-10T15:47:48+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link Central WiFi Manager CWM(100) | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-13372", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13372"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 2, "vendor": "D-Link", "30d_avg": 6, "90d_avg": 2, "product": "D-Link Central WiFi Manager CWM(100)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8f671e71-0c28-44e4-883f-330bdc1f2aa7", "vulnerability": {"vulnId": "CVE-2023-29300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8f671e71-0c28-44e4-883f-330bdc1f2aa7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:48+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:48+00:00"}, "scope": {"notes": "Affected: Adobe / ColdFusion | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-29300", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29300"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 1, "vendor": "Adobe", "30d_avg": 5, "90d_avg": 2, "product": "ColdFusion", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f39cebea-d82f-4bc6-9cbb-462e8896437c", "vulnerability": {"vulnId": "CVE-2021-28150", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f39cebea-d82f-4bc6-9cbb-462e8896437c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 55}, "timestamps": {"asserted_at": "2025-08-23T19:46:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-23T19:46:44+00:00"}, "scope": {"notes": "Affected: Hongdian / Hongdian H8922 | Class: router | Severity: Medium (CVSS 5.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-28150", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28150"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Hongdian", "30d_avg": 1, "90d_avg": 0, "product": "Hongdian H8922", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "f128a45d-790d-46e8-8a8e-2169284694ea", "vulnerability": {"vulnId": "CVE-2023-5222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f128a45d-790d-46e8-8a8e-2169284694ea", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-16T09:45:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-16T09:45:22+00:00"}, "scope": {"notes": "Affected: Viessmann / Vitogate 300 BN/MB | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5222", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5222"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Viessmann", "30d_avg": 11, "90d_avg": 4, "product": "Vitogate 300 BN/MB", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8ab41b8c-2308-44d1-ab1d-76e8effa145a", "vulnerability": {"vulnId": "CVE-2018-8006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8ab41b8c-2308-44d1-ab1d-76e8effa145a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-20T00:48:54+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-20T00:48:54+00:00"}, "scope": {"notes": "Affected: Apache / ActiveMQ | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-8006", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8006"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "ActiveMQ", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "9eca17db-804c-46d1-bc2d-ca3778d14874", "vulnerability": {"vulnId": "EDB-48260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9eca17db-804c-46d1-bc2d-ca3778d14874", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-19T01:31:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T01:31:02+00:00"}, "scope": {"notes": "Affected: Jinfornet / Jreport | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-48260", "url": "https://www.exploit-db.com/exploits/48260"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Jinfornet", "30d_avg": 0, "90d_avg": 0, "product": "Jreport", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "060d2e69-b22c-499e-bd3f-8f5c4daa7ba7", "vulnerability": {"vulnId": "CVE-2023-3368", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "060d2e69-b22c-499e-bd3f-8f5c4daa7ba7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T12:09:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T12:09:19+00:00"}, "scope": {"notes": "Affected: Chamilo / Chamilo | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-3368", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3368"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Chamilo", "30d_avg": 5, "90d_avg": 2, "product": "Chamilo", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "607b0853-1eae-427d-9dee-107327c0c0e0", "vulnerability": {"vulnId": "CVE-2020-17456", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "607b0853-1eae-427d-9dee-107327c0c0e0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:49+00:00"}, "scope": {"notes": "Affected: Seowon Intech / Seowon SLC-130, SLR-120S | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-17456", "url": "https://www.cve.org/CVERecord?id=CVE-2020-17456"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 2, "vendor": "Seowon Intech", "30d_avg": 11, "90d_avg": 4, "product": "Seowon SLC-130, SLR-120S", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4df2a752-6ed1-4db4-b1fe-2c152efd4ca9", "vulnerability": {"vulnId": "CVE-2022-4117", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4df2a752-6ed1-4db4-b1fe-2c152efd4ca9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress IWS - Geo Form Fields plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4117", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4117"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress IWS - Geo Form Fields plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1945c115-95ed-4f0e-84bc-37e537975ad6", "vulnerability": {"vulnId": "CVE-2022-47986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1945c115-95ed-4f0e-84bc-37e537975ad6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-14T14:57:41+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:41+00:00"}, "scope": {"notes": "Affected: IBM / Aspera Faspex | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-47986", "url": "https://www.cve.org/CVERecord?id=CVE-2022-47986"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "IBM", "30d_avg": 5, "90d_avg": 2, "product": "Aspera Faspex", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "dde8bd62-bc1a-4f34-b498-3c4c8dc2bcf5", "vulnerability": {"vulnId": "CVE-2022-26833", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "dde8bd62-bc1a-4f34-b498-3c4c8dc2bcf5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 94}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Open Automation Software / OAS Platform | Class: other-software | Severity: Critical (CVSS 9.4) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-26833", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26833"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Open Automation Software", "30d_avg": 6, "90d_avg": 2, "product": "OAS Platform", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.4, "vulnerability_severity": "Critical"}}]}
{"uuid": "fd023739-0ae8-4121-8f75-27612c7e38ea", "vulnerability": {"vulnId": "CVE-2024-3273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fd023739-0ae8-4121-8f75-27612c7e38ea", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-09T16:13:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-09T16:13:27+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L | Class: nas | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 88", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-3273", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3273"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 2, "product": "D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L", "cisa_kev": "yes", "connections": 88, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1dca8829-86dc-4818-b6d1-fd154dfe9d2f", "vulnerability": {"vulnId": "CVE-2022-31161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1dca8829-86dc-4818-b6d1-fd154dfe9d2f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-03T17:48:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-03T17:48:51+00:00"}, "scope": {"notes": "Affected: Roxy-WI / Roxy-WI | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31161", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31161"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Roxy-WI", "30d_avg": 5, "90d_avg": 2, "product": "Roxy-WI", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2da34396-de2e-4f63-8fad-dd0f81be9d63", "vulnerability": {"vulnId": "CVE-2020-3580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2da34396-de2e-4f63-8fad-dd0f81be9d63", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T17:47:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T17:47:20+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco ASA and Cisco Firepower Threat Defense | Class: firewall | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-3580", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3580"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "Cisco", "30d_avg": 1, "90d_avg": 0, "product": "Cisco ASA and Cisco Firepower Threat Defense", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "9aa05788-1442-4257-aec6-43d70482e778", "vulnerability": {"vulnId": "CVE-2025-10353", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9aa05788-1442-4257-aec6-43d70482e778", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-10T17:10:34+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T17:10:34+00:00"}, "scope": {"notes": "Affected: Melis Technology / Melis Platform | Class: other-software | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-10353", "url": "https://www.cve.org/CVERecord?id=CVE-2025-10353"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Melis Technology", "30d_avg": 7, "90d_avg": 2, "product": "Melis Platform", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "4aa86fa4-9952-4884-927e-86e8b5c2c9ed", "vulnerability": {"vulnId": "CVE-2023-49785", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4aa86fa4-9952-4884-927e-86e8b5c2c9ed", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2024-04-06T13:53:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-06T13:53:20+00:00"}, "scope": {"notes": "Affected: NextChat (ChatGPT-Next-Web) / NextChat (ChatGPT-Next-Web) | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-49785", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49785"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "NextChat (ChatGPT-Next-Web)", "30d_avg": 12, "90d_avg": 4, "product": "NextChat (ChatGPT-Next-Web)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "0b1130b7-b10a-4d31-aac7-594f67a11862", "vulnerability": {"vulnId": "CVE-2022-4059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0b1130b7-b10a-4d31-aac7-594f67a11862", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-30T15:35:33+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-04-30T15:35:33+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Cryptocurrency Widgets Pack plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4059", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4059"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 3, "product": "Wordpress Cryptocurrency Widgets Pack plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c70936bb-0751-4595-90df-c8129cd10202", "vulnerability": {"vulnId": "CVE-2022-36923", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c70936bb-0751-4595-90df-c8129cd10202", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-19T02:00:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-19T02:00:23+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine OpManager OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-36923", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36923"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Zoho", "30d_avg": 6, "90d_avg": 2, "product": "ManageEngine OpManager OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2a96155e-c460-4261-be45-a5592f4d8680", "vulnerability": {"vulnId": "CVE-2018-12031", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2a96155e-c460-4261-be45-a5592f4d8680", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T20:53:24+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T20:53:24+00:00"}, "scope": {"notes": "Affected: Eaton / Intelligent Power Manager | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 53", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-12031", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12031"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 1, "vendor": "Eaton", "30d_avg": 11, "90d_avg": 4, "product": "Intelligent Power Manager", "cisa_kev": "no", "connections": 53, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "43636851-cad0-4295-83ce-757b47491d27", "vulnerability": {"vulnId": "CVE-2021-4374", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "43636851-cad0-4295-83ce-757b47491d27", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T15:36:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-09T15:36:35+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Automatic Plugin for WordPress | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-4374", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4374"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 9, "90d_avg": 3, "product": "Wordpress Automatic Plugin for WordPress", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "14b7c488-021e-4b86-b814-0e36b050978d", "vulnerability": {"vulnId": "CVE-2022-0846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "14b7c488-021e-4b86-b814-0e36b050978d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:17:29+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:17:29+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress SpeakOut! Email Petitions plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0846", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0846"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress SpeakOut! Email Petitions plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "41a5052a-cab8-4838-86e6-ea4714e6d659", "vulnerability": {"vulnId": "CVE-2023-4169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "41a5052a-cab8-4838-86e6-ea4714e6d659", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-12-01T04:16:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-01T04:16:55+00:00"}, "scope": {"notes": "Affected: Ruijie / Ruijie RG-EW1200G | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4169", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4169"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Ruijie", "30d_avg": 6, "90d_avg": 2, "product": "Ruijie RG-EW1200G", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "6f3e2d27-608f-4d8f-8527-9338c5b4ca8f", "vulnerability": {"vulnId": "CVE-2024-39914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6f3e2d27-608f-4d8f-8527-9338c5b4ca8f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T06:27:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:27+00:00"}, "scope": {"notes": "Affected: FOG Project / FOG | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-39914", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39914"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "FOG Project", "30d_avg": 5, "90d_avg": 1, "product": "FOG", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2b5d913b-4fbc-4fdd-b94a-20ef2363f0e1", "vulnerability": {"vulnId": "CVE-2020-12124", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2b5d913b-4fbc-4fdd-b94a-20ef2363f0e1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-30T01:01:26+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-30T01:01:26+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WN530H4 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-12124", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12124"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "WAVLINK", "30d_avg": 5, "90d_avg": 1, "product": "WAVLINK WN530H4", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "af559434-18fb-48d2-84ac-430e711d7504", "vulnerability": {"vulnId": "CVE-2024-50334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "af559434-18fb-48d2-84ac-430e711d7504", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-07-17T05:16:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-17T05:16:14+00:00"}, "scope": {"notes": "Affected: Erudika / Scoold | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-50334", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50334"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Erudika", "30d_avg": 1, "90d_avg": 0, "product": "Scoold", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "aff9406e-227b-4690-ac1c-d8bb4bd97788", "vulnerability": {"vulnId": "CVE-2022-29383", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "aff9406e-227b-4690-ac1c-d8bb4bd97788", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:30+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:30+00:00"}, "scope": {"notes": "Affected: NETGEAR / NETGEAR ProSafe FVS336Gv2/FVS336Gv3 | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29383", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29383"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "NETGEAR", "30d_avg": 5, "90d_avg": 2, "product": "NETGEAR ProSafe FVS336Gv2/FVS336Gv3", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3edb5779-f969-4346-ba52-63a6a2e5763f", "vulnerability": {"vulnId": "CVE-2021-34624", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3edb5779-f969-4346-ba52-63a6a2e5763f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:59+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress ProfilePress plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-34624", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34624"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 10, "90d_avg": 3, "product": "Wordpress ProfilePress plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "31591909-27cd-463f-af88-3bb23a55ed4b", "vulnerability": {"vulnId": "CVE-2017-8961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "31591909-27cd-463f-af88-3bb23a55ed4b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-08-15T08:02:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-15T08:02:21+00:00"}, "scope": {"notes": "Affected: HPE / HPE intelligent Management Center (iMC) PLAT | Class: device-management-platform | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-8961", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8961"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "HPE", "30d_avg": 1, "90d_avg": 0, "product": "HPE intelligent Management Center (iMC) PLAT", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "1b345800-4bcc-42ea-9d5c-cbd589ef4895", "vulnerability": {"vulnId": "CVE-2020-11798", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1b345800-4bcc-42ea-9d5c-cbd589ef4895", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-12-28T18:02:56+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-28T18:02:56+00:00"}, "scope": {"notes": "Affected: Mitel / MiCollab AWV | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11798", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11798"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Mitel", "30d_avg": 0, "90d_avg": 0, "product": "MiCollab AWV", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "1aff4029-3d92-42d9-9da7-f3faf2b26f1d", "vulnerability": {"vulnId": "CVE-2020-35580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1aff4029-3d92-42d9-9da7-f3faf2b26f1d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:37+00:00"}, "scope": {"notes": "Affected: SearchBlox / SearchBlox | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-35580", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35580"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "SearchBlox", "30d_avg": 5, "90d_avg": 1, "product": "SearchBlox", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "9b639c7c-dd5d-4b4b-bbf5-843209d3fd94", "vulnerability": {"vulnId": "CVE-2025-8868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9b639c7c-dd5d-4b4b-bbf5-843209d3fd94", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-11-14T03:31:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-14T03:31:47+00:00"}, "scope": {"notes": "Affected: Progress / Chef Automate | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-8868", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8868"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Progress", "30d_avg": 5, "90d_avg": 1, "product": "Chef Automate", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "4006056d-2ef8-40ea-94a6-d463942ac1a6", "vulnerability": {"vulnId": "CVE-2024-21620", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4006056d-2ef8-40ea-94a6-d463942ac1a6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2025-08-24T05:14:38+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-24T05:14:38+00:00"}, "scope": {"notes": "Affected: Juniper / Junos OS (J-Web) | Class: router | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-21620", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21620"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Juniper", "30d_avg": 0, "90d_avg": 8, "product": "Junos OS (J-Web)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "e351b25d-ae82-4027-a550-3de5ccaa4511", "vulnerability": {"vulnId": "CVE-2020-7136", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e351b25d-ae82-4027-a550-3de5ccaa4511", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-14T00:31:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-14T00:31:47+00:00"}, "scope": {"notes": "Affected: HPE / HPE Smart Update Manager (SUM) | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-7136", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7136"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 2, "vendor": "HPE", "30d_avg": 8, "90d_avg": 3, "product": "HPE Smart Update Manager (SUM)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "becc7066-6fc2-4d70-baaa-12b84ada256a", "vulnerability": {"vulnId": "CVE-2020-10548", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "becc7066-6fc2-4d70-baaa-12b84ada256a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:16+00:00"}, "scope": {"notes": "Affected: rConfig / rConfig | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10548"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "rConfig", "30d_avg": 5, "90d_avg": 1, "product": "rConfig", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9c28a210-d33f-452d-aac4-236272016163", "vulnerability": {"vulnId": "CVE-2023-34960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9c28a210-d33f-452d-aac4-236272016163", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-14T14:57:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:51+00:00"}, "scope": {"notes": "Affected: Chamilo / Chamilo | Class: cms | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-34960", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34960"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Chamilo", "30d_avg": 5, "90d_avg": 2, "product": "Chamilo", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "3f55c840-60cb-473d-8e77-40f1f21c403e", "vulnerability": {"vulnId": "CVE-2018-16159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3f55c840-60cb-473d-8e77-40f1f21c403e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:39:17+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:39:17+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Gift Voucher plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-16159", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16159"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Gift Voucher plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b93b73f5-7edd-4b5f-98f9-57e361ec6c45", "vulnerability": {"vulnId": "CVE-2024-27199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b93b73f5-7edd-4b5f-98f9-57e361ec6c45", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2024-03-17T12:34:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-03-17T12:34:19+00:00"}, "scope": {"notes": "Affected: JetBrains / TeamCity | Class: other-software | Severity: High (CVSS 7.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27199", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27199"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "JetBrains", "30d_avg": 12, "90d_avg": 5, "product": "TeamCity", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}]}
{"uuid": "8eba4fbb-2661-4edb-a46b-6f41bdb9381d", "vulnerability": {"vulnId": "CVE-2022-48164", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8eba4fbb-2661-4edb-a46b-6f41bdb9381d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-05-12T03:53:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-12T03:53:49+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WL-WN533A8 | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-48164", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48164"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "WAVLINK", "30d_avg": 11, "90d_avg": 4, "product": "WAVLINK WL-WN533A8", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "962c8176-0b0e-494c-9d95-dbb3edfbf37d", "vulnerability": {"vulnId": "CVE-2025-59287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "962c8176-0b0e-494c-9d95-dbb3edfbf37d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-25T00:21:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-25T00:21:14+00:00"}, "scope": {"notes": "Affected: Microsoft / Windows Server Update Service | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-59287", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59287"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Microsoft", "30d_avg": 11, "90d_avg": 4, "product": "Windows Server Update Service", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "17e85ae9-4083-4980-921e-617a8d2229c2", "vulnerability": {"vulnId": "CVE-2025-34021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "17e85ae9-4083-4980-921e-617a8d2229c2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-19T09:39:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-19T09:39:53+00:00"}, "scope": {"notes": "Affected: Selea / Targa IP OCR-ANPR Camera | Class: video-system | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34021", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34021"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Selea", "30d_avg": 0, "90d_avg": 0, "product": "Targa IP OCR-ANPR Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "583d5238-11c8-411a-8bf1-c3dca27d57a9", "vulnerability": {"vulnId": "CVE-2022-45933", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "583d5238-11c8-411a-8bf1-c3dca27d57a9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:40+00:00"}, "scope": {"notes": "Affected: benc-uk / KubeView | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-45933", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45933"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "benc-uk", "30d_avg": 5, "90d_avg": 2, "product": "KubeView", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fc00a7ee-d3ec-4751-b64f-7ecb43acc5c8", "vulnerability": {"vulnId": "CVE-2018-9205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "fc00a7ee-d3ec-4751-b64f-7ecb43acc5c8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:00+00:00"}, "scope": {"notes": "Affected: Drupal / Drupal avatar_uploader | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-9205", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9205"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Drupal", "30d_avg": 5, "90d_avg": 1, "product": "Drupal avatar_uploader", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "76394fc8-11d7-4a0f-bcbf-8870c0dbc4d3", "vulnerability": {"vulnId": "CVE-2020-11854", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "76394fc8-11d7-4a0f-bcbf-8870c0dbc4d3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-23T19:02:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T19:02:47+00:00"}, "scope": {"notes": "Affected: Micro Focus / Operation Bridge Manager UCMDB | Class: database | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11854", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11854"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 1, "vendor": "Micro Focus", "30d_avg": 1, "90d_avg": 0, "product": "Operation Bridge Manager UCMDB", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a87bf8ab-b245-4911-92e6-fc138ed1b405", "vulnerability": {"vulnId": "EDB-49327", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a87bf8ab-b245-4911-92e6-fc138ed1b405", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T23:23:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T23:23:01+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Epsilon Framework Multiple Themes | Class: cms | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-49327", "url": "https://www.exploit-db.com/exploits/49327"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Epsilon Framework Multiple Themes", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "440e0e53-dd8e-4b26-8b77-ef0fa234a745", "vulnerability": {"vulnId": "CVE-2023-29357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "440e0e53-dd8e-4b26-8b77-ef0fa234a745", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T22:53:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-18T22:53:21+00:00"}, "scope": {"notes": "Affected: Microsoft / SharePoint | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-29357", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29357"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Microsoft", "30d_avg": 7, "90d_avg": 2, "product": "SharePoint", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "be2f94f3-0a41-4622-a6fc-7b90ff338589", "vulnerability": {"vulnId": "CVE-2020-9377", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "be2f94f3-0a41-4622-a6fc-7b90ff338589", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-16T03:05:09+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-16T03:05:09+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-610 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-9377", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9377"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-610", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "7aef3dd5-eaf3-4d77-9323-aff3cc452ffb", "vulnerability": {"vulnId": "CVE-2020-12641", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7aef3dd5-eaf3-4d77-9323-aff3cc452ffb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-05T02:43:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-05T02:43:14+00:00"}, "scope": {"notes": "Affected: Roundcube / Roundcube Webmail | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-12641", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12641"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 2, "vendor": "Roundcube", "30d_avg": 11, "90d_avg": 4, "product": "Roundcube Webmail", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a41966ff-c9f6-48c3-b02e-ffd0a62ac81b", "vulnerability": {"vulnId": "CVE-2021-34187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a41966ff-c9f6-48c3-b02e-ffd0a62ac81b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T21:57:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T21:57:49+00:00"}, "scope": {"notes": "Affected: Chamilo / LMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-34187", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34187"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Chamilo", "30d_avg": 1, "90d_avg": 0, "product": "LMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0325c1fe-f51e-40c5-a4a7-8f5660671471", "vulnerability": {"vulnId": "CVE-2020-28185", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0325c1fe-f51e-40c5-a4a7-8f5660671471", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-23T17:47:14+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T17:47:14+00:00"}, "scope": {"notes": "Affected: Terramaster / TOS | Class: nas | Severity: Medium (CVSS 5.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-28185", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28185"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 1, "vendor": "Terramaster", "30d_avg": 1, "90d_avg": 0, "product": "TOS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "55717daf-703c-4dc9-a30f-c72046d3d164", "vulnerability": {"vulnId": "CVE-2022-46381", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "55717daf-703c-4dc9-a30f-c72046d3d164", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T13:10:08+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T13:10:08+00:00"}, "scope": {"notes": "Affected: Linear / eMerge E3-Series | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-46381", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46381"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Linear", "30d_avg": 0, "90d_avg": 0, "product": "eMerge E3-Series", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "8c5ffa3d-e8bf-4c4f-ab1e-c5340347f84c", "vulnerability": {"vulnId": "CVE-2022-0867", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8c5ffa3d-e8bf-4c4f-ab1e-c5340347f84c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:35:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T18:35:20+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress ARPrice Lite plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0867", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0867"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 8, "90d_avg": 3, "product": "Wordpress ARPrice Lite plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6209316c-a9ca-4ed5-a952-f31420acdd4a", "vulnerability": {"vulnId": "EDB-42392", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6209316c-a9ca-4ed5-a952-f31420acdd4a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:55:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:40+00:00"}, "scope": {"notes": "Affected: GitHub / GitHub Enterprise < 2.8.7 | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-42392", "url": "https://www.exploit-db.com/exploits/42392"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "GitHub", "30d_avg": 5, "90d_avg": 1, "product": "GitHub Enterprise < 2.8.7", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "0157d64c-2af8-4311-b1ad-6cf3c1ed39f1", "vulnerability": {"vulnId": "CVE-2025-2294", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0157d64c-2af8-4311-b1ad-6cf3c1ed39f1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-06T20:39:53+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-06T20:39:53+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Kubio AI Page Builder plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-2294", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2294"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 3, "90d_avg": 1, "product": "Wordpress Kubio AI Page Builder plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9e72e8ee-eb02-4331-b4b0-03bddc718857", "vulnerability": {"vulnId": "CVE-2024-11238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9e72e8ee-eb02-4331-b4b0-03bddc718857", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-05-09T04:41:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-09T04:41:01+00:00"}, "scope": {"notes": "Affected: Landray / Landray EKP | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-11238", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11238"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Landray", "30d_avg": 0, "90d_avg": 0, "product": "Landray EKP", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "70d4c7d7-5245-46e6-a4a5-5d5b68f718a5", "vulnerability": {"vulnId": "CVE-2015-2863", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "70d4c7d7-5245-46e6-a4a5-5d5b68f718a5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-12-11T19:51:31+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-12-11T19:51:31+00:00"}, "scope": {"notes": "Affected: Kaseya / VSA | Class: device-management-platform | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2015-2863", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2863"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Kaseya", "30d_avg": 0, "90d_avg": 0, "product": "VSA", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "95c5d9d4-9774-4da1-99f4-73a49450873b", "vulnerability": {"vulnId": "CVE-2024-6220", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "95c5d9d4-9774-4da1-99f4-73a49450873b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-17T23:00:31+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-17T23:00:31+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Keydatas plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6220", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6220"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 12, "90d_avg": 4, "product": "Wordpress Keydatas plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b88d4f16-3616-45bd-9649-26cdcb41a0b3", "vulnerability": {"vulnId": "CVE-2018-14918", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b88d4f16-3616-45bd-9649-26cdcb41a0b3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:38:47+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:38:47+00:00"}, "scope": {"notes": "Affected: LOYTEC / LOYTEC LGATE-902 | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-14918", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14918"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "LOYTEC", "30d_avg": 9, "90d_avg": 3, "product": "LOYTEC LGATE-902", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "6b35ac33-997f-4511-8c94-8f623f1176de", "vulnerability": {"vulnId": "CVE-2022-2314", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6b35ac33-997f-4511-8c94-8f623f1176de", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:40+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress VR Calendar plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-2314", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2314"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 4, "product": "Wordpress VR Calendar plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1a7c34a9-09bc-4e11-9000-338c8b1b44ad", "vulnerability": {"vulnId": "CVE-2020-1943", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1a7c34a9-09bc-4e11-9000-338c8b1b44ad", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T17:42:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T17:42:25+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-1943", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1943"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "OFBiz", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "d3481107-27e3-4608-9a49-34b8d383f527", "vulnerability": {"vulnId": "CVE-2023-36144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d3481107-27e3-4608-9a49-34b8d383f527", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-05-09T04:42:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-05-09T04:42:36+00:00"}, "scope": {"notes": "Affected: Intelbras / Intelbras Switch SG 2404 MR | Class: router | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-36144", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36144"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Intelbras", "30d_avg": 6, "90d_avg": 2, "product": "Intelbras Switch SG 2404 MR", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b956ab9e-fcc8-4d58-96f6-468c73d89ec0", "vulnerability": {"vulnId": "CVE-2024-28734", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b956ab9e-fcc8-4d58-96f6-468c73d89ec0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-04-27T04:54:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-27T04:54:55+00:00"}, "scope": {"notes": "Affected: Unit4 / Unit4 Financials by Coda | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-28734", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28734"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Unit4", "30d_avg": 0, "90d_avg": 0, "product": "Unit4 Financials by Coda", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "3d00256d-9578-44b5-9aa7-d764a5835577", "vulnerability": {"vulnId": "CVE-2018-17173", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3d00256d-9578-44b5-9aa7-d764a5835577", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-15T09:26:21+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-11-15T09:26:21+00:00"}, "scope": {"notes": "Affected: LG / SuperSign CMS | Class: cms | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-17173", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17173"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "LG", "30d_avg": 5, "90d_avg": 2, "product": "SuperSign CMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "98d5ec8f-ae09-4acb-8b7e-35983b2dde58", "vulnerability": {"vulnId": "CVE-2021-24762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "98d5ec8f-ae09-4acb-8b7e-35983b2dde58", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-27T04:52:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-27T04:52:59+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Perfect Survey plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24762", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24762"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Perfect Survey plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2b473972-033a-491e-b42d-d8c8dc653c70", "vulnerability": {"vulnId": "CVE-2025-9316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2b473972-033a-491e-b42d-d8c8dc653c70", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 69}, "timestamps": {"asserted_at": "2026-01-18T04:40:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-18T04:40:32+00:00"}, "scope": {"notes": "Affected: N-able / N-able N-central | Class: network-monitoring | Severity: Medium (CVSS 6.9) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-9316", "url": "https://www.cve.org/CVERecord?id=CVE-2025-9316"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 1, "vendor": "N-able", "30d_avg": 11, "90d_avg": 4, "product": "N-able N-central", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.9, "vulnerability_severity": "Medium"}}]}
{"uuid": "d42ce51f-51b4-4fe1-8e41-a304606d4494", "vulnerability": {"vulnId": "CVE-2023-31478", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d42ce51f-51b4-4fe1-8e41-a304606d4494", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-03-31T18:23:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-03-31T18:23:23+00:00"}, "scope": {"notes": "Affected: GL.iNet / GL.iNet devices | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-31478", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31478"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "GL.iNet", "30d_avg": 6, "90d_avg": 2, "product": "GL.iNet devices", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "cac5768e-5754-4c3e-ba39-970e9eccd65f", "vulnerability": {"vulnId": "CVE-2023-25135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cac5768e-5754-4c3e-ba39-970e9eccd65f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:44+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:44+00:00"}, "scope": {"notes": "Affected: vBulletin / vBulletin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-25135", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25135"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "vBulletin", "30d_avg": 5, "90d_avg": 2, "product": "vBulletin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "06326550-e743-4e43-8b52-6753d0043d21", "vulnerability": {"vulnId": "CVE-2025-55190", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "06326550-e743-4e43-8b52-6753d0043d21", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 99}, "timestamps": {"asserted_at": "2025-11-18T11:51:02+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-18T11:51:02+00:00"}, "scope": {"notes": "Affected: Argo Project / Argo CD | Class: other-software | Severity: Critical (CVSS 9.9) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-55190", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55190"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Argo Project", "30d_avg": 0, "90d_avg": 0, "product": "Argo CD", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.9, "vulnerability_severity": "Critical"}}]}
{"uuid": "f532920e-244a-4a1a-917e-c2ed3238b4d2", "vulnerability": {"vulnId": "CVE-2022-35413", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f532920e-244a-4a1a-917e-c2ed3238b4d2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:36+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:36+00:00"}, "scope": {"notes": "Affected: Penta Security / WAPPLES | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-35413", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35413"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 1, "vendor": "Penta Security", "30d_avg": 5, "90d_avg": 2, "product": "WAPPLES", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8a26b9bc-1e92-4ff1-8606-9094afe270fe", "vulnerability": {"vulnId": "CVE-2023-39796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "8a26b9bc-1e92-4ff1-8606-9094afe270fe", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-19T18:15:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-06-19T18:15:25+00:00"}, "scope": {"notes": "Affected: WBCE / WBCE CMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-39796", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39796"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "WBCE", "30d_avg": 6, "90d_avg": 2, "product": "WBCE CMS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "7d92c41e-74fd-46ab-a4e9-5317099ae786", "vulnerability": {"vulnId": "CVE-2023-4450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7d92c41e-74fd-46ab-a4e9-5317099ae786", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-06T02:35:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-08-06T02:35:03+00:00"}, "scope": {"notes": "Affected: JEECG / jeecg-boot | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4450", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4450"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "JEECG", "30d_avg": 5, "90d_avg": 2, "product": "jeecg-boot", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "372161fd-62db-46ed-bbcd-2c4148d95545", "vulnerability": {"vulnId": "CVE-2024-54763", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "372161fd-62db-46ed-bbcd-2c4148d95545", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-06-28T23:24:49+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-28T23:24:49+00:00"}, "scope": {"notes": "Affected: ipTIME / ipTIME A2004 | Class: router | Severity: Medium (CVSS 6.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-54763", "url": "https://www.cve.org/CVERecord?id=CVE-2024-54763"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "ipTIME", "30d_avg": 0, "90d_avg": 0, "product": "ipTIME A2004", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "0ed2dfac-c23c-4eef-a967-d0a6ff0bc4d2", "vulnerability": {"vulnId": "CVE-2022-41840", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "0ed2dfac-c23c-4eef-a967-d0a6ff0bc4d2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:39+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Welcart eCommerce plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-41840", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41840"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress Welcart eCommerce plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "896afb69-1311-4dc6-94ff-662bf38c0db1", "vulnerability": {"vulnId": "CVE-2021-46417", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "896afb69-1311-4dc6-94ff-662bf38c0db1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:20+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:20+00:00"}, "scope": {"notes": "Affected: Franklin Fueling Systems / Colibri Controller Module | Class: other-software | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-46417", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46417"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Franklin Fueling Systems", "30d_avg": 5, "90d_avg": 1, "product": "Colibri Controller Module", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "a725ce11-8acf-4317-b506-dea54f78c4ee", "vulnerability": {"vulnId": "CVE-2009-0545", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a725ce11-8acf-4317-b506-dea54f78c4ee", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T13:53:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T13:53:04+00:00"}, "scope": {"notes": "Affected: Zeroshell / Zeroshell Linux Router | Class: embedded-system | Severity: High (CVSS 10) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2009-0545", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0545"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 18, "vendor": "Zeroshell", "30d_avg": 9, "90d_avg": 3, "product": "Zeroshell Linux Router", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "High"}}]}
{"uuid": "3f1ac450-7329-4d2d-b65b-668f54a5655d", "vulnerability": {"vulnId": "CVE-2022-0656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3f1ac450-7329-4d2d-b65b-668f54a5655d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:19+00:00"}, "scope": {"notes": "Affected: Wordpress / Web To Print Shop : uDraw plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0656", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0656"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Web To Print Shop : uDraw plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "688903e4-a85a-44eb-9c19-1fe3b4f9088b", "vulnerability": {"vulnId": "CVE-2021-24212", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "688903e4-a85a-44eb-9c19-1fe3b4f9088b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-18T08:18:59+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-18T08:18:59+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress WooCommerce Help Scout WordPress plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24212", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24212"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "Wordpress", "30d_avg": 11, "90d_avg": 4, "product": "Wordpress WooCommerce Help Scout WordPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f58a62a7-fd34-44a3-99be-5ac65dca55b9", "vulnerability": {"vulnId": "CVE-2021-39316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f58a62a7-fd34-44a3-99be-5ac65dca55b9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:13+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:13+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Zoomsounds plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-39316", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39316"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress Zoomsounds plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c35f66e3-2337-454f-9e04-a4e91be4ef43", "vulnerability": {"vulnId": "CVE-2022-21500", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c35f66e3-2337-454f-9e04-a4e91be4ef43", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-15T08:28:25+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-15T08:28:25+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle E-Business Suite | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-21500", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21500"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 11, "90d_avg": 3, "product": "Oracle E-Business Suite", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c15cf69f-fca3-452c-abfc-1fcd1098c2b0", "vulnerability": {"vulnId": "CVE-2020-12720", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c15cf69f-fca3-452c-abfc-1fcd1098c2b0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:19+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:19+00:00"}, "scope": {"notes": "Affected: vBulletin / vBulletin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-12720", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12720"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 2, "vendor": "vBulletin", "30d_avg": 5, "90d_avg": 2, "product": "vBulletin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6f426504-481c-43c6-a156-bf80dd57c746", "vulnerability": {"vulnId": "CVE-2025-67303", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6f426504-481c-43c6-a156-bf80dd57c746", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-16T15:51:35+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-05-16T15:51:35+00:00"}, "scope": {"notes": "Affected: Comfy Org / ComfyUI-Manager | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-67303", "url": "https://www.cve.org/CVERecord?id=CVE-2025-67303"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Comfy Org", "30d_avg": 11, "90d_avg": 3, "product": "ComfyUI-Manager", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b8503cbd-e8bd-46ac-a897-8c184ff98f03", "vulnerability": {"vulnId": "CVE-2023-47248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b8503cbd-e8bd-46ac-a897-8c184ff98f03", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-16T08:23:43+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-03-16T08:23:43+00:00"}, "scope": {"notes": "Affected: Apache / Arrow | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-47248", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "Arrow", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d8f43809-a48a-4fe7-a682-09f33b0c5123", "vulnerability": {"vulnId": "CVE-2024-27348", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d8f43809-a48a-4fe7-a682-09f33b0c5123", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-07-15T11:45:32+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-07-15T11:45:32+00:00"}, "scope": {"notes": "Affected: Apache / HugeGraph | Class: database | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27348", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27348"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 0, "vendor": "Apache", "30d_avg": 5, "90d_avg": 2, "product": "HugeGraph", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "df6b57b4-75f9-4ebc-bedb-c70afd08cef8", "vulnerability": {"vulnId": "CVE-2019-18393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "df6b57b4-75f9-4ebc-bedb-c70afd08cef8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2024-04-08T00:30:03+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-08T00:30:03+00:00"}, "scope": {"notes": "Affected: Ignite Realtime / Openfire | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-18393", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18393"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Ignite Realtime", "30d_avg": 0, "90d_avg": 0, "product": "Openfire", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "b30a874b-1fb0-40f3-888a-27f1ae3bb022", "vulnerability": {"vulnId": "CVE-2025-34022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b30a874b-1fb0-40f3-888a-27f1ae3bb022", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-29T17:29:16+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-29T17:29:16+00:00"}, "scope": {"notes": "Affected: Selea / Selea Targa IP OCR-ANPR Camera | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34022", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34022"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Selea", "30d_avg": 0, "90d_avg": 0, "product": "Selea Targa IP OCR-ANPR Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "476dc2fe-1f15-4139-975a-5f9f8d2f8d42", "vulnerability": {"vulnId": "CVE-2024-9014", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "476dc2fe-1f15-4139-975a-5f9f8d2f8d42", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 99}, "timestamps": {"asserted_at": "2024-10-07T03:07:22+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-10-07T03:07:22+00:00"}, "scope": {"notes": "Affected: pgAdmin / pgAdmin 4 | Class: database | Severity: Critical (CVSS 9.9) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9014", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9014"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 1, "vendor": "pgAdmin", "30d_avg": 5, "90d_avg": 2, "product": "pgAdmin 4", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.9, "vulnerability_severity": "Critical"}}]}
{"uuid": "4c95d722-276e-4ce1-a51d-02d88868e97e", "vulnerability": {"vulnId": "CVE-2024-44849", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "4c95d722-276e-4ce1-a51d-02d88868e97e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-08T08:16:07+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-10-08T08:16:07+00:00"}, "scope": {"notes": "Affected: Qualitor / Qualitor ITSM | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-44849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-44849"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Qualitor", "30d_avg": 10, "90d_avg": 3, "product": "Qualitor ITSM", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6bfca658-35a1-454d-8963-07a22de64b76", "vulnerability": {"vulnId": "CVE-2023-4220", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6bfca658-35a1-454d-8963-07a22de64b76", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2024-12-05T06:27:23+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:23+00:00"}, "scope": {"notes": "Affected: Chamilo / Chamilo | Class: cms | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4220", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4220"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Chamilo", "30d_avg": 1, "90d_avg": 0, "product": "Chamilo", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "acbb9aab-7ada-4dc0-b17b-9d5dd3ce96b4", "vulnerability": {"vulnId": "CVE-2023-34105", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "acbb9aab-7ada-4dc0-b17b-9d5dd3ce96b4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-08-17T21:36:57+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-08-17T21:36:57+00:00"}, "scope": {"notes": "Affected: Open Source SRS Community / SNS | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-34105", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34105"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Open Source SRS Community", "30d_avg": 5, "90d_avg": 2, "product": "SNS", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "3befc4d0-76ea-4602-9236-29e35e45c11a", "vulnerability": {"vulnId": "CVE-2023-42344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3befc4d0-76ea-4602-9236-29e35e45c11a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-04-02T17:28:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-04-02T17:28:55+00:00"}, "scope": {"notes": "Affected: Alkacon / OpenCms | Class: cms | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-42344", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42344"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 19, "vendor": "Alkacon", "30d_avg": 9, "90d_avg": 3, "product": "OpenCms", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "2d152ca8-9169-4ee9-bfe8-e27400f3a41a", "vulnerability": {"vulnId": "CVE-2022-3801", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2d152ca8-9169-4ee9-bfe8-e27400f3a41a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:57:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:37+00:00"}, "scope": {"notes": "Affected: IBAX / go-ibax | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-3801", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3801"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "IBAX", "30d_avg": 5, "90d_avg": 2, "product": "go-ibax", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "9d74cd15-4734-4f80-867d-f1cd059925ce", "vulnerability": {"vulnId": "CVE-2024-54764", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9d74cd15-4734-4f80-867d-f1cd059925ce", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-06-28T23:22:58+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-06-28T23:22:58+00:00"}, "scope": {"notes": "Affected: ipTIME / ipTIME A2004 | Class: router | Severity: Medium (CVSS 6.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-54764", "url": "https://www.cve.org/CVERecord?id=CVE-2024-54764"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "ipTIME", "30d_avg": 0, "90d_avg": 0, "product": "ipTIME A2004", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "e45da854-8e24-4d00-a5f0-5b9f6a991ef3", "vulnerability": {"vulnId": "CVE-2024-42640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "e45da854-8e24-4d00-a5f0-5b9f6a991ef3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T06:27:27+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-12-05T06:27:27+00:00"}, "scope": {"notes": "Affected: Adones Pitogo / angular-base64-upload | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-42640", "url": "https://www.cve.org/CVERecord?id=CVE-2024-42640"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Adones Pitogo", "30d_avg": 8, "90d_avg": 3, "product": "angular-base64-upload", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "da5da84c-79e8-45d5-9a9f-92afe3352c8b", "vulnerability": {"vulnId": "CVE-2025-34048", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "da5da84c-79e8-45d5-9a9f-92afe3352c8b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-29T17:09:04+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-29T17:09:04+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DSL-2730U/2750U/2750E | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34048", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34048"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 5, "90d_avg": 1, "product": "D-Link DSL-2730U/2750U/2750E", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "d099c107-08c7-4885-8c59-08cf8ca2274c", "vulnerability": {"vulnId": "CVE-2024-1561", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d099c107-08c7-4885-8c59-08cf8ca2274c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-09-18T08:57:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-18T08:57:55+00:00"}, "scope": {"notes": "Affected: Gradio / Gradio | Class: ai-system | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-1561", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1561"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 18, "vendor": "Gradio", "30d_avg": 11, "90d_avg": 4, "product": "Gradio", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d8bbbd24-adda-4857-afec-d2d4e87a1753", "vulnerability": {"vulnId": "CVE-2025-27505", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d8bbbd24-adda-4857-afec-d2d4e87a1753", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-10-27T10:39:28+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-10-27T10:39:28+00:00"}, "scope": {"notes": "Affected: Geoserver / Geoserver | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-27505", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27505"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Geoserver", "30d_avg": 1, "90d_avg": 1, "product": "Geoserver", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "7d3543ed-fc81-4841-945d-8d05f935e746", "vulnerability": {"vulnId": "CVE-2020-24949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "7d3543ed-fc81-4841-945d-8d05f935e746", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-11-10T11:02:51+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-10T11:02:51+00:00"}, "scope": {"notes": "Affected: PHP-Fusion / PHP-Fusion | Class: web-app-framework | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-24949", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24949"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "PHP-Fusion", "30d_avg": 5, "90d_avg": 2, "product": "PHP-Fusion", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "cc289b13-a981-4516-8d45-2a46c84244e9", "vulnerability": {"vulnId": "CVE-2021-24915", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "cc289b13-a981-4516-8d45-2a46c84244e9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:37:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-03-10T16:37:37+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Contest Gallery plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24915", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24915"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Contest Gallery plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "95bcc69c-1932-4ca6-9448-8d5697451f1a", "vulnerability": {"vulnId": "CVE-2025-0674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "95bcc69c-1932-4ca6-9448-8d5697451f1a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2025-07-18T23:57:40+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-07-18T23:57:40+00:00"}, "scope": {"notes": "Affected: Elber / Elber (multiple products) | Class: other-software | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-0674", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0674"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Elber", "30d_avg": 5, "90d_avg": 1, "product": "Elber (multiple products)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "1b98c806-87d3-43f6-aad3-07f97d2b0333", "vulnerability": {"vulnId": "CVE-2022-29078", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1b98c806-87d3-43f6-aad3-07f97d2b0333", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-18T00:55:37+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-09-18T00:55:37+00:00"}, "scope": {"notes": "Affected: Node.js / Node.js (ejs) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29078", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Node.js", "30d_avg": 5, "90d_avg": 2, "product": "Node.js (ejs)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "884b9fe4-5e66-4b52-9546-eae4b1b6ff09", "vulnerability": {"vulnId": "CVE-2023-7304", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "884b9fe4-5e66-4b52-9546-eae4b1b6ff09", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2025-11-14T16:59:50+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2025-11-14T16:59:50+00:00"}, "scope": {"notes": "Affected: Ruijie Networks / Ruijie RG-UAC Application Management Gateway | Class: security-management-platform | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-7304", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7304"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Ruijie Networks", "30d_avg": 0, "90d_avg": 0, "product": "Ruijie RG-UAC Application Management Gateway", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "a1971c00-8aa7-400f-81b9-43a91abff42f", "vulnerability": {"vulnId": "CVE-2023-50968", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a1971c00-8aa7-400f-81b9-43a91abff42f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-01-16T03:05:00+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2024-01-16T03:05:00+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-50968", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50968"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Apache", "30d_avg": 10, "90d_avg": 3, "product": "OFBiz", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "d20e3ab9-15d7-4865-80e1-892a5de1b7d2", "vulnerability": {"vulnId": "CVE-2018-11714", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "d20e3ab9-15d7-4865-80e1-892a5de1b7d2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-25T10:56:01+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2026-01-25T10:56:01+00:00"}, "scope": {"notes": "Affected: TP-Link / TP-Link TL-WR840N v5, TL-WR841N v13 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-11714", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11714"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "TP-Link", "30d_avg": 5, "90d_avg": 2, "product": "TP-Link TL-WR840N v5, TL-WR841N v13", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "043469c3-221d-489f-88c1-08c9df95ca79", "vulnerability": {"vulnId": "CVE-2022-22242", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "043469c3-221d-489f-88c1-08c9df95ca79", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-10-23T18:26:55+00:00", "recorded_at": "2026-07-02T01:00:01+00:00", "last_seen_at": "2026-06-30T00:00:00+00:00", "first_seen_at": "2023-10-23T18:26:55+00:00"}, "scope": {"notes": "Affected: Juniper / Junos OS (J-Web) | Class: router | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22242", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Juniper", "30d_avg": 0, "90d_avg": 15, "product": "Junos OS (J-Web)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-30", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "5c265b12-5dff-4259-b5e3-e0e41e2cec23", "vulnerability": {"vulnId": "CVE-2026-36356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T06:44:37+00:00"}, "gcve": {"object_uuid": "5c265b12-5dff-4259-b5e3-e0e41e2cec23", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2026-06-21T06:44:37+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T06:44:37+00:00", "first_seen_at": "2026-06-21T06:44:37+00:00"}, "scope": {"notes": "Affected: MeiG / MeiG Smart FORGE_SLT711 | Class: router | Severity: Critical (CVSS 9.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-21: 377", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-36356", "url": "https://www.cve.org/CVERecord?id=CVE-2026-36356"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "MeiG", "30d_avg": 0, "90d_avg": 0, "product": "MeiG Smart FORGE_SLT711", "cisa_kev": "no", "connections": 377, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "cca32a6d-e91f-4c6f-bb81-3f7a8044b420", "vulnerability": {"vulnId": "CVE-2025-34027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "cca32a6d-e91f-4c6f-bb81-3f7a8044b420", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-07-21T20:43:09+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-07-21T20:43:09+00:00"}, "scope": {"notes": "Affected: Versa / Versa Concerto | Class: device-management-platform | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34027", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34027"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "Versa", "30d_avg": 4, "90d_avg": 1, "product": "Versa Concerto", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "756e1cf7-5456-4892-beb2-6f95a56619a9", "vulnerability": {"vulnId": "CVE-2024-13161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "756e1cf7-5456-4892-beb2-6f95a56619a9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-11T22:37:23+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-03-11T22:37:23+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti EPM | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 115", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-13161", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13161"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "Ivanti", "30d_avg": 7, "90d_avg": 2, "product": "Ivanti EPM", "cisa_kev": "yes", "connections": 115, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6793657f-7709-480e-b1a6-5bf5ecf54d5f", "vulnerability": {"vulnId": "CVE-2024-0235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "6793657f-7709-480e-b1a6-5bf5ecf54d5f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-08-23T23:04:55+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-08-23T23:04:55+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress EventON plugin | Class: cms | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0235"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress EventON plugin", "cisa_kev": "no", "connections": 9, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "31687d0b-c22e-427a-9683-fd3584dabfe4", "vulnerability": {"vulnId": "CVE-2025-5086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "31687d0b-c22e-427a-9683-fd3584dabfe4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 90}, "timestamps": {"asserted_at": "2025-07-31T15:09:20+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-07-31T15:09:20+00:00"}, "scope": {"notes": "Affected: Dassualt Systems / DELMIA Apriso | Class: other-software | Severity: Critical (CVSS 9) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-5086", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5086"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 10, "vendor": "Dassualt Systems", "30d_avg": 5, "90d_avg": 1, "product": "DELMIA Apriso", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9, "vulnerability_severity": "Critical"}}]}
{"uuid": "a9a509a0-d6bc-4da6-a63d-039f6d4b964a", "vulnerability": {"vulnId": "CVE-2024-13159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "a9a509a0-d6bc-4da6-a63d-039f6d4b964a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-11T22:37:23+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-03-11T22:37:23+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti EPM | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 137", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-13159", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13159"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "Ivanti", "30d_avg": 7, "90d_avg": 3, "product": "Ivanti EPM", "cisa_kev": "yes", "connections": 137, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "cef9bee7-c292-4ea7-9ecd-a504d26a92ec", "vulnerability": {"vulnId": "CVE-2025-52488", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "cef9bee7-c292-4ea7-9ecd-a504d26a92ec", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2025-07-31T15:09:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-07-31T15:09:53+00:00"}, "scope": {"notes": "Affected: DNN Corp / DNN (DotNetNuke) | Class: cms | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-52488", "url": "https://www.cve.org/CVERecord?id=CVE-2025-52488"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 7, "vendor": "DNN Corp", "30d_avg": 4, "90d_avg": 1, "product": "DNN (DotNetNuke)", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "789763df-829b-4847-a8d6-37b9d0961ea0", "vulnerability": {"vulnId": "CVE-2020-16139", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "789763df-829b-4847-a8d6-37b9d0961ea0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-06-08T23:54:29+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-06-08T23:54:29+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco Unified IP Conference Station 7937G | Class: voip | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-16139", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16139"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "voip", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco Unified IP Conference Station 7937G", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "b116a162-f25f-4c99-866b-cc65d0aa4dd2", "vulnerability": {"vulnId": "CVE-2024-0692", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "b116a162-f25f-4c99-866b-cc65d0aa4dd2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-08-23T23:07:01+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-08-23T23:07:01+00:00"}, "scope": {"notes": "Affected: SolarWinds / SolarWinds Security Event Manager | Class: security-management-platform | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0692", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0692"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "SolarWinds", "30d_avg": 6, "90d_avg": 2, "product": "SolarWinds Security Event Manager", "cisa_kev": "no", "connections": 7, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "1a8764b4-275a-4298-bf84-ba3b253d6e71", "vulnerability": {"vulnId": "CVE-2024-9707", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "1a8764b4-275a-4298-bf84-ba3b253d6e71", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-12T14:27:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-11-12T14:27:42+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Hunk Companion plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9707", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9707"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Hunk Companion plugin", "cisa_kev": "no", "connections": 10, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e1cf2e6b-94bc-4591-9973-1c1cde9ec1bc", "vulnerability": {"vulnId": "CVE-2025-27222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "e1cf2e6b-94bc-4591-9973-1c1cde9ec1bc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 86}, "timestamps": {"asserted_at": "2026-03-07T03:41:05+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-07T03:41:05+00:00"}, "scope": {"notes": "Affected: Rocket Software / Rocket TRUfusion Enterprise | Class: other-software | Severity: High (CVSS 8.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-27222", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27222"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 10, "vendor": "Rocket Software", "30d_avg": 5, "90d_avg": 1, "product": "Rocket TRUfusion Enterprise", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 8.6, "vulnerability_severity": "High"}}]}
{"uuid": "72fae5d3-e347-4119-b289-010beef59997", "vulnerability": {"vulnId": "CVE-2024-13160", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "72fae5d3-e347-4119-b289-010beef59997", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-11T05:59:26+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-03-11T05:59:26+00:00"}, "scope": {"notes": "Affected: Ivanti / Ivanti EPM | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 117", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-13160", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13160"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 8, "vendor": "Ivanti", "30d_avg": 7, "90d_avg": 3, "product": "Ivanti EPM", "cisa_kev": "yes", "connections": 117, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "64b8a151-53f8-462b-9c2b-c611bde8752a", "vulnerability": {"vulnId": "CVE-2018-25124", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "64b8a151-53f8-462b-9c2b-c611bde8752a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T08:41:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-01-21T08:41:42+00:00"}, "scope": {"notes": "Affected: RainbowFish Software / PacsOne Server | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-25124", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25124"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "RainbowFish Software", "30d_avg": 0, "90d_avg": 0, "product": "PacsOne Server", "cisa_kev": "no", "connections": 11, "observation_date": "2026-06-21", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "3aea3ab3-c7de-4bee-9621-3f7cad50039f", "vulnerability": {"vulnId": "CVE-2025-26793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3aea3ab3-c7de-4bee-9621-3f7cad50039f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-06-08T20:31:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-06-08T20:31:42+00:00"}, "scope": {"notes": "Affected: Hirsch / Hirsch Enterphone MESH | Class: other-software | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-21: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-26793", "url": "https://www.cve.org/CVERecord?id=CVE-2025-26793"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 10, "vendor": "Hirsch", "30d_avg": 4, "90d_avg": 1, "product": "Hirsch Enterphone MESH", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "ca3bcf9f-5372-434d-907e-0329b78f8797", "vulnerability": {"vulnId": "CVE-2023-6875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "ca3bcf9f-5372-434d-907e-0329b78f8797", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-18T17:48:11+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-01-18T17:48:11+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress POST SMTP Mailer plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6875", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6875"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 7, "90d_avg": 2, "product": "Wordpress POST SMTP Mailer plugin", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2ae4f942-b1cb-46d1-b522-f9427342d6a7", "vulnerability": {"vulnId": "CVE-2025-4322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "2ae4f942-b1cb-46d1-b522-f9427342d6a7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-29T01:13:46+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-29T01:13:46+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Motors theme | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-4322", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4322"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 6, "vendor": "Wordpress", "30d_avg": 3, "90d_avg": 1, "product": "Wordpress Motors theme", "cisa_kev": "no", "connections": 6, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "30141bf0-a9f1-4f6f-b9eb-28cc01d149b5", "vulnerability": {"vulnId": "CVE-2025-2775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "30141bf0-a9f1-4f6f-b9eb-28cc01d149b5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2025-05-19T13:18:13+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-05-19T13:18:13+00:00"}, "scope": {"notes": "Affected: SysAid / SysAid On-Premise | Class: device-management-platform | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-2775", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2775"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 7, "vendor": "SysAid", "30d_avg": 4, "90d_avg": 1, "product": "SysAid On-Premise", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "326cc699-021e-4c24-9940-132cfb96140d", "vulnerability": {"vulnId": "CVE-2019-5434", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "326cc699-021e-4c24-9940-132cfb96140d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T11:38:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-09T11:38:53+00:00"}, "scope": {"notes": "Affected: Revive / Revive Adserver | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-5434", "url": "https://www.cve.org/CVERecord?id=CVE-2019-5434"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Revive", "30d_avg": 5, "90d_avg": 2, "product": "Revive Adserver", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e3e8d02a-1f41-4817-ae18-2a04a0f5f7c7", "vulnerability": {"vulnId": "CVE-2025-34038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "e3e8d02a-1f41-4817-ae18-2a04a0f5f7c7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-08T10:50:48+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-01-08T10:50:48+00:00"}, "scope": {"notes": "Affected: Shanghai Fanwei Network Technology / Panwei e-cology | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 41", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34038", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34038"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Shanghai Fanwei Network Technology", "30d_avg": 1, "90d_avg": 1, "product": "Panwei e-cology", "cisa_kev": "no", "connections": 41, "observation_date": "2026-06-21", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "e78e6779-0d8c-4a3f-8b86-72e4003559f9", "vulnerability": {"vulnId": "CVE-2021-24943", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "e78e6779-0d8c-4a3f-8b86-72e4003559f9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:37:39+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-10T16:37:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Registrations for the Events Calendar plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-24943", "url": "https://www.cve.org/CVERecord?id=CVE-2021-24943"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Registrations for the Events Calendar plugin", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "09156ad4-65f6-4f9a-97c6-11ba38e20399", "vulnerability": {"vulnId": "CVE-2025-3415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "09156ad4-65f6-4f9a-97c6-11ba38e20399", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 43}, "timestamps": {"asserted_at": "2025-08-07T09:08:13+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-08-07T09:08:13+00:00"}, "scope": {"notes": "Affected: Grafana / Grafana | Class: data-visualization | Severity: Medium (CVSS 4.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-3415", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3415"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "data-visualization", "7d_avg": 1, "vendor": "Grafana", "30d_avg": 0, "90d_avg": 0, "product": "Grafana", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 4.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "525cfe08-a745-4ec2-9c16-5b76c7dc0f41", "vulnerability": {"vulnId": "CVE-2025-29635", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "525cfe08-a745-4ec2-9c16-5b76c7dc0f41", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2026-04-27T01:02:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-04-27T01:02:53+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-823X | Class: router | Severity: High (CVSS 7.2) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-06-21: 320", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-29635", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29635"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-823X", "cisa_kev": "yes", "connections": 320, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "fc14a715-965a-4843-a31f-641f077536ce", "vulnerability": {"vulnId": "CVE-2025-2776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "fc14a715-965a-4843-a31f-641f077536ce", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2025-05-14T16:37:25+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-05-14T16:37:25+00:00"}, "scope": {"notes": "Affected: SysAid / SysAid On-Premise | Class: device-management-platform | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-2776", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2776"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "SysAid", "30d_avg": 4, "90d_avg": 1, "product": "SysAid On-Premise", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "e87f56a4-e868-4f2f-9e00-29a814135a2c", "vulnerability": {"vulnId": "CVE-2025-34028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "e87f56a4-e868-4f2f-9e00-29a814135a2c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-04-30T07:57:57+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-04-30T07:57:57+00:00"}, "scope": {"notes": "Affected: Commvault / Commvault Command Center | Class: backup | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34028", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34028"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "backup", "7d_avg": 8, "vendor": "Commvault", "30d_avg": 3, "90d_avg": 1, "product": "Commvault Command Center", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "e17a90f6-e845-458e-833c-49f0f91df08a", "vulnerability": {"vulnId": "CVE-2021-20092", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "e17a90f6-e845-458e-833c-49f0f91df08a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-02-25T23:16:03+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-02-25T23:16:03+00:00"}, "scope": {"notes": "Affected: Buffalo / Buffalo SR-2533DHPL2 and WSR-2533DHP3 | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-21: 20", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20092", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20092"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Buffalo", "30d_avg": 0, "90d_avg": 0, "product": "Buffalo SR-2533DHPL2 and WSR-2533DHP3", "cisa_kev": "no", "connections": 20, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c94dc98e-9e17-4473-8a9c-a6b1660c7e25", "vulnerability": {"vulnId": "CVE-2025-4427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "c94dc98e-9e17-4473-8a9c-a6b1660c7e25", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2025-05-15T18:14:12+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-05-15T18:14:12+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-4427", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4427"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 1, "vendor": "Ivanti", "30d_avg": 5, "90d_avg": 3, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "0eef7698-3495-4265-92a5-bd177e4c8431", "vulnerability": {"vulnId": "CVE-2021-36888", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "0eef7698-3495-4265-92a5-bd177e4c8431", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-09T15:34:16+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-09T15:34:16+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Image Hover Effects Ultimate plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 22", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-36888", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36888"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Image Hover Effects Ultimate plugin", "cisa_kev": "no", "connections": 22, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ea43ec5c-a238-4020-859f-089feae97239", "vulnerability": {"vulnId": "CVE-2025-2777", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "ea43ec5c-a238-4020-859f-089feae97239", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2025-05-14T16:37:25+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-05-14T16:37:25+00:00"}, "scope": {"notes": "Affected: SysAid / SysAid On-Premise | Class: device-management-platform | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-2777", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2777"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "SysAid", "30d_avg": 5, "90d_avg": 1, "product": "SysAid On-Premise", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "95ced235-39e9-4910-b4c3-af94b40b352d", "vulnerability": {"vulnId": "CVE-2025-27112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "95ced235-39e9-4910-b4c3-af94b40b352d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2025-06-24T04:31:29+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-06-24T04:31:29+00:00"}, "scope": {"notes": "Affected: Navidrome / Navidrome | Class: other-software | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-27112", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27112"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Navidrome", "30d_avg": 0, "90d_avg": 0, "product": "Navidrome", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "53be6e84-96fc-4aaf-93e7-08c36497b433", "vulnerability": {"vulnId": "CVE-2023-7335", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "53be6e84-96fc-4aaf-93e7-08c36497b433", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 87}, "timestamps": {"asserted_at": "2026-01-23T21:27:44+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-01-23T21:27:44+00:00"}, "scope": {"notes": "Affected: Hangzhou Kuozhi Network Technology / EduSoho | Class: other-software | Severity: High (CVSS 8.7) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 37", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-7335", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7335"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 3, "vendor": "Hangzhou Kuozhi Network Technology", "30d_avg": 1, "90d_avg": 1, "product": "EduSoho", "cisa_kev": "no", "connections": 37, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 8.7, "vulnerability_severity": "High"}}]}
{"uuid": "3b374da2-4ab5-418a-b110-0a85c30194c7", "vulnerability": {"vulnId": "CVE-2025-3248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3b374da2-4ab5-418a-b110-0a85c30194c7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-05-06T00:26:41+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-05-06T00:26:41+00:00"}, "scope": {"notes": "Affected: Langflow / Langflow | Class: ai-system | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 156", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-3248", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3248"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 10, "vendor": "Langflow", "30d_avg": 5, "90d_avg": 2, "product": "Langflow", "cisa_kev": "yes", "connections": 156, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a9b4997e-002f-46bc-b00f-2338865ccb32", "vulnerability": {"vulnId": "CVE-2025-5287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "a9b4997e-002f-46bc-b00f-2338865ccb32", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-17T05:19:09+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2025-07-17T05:19:09+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Likes and Dislikes plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-5287", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5287"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 9, "vendor": "Wordpress", "30d_avg": 4, "90d_avg": 1, "product": "Wordpress Likes and Dislikes plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "3a939da8-8413-4d38-b6ce-f9dfcee60ca7", "vulnerability": {"vulnId": "CVE-2025-34030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3a939da8-8413-4d38-b6ce-f9dfcee60ca7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T08:38:05+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-01-21T08:38:05+00:00"}, "scope": {"notes": "Affected: sar2html / sar2html | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34030", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34030"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 7, "vendor": "sar2html", "30d_avg": 2, "90d_avg": 1, "product": "sar2html", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-21", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "5855783e-cdb4-42ac-b587-f8f20b877559", "vulnerability": {"vulnId": "CVE-2021-4458", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "5855783e-cdb4-42ac-b587-f8f20b877559", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-10T16:37:34+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-03-10T16:37:34+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Modern Events Calendar Lite plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-21: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-4458", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4458"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 2, "product": "Wordpress Modern Events Calendar Lite plugin", "cisa_kev": "no", "connections": 15, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "caa5acab-bf4e-48a0-b262-1ff0097f9e2a", "vulnerability": {"vulnId": "CVE-2026-10520", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-21T00:00:00+00:00"}, "gcve": {"object_uuid": "caa5acab-bf4e-48a0-b262-1ff0097f9e2a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2026-06-10T17:11:12+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-21T00:00:00+00:00", "first_seen_at": "2026-06-10T17:11:12+00:00"}, "scope": {"notes": "Affected: Ivanti / Sentry | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-21: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-10520", "url": "https://www.cve.org/CVERecord?id=CVE-2026-10520"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 2, "vendor": "Ivanti", "30d_avg": 1, "90d_avg": 0, "product": "Sentry", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-21", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "44d4433e-d398-4628-850c-3b82aef559c2", "vulnerability": {"vulnId": "CVE-2025-32814", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "44d4433e-d398-4628-850c-3b82aef559c2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-03-14T16:01:41+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2026-03-14T16:01:41+00:00"}, "scope": {"notes": "Affected: Infoblox / Infoblox NETMRI | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-32814", "url": "https://www.cve.org/CVERecord?id=CVE-2025-32814"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "Infoblox", "30d_avg": 4, "90d_avg": 1, "product": "Infoblox NETMRI", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "87a5986f-4d19-41b2-8a21-4aec3705626c", "vulnerability": {"vulnId": "CVE-2025-34143", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "87a5986f-4d19-41b2-8a21-4aec3705626c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-08-02T18:13:38+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-08-02T18:13:38+00:00"}, "scope": {"notes": "Affected: ETQ / ETQ Reliance | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34143", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34143"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 8, "vendor": "ETQ", "30d_avg": 4, "90d_avg": 1, "product": "ETQ Reliance", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "9d4c478a-d47c-4211-9e9b-62d3945b99f6", "vulnerability": {"vulnId": "CVE-2025-29063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "9d4c478a-d47c-4211-9e9b-62d3945b99f6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-02T16:08:06+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-02T16:08:06+00:00"}, "scope": {"notes": "Affected: LB-LINK / LB-LINK BL-AC2100 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-20: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-29063", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29063"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 8, "vendor": "LB-LINK", "30d_avg": 4, "90d_avg": 1, "product": "LB-LINK BL-AC2100", "cisa_kev": "no", "connections": 4, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e8895476-e0cb-45bc-8122-8fefe77c7b1a", "vulnerability": {"vulnId": "CVE-2025-3102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "e8895476-e0cb-45bc-8122-8fefe77c7b1a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2025-06-23T08:22:33+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-06-23T08:22:33+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress SureTriggers: All-in-One Automation Platform plugin | Class: cms | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-3102", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3102"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress SureTriggers: All-in-One Automation Platform plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "61d3d758-1915-4060-ab6e-4ca89787d8fd", "vulnerability": {"vulnId": "CVE-2025-4009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "61d3d758-1915-4060-ab6e-4ca89787d8fd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-07-13T19:04:55+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-13T19:04:55+00:00"}, "scope": {"notes": "Affected: Evertz / Evertz SDVN 3080ipx-10G and others | Class: router | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-4009", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4009"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 7, "vendor": "Evertz", "30d_avg": 4, "90d_avg": 1, "product": "Evertz SDVN 3080ipx-10G and others", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "edd36aec-d84b-4716-a14c-7da8b01ee64e", "vulnerability": {"vulnId": "CVE-2025-49493", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "edd36aec-d84b-4716-a14c-7da8b01ee64e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 58}, "timestamps": {"asserted_at": "2025-07-31T15:09:08+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-31T15:09:08+00:00"}, "scope": {"notes": "Affected: Akamai / Akamai CloudTest | Class: other-software | Severity: Medium (CVSS 5.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-49493", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49493"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 7, "vendor": "Akamai", "30d_avg": 4, "90d_avg": 1, "product": "Akamai CloudTest", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 5.8, "vulnerability_severity": "Medium"}}]}
{"uuid": "ad74fee8-8114-4563-ac85-ebcf365b3a65", "vulnerability": {"vulnId": "CVE-2025-41646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "ad74fee8-8114-4563-ac85-ebcf365b3a65", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-30T12:41:00+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-30T12:41:00+00:00"}, "scope": {"notes": "Affected: Revolution PI / Revolution PI webstatus and others | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-41646", "url": "https://www.cve.org/CVERecord?id=CVE-2025-41646"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 8, "vendor": "Revolution PI", "30d_avg": 4, "90d_avg": 1, "product": "Revolution PI webstatus and others", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0bf2e55b-7c3c-4964-8ef7-4011407ab244", "vulnerability": {"vulnId": "CVE-2025-47539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "0bf2e55b-7c3c-4964-8ef7-4011407ab244", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T19:04:47+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-13T19:04:47+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Themewinter Eventin plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-47539", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47539"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 10, "vendor": "Wordpress", "30d_avg": 5, "90d_avg": 1, "product": "Wordpress Themewinter Eventin plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2099c3a6-932a-409f-8cf3-273ce189ac82", "vulnerability": {"vulnId": "CVE-2025-34026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "2099c3a6-932a-409f-8cf3-273ce189ac82", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-07-21T20:43:13+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-21T20:43:13+00:00"}, "scope": {"notes": "Affected: Versa / Versa Concerto | Class: device-management-platform | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34026", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34026"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 9, "vendor": "Versa", "30d_avg": 5, "90d_avg": 1, "product": "Versa Concerto", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "efa53bb8-76c1-4cc7-ad9c-65b3ed1cee79", "vulnerability": {"vulnId": "CVE-2025-44177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "efa53bb8-76c1-4cc7-ad9c-65b3ed1cee79", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 82}, "timestamps": {"asserted_at": "2025-08-12T19:13:32+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-08-12T19:13:32+00:00"}, "scope": {"notes": "Affected: White Star Software / White Star Software Potop | Class: network-monitoring | Severity: High (CVSS 8.2) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-44177", "url": "https://www.cve.org/CVERecord?id=CVE-2025-44177"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 1, "vendor": "White Star Software", "30d_avg": 2, "90d_avg": 1, "product": "White Star Software Potop", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 8.2, "vulnerability_severity": "High"}}]}
{"uuid": "d11ef871-744d-4c52-a758-74506b0f074b", "vulnerability": {"vulnId": "CVE-2025-30406", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "d11ef871-744d-4c52-a758-74506b0f074b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-31T11:19:46+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-31T11:19:46+00:00"}, "scope": {"notes": "Affected: Gladinet / Gladinet CentreStack | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-30406", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30406"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 9, "vendor": "Gladinet", "30d_avg": 3, "90d_avg": 1, "product": "Gladinet CentreStack", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5de2ae55-4de2-44b1-8233-278c0457534d", "vulnerability": {"vulnId": "CVE-2025-54782", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "5de2ae55-4de2-44b1-8233-278c0457534d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-08-18T13:49:18+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-08-18T13:49:18+00:00"}, "scope": {"notes": "Affected: Nest / Nest | Class: web-app-framework | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-54782", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54782"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 9, "vendor": "Nest", "30d_avg": 5, "90d_avg": 1, "product": "Nest", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "7eaa71de-699d-47ef-b41a-36a57f27801b", "vulnerability": {"vulnId": "CVE-2025-54123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "7eaa71de-699d-47ef-b41a-36a57f27801b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-10T18:00:52+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-11-10T18:00:52+00:00"}, "scope": {"notes": "Affected: SpectoLabs / HoverFly | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-54123", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54123"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 9, "vendor": "SpectoLabs", "30d_avg": 5, "90d_avg": 1, "product": "HoverFly", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8491d74a-1f3a-4b0e-bc64-f4f623bf4752", "vulnerability": {"vulnId": "CVE-2025-47812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "8491d74a-1f3a-4b0e-bc64-f4f623bf4752", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-07-14T07:29:36+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-14T07:29:36+00:00"}, "scope": {"notes": "Affected: wftpserver.com / Wing FTP Server | Class: file-transfer | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-47812", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47812"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 9, "vendor": "wftpserver.com", "30d_avg": 4, "90d_avg": 1, "product": "Wing FTP Server", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "849c7ac5-194c-4a2f-83d3-192cd895a616", "vulnerability": {"vulnId": "CVE-2025-55161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "849c7ac5-194c-4a2f-83d3-192cd895a616", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-07T16:13:56+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-10-07T16:13:56+00:00"}, "scope": {"notes": "Affected: Stirling Tools / Stirling-PDF | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-55161", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55161"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 10, "vendor": "Stirling Tools", "30d_avg": 5, "90d_avg": 1, "product": "Stirling-PDF", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b7417e13-ecd8-4888-8757-7abd317ffd6d", "vulnerability": {"vulnId": "CVE-2025-47204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "b7417e13-ecd8-4888-8757-7abd317ffd6d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2025-07-21T20:43:25+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-21T20:43:25+00:00"}, "scope": {"notes": "Affected: David Strutz / bootstrap-multiselect | Class: other-software | Severity: Medium (CVSS 6.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-47204", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47204"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "David Strutz", "30d_avg": 0, "90d_avg": 0, "product": "bootstrap-multiselect", "cisa_kev": "no", "connections": 1, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "9b2600ac-33f4-4355-aaf5-8efd56aec762", "vulnerability": {"vulnId": "CVE-2025-47916", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "9b2600ac-33f4-4355-aaf5-8efd56aec762", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-06-06T20:40:10+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-06-06T20:40:10+00:00"}, "scope": {"notes": "Affected: Invision Power Services / Invision Community | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-47916", "url": "https://www.cve.org/CVERecord?id=CVE-2025-47916"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 8, "vendor": "Invision Power Services", "30d_avg": 4, "90d_avg": 1, "product": "Invision Community", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "72c68e32-a7fb-4319-833a-546b553495b8", "vulnerability": {"vulnId": "CVE-2025-34509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "72c68e32-a7fb-4319-833a-546b553495b8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-11-14T03:30:32+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-11-14T03:30:32+00:00"}, "scope": {"notes": "Affected: Sitecore / Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC) | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34509", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34509"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Sitecore", "30d_avg": 2, "90d_avg": 1, "product": "Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC)", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "59011d90-3471-465c-b392-3cbd76f4ebb1", "vulnerability": {"vulnId": "CVE-2025-54236", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "59011d90-3471-465c-b392-3cbd76f4ebb1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-27T18:42:11+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-10-27T18:42:11+00:00"}, "scope": {"notes": "Affected: Adobe / Adobe Commerce (Magento) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-54236", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54236"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 9, "vendor": "Adobe", "30d_avg": 4, "90d_avg": 1, "product": "Adobe Commerce (Magento)", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "eac9514e-35f6-4e03-9893-a883512e2d30", "vulnerability": {"vulnId": "CVE-2025-34152", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "eac9514e-35f6-4e03-9893-a883512e2d30", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 94}, "timestamps": {"asserted_at": "2026-03-25T17:41:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2026-03-25T17:41:53+00:00"}, "scope": {"notes": "Affected: Shenzhen Aitemi / Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) | Class: router | Severity: Critical (CVSS 9.4) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34152", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34152"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 8, "vendor": "Shenzhen Aitemi", "30d_avg": 4, "90d_avg": 1, "product": "Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02)", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.4, "vulnerability_severity": "Critical"}}]}
{"uuid": "e1e4050c-7882-474c-9315-d5eb4fac0557", "vulnerability": {"vulnId": "CVE-2026-24423", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "e1e4050c-7882-474c-9315-d5eb4fac0557", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-06-08T12:19:21+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2026-06-08T12:19:21+00:00"}, "scope": {"notes": "Affected: SmarterTools / SmarterMail | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-20: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-24423", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24423"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "SmarterTools", "30d_avg": 0, "90d_avg": 0, "product": "SmarterMail", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9329240d-69ea-44c0-bf90-ebe61e0f0413", "vulnerability": {"vulnId": "CVE-2025-4123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-20T00:00:00+00:00"}, "gcve": {"object_uuid": "9329240d-69ea-44c0-bf90-ebe61e0f0413", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 76}, "timestamps": {"asserted_at": "2025-07-21T20:43:06+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-20T00:00:00+00:00", "first_seen_at": "2025-07-21T20:43:06+00:00"}, "scope": {"notes": "Affected: Grafana / Grafana | Class: data-visualization | Severity: High (CVSS 7.6) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-20: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-4123", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4123"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "data-visualization", "7d_avg": 1, "vendor": "Grafana", "30d_avg": 2, "90d_avg": 1, "product": "Grafana", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-20", "vulnerability_class": "CVSS", "vulnerability_score": 7.6, "vulnerability_severity": "High"}}]}
{"uuid": "31b30098-0d0d-4b72-a437-21f60327d962", "vulnerability": {"vulnId": "CVE-2026-21902", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-19T00:00:00+00:00"}, "gcve": {"object_uuid": "31b30098-0d0d-4b72-a437-21f60327d962", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-03-14T11:28:11+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-19T00:00:00+00:00", "first_seen_at": "2026-03-14T11:28:11+00:00"}, "scope": {"notes": "Affected: Juniper / Junos OS Evolved on PTX Series | Class: embedded-system | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-19: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-21902", "url": "https://www.cve.org/CVERecord?id=CVE-2026-21902"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "Juniper", "30d_avg": 0, "90d_avg": 0, "product": "Junos OS Evolved on PTX Series", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-19", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "bd76c590-b86b-4de9-a606-74bd12f5e2e6", "vulnerability": {"vulnId": "CVE-2026-1281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-19T00:00:00+00:00"}, "gcve": {"object_uuid": "bd76c590-b86b-4de9-a606-74bd12f5e2e6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-31T10:10:41+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-19T00:00:00+00:00", "first_seen_at": "2026-01-31T10:10:41+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-19: 93", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-1281", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1281"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 0, "vendor": "Ivanti", "30d_avg": 0, "90d_avg": 0, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 93, "observation_date": "2026-06-19", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "19f17ba8-cf2a-44c9-8921-e9a4914cf293", "vulnerability": {"vulnId": "CVE-2026-1340", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-19T00:00:00+00:00"}, "gcve": {"object_uuid": "19f17ba8-cf2a-44c9-8921-e9a4914cf293", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-26T00:27:43+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-19T00:00:00+00:00", "first_seen_at": "2026-04-26T00:27:43+00:00"}, "scope": {"notes": "Affected: Ivanti / Endpoint Manager Mobile (EPMM), formerly MobileIron Core | Class: mobile-device-management | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-19: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-1340", "url": "https://www.cve.org/CVERecord?id=CVE-2026-1340"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "4", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 0, "vendor": "Ivanti", "30d_avg": 0, "90d_avg": 0, "product": "Endpoint Manager Mobile (EPMM), formerly MobileIron Core", "cisa_kev": "yes", "connections": 11, "observation_date": "2026-06-19", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c8cf029c-40c8-4d42-aad7-48ffb95d2b38", "vulnerability": {"vulnId": "CVE-2024-50623", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-18T00:00:00+00:00"}, "gcve": {"object_uuid": "c8cf029c-40c8-4d42-aad7-48ffb95d2b38", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-05-25T18:56:57+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-18T00:00:00+00:00", "first_seen_at": "2025-05-25T18:56:57+00:00"}, "scope": {"notes": "Affected: Cleo / Cleo Harmony, VLTrader and LexiCom | Class: file-transfer | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-18: 17", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-50623", "url": "https://www.cve.org/CVERecord?id=CVE-2024-50623"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 0, "vendor": "Cleo", "30d_avg": 0, "90d_avg": 0, "product": "Cleo Harmony, VLTrader and LexiCom", "cisa_kev": "yes", "connections": 17, "observation_date": "2026-06-18", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "7280d30a-f005-4c42-b41b-bb0b3862651f", "vulnerability": {"vulnId": "CVE-2025-30220", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-18T00:00:00+00:00"}, "gcve": {"object_uuid": "7280d30a-f005-4c42-b41b-bb0b3862651f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-22T08:01:05+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-18T00:00:00+00:00", "first_seen_at": "2025-07-22T08:01:05+00:00"}, "scope": {"notes": "Affected: Geoserver / Geoserver | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-18: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-30220", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30220"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Geoserver", "30d_avg": 1, "90d_avg": 0, "product": "Geoserver", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-18", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f782d831-5be0-43ec-bef4-93d91a1873ff", "vulnerability": {"vulnId": "CVE-2014-1677", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "f782d831-5be0-43ec-bef4-93d91a1873ff", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-02T15:59:29+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-15T00:00:00+00:00", "first_seen_at": "2025-07-02T15:59:29+00:00"}, "scope": {"notes": "Affected: Technicolor / Technicolor TC7200 | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-06-15: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-1677", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1677"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Technicolor", "30d_avg": 0, "90d_avg": 0, "product": "Technicolor TC7200", "cisa_kev": "no", "connections": 2, "observation_date": "2026-06-15", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2feb59b9-2bd6-475d-8a21-60188d67fa9e", "vulnerability": {"vulnId": "CVE-2025-54309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-15T00:00:00+00:00"}, "gcve": {"object_uuid": "2feb59b9-2bd6-475d-8a21-60188d67fa9e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-10T02:51:32+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-15T00:00:00+00:00", "first_seen_at": "2025-10-10T02:51:32+00:00"}, "scope": {"notes": "Affected: CrushFTP / CrushFTP | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-15: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-54309", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54309"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 0, "vendor": "CrushFTP", "30d_avg": 0, "90d_avg": 0, "product": "CrushFTP", "cisa_kev": "yes", "connections": 15, "observation_date": "2026-06-15", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "18149507-1873-4ce2-b7ff-3f50dd853e33", "vulnerability": {"vulnId": "CVE-2025-53770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "18149507-1873-4ce2-b7ff-3f50dd853e33", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-22T10:21:23+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-13T00:00:00+00:00", "first_seen_at": "2025-07-22T10:21:23+00:00"}, "scope": {"notes": "Affected: Microsoft / SharePoint | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-53770", "url": "https://www.cve.org/CVERecord?id=CVE-2025-53770"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 0, "vendor": "Microsoft", "30d_avg": 0, "90d_avg": 0, "product": "SharePoint", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8b55a9e0-773b-454d-a554-6bb2723ee2d9", "vulnerability": {"vulnId": "CVE-2025-29927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-11T00:00:00+00:00"}, "gcve": {"object_uuid": "8b55a9e0-773b-454d-a554-6bb2723ee2d9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2025-04-24T10:37:49+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-11T00:00:00+00:00", "first_seen_at": "2025-04-24T10:37:49+00:00"}, "scope": {"notes": "Affected: Next.js / Next.js | Class: web-app-framework | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-11: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-29927", "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "Next.js", "30d_avg": 0, "90d_avg": 0, "product": "Next.js", "cisa_kev": "no", "connections": 3, "observation_date": "2026-06-11", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "07cf1779-8ae3-4cd6-9daf-0b248c4634e6", "vulnerability": {"vulnId": "CVE-2025-34033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-07T19:06:22+00:00"}, "gcve": {"object_uuid": "07cf1779-8ae3-4cd6-9daf-0b248c4634e6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-06-07T19:06:22+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-07T19:06:22+00:00", "first_seen_at": "2026-06-07T19:06:22+00:00"}, "scope": {"notes": "Affected: 5VTechnologies / Blue Angel Software Suite | Class: security-management-platform | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-07: 300", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34033", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34033"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "5VTechnologies", "30d_avg": 0, "90d_avg": 0, "product": "Blue Angel Software Suite", "cisa_kev": "no", "connections": 300, "observation_date": "2026-06-07", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "881b1c44-232d-4efd-b3a5-595f848367e3", "vulnerability": {"vulnId": "CVE-2025-37164", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-04T00:00:00+00:00"}, "gcve": {"object_uuid": "881b1c44-232d-4efd-b3a5-595f848367e3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2026-01-15T23:08:52+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-04T00:00:00+00:00", "first_seen_at": "2026-01-15T23:08:52+00:00"}, "scope": {"notes": "Affected: HPE / HPE OneView | Class: device-management-platform | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-04: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-37164", "url": "https://www.cve.org/CVERecord?id=CVE-2025-37164"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "HPE", "30d_avg": 0, "90d_avg": 0, "product": "HPE OneView", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-06-04", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "8550a3ec-69c7-4ca4-81b8-097747271e55", "vulnerability": {"vulnId": "CVE-2025-24813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8550a3ec-69c7-4ca4-81b8-097747271e55", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 55}, "timestamps": {"asserted_at": "2025-03-14T20:37:01+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-06-03T00:00:00+00:00", "first_seen_at": "2025-03-14T20:37:01+00:00"}, "scope": {"notes": "Affected: Apache / Tomcat | Class: web-server | Severity: Medium (CVSS 5.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-06-03: 23", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-24813", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "Tomcat", "cisa_kev": "yes", "connections": 23, "observation_date": "2026-06-03", "vulnerability_class": "CVSS", "vulnerability_score": 5.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "9871d6a5-d1b2-4247-ada8-20413d323e7f", "vulnerability": {"vulnId": "CVE-2024-9001", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-31T00:00:00+00:00"}, "gcve": {"object_uuid": "9871d6a5-d1b2-4247-ada8-20413d323e7f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-07-13T16:16:07+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-31T00:00:00+00:00", "first_seen_at": "2025-07-13T16:16:07+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink T10 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-05-31: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9001", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9001"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink T10", "cisa_kev": "no", "connections": 5, "observation_date": "2026-05-31", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "f4da5445-1e64-4a7d-ba16-e3808abb8c18", "vulnerability": {"vulnId": "CVE-2025-34054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-31T00:00:00+00:00"}, "gcve": {"object_uuid": "f4da5445-1e64-4a7d-ba16-e3808abb8c18", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-19T22:05:52+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-31T00:00:00+00:00", "first_seen_at": "2026-01-19T22:05:52+00:00"}, "scope": {"notes": "Affected: AVTECH / AVTECH IP camera, NVR, DVR products | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-05-31: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34054", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34054"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "AVTECH", "30d_avg": 0, "90d_avg": 0, "product": "AVTECH IP camera, NVR, DVR products", "cisa_kev": "no", "connections": 3, "observation_date": "2026-05-31", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "88c8eb52-1e40-471b-a668-e3358bc09f0f", "vulnerability": {"vulnId": "CVE-2019-6340", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-27T00:00:00+00:00"}, "gcve": {"object_uuid": "88c8eb52-1e40-471b-a668-e3358bc09f0f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2023-11-15T03:29:50+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-27T00:00:00+00:00", "first_seen_at": "2023-11-15T03:29:50+00:00"}, "scope": {"notes": "Affected: Drupal / Drupal | Class: cms | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-05-27: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-6340", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6340"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Drupal", "30d_avg": 0, "90d_avg": 0, "product": "Drupal", "cisa_kev": "yes", "connections": 2, "observation_date": "2026-05-27", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "5486f1c3-e8ed-4f11-9376-6ac0d3d5770e", "vulnerability": {"vulnId": "CVE-2018-25126", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-26T00:00:00+00:00"}, "gcve": {"object_uuid": "5486f1c3-e8ed-4f11-9376-6ac0d3d5770e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-20T09:14:15+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-26T00:00:00+00:00", "first_seen_at": "2026-01-20T09:14:15+00:00"}, "scope": {"notes": "Affected: Shenzhen TVT / Shenzhen TVT Digital Technology DVR/NVR/IPC | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-05-26: 190", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-25126", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25126"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Shenzhen TVT", "30d_avg": 0, "90d_avg": 0, "product": "Shenzhen TVT Digital Technology DVR/NVR/IPC", "cisa_kev": "no", "connections": 190, "observation_date": "2026-05-26", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "adcdc9c5-e365-473f-a8f9-5ff99fa7b59d", "vulnerability": {"vulnId": "CVE-2025-20281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "adcdc9c5-e365-473f-a8f9-5ff99fa7b59d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T23:26:39+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-25T00:00:00+00:00", "first_seen_at": "2025-07-13T23:26:39+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco ISE and ISE-PIC | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-05-25: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-20281", "url": "https://www.cve.org/CVERecord?id=CVE-2025-20281"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco ISE and ISE-PIC", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-05-25", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "730f8f75-eca3-4787-bcac-11c79ff0a2b5", "vulnerability": {"vulnId": "CVE-2025-7544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "730f8f75-eca3-4787-bcac-11c79ff0a2b5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-22T01:34:35+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-25T00:00:00+00:00", "first_seen_at": "2026-01-22T01:34:35+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda AC1206 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-05-25: 49", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-7544", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7544"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Tenda", "30d_avg": 1, "90d_avg": 0, "product": "Tenda AC1206", "cisa_kev": "no", "connections": 49, "observation_date": "2026-05-25", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "083b0ee4-1332-4173-b6e5-9f339059acc2", "vulnerability": {"vulnId": "CVE-2023-7311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "083b0ee4-1332-4173-b6e5-9f339059acc2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-10-24T15:45:40+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-24T00:00:00+00:00", "first_seen_at": "2025-10-24T15:45:40+00:00"}, "scope": {"notes": "Affected: BYTEVALUE / BYTEVALUE Intelligent Flow Control Router | Class: router | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-24: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-7311", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7311"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "BYTEVALUE", "30d_avg": 0, "90d_avg": 0, "product": "BYTEVALUE Intelligent Flow Control Router", "cisa_kev": "no", "connections": 5, "observation_date": "2026-05-24", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "b28d2e8b-fd02-433e-841f-b71aae100e54", "vulnerability": {"vulnId": "CVE-2020-11963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b28d2e8b-fd02-433e-841f-b71aae100e54", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-23T11:38:39+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-24T00:00:00+00:00", "first_seen_at": "2026-01-23T11:38:39+00:00"}, "scope": {"notes": "Affected: Evenroute / IQrouter | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-05-24: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-11963", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11963"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Evenroute", "30d_avg": 0, "90d_avg": 0, "product": "IQrouter", "cisa_kev": "no", "connections": 7, "observation_date": "2026-05-24", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e9b81044-502e-4298-befd-0cc5ef8f78df", "vulnerability": {"vulnId": "CVE-2025-24016", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "e9b81044-502e-4298-befd-0cc5ef8f78df", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 99}, "timestamps": {"asserted_at": "2025-05-03T23:52:16+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-22T00:00:00+00:00", "first_seen_at": "2025-05-03T23:52:16+00:00"}, "scope": {"notes": "Affected: Wazuh / Wazuh | Class: security-management-platform | Severity: Critical (CVSS 9.9) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-05-22: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-24016", "url": "https://www.cve.org/CVERecord?id=CVE-2025-24016"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "Wazuh", "30d_avg": 0, "90d_avg": 0, "product": "Wazuh", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-05-22", "vulnerability_class": "CVSS", "vulnerability_score": 9.9, "vulnerability_severity": "Critical"}}]}
{"uuid": "1bf21899-5fa6-480c-af57-b3182244c411", "vulnerability": {"vulnId": "CVE-2024-11120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-21T00:00:00+00:00"}, "gcve": {"object_uuid": "1bf21899-5fa6-480c-af57-b3182244c411", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-04-06T15:32:57+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-21T00:00:00+00:00", "first_seen_at": "2025-04-06T15:32:57+00:00"}, "scope": {"notes": "Affected: GeoVision / GeoVision multiple EOL products | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-05-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-11120", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11120"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "GeoVision", "30d_avg": 0, "90d_avg": 0, "product": "GeoVision multiple EOL products", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-05-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1343278c-0c4d-4234-8120-acab1058e217", "vulnerability": {"vulnId": "CVE-2025-1316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-21T00:00:00+00:00"}, "gcve": {"object_uuid": "1343278c-0c4d-4234-8120-acab1058e217", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-22T19:29:00+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-21T00:00:00+00:00", "first_seen_at": "2025-03-22T19:29:00+00:00"}, "scope": {"notes": "Affected: Edimax / Edimax IC-7100 | Class: voip | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-05-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-1316", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1316"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "voip", "7d_avg": 0, "vendor": "Edimax", "30d_avg": 0, "90d_avg": 0, "product": "Edimax IC-7100", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-05-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3105c787-14eb-4989-88de-80b05b16f8c2", "vulnerability": {"vulnId": "CVE-2026-23760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-20T00:00:00+00:00"}, "gcve": {"object_uuid": "3105c787-14eb-4989-88de-80b05b16f8c2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 93}, "timestamps": {"asserted_at": "2026-01-25T00:04:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-20T00:00:00+00:00", "first_seen_at": "2026-01-25T00:04:42+00:00"}, "scope": {"notes": "Affected: SmarterTools / SmarterMail | Class: email | Severity: Critical (CVSS 9.3) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-05-20: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-23760", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23760"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "SmarterTools", "30d_avg": 0, "90d_avg": 0, "product": "SmarterMail", "cisa_kev": "yes", "connections": 9, "observation_date": "2026-05-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.3, "vulnerability_severity": "Critical"}}]}
{"uuid": "65a133f1-2f3c-40fa-89f1-76f23603321e", "vulnerability": {"vulnId": "CVE-2021-22054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-15T15:16:56+00:00"}, "gcve": {"object_uuid": "65a133f1-2f3c-40fa-89f1-76f23603321e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-05-15T15:16:56+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-15T15:16:56+00:00", "first_seen_at": "2026-05-15T15:16:56+00:00"}, "scope": {"notes": "Affected: Omnissa / Omnissa Workspace ONE UEM | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-05-15: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22054", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22054"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Omnissa", "30d_avg": 0, "90d_avg": 0, "product": "Omnissa Workspace ONE UEM", "cisa_kev": "yes", "connections": 6, "observation_date": "2026-05-15", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "3bfe847d-221c-4370-93b3-0f39976afbd4", "vulnerability": {"vulnId": "CVE-2024-13982", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-15T00:00:00+00:00"}, "gcve": {"object_uuid": "3bfe847d-221c-4370-93b3-0f39976afbd4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-09-27T04:21:16+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-15T00:00:00+00:00", "first_seen_at": "2025-09-27T04:21:16+00:00"}, "scope": {"notes": "Affected: Changsha SPON Communication Technology / SPON IP Network Broadcast System | Class: voip | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-15: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-13982", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13982"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "voip", "7d_avg": 0, "vendor": "Changsha SPON Communication Technology", "30d_avg": 0, "90d_avg": 0, "product": "SPON IP Network Broadcast System", "cisa_kev": "no", "connections": 5, "observation_date": "2026-05-15", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "e6a09b04-dff7-4f1c-ac4b-09b604b41d19", "vulnerability": {"vulnId": "CVE-2019-13396", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-11T14:26:48+00:00"}, "gcve": {"object_uuid": "e6a09b04-dff7-4f1c-ac4b-09b604b41d19", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2026-05-11T14:26:48+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-11T14:26:48+00:00", "first_seen_at": "2026-05-11T14:26:48+00:00"}, "scope": {"notes": "Affected: FlightPath / FlightPath | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-11: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-13396", "url": "https://www.cve.org/CVERecord?id=CVE-2019-13396"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "FlightPath", "30d_avg": 0, "90d_avg": 0, "product": "FlightPath", "cisa_kev": "no", "connections": 2, "observation_date": "2026-05-11", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "c362c979-0e01-4dbf-8496-c47937b1bb5c", "vulnerability": {"vulnId": "CVE-2022-28912", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-07T00:00:00+00:00"}, "gcve": {"object_uuid": "c362c979-0e01-4dbf-8496-c47937b1bb5c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-04-19T05:04:08+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-07T00:00:00+00:00", "first_seen_at": "2025-04-19T05:04:08+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink N600R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-05-07: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28912", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28912"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink N600R", "cisa_kev": "no", "connections": 1, "observation_date": "2026-05-07", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "257c2934-0c5e-46bc-a1a6-bec5782e8c26", "vulnerability": {"vulnId": "CVE-2026-3965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-06T00:00:00+00:00"}, "gcve": {"object_uuid": "257c2934-0c5e-46bc-a1a6-bec5782e8c26", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2026-04-06T15:52:30+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-06T00:00:00+00:00", "first_seen_at": "2026-04-06T15:52:30+00:00"}, "scope": {"notes": "Affected: whyour / qinglong | Class: device-management-platform | Severity: Medium (CVSS 6.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-06: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-3965", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3965"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 4, "vendor": "whyour", "30d_avg": 2, "90d_avg": 0, "product": "qinglong", "cisa_kev": "no", "connections": 1, "observation_date": "2026-05-06", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "4b86132c-02fd-4a2f-8f7f-a02b59b5f821", "vulnerability": {"vulnId": "CVE-2025-34058", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-05-03T16:22:57+00:00"}, "gcve": {"object_uuid": "4b86132c-02fd-4a2f-8f7f-a02b59b5f821", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-05-03T16:22:57+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-05-03T16:22:57+00:00", "first_seen_at": "2026-05-03T16:22:57+00:00"}, "scope": {"notes": "Affected: Hikvision / Hikvision Streaming Media Management Server | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2026-05-03: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34058", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34058"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Hikvision", "30d_avg": 0, "90d_avg": 0, "product": "Hikvision Streaming Media Management Server", "cisa_kev": "no", "connections": 3, "observation_date": "2026-05-03", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "b673f709-b649-49db-8c9a-25a64208caec", "vulnerability": {"vulnId": "CVE-2023-39964", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-16T00:00:00+00:00"}, "gcve": {"object_uuid": "b673f709-b649-49db-8c9a-25a64208caec", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-06T15:15:06+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-04-16T00:00:00+00:00", "first_seen_at": "2026-04-06T15:15:06+00:00"}, "scope": {"notes": "Affected: 1Panel / !Panel | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-04-16: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-39964", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39964"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "1Panel", "30d_avg": 0, "90d_avg": 0, "product": "!Panel", "cisa_kev": "no", "connections": 1, "observation_date": "2026-04-16", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "61514dc9-d9e6-4818-bc6e-248350406571", "vulnerability": {"vulnId": "CVE-2023-7308", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "61514dc9-d9e6-4818-bc6e-248350406571", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-10-24T21:01:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-04-15T00:00:00+00:00", "first_seen_at": "2025-10-24T21:01:53+00:00"}, "scope": {"notes": "Affected: NSFOCUS / NSFOCUS SecGate3600 Firewall | Class: firewall | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-04-15: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-7308", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7308"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "NSFOCUS", "30d_avg": 0, "90d_avg": 0, "product": "NSFOCUS SecGate3600 Firewall", "cisa_kev": "no", "connections": 1, "observation_date": "2026-04-15", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "e4d2f061-cdd6-477e-84bf-0ef3db2704b0", "vulnerability": {"vulnId": "CVE-2024-22768", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-12T22:07:42+00:00"}, "gcve": {"object_uuid": "e4d2f061-cdd6-477e-84bf-0ef3db2704b0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-04-12T22:07:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-04-12T22:07:42+00:00", "first_seen_at": "2026-04-12T22:07:42+00:00"}, "scope": {"notes": "Affected: Hitron Systems / Hitron Systems DVR | Class: video-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-04-12: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-22768", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22768"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Hitron Systems", "30d_avg": 0, "90d_avg": 0, "product": "Hitron Systems DVR", "cisa_kev": "no", "connections": 1, "observation_date": "2026-04-12", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "de195e77-97c9-4cd8-9f4f-d79a5c6e4d85", "vulnerability": {"vulnId": "CVE-2018-0125", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-04-02T18:11:50+00:00"}, "gcve": {"object_uuid": "de195e77-97c9-4cd8-9f4f-d79a5c6e4d85", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-04-02T18:11:50+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-04-02T18:11:50+00:00", "first_seen_at": "2026-04-02T18:11:50+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco RV132W/RV134W | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-04-02: 34", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-0125", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0125"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "13", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco RV132W/RV134W", "cisa_kev": "yes", "connections": 34, "observation_date": "2026-04-02", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d71f71ca-bd03-423f-90f2-a5ec78225af0", "vulnerability": {"vulnId": "CVE-2020-3259", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d71f71ca-bd03-423f-90f2-a5ec78225af0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-12T10:38:33+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-03-25T00:00:00+00:00", "first_seen_at": "2025-07-12T10:38:33+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco ASA and Cisco Firepower Threat Defense | Class: firewall | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2026-03-25: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-3259", "url": "https://www.cve.org/CVERecord?id=CVE-2020-3259"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco ASA and Cisco Firepower Threat Defense", "cisa_kev": "yes", "connections": 1, "observation_date": "2026-03-25", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "7b831474-44cc-4cf9-84e1-5e6d62f8adce", "vulnerability": {"vulnId": "CVE-2024-30891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-22T00:00:00+00:00"}, "gcve": {"object_uuid": "7b831474-44cc-4cf9-84e1-5e6d62f8adce", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-12-21T05:23:17+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-03-22T00:00:00+00:00", "first_seen_at": "2025-12-21T05:23:17+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda AC18 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-03-22: 27", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-30891", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30891"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Tenda", "30d_avg": 0, "90d_avg": 0, "product": "Tenda AC18", "cisa_kev": "no", "connections": 27, "observation_date": "2026-03-22", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "47fdb12a-12c7-4ddc-9401-48b4bfa282eb", "vulnerability": {"vulnId": "CVE-2026-20128", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-20T00:00:00+00:00"}, "gcve": {"object_uuid": "47fdb12a-12c7-4ddc-9401-48b4bfa282eb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-03-06T22:35:44+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-03-20T00:00:00+00:00", "first_seen_at": "2026-03-06T22:35:44+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco SD-WAN Manager | Class: device-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-03-20: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-20128", "url": "https://www.cve.org/CVERecord?id=CVE-2026-20128"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 1, "90d_avg": 0, "product": "Cisco SD-WAN Manager", "cisa_kev": "no", "connections": 11, "observation_date": "2026-03-20", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5613beea-185a-46e0-8255-db8b688988a7", "vulnerability": {"vulnId": "CVE-2018-25120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-08T00:00:00+00:00"}, "gcve": {"object_uuid": "5613beea-185a-46e0-8255-db8b688988a7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-02-24T23:13:26+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-03-08T00:00:00+00:00", "first_seen_at": "2026-02-24T23:13:26+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DNS-343 ShareCenter | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-03-08: 193", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-25120", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25120"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DNS-343 ShareCenter", "cisa_kev": "no", "connections": 193, "observation_date": "2026-03-08", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "60656019-738e-489e-b830-0a6987556cb8", "vulnerability": {"vulnId": "CVE-2024-7399", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-01T00:00:00+00:00"}, "gcve": {"object_uuid": "60656019-738e-489e-b830-0a6987556cb8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-06-16T17:33:00+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-03-01T00:00:00+00:00", "first_seen_at": "2025-06-16T17:33:00+00:00"}, "scope": {"notes": "Affected: Samsung / Samsung magicINFO 9 | Class: cms | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-03-01: 21", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-7399", "url": "https://www.cve.org/CVERecord?id=CVE-2024-7399"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Samsung", "30d_avg": 0, "90d_avg": 0, "product": "Samsung magicINFO 9", "cisa_kev": "no", "connections": 21, "observation_date": "2026-03-01", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "27e6242e-25c9-4cb9-99cb-ec65fbb73194", "vulnerability": {"vulnId": "CVE-2023-51833", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "27e6242e-25c9-4cb9-99cb-ec65fbb73194", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2025-05-04T08:17:09+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-15T00:00:00+00:00", "first_seen_at": "2025-05-04T08:17:09+00:00"}, "scope": {"notes": "Affected: TRENDnet / TRENDnet TEW-411BRPplus | Class: router | Severity: High (CVSS 8.1) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-15: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-51833", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51833"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "TRENDnet", "30d_avg": 0, "90d_avg": 0, "product": "TRENDnet TEW-411BRPplus", "cisa_kev": "no", "connections": 1, "observation_date": "2026-02-15", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "c464a426-4d80-400a-917d-10ee5621e2d4", "vulnerability": {"vulnId": "CVE-2025-7081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "c464a426-4d80-400a-917d-10ee5621e2d4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-23T01:49:02+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-12T00:00:00+00:00", "first_seen_at": "2026-01-23T01:49:02+00:00"}, "scope": {"notes": "Affected: Belkin / Belkin F9K1122 | Class: wireless-extender | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-12: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-7081", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7081"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 0, "vendor": "Belkin", "30d_avg": 0, "90d_avg": 0, "product": "Belkin F9K1122", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "f442144c-6baa-4b9f-acb5-48395ecb9354", "vulnerability": {"vulnId": "CVE-2025-5571", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "f442144c-6baa-4b9f-acb5-48395ecb9354", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-23T00:54:38+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-12T00:00:00+00:00", "first_seen_at": "2026-01-23T00:54:38+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DCS-932L | Class: video-system | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-12: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-5571", "url": "https://www.cve.org/CVERecord?id=CVE-2025-5571"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DCS-932L", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "e97352d2-2e7a-4ec9-9d3a-4b23e2ffc789", "vulnerability": {"vulnId": "CVE-2025-6485", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "e97352d2-2e7a-4ec9-9d3a-4b23e2ffc789", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2026-01-22T20:22:46+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-12T00:00:00+00:00", "first_seen_at": "2026-01-22T20:22:46+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A3002R | Class: router | Severity: Medium (CVSS 6.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-12: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-6485", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6485"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink A3002R", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "70859b72-99a4-45bf-87bf-c8143fa0fa84", "vulnerability": {"vulnId": "CVE-2025-7407", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "70859b72-99a4-45bf-87bf-c8143fa0fa84", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-22T21:15:32+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-12T00:00:00+00:00", "first_seen_at": "2026-01-22T21:15:32+00:00"}, "scope": {"notes": "Affected: NETGEAR / NETGEAR D6400 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-12: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-7407", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7407"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "NETGEAR", "30d_avg": 0, "90d_avg": 0, "product": "NETGEAR D6400", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "bbbac67e-c3cd-4667-a048-7ff7b0198c57", "vulnerability": {"vulnId": "CVE-2025-8829", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "bbbac67e-c3cd-4667-a048-7ff7b0198c57", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-22T23:05:14+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-12T00:00:00+00:00", "first_seen_at": "2026-01-22T23:05:14+00:00"}, "scope": {"notes": "Affected: Linksys / Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 | Class: wireless-extender | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-12: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-8829", "url": "https://www.cve.org/CVERecord?id=CVE-2025-8829"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 0, "vendor": "Linksys", "30d_avg": 0, "90d_avg": 0, "product": "Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "8b908c93-7d68-4f36-a0e2-85b9ec4a177e", "vulnerability": {"vulnId": "CVE-2025-44846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "8b908c93-7d68-4f36-a0e2-85b9ec4a177e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2026-01-29T10:41:36+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-12T00:00:00+00:00", "first_seen_at": "2026-01-29T10:41:36+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink CA600-PoE | Class: router | Severity: Medium (CVSS 6.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-12: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-44846", "url": "https://www.cve.org/CVERecord?id=CVE-2025-44846"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink CA600-PoE", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "5daec079-b3aa-4761-91e4-39a3267795e7", "vulnerability": {"vulnId": "CVE-2022-40619", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "5daec079-b3aa-4761-91e4-39a3267795e7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 77}, "timestamps": {"asserted_at": "2026-01-26T20:12:10+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-11T00:00:00+00:00", "first_seen_at": "2026-01-26T20:12:10+00:00"}, "scope": {"notes": "Affected: NETGEAR / NETGEAR devices with FunJSQ | Class: router | Severity: High (CVSS 7.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-11: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-40619", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40619"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "NETGEAR", "30d_avg": 0, "90d_avg": 0, "product": "NETGEAR devices with FunJSQ", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-11", "vulnerability_class": "CVSS", "vulnerability_score": 7.7, "vulnerability_severity": "High"}}]}
{"uuid": "949d42f5-e581-453a-b20b-cd3608b9117e", "vulnerability": {"vulnId": "CVE-2015-10145", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "949d42f5-e581-453a-b20b-cd3608b9117e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 87}, "timestamps": {"asserted_at": "2026-01-31T14:30:16+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-10T00:00:00+00:00", "first_seen_at": "2026-01-31T14:30:16+00:00"}, "scope": {"notes": "Affected: Gargoyle / Gargoyle Router | Class: router | Severity: High (CVSS 8.7) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-10: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2015-10145", "url": "https://www.cve.org/CVERecord?id=CVE-2015-10145"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Gargoyle", "30d_avg": 0, "90d_avg": 0, "product": "Gargoyle Router", "cisa_kev": "no", "connections": 7, "observation_date": "2026-02-10", "vulnerability_class": "CVSS", "vulnerability_score": 8.7, "vulnerability_severity": "High"}}]}
{"uuid": "5fc86d5b-ce12-4345-b19e-80c552bfe545", "vulnerability": {"vulnId": "CVE-2022-31208", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "5fc86d5b-ce12-4345-b19e-80c552bfe545", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-22T08:58:28+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-10T00:00:00+00:00", "first_seen_at": "2026-01-22T08:58:28+00:00"}, "scope": {"notes": "Affected: Infiray / Infiray IRAY-A8Z3 | Class: other-software | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-10: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31208", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31208"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Infiray", "30d_avg": 0, "90d_avg": 0, "product": "Infiray IRAY-A8Z3", "cisa_kev": "no", "connections": 6, "observation_date": "2026-02-10", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "f8535bd6-83b5-452b-a6c8-4471886f39fa", "vulnerability": {"vulnId": "CVE-2025-34042", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-09T23:23:54+00:00"}, "gcve": {"object_uuid": "f8535bd6-83b5-452b-a6c8-4471886f39fa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-09T23:23:54+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-09T23:23:54+00:00", "first_seen_at": "2026-02-09T23:23:54+00:00"}, "scope": {"notes": "Affected: BEWARD / BEWARD N100 H.264 VGA IP Camera | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-09: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-34042", "url": "https://www.cve.org/CVERecord?id=CVE-2025-34042"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "BEWARD", "30d_avg": 0, "90d_avg": 0, "product": "BEWARD N100 H.264 VGA IP Camera", "cisa_kev": "no", "connections": 4, "observation_date": "2026-02-09", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "45039795-fe39-4276-83f8-72e7f125845b", "vulnerability": {"vulnId": "CVE-2022-37061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-09T00:00:00+00:00"}, "gcve": {"object_uuid": "45039795-fe39-4276-83f8-72e7f125845b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-08-01T00:06:20+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-09T00:00:00+00:00", "first_seen_at": "2025-08-01T00:06:20+00:00"}, "scope": {"notes": "Affected: FLIR / AX8 thermal sensor cameras | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-09: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-37061", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37061"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "FLIR", "30d_avg": 0, "90d_avg": 0, "product": "AX8 thermal sensor cameras", "cisa_kev": "no", "connections": 9, "observation_date": "2026-02-09", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b1f281e1-8357-4b1c-8990-28f89965aada", "vulnerability": {"vulnId": "CVE-2022-34538", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-09T00:00:00+00:00"}, "gcve": {"object_uuid": "b1f281e1-8357-4b1c-8990-28f89965aada", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2026-01-25T01:59:00+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-09T00:00:00+00:00", "first_seen_at": "2026-01-25T01:59:00+00:00"}, "scope": {"notes": "Affected: Digital Watchdog / Digital Watchdog DW MEGApix IP cameras | Class: video-system | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-09: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-34538", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34538"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Digital Watchdog", "30d_avg": 0, "90d_avg": 0, "product": "Digital Watchdog DW MEGApix IP cameras", "cisa_kev": "no", "connections": 10, "observation_date": "2026-02-09", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "e13e2c34-523d-4758-915a-95669a672280", "vulnerability": {"vulnId": "CVE-2023-52163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-08T00:00:00+00:00"}, "gcve": {"object_uuid": "e13e2c34-523d-4758-915a-95669a672280", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 59}, "timestamps": {"asserted_at": "2025-03-29T12:06:35+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-08T00:00:00+00:00", "first_seen_at": "2025-03-29T12:06:35+00:00"}, "scope": {"notes": "Affected: DigiEver / DigiEver DS-2105 Pro | Class: video-system | Severity: Medium (CVSS 5.9) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2026-02-08: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-52163", "url": "https://www.cve.org/CVERecord?id=CVE-2023-52163"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "DigiEver", "30d_avg": 0, "90d_avg": 0, "product": "DigiEver DS-2105 Pro", "cisa_kev": "yes", "connections": 10, "observation_date": "2026-02-08", "vulnerability_class": "CVSS", "vulnerability_score": 5.9, "vulnerability_severity": "Medium"}}]}
{"uuid": "12792309-3edc-44f9-9e8d-300d664b3fe0", "vulnerability": {"vulnId": "CVE-2020-24219", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-04T16:36:18+00:00"}, "gcve": {"object_uuid": "12792309-3edc-44f9-9e8d-300d664b3fe0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2026-02-04T16:36:18+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-02-04T16:36:18+00:00", "first_seen_at": "2026-02-04T16:36:18+00:00"}, "scope": {"notes": "Affected: HiSilicon / HiSilicon based hardware video encoders (multiple vendors) | Class: embedded-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-02-04: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-24219", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24219"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "HiSilicon", "30d_avg": 0, "90d_avg": 0, "product": "HiSilicon based hardware video encoders (multiple vendors)", "cisa_kev": "no", "connections": 3, "observation_date": "2026-02-04", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "1d6c844c-e9bd-44c7-a8b7-a03d5316632b", "vulnerability": {"vulnId": "CVE-2026-24061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-23T16:10:04+00:00"}, "gcve": {"object_uuid": "1d6c844c-e9bd-44c7-a8b7-a03d5316632b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2026-01-23T16:10:04+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-01-23T16:10:04+00:00", "first_seen_at": "2026-01-23T16:10:04+00:00"}, "scope": {"notes": "Affected: GNU Operating System / GNU Inetutils (telnetd) | Severity: CRITICAL (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-01-23: 115", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2026-24061", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24061"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "brute-force", "class": null, "7d_avg": 0, "vendor": "GNU Operating System", "30d_avg": 0, "90d_avg": 0, "product": "GNU Inetutils (telnetd)", "cisa_kev": "no", "connections": 115, "observation_date": "2026-01-23", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "CRITICAL"}}]}
{"uuid": "ee1169ae-0212-4f6e-90c0-2ea254ad8df2", "vulnerability": {"vulnId": "CVE-2023-7307", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "ee1169ae-0212-4f6e-90c0-2ea254ad8df2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-10-22T02:56:09+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-01-21T00:00:00+00:00", "first_seen_at": "2025-10-22T02:56:09+00:00"}, "scope": {"notes": "Affected: Sangfor / Sangfor Behavior Management System (DC Management System) | Class: security-management-platform | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-01-21: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-7307", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7307"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "Sangfor", "30d_avg": 0, "90d_avg": 0, "product": "Sangfor Behavior Management System (DC Management System)", "cisa_kev": "no", "connections": 4, "observation_date": "2026-01-21", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "1fb8adef-9656-4b0b-9880-fed9cf7b5c7d", "vulnerability": {"vulnId": "CVE-2021-29003", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "1fb8adef-9656-4b0b-9880-fed9cf7b5c7d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-11-28T07:55:30+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-01-04T00:00:00+00:00", "first_seen_at": "2025-11-28T07:55:30+00:00"}, "scope": {"notes": "Affected: Genexis / Genexis PLATINUM 4410 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-01-04: 107", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-29003", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29003"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Genexis", "30d_avg": 0, "90d_avg": 0, "product": "Genexis PLATINUM 4410", "cisa_kev": "no", "connections": 107, "observation_date": "2026-01-04", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "eb65124c-77a1-49cb-8f5e-d5569782c37e", "vulnerability": {"vulnId": "CVE-2025-7414", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "eb65124c-77a1-49cb-8f5e-d5569782c37e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-09-23T16:16:59+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-01-04T00:00:00+00:00", "first_seen_at": "2025-09-23T16:16:59+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda 03V2 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-01-04: 91", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-7414", "url": "https://www.cve.org/CVERecord?id=CVE-2025-7414"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Tenda", "30d_avg": 0, "90d_avg": 0, "product": "Tenda 03V2", "cisa_kev": "no", "connections": 91, "observation_date": "2026-01-04", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "f40b5dd3-4cbc-4a97-a4ef-c17e4efbfc5e", "vulnerability": {"vulnId": "CVE-2018-25118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "f40b5dd3-4cbc-4a97-a4ef-c17e4efbfc5e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-10-24T15:45:40+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2026-01-04T00:00:00+00:00", "first_seen_at": "2025-10-24T15:45:40+00:00"}, "scope": {"notes": "Affected: GeoVision / GeoVision embedded devices | Class: video-system | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2026-01-04: 106", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-25118", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25118"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "GeoVision", "30d_avg": 0, "90d_avg": 0, "product": "GeoVision embedded devices", "cisa_kev": "no", "connections": 106, "observation_date": "2026-01-04", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "1381d495-7619-4ff8-913f-fa0edc35e12e", "vulnerability": {"vulnId": "CVE-2024-13984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "1381d495-7619-4ff8-913f-fa0edc35e12e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-10-22T02:54:06+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-12-18T00:00:00+00:00", "first_seen_at": "2025-10-22T02:54:06+00:00"}, "scope": {"notes": "Affected: Qianxin / TianQing Management Center | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-12-18: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-13984", "url": "https://www.cve.org/CVERecord?id=CVE-2024-13984"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Qianxin", "30d_avg": 0, "90d_avg": 0, "product": "TianQing Management Center", "cisa_kev": "no", "connections": 1, "observation_date": "2025-12-18", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "72c8e385-290f-40cc-ab49-986c9734938c", "vulnerability": {"vulnId": "CVE-2025-61757", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-03T16:55:54+00:00"}, "gcve": {"object_uuid": "72c8e385-290f-40cc-ab49-986c9734938c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-12-03T16:55:54+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-12-03T16:55:54+00:00", "first_seen_at": "2025-12-03T16:55:54+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Fusion Middleware (Identity Manager) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-12-03: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-61757", "url": "https://www.cve.org/CVERecord?id=CVE-2025-61757"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "Oracle Fusion Middleware (Identity Manager)", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-12-03", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4236b637-681e-421d-a4d1-7b2a7eec96c9", "vulnerability": {"vulnId": "CVE-2025-45988", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-26T00:00:00+00:00"}, "gcve": {"object_uuid": "4236b637-681e-421d-a4d1-7b2a7eec96c9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-09-15T00:59:21+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-11-26T00:00:00+00:00", "first_seen_at": "2025-09-15T00:59:21+00:00"}, "scope": {"notes": "Affected: LB-LINK / LB-LINK routers (multiple)  | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-11-26: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-45988", "url": "https://www.cve.org/CVERecord?id=CVE-2025-45988"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "LB-LINK", "30d_avg": 0, "90d_avg": 0, "product": "LB-LINK routers (multiple) ", "cisa_kev": "no", "connections": 2, "observation_date": "2025-11-26", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b5af3a9a-d7bc-4aa2-93dc-f963dfd75240", "vulnerability": {"vulnId": "CVE-2024-8957", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "b5af3a9a-d7bc-4aa2-93dc-f963dfd75240", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-05-29T15:27:07+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-11-16T00:00:00+00:00", "first_seen_at": "2025-05-29T15:27:07+00:00"}, "scope": {"notes": "Affected: PTZOptics / PTZOptics PT30X-SDI/NDI-xx | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-11-16: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8957", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8957"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "PTZOptics", "30d_avg": 0, "90d_avg": 0, "product": "PTZOptics PT30X-SDI/NDI-xx", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-11-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1f25a4a5-0440-4b26-ad98-57807f7f76da", "vulnerability": {"vulnId": "CVE-2025-51482", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1f25a4a5-0440-4b26-ad98-57807f7f76da", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-10-24T22:16:23+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-11-03T00:00:00+00:00", "first_seen_at": "2025-10-24T22:16:23+00:00"}, "scope": {"notes": "Affected: Letta / Letta | Class: ai-system | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-11-03: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-51482", "url": "https://www.cve.org/CVERecord?id=CVE-2025-51482"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ai-system", "7d_avg": 0, "vendor": "Letta", "30d_avg": 0, "90d_avg": 0, "product": "Letta", "cisa_kev": "no", "connections": 6, "observation_date": "2025-11-03", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "8e9cda60-03ae-4ac5-83d0-ee428e9dfda6", "vulnerability": {"vulnId": "CVE-2025-6543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-22T00:00:00+00:00"}, "gcve": {"object_uuid": "8e9cda60-03ae-4ac5-83d0-ee428e9dfda6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-07-30T08:58:45+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-10-22T00:00:00+00:00", "first_seen_at": "2025-07-30T08:58:45+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix NetScaler ADC and NetScaler Gateway | Class: app-delivery-controller | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-10-22: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-6543", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 0, "90d_avg": 0, "product": "Citrix NetScaler ADC and NetScaler Gateway", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-10-22", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "e9cdd643-cdb7-4d2e-8d85-558359ddd285", "vulnerability": {"vulnId": "CVE-2023-27076", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-19T14:53:30+00:00"}, "gcve": {"object_uuid": "e9cdd643-cdb7-4d2e-8d85-558359ddd285", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-10-19T14:53:30+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-10-19T14:53:30+00:00", "first_seen_at": "2025-10-19T14:53:30+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda G103 | Class: router | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-10-19: 232", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27076", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27076"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Tenda", "30d_avg": 0, "90d_avg": 0, "product": "Tenda G103", "cisa_kev": "no", "connections": 232, "observation_date": "2025-10-19", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "70a1edac-f432-4a00-9a21-2c19c4036b9a", "vulnerability": {"vulnId": "CVE-2025-3987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-19T06:38:28+00:00"}, "gcve": {"object_uuid": "70a1edac-f432-4a00-9a21-2c19c4036b9a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-10-19T06:38:28+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-10-19T06:38:28+00:00", "first_seen_at": "2025-10-19T06:38:28+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink N150RT | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-10-19: 315", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-3987", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3987"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink N150RT", "cisa_kev": "no", "connections": 315, "observation_date": "2025-10-19", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "5aa8f07c-d57f-4696-8998-17b628fed3a8", "vulnerability": {"vulnId": "CVE-2015-2280", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-19T06:17:38+00:00"}, "gcve": {"object_uuid": "5aa8f07c-d57f-4696-8998-17b628fed3a8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-10-19T06:17:38+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-10-19T06:17:38+00:00", "first_seen_at": "2025-10-19T06:17:38+00:00"}, "scope": {"notes": "Affected: AirLink101 / AirLink101 SkyIPCam1620W | Class: video-system | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-10-19: 253", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2015-2280", "url": "https://www.cve.org/CVERecord?id=CVE-2015-2280"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "AirLink101", "30d_avg": 0, "90d_avg": 0, "product": "AirLink101 SkyIPCam1620W", "cisa_kev": "no", "connections": 253, "observation_date": "2025-10-19", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "71a9dd73-19d6-4cfd-9813-96e907cbd046", "vulnerability": {"vulnId": "CVE-2023-47565", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-11T00:00:00+00:00"}, "gcve": {"object_uuid": "71a9dd73-19d6-4cfd-9813-96e907cbd046", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-09-13T05:44:43+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-10-11T00:00:00+00:00", "first_seen_at": "2025-09-13T05:44:43+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP VioStor NVR | Class: video-system | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-10-11: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-47565", "url": "https://www.cve.org/CVERecord?id=CVE-2023-47565"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 1, "vendor": "QNAP", "30d_avg": 0, "90d_avg": 0, "product": "QNAP VioStor NVR", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-10-11", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "555333b9-5060-46aa-a1c0-0dd44b1d1ebd", "vulnerability": {"vulnId": "CVE-2024-21762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-11T00:00:00+00:00"}, "gcve": {"object_uuid": "555333b9-5060-46aa-a1c0-0dd44b1d1ebd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-18T15:11:53+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-10-11T00:00:00+00:00", "first_seen_at": "2024-03-18T15:11:53+00:00"}, "scope": {"notes": "Affected: Fortinet / FortiOS and FortiProxy | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-10-11: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-21762", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Fortinet", "30d_avg": 0, "90d_avg": 0, "product": "FortiOS and FortiProxy", "cisa_kev": "yes", "connections": 9, "observation_date": "2025-10-11", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a783c035-6cf8-446d-a74c-9689fa41e2b4", "vulnerability": {"vulnId": "CVE-2022-44149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-28T00:00:00+00:00"}, "gcve": {"object_uuid": "a783c035-6cf8-446d-a74c-9689fa41e2b4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-08-19T21:33:27+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-28T00:00:00+00:00", "first_seen_at": "2025-08-19T21:33:27+00:00"}, "scope": {"notes": "Affected: Nexxt / Amp300 ARN02304U8 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-09-28: 144", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-44149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44149"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Nexxt", "30d_avg": 0, "90d_avg": 0, "product": "Amp300 ARN02304U8", "cisa_kev": "no", "connections": 144, "observation_date": "2025-09-28", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "7566a1cb-e558-42c8-b48b-5993113121b6", "vulnerability": {"vulnId": "CVE-2023-6184", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "7566a1cb-e558-42c8-b48b-5993113121b6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2025-07-18T21:44:42+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-10T00:00:00+00:00", "first_seen_at": "2025-07-18T21:44:42+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix Session Recording | Class: device-management-platform | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-09-10: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6184", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6184"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 0, "90d_avg": 0, "product": "Citrix Session Recording", "cisa_kev": "no", "connections": 3, "observation_date": "2025-09-10", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "85bed929-252d-4b73-942e-55ff46b3e4e6", "vulnerability": {"vulnId": "CVE-2024-10586", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "85bed929-252d-4b73-942e-55ff46b3e4e6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-18T18:51:20+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-10T00:00:00+00:00", "first_seen_at": "2025-07-18T18:51:20+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Debug Tool plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-09-10: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-10586", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10586"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Debug Tool plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-09-10", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "10c607a9-4c54-4465-b1a3-1c44290f9c13", "vulnerability": {"vulnId": "CVE-2025-54253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "10c607a9-4c54-4465-b1a3-1c44290f9c13", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-08-12T04:09:28+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-10T00:00:00+00:00", "first_seen_at": "2025-08-12T04:09:28+00:00"}, "scope": {"notes": "Affected: Adobe / Adobe Experience Manager | Class: cms | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-09-10: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-54253", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54253"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Adobe", "30d_avg": 0, "90d_avg": 0, "product": "Adobe Experience Manager", "cisa_kev": "no", "connections": 4, "observation_date": "2025-09-10", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "391002fe-f578-4814-a670-71c3ba355baf", "vulnerability": {"vulnId": "CVE-2025-54254", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "391002fe-f578-4814-a670-71c3ba355baf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-08-12T02:17:29+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-10T00:00:00+00:00", "first_seen_at": "2025-08-12T02:17:29+00:00"}, "scope": {"notes": "Affected: Adobe / Adobe Experience Manager | Class: cms | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-09-10: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-54254", "url": "https://www.cve.org/CVERecord?id=CVE-2025-54254"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Adobe", "30d_avg": 0, "90d_avg": 0, "product": "Adobe Experience Manager", "cisa_kev": "no", "connections": 5, "observation_date": "2025-09-10", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "fe1ccdc9-c534-4d36-a6b5-89bfe31da9f8", "vulnerability": {"vulnId": "CVE-2025-49533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "fe1ccdc9-c534-4d36-a6b5-89bfe31da9f8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-30T03:39:08+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-10T00:00:00+00:00", "first_seen_at": "2025-07-30T03:39:08+00:00"}, "scope": {"notes": "Affected: Adobe / Adobe Experience Manager | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-09-10: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-49533", "url": "https://www.cve.org/CVERecord?id=CVE-2025-49533"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Adobe", "30d_avg": 0, "90d_avg": 0, "product": "Adobe Experience Manager", "cisa_kev": "no", "connections": 3, "observation_date": "2025-09-10", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c7086f3a-c887-4140-9e66-c06e8e85119a", "vulnerability": {"vulnId": "CVE-2021-35232", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "c7086f3a-c887-4140-9e66-c06e8e85119a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2025-07-29T22:43:03+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-09T00:00:00+00:00", "first_seen_at": "2025-07-29T22:43:03+00:00"}, "scope": {"notes": "Affected: SolarWinds / SolarWinds Web Help Desk | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-09-09: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-35232", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35232"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "SolarWinds", "30d_avg": 0, "90d_avg": 0, "product": "SolarWinds Web Help Desk", "cisa_kev": "no", "connections": 5, "observation_date": "2025-09-09", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "e2781036-7842-4965-b656-47e4b2009033", "vulnerability": {"vulnId": "CVE-2024-9593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "e2781036-7842-4965-b656-47e4b2009033", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 83}, "timestamps": {"asserted_at": "2025-09-08T13:46:48+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-09-09T00:00:00+00:00", "first_seen_at": "2025-09-08T13:46:48+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Time Clock plugin and Time Clock Pro plugin | Class: cms | Severity: High (CVSS 8.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-09-09: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9593", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9593"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Time Clock plugin and Time Clock Pro plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-09-09", "vulnerability_class": "CVSS", "vulnerability_score": 8.3, "vulnerability_severity": "High"}}]}
{"uuid": "65e4012f-fb01-413c-a660-58a187481804", "vulnerability": {"vulnId": "CVE-2025-48703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-15T15:41:54+00:00"}, "gcve": {"object_uuid": "65e4012f-fb01-413c-a660-58a187481804", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2025-08-15T15:41:54+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-08-15T15:41:54+00:00", "first_seen_at": "2025-08-15T15:41:54+00:00"}, "scope": {"notes": "Affected: CWP / CWP (Control Web Panel) | Class: device-management-platform | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-08-15: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-48703", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48703"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "CWP", "30d_avg": 0, "90d_avg": 0, "product": "CWP (Control Web Panel)", "cisa_kev": "no", "connections": 2, "observation_date": "2025-08-15", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "c3832cf6-d96d-46ea-abe7-a82171b3acc9", "vulnerability": {"vulnId": "CVE-2025-48827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T11:19:50+00:00"}, "gcve": {"object_uuid": "c3832cf6-d96d-46ea-abe7-a82171b3acc9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2025-07-31T11:19:50+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-31T11:19:50+00:00", "first_seen_at": "2025-07-31T11:19:50+00:00"}, "scope": {"notes": "Affected: vBulletin / vBulletin | Class: cms | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-31: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-48827", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48827"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "vBulletin", "30d_avg": 0, "90d_avg": 0, "product": "vBulletin", "cisa_kev": "no", "connections": 2, "observation_date": "2025-07-31", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "fa79155a-ad24-4e89-ba2b-048b44291609", "vulnerability": {"vulnId": "CVE-2014-6271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "fa79155a-ad24-4e89-ba2b-048b44291609", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-01T14:54:48+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-31T00:00:00+00:00", "first_seen_at": "2023-12-01T14:54:48+00:00"}, "scope": {"notes": "Affected: GNU / GNU Bash | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-07-31: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-6271", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "GNU", "30d_avg": 0, "90d_avg": 0, "product": "GNU Bash", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-07-31", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "26af0ca5-9e49-42f2-ae3d-9c4cf36807d3", "vulnerability": {"vulnId": "CVE-2023-6549", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "26af0ca5-9e49-42f2-ae3d-9c4cf36807d3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-02T10:20:50+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-29T00:00:00+00:00", "first_seen_at": "2025-07-02T10:20:50+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix NetScaler ADC and NetScaler Gateway | Class: app-delivery-controller | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-07-29: 289", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6549", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6549"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 1, "90d_avg": 0, "product": "Citrix NetScaler ADC and NetScaler Gateway", "cisa_kev": "yes", "connections": 289, "observation_date": "2025-07-29", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "39c20efb-18e7-4df3-a1be-66d1a7b1d408", "vulnerability": {"vulnId": "CVE-2024-34193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T02:02:47+00:00"}, "gcve": {"object_uuid": "39c20efb-18e7-4df3-a1be-66d1a7b1d408", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-21T02:02:47+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T02:02:47+00:00", "first_seen_at": "2025-07-21T02:02:47+00:00"}, "scope": {"notes": "Affected: kw199711 / smanga | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-21: 36", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-34193", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34193"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "kw199711", "30d_avg": 0, "90d_avg": 0, "product": "smanga", "cisa_kev": "no", "connections": 36, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "62ac6f88-e14c-4809-8c28-38f2adee7ac7", "vulnerability": {"vulnId": "CVE-2022-28908", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:58:14+00:00"}, "gcve": {"object_uuid": "62ac6f88-e14c-4809-8c28-38f2adee7ac7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-21T01:58:14+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:58:14+00:00", "first_seen_at": "2025-07-21T01:58:14+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink N600R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 40", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28908", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28908"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink N600R", "cisa_kev": "no", "connections": 40, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "90c53d77-043e-4133-9945-dbefa1dc0b86", "vulnerability": {"vulnId": "CVE-2023-5285", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:58:14+00:00"}, "gcve": {"object_uuid": "90c53d77-043e-4133-9945-dbefa1dc0b86", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-07-21T01:58:14+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:58:14+00:00", "first_seen_at": "2025-07-21T01:58:14+00:00"}, "scope": {"notes": "Affected: Tongda / Tongda OA | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-21: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5285", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5285"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Tongda", "30d_avg": 0, "90d_avg": 0, "product": "Tongda OA", "cisa_kev": "no", "connections": 55, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "faff68bd-0bc2-4fb8-a455-a2b4942094aa", "vulnerability": {"vulnId": "CVE-2025-28137", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:58:14+00:00"}, "gcve": {"object_uuid": "faff68bd-0bc2-4fb8-a455-a2b4942094aa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-21T01:58:14+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:58:14+00:00", "first_seen_at": "2025-07-21T01:58:14+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A810R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 38", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-28137", "url": "https://www.cve.org/CVERecord?id=CVE-2025-28137"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink A810R", "cisa_kev": "no", "connections": 38, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3084d333-0ed7-4eab-9c19-2bfa6b7e1096", "vulnerability": {"vulnId": "CVE-2018-13350", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:58:12+00:00"}, "gcve": {"object_uuid": "3084d333-0ed7-4eab-9c19-2bfa6b7e1096", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-21T01:58:12+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:58:12+00:00", "first_seen_at": "2025-07-21T01:58:12+00:00"}, "scope": {"notes": "Affected: Terramaster / TOS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 43", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-13350", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13350"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "Terramaster", "30d_avg": 0, "90d_avg": 0, "product": "TOS", "cisa_kev": "no", "connections": 43, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5a3279d3-4413-4229-8031-27a3e38fd8a1", "vulnerability": {"vulnId": "CVE-2025-4281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:58:09+00:00"}, "gcve": {"object_uuid": "5a3279d3-4413-4229-8031-27a3e38fd8a1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 43}, "timestamps": {"asserted_at": "2025-07-21T01:58:09+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:58:09+00:00", "first_seen_at": "2025-07-21T01:58:09+00:00"}, "scope": {"notes": "Affected: Shenzhen Sixun Software / Sixun Shanghui 7 Group Business Management System 7 | Class: other-software | Severity: Medium (CVSS 4.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-21: 40", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-4281", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4281"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Shenzhen Sixun Software", "30d_avg": 0, "90d_avg": 0, "product": "Sixun Shanghui 7 Group Business Management System 7", "cisa_kev": "no", "connections": 40, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 4.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "10679165-5544-4b3e-8840-fed18b3e722a", "vulnerability": {"vulnId": "CVE-2023-30194", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:58:05+00:00"}, "gcve": {"object_uuid": "10679165-5544-4b3e-8840-fed18b3e722a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-21T01:58:05+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:58:05+00:00", "first_seen_at": "2025-07-21T01:58:05+00:00"}, "scope": {"notes": "Affected: PrestaShop / Posthemes - Static Footer module for PrestaShop | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-21: 55", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-30194", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30194"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "PrestaShop", "30d_avg": 0, "90d_avg": 0, "product": "Posthemes - Static Footer module for PrestaShop", "cisa_kev": "no", "connections": 55, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ce881bde-5531-4311-ab2e-f8b7c21ea734", "vulnerability": {"vulnId": "CVE-2019-3495", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:57:27+00:00"}, "gcve": {"object_uuid": "ce881bde-5531-4311-ab2e-f8b7c21ea734", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-21T01:57:27+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:57:27+00:00", "first_seen_at": "2025-07-21T01:57:27+00:00"}, "scope": {"notes": "Affected: Wifi-soft / Wifi-soft Unibox | Class: router | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-21: 41", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-3495", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3495"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Wifi-soft", "30d_avg": 0, "90d_avg": 0, "product": "Wifi-soft Unibox", "cisa_kev": "no", "connections": 41, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "85fd6768-ea7d-4c07-bb1f-0f295a447783", "vulnerability": {"vulnId": "CVE-2023-5683", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T01:56:50+00:00"}, "gcve": {"object_uuid": "85fd6768-ea7d-4c07-bb1f-0f295a447783", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-21T01:56:50+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T01:56:50+00:00", "first_seen_at": "2025-07-21T01:56:50+00:00"}, "scope": {"notes": "Affected: Byzoro / Byzoro Smart S85F Management Platform | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-21: 56", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5683", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5683"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Byzoro", "30d_avg": 0, "90d_avg": 0, "product": "Byzoro Smart S85F Management Platform", "cisa_kev": "no", "connections": 56, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2e72f3ec-16ed-439c-baa6-ea29b8763709", "vulnerability": {"vulnId": "CVE-2025-28036", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "2e72f3ec-16ed-439c-baa6-ea29b8763709", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T16:16:06+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T00:00:00+00:00", "first_seen_at": "2025-07-13T16:16:06+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A950RG  | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 37", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2025-28036", "url": "https://www.cve.org/CVERecord?id=CVE-2025-28036"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink A950RG ", "cisa_kev": "no", "connections": 37, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1523c815-4bc3-4db5-a7b0-c8f7360e7495", "vulnerability": {"vulnId": "CVE-2024-0292", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "1523c815-4bc3-4db5-a7b0-c8f7360e7495", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T16:16:10+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T00:00:00+00:00", "first_seen_at": "2025-07-13T16:16:10+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink LR1200GB | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 36", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0292", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0292"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink LR1200GB", "cisa_kev": "no", "connections": 36, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f54a46c3-6f93-4537-8230-6efde4514af9", "vulnerability": {"vulnId": "CVE-2024-0297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "f54a46c3-6f93-4537-8230-6efde4514af9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T16:16:05+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T00:00:00+00:00", "first_seen_at": "2025-07-13T16:16:05+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink N200RE | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 49", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0297", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0297"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink N200RE", "cisa_kev": "no", "connections": 49, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3cab5f4a-9acf-4526-9ee2-f8583d9f020f", "vulnerability": {"vulnId": "CVE-2022-28906", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3cab5f4a-9acf-4526-9ee2-f8583d9f020f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T16:12:48+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T00:00:00+00:00", "first_seen_at": "2025-07-13T16:12:48+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink N600R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 36", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28906", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28906"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink N600R", "cisa_kev": "no", "connections": 36, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f238ee0b-ffba-44e4-849d-55afa2073707", "vulnerability": {"vulnId": "CVE-2022-28907", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "f238ee0b-ffba-44e4-849d-55afa2073707", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-07-13T16:16:05+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T00:00:00+00:00", "first_seen_at": "2025-07-13T16:16:05+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink N600R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 38", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-28907", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28907"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink N600R", "cisa_kev": "no", "connections": 38, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "255d255c-1623-41cf-92f4-6e217092fb5f", "vulnerability": {"vulnId": "CVE-2023-23063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-21T00:00:00+00:00"}, "gcve": {"object_uuid": "255d255c-1623-41cf-92f4-6e217092fb5f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-06-08T20:16:33+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-21T00:00:00+00:00", "first_seen_at": "2025-06-08T20:16:33+00:00"}, "scope": {"notes": "Affected: Cellinx / Cellinx NVT Camera | Class: video-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-07-21: 51", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-23063", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23063"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Cellinx", "30d_avg": 0, "90d_avg": 0, "product": "Cellinx NVT Camera", "cisa_kev": "no", "connections": 51, "observation_date": "2025-07-21", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "4f06a601-c3c7-46ae-b02f-8d317b7ffb5d", "vulnerability": {"vulnId": "CVE-2020-27387", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-13T11:29:35+00:00"}, "gcve": {"object_uuid": "4f06a601-c3c7-46ae-b02f-8d317b7ffb5d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-07-13T11:29:35+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-07-13T11:29:35+00:00", "first_seen_at": "2025-07-13T11:29:35+00:00"}, "scope": {"notes": "Affected: ttimot24 / HorizontCMS | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-07-13: 24", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-27387", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27387"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "ttimot24", "30d_avg": 0, "90d_avg": 0, "product": "HorizontCMS", "cisa_kev": "no", "connections": 24, "observation_date": "2025-07-13", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "3396996f-b1d0-484f-9dd4-f1a1aa7b4cd0", "vulnerability": {"vulnId": "CVE-2021-27692", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-08T17:39:56+00:00"}, "gcve": {"object_uuid": "3396996f-b1d0-484f-9dd4-f1a1aa7b4cd0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-06-08T17:39:56+00:00", "recorded_at": "2026-07-01T11:42:35+00:00", "last_seen_at": "2025-06-08T17:39:56+00:00", "first_seen_at": "2025-06-08T17:39:56+00:00"}, "scope": {"notes": "Affected: Tenda / Tenda G1 and G3 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-06-08: 13", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-27692", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27692"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Tenda", "30d_avg": 0, "90d_avg": 0, "product": "Tenda G1 and G3", "cisa_kev": "no", "connections": 13, "observation_date": "2025-06-08", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b8fcbffd-8232-4280-ac08-910ec24321f3", "vulnerability": {"vulnId": "CVE-2024-12209", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-17T01:09:40+00:00"}, "gcve": {"object_uuid": "b8fcbffd-8232-4280-ac08-910ec24321f3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-03-17T01:09:40+00:00", "recorded_at": "2026-07-01T10:50:51+00:00", "last_seen_at": "2025-03-17T01:09:40+00:00", "first_seen_at": "2025-03-17T01:09:40+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Update Backup Restore & Monitoring plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-03-17: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-12209", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12209"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "5", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Update Backup Restore & Monitoring plugin", "cisa_kev": "no", "connections": 15, "observation_date": "2025-03-17", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ce6d4a9f-36c9-4aa4-b6a2-062a065bebdf", "vulnerability": {"vulnId": "CVE-2017-17562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-12T08:57:35+00:00"}, "gcve": {"object_uuid": "ce6d4a9f-36c9-4aa4-b6a2-062a065bebdf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2025-03-12T08:57:35+00:00", "recorded_at": "2026-07-01T10:50:51+00:00", "last_seen_at": "2025-03-12T08:57:35+00:00", "first_seen_at": "2025-03-12T08:57:35+00:00"}, "scope": {"notes": "Affected: Embedthis / GoAhead | Class: embedded-system | Severity: High (CVSS 8.1) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-03-12: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-17562", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17562"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "Embedthis", "30d_avg": 0, "90d_avg": 0, "product": "GoAhead", "cisa_kev": "yes", "connections": 12, "observation_date": "2025-03-12", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "274b2d29-f5a1-4b9c-a0d3-7925a410bb9d", "vulnerability": {"vulnId": "CVE-2022-41800", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T03:19:47+00:00"}, "gcve": {"object_uuid": "274b2d29-f5a1-4b9c-a0d3-7925a410bb9d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 87}, "timestamps": {"asserted_at": "2025-03-04T03:19:47+00:00", "recorded_at": "2026-07-01T10:50:51+00:00", "last_seen_at": "2025-03-04T03:19:47+00:00", "first_seen_at": "2025-03-04T03:19:47+00:00"}, "scope": {"notes": "Affected: F5 / BIG-IP | Class: app-delivery-controller | Severity: High (CVSS 8.7) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-03-04: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-41800", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41800"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "F5", "30d_avg": 0, "90d_avg": 0, "product": "BIG-IP", "cisa_kev": "no", "connections": 1, "observation_date": "2025-03-04", "vulnerability_class": "CVSS", "vulnerability_score": 8.7, "vulnerability_severity": "High"}}]}
{"uuid": "b8a87ed6-424e-4dd1-95e4-06018f7a392a", "vulnerability": {"vulnId": "CVE-2024-9916", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-18T01:47:48+00:00"}, "gcve": {"object_uuid": "b8a87ed6-424e-4dd1-95e4-06018f7a392a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-02-18T01:47:48+00:00", "recorded_at": "2026-07-01T10:50:51+00:00", "last_seen_at": "2025-02-18T01:47:48+00:00", "first_seen_at": "2025-02-18T01:47:48+00:00"}, "scope": {"notes": "Affected: HuangDou / HuangDou UTCMS | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-18: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9916", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9916"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "HuangDou", "30d_avg": 0, "90d_avg": 0, "product": "HuangDou UTCMS", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-18", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3bfa4a81-b642-4e4b-8358-1a48d70328d3", "vulnerability": {"vulnId": "CVE-2024-24329", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "3bfa4a81-b642-4e4b-8358-1a48d70328d3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-02-12T06:02:40+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2025-02-12T06:02:40+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A3300R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 154", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-24329", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24329"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink A3300R", "cisa_kev": "no", "connections": 154, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d0e87f4a-7a67-4b54-b14f-84e5f884234b", "vulnerability": {"vulnId": "CVE-2024-9474", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "d0e87f4a-7a67-4b54-b14f-84e5f884234b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-11-19T18:39:37+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2024-11-19T18:39:37+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / PAN-OS | Class: firewall | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-16: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9474", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9474"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 2, "vendor": "Palo Alto Networks", "30d_avg": 4, "90d_avg": 5, "product": "PAN-OS", "cisa_kev": "yes", "connections": 6, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "4b0d71d9-35b9-4035-a092-b242eb4871dc", "vulnerability": {"vulnId": "EDB-31683", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "4b0d71d9-35b9-4035-a092-b242eb4871dc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:05:25+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2023-10-13T16:05:25+00:00"}, "scope": {"notes": "Affected: Linksys / Linksys E-Series | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 39", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-31683", "url": "https://www.exploit-db.com/exploits/31683"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 4, "vendor": "Linksys", "30d_avg": 4, "90d_avg": 5, "product": "Linksys E-Series", "cisa_kev": "no", "connections": 39, "observation_date": "2025-02-16", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "abb386ff-5942-47b0-909d-24be8fb61323", "vulnerability": {"vulnId": "EDB-25978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "abb386ff-5942-47b0-909d-24be8fb61323", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T16:12:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2023-10-13T16:12:41+00:00"}, "scope": {"notes": "Affected: Netgear / Netgear DGN1000 | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 332", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-25978", "url": "https://www.exploit-db.com/exploits/25978"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "322", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 327, "vendor": "Netgear", "30d_avg": 291, "90d_avg": 262, "product": "Netgear DGN1000", "cisa_kev": "no", "connections": 332, "observation_date": "2025-02-16", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "81331a3f-d995-4041-8c51-bc9d87b854f0", "vulnerability": {"vulnId": "CVE-2017-8226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "81331a3f-d995-4041-8c51-bc9d87b854f0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-08T16:44:00+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2023-11-08T16:44:00+00:00"}, "scope": {"notes": "Affected: Amcrest / Amcrest IPM-721S | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-8226", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8226"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Amcrest", "30d_avg": 0, "90d_avg": 0, "product": "Amcrest IPM-721S", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "49d3fb5f-2e8a-40ba-b806-6956d28032bf", "vulnerability": {"vulnId": "CVE-2018-13315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "49d3fb5f-2e8a-40ba-b806-6956d28032bf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-05T15:22:18+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2024-02-05T15:22:18+00:00"}, "scope": {"notes": "Affected: Totolink / A3002RU | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 14", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-13315", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13315"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "A3002RU", "cisa_kev": "no", "connections": 14, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "95cd2214-d3fa-446d-a060-d0eed1e9c2bf", "vulnerability": {"vulnId": "CVE-2024-57727", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "95cd2214-d3fa-446d-a060-d0eed1e9c2bf", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-02-04T18:48:38+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2025-02-04T18:48:38+00:00"}, "scope": {"notes": "Affected: SimpleHelp / SimpleHelp | Class: remote-access | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-16: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-57727", "url": "https://www.cve.org/CVERecord?id=CVE-2024-57727"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "remote-access", "7d_avg": 1, "vendor": "SimpleHelp", "30d_avg": 0, "90d_avg": 0, "product": "SimpleHelp", "cisa_kev": "yes", "connections": 9, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "0ce2bca2-b159-442c-b6e4-ead296530089", "vulnerability": {"vulnId": "CVE-2024-4577", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "0ce2bca2-b159-442c-b6e4-ead296530089", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-06-07T13:40:23+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2024-06-07T13:40:23+00:00"}, "scope": {"notes": "Affected: PHP Foundation / PHP (PHP-CGI) | Class: web-app-framework | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-16: 211", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-4577", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4577"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "40", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 41, "vendor": "PHP Foundation", "30d_avg": 19, "90d_avg": 13, "product": "PHP (PHP-CGI)", "cisa_kev": "yes", "connections": 211, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "2ffbbe69-1ce6-4186-a843-52e48ad8aaaa", "vulnerability": {"vulnId": "CNVD-2021-45363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "2ffbbe69-1ce6-4186-a843-52e48ad8aaaa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-29T18:08:43+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2024-09-29T18:08:43+00:00"}, "scope": {"notes": "Affected: Shenzhen Lingkong Technology / WIFISKY 7-layer flow control router | Class: router | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-16: 10", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Shenzhen Lingkong Technology", "30d_avg": 0, "90d_avg": 0, "product": "WIFISKY 7-layer flow control router", "cisa_kev": "no", "connections": 10, "observation_date": "2025-02-16", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "e0da0c10-74b6-4548-8c95-f76e11632eb0", "vulnerability": {"vulnId": "CNVD-2021-09650", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "e0da0c10-74b6-4548-8c95-f76e11632eb0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T13:03:49+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2023-10-14T13:03:49+00:00"}, "scope": {"notes": "Affected: Ruijie Networks / NBR | Class: router | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-16: 118", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Ruijie Networks", "30d_avg": 1, "90d_avg": 1, "product": "NBR", "cisa_kev": "no", "connections": 118, "observation_date": "2025-02-16", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "ab857e71-d591-4a99-9f34-f492e1ce1b95", "vulnerability": {"vulnId": "CVE-2019-0193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "ab857e71-d591-4a99-9f34-f492e1ce1b95", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2023-10-14T15:22:44+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2023-10-14T15:22:44+00:00"}, "scope": {"notes": "Affected: Apache / Solr | Class: database | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-16: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-0193", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0193"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 0, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "Solr", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "b5f698a4-fa3a-4cef-b6d2-ad4c61b3df7f", "vulnerability": {"vulnId": "CVE-2024-2353", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "b5f698a4-fa3a-4cef-b6d2-ad4c61b3df7f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2025-02-12T06:03:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2025-02-12T06:03:47+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink X6000R | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 154", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-2353", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2353"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink X6000R", "cisa_kev": "no", "connections": 154, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "ad5a7b05-ef67-4bb2-bd5d-a6a13b288304", "vulnerability": {"vulnId": "CVE-2020-28188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "ad5a7b05-ef67-4bb2-bd5d-a6a13b288304", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:53+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:53+00:00"}, "scope": {"notes": "Affected: TerraMaster / TOS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 24577", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-28188", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28188"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "TerraMaster", "30d_avg": 0, "90d_avg": 1, "product": "TOS", "cisa_kev": "no", "connections": 24577, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "178fb75a-6f00-49ec-a8cb-54d179c13588", "vulnerability": {"vulnId": "EDB-39596", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "178fb75a-6f00-49ec-a8cb-54d179c13588", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-13T17:16:33+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2023-10-13T17:16:33+00:00"}, "scope": {"notes": "Affected: Shenzhen TVT / CCTV-DVR (rebranded by multiple vendors) | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 160", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-39596", "url": "https://www.exploit-db.com/exploits/39596"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "155", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 164, "vendor": "Shenzhen TVT", "30d_avg": 145, "90d_avg": 131, "product": "CCTV-DVR (rebranded by multiple vendors)", "cisa_kev": "no", "connections": 160, "observation_date": "2025-02-16", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "102cebfe-436a-454f-b697-739807f81966", "vulnerability": {"vulnId": "CVE-2024-24328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "102cebfe-436a-454f-b697-739807f81966", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-02-12T06:02:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2025-02-12T06:02:41+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink A3300R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 153", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-24328", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24328"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink A3300R", "cisa_kev": "no", "connections": 153, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "13b6890b-20f2-480d-9ffa-6a1125e50c09", "vulnerability": {"vulnId": "CVE-2024-9644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "13b6890b-20f2-480d-9ffa-6a1125e50c09", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-02-09T12:02:46+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2025-02-09T12:02:46+00:00"}, "scope": {"notes": "Affected: Four-Faith / Four-Faith F3x36 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 44", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9644", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9644"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Four-Faith", "30d_avg": 0, "90d_avg": 0, "product": "Four-Faith F3x36", "cisa_kev": "no", "connections": 44, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "28719a12-8340-4ad5-9d83-f1c1a47d8323", "vulnerability": {"vulnId": "CVE-2023-3608", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "28719a12-8340-4ad5-9d83-f1c1a47d8323", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-05-05T02:41:19+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-16T00:00:00+00:00", "first_seen_at": "2024-05-05T02:41:19+00:00"}, "scope": {"notes": "Affected: Ruijie Networks / Ruijie BCR810W | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-16: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-3608", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3608"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Ruijie Networks", "30d_avg": 0, "90d_avg": 0, "product": "Ruijie BCR810W", "cisa_kev": "no", "connections": 4, "observation_date": "2025-02-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "98bfacec-1ca0-4853-b31c-13de88b4b3d8", "vulnerability": {"vulnId": "CVE-2019-8451", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "98bfacec-1ca0-4853-b31c-13de88b4b3d8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-23T14:03:23+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-15T00:00:00+00:00", "first_seen_at": "2023-10-23T14:03:23+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA | Class: other-software | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-15: 5226", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-8451", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8451"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 0, "90d_avg": 0, "product": "JIRA", "cisa_kev": "no", "connections": 5226, "observation_date": "2025-02-15", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "b2b48dd0-4c3f-4dc5-a6b2-997cd0f0bc4a", "vulnerability": {"vulnId": "CVE-2021-43798", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b2b48dd0-4c3f-4dc5-a6b2-997cd0f0bc4a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-18T16:23:19+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-15T00:00:00+00:00", "first_seen_at": "2023-10-18T16:23:19+00:00"}, "scope": {"notes": "Affected: Grafana / Grafana | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-15: 284", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-43798", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43798"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Grafana", "30d_avg": 0, "90d_avg": 0, "product": "Grafana", "cisa_kev": "no", "connections": 284, "observation_date": "2025-02-15", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "e4c0fcc7-220e-4e6b-b212-68e62baec718", "vulnerability": {"vulnId": "CVE-2022-41082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "e4c0fcc7-220e-4e6b-b212-68e62baec718", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-13T22:10:59+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-15T00:00:00+00:00", "first_seen_at": "2023-10-13T22:10:59+00:00"}, "scope": {"notes": "Affected: Microsoft / Exchange | Class: email | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-15: 803", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-41082", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41082"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "190", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 79, "vendor": "Microsoft", "30d_avg": 72, "90d_avg": 66, "product": "Exchange", "cisa_kev": "yes", "connections": 803, "observation_date": "2025-02-15", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "853ff7fa-7505-44c8-867b-013ff5d401a2", "vulnerability": {"vulnId": "CVE-2019-8446", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "853ff7fa-7505-44c8-867b-013ff5d401a2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-23T13:57:48+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-15T00:00:00+00:00", "first_seen_at": "2023-10-23T13:57:48+00:00"}, "scope": {"notes": "Affected: Atlassian / JIRA | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-15: 4697", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-8446", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8446"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 1, "90d_avg": 1, "product": "JIRA", "cisa_kev": "no", "connections": 4697, "observation_date": "2025-02-15", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "317e55fd-ff71-41f1-b6f3-509f9c005263", "vulnerability": {"vulnId": "CVE-2020-12832", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "317e55fd-ff71-41f1-b6f3-509f9c005263", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T23:26:34+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-15T00:00:00+00:00", "first_seen_at": "2023-10-14T23:26:34+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Simple File List plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-15: 4656", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-12832", "url": "https://www.cve.org/CVERecord?id=CVE-2020-12832"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Simple File List plugin", "cisa_kev": "no", "connections": 4656, "observation_date": "2025-02-15", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6ada8bd5-424a-4dd2-91e8-6a095bb46479", "vulnerability": {"vulnId": "CVE-2019-9733", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "6ada8bd5-424a-4dd2-91e8-6a095bb46479", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:15+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-15T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:15+00:00"}, "scope": {"notes": "Affected: JFrog / Artifactory | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-15: 10157", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-9733", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9733"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "JFrog", "30d_avg": 0, "90d_avg": 1, "product": "Artifactory", "cisa_kev": "no", "connections": 10157, "observation_date": "2025-02-15", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8755a4fa-3029-4e1e-8bde-67d5ca861bf9", "vulnerability": {"vulnId": "CNVD-2020-46552", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8755a4fa-3029-4e1e-8bde-67d5ca861bf9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T22:50:39+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-15T00:00:00+00:00", "first_seen_at": "2023-10-14T22:50:39+00:00"}, "scope": {"notes": "Affected: Sangfor / Sangfor EDR | Class: security-management-platform | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-15: 2341", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "Sangfor", "30d_avg": 0, "90d_avg": 1, "product": "Sangfor EDR", "cisa_kev": "no", "connections": 2341, "observation_date": "2025-02-15", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "a9c276de-f4f1-4d14-ad89-541cc76f452b", "vulnerability": {"vulnId": "CNVD-2021-30167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a9c276de-f4f1-4d14-ad89-541cc76f452b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T13:03:35+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-10-14T13:03:35+00:00"}, "scope": {"notes": "Affected: Yonyou / NC BeanShell | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 21", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Yonyou", "30d_avg": 1, "90d_avg": 1, "product": "NC BeanShell", "cisa_kev": "no", "connections": 21, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "fa0b950f-6ca3-45ac-a3bd-0d4fcf9f6537", "vulnerability": {"vulnId": "EDB-47204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "fa0b950f-6ca3-45ac-a3bd-0d4fcf9f6537", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T22:34:13+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-10-14T22:34:13+00:00"}, "scope": {"notes": "Affected: sar2html / sar2html | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 7218", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-47204", "url": "https://www.exploit-db.com/exploits/47204"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "sar2html", "30d_avg": 0, "90d_avg": 0, "product": "sar2html", "cisa_kev": "no", "connections": 7218, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "74086396-122e-4afd-a23b-79e3cf6fb6c0", "vulnerability": {"vulnId": "CNVD-2021-49104", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "74086396-122e-4afd-a23b-79e3cf6fb6c0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-10T21:56:29+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-12-10T21:56:29+00:00"}, "scope": {"notes": "Affected: Shanghai Fanwei Network Technology / Panwei e-office | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 20", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Shanghai Fanwei Network Technology", "30d_avg": 1, "90d_avg": 1, "product": "Panwei e-office", "cisa_kev": "no", "connections": 20, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "22576c17-2594-4591-9740-86ddb4e582d9", "vulnerability": {"vulnId": "EDB-49596", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "22576c17-2594-4591-9740-86ddb4e582d9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:56:09+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:09+00:00"}, "scope": {"notes": "Affected: skittles / Simple Employee Records System 1.0 | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 11191", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-49596", "url": "https://www.exploit-db.com/exploits/49596"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "skittles", "30d_avg": 0, "90d_avg": 1, "product": "Simple Employee Records System 1.0", "cisa_kev": "no", "connections": 11191, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "a1d97521-8b58-4c41-a4ca-33958570a23d", "vulnerability": {"vulnId": "CVE-2014-9118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a1d97521-8b58-4c41-a4ca-33958570a23d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-01-22T22:47:29+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2024-01-22T22:47:29+00:00"}, "scope": {"notes": "Affected: Zhone / zNID GPON 2426A | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-9118", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9118"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Zhone", "30d_avg": 0, "90d_avg": 0, "product": "zNID GPON 2426A", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-14", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "e366c758-e839-458a-8eb4-05b70f2c71f6", "vulnerability": {"vulnId": "CNVD-2021-64035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "e366c758-e839-458a-8eb4-05b70f2c71f6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-06T15:06:44+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2024-08-06T15:06:44+00:00"}, "scope": {"notes": "Affected: Beijing NetGuard Nebula Information Technology / Leadsec VPN | Class: vpn | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 23", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "vpn", "7d_avg": 0, "vendor": "Beijing NetGuard Nebula Information Technology", "30d_avg": 0, "90d_avg": 1, "product": "Leadsec VPN", "cisa_kev": "no", "connections": 23, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "bd388680-b310-40f2-a4b0-fea950f476c7", "vulnerability": {"vulnId": "CNVD-2021-33202", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "bd388680-b310-40f2-a4b0-fea950f476c7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-10T21:56:27+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-12-10T21:56:27+00:00"}, "scope": {"notes": "Affected: Shanghai Fanwei Network Technology / Panwei e-cology | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 19", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Shanghai Fanwei Network Technology", "30d_avg": 0, "90d_avg": 1, "product": "Panwei e-cology", "cisa_kev": "no", "connections": 19, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "09678ba5-5248-4c82-a805-c645aeb25698", "vulnerability": {"vulnId": "CNVD-2024-15077", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "09678ba5-5248-4c82-a805-c645aeb25698", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-30T00:35:42+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2024-06-30T00:35:42+00:00"}, "scope": {"notes": "Affected: anji-plus / AJ-Report | Class: business-intelligence | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 23", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "business-intelligence", "7d_avg": 1, "vendor": "anji-plus", "30d_avg": 0, "90d_avg": 1, "product": "AJ-Report", "cisa_kev": "no", "connections": 23, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "87b4e243-56e8-4a34-8345-a608290ccdb6", "vulnerability": {"vulnId": "CVE-2023-26609", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "87b4e243-56e8-4a34-8345-a608290ccdb6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-17T04:39:29+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2024-01-17T04:39:29+00:00"}, "scope": {"notes": "Affected: ABUS / ABUS TVIP 20000-21150 | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26609", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26609"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "ABUS", "30d_avg": 0, "90d_avg": 0, "product": "ABUS TVIP 20000-21150", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f159de48-c13e-4686-9baf-a3e3774ac4fa", "vulnerability": {"vulnId": "CNVD-2021-49564", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "f159de48-c13e-4686-9baf-a3e3774ac4fa", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T22:37:55+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-10-14T22:37:55+00:00"}, "scope": {"notes": "Affected: TamronOS / TamronOS IPTV/VOD | Class: other-software | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "TamronOS", "30d_avg": 0, "90d_avg": 0, "product": "TamronOS IPTV/VOD", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "22e4c952-cf7c-4a3d-a0bd-db1443ca4144", "vulnerability": {"vulnId": "CNVD-2022-42853", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "22e4c952-cf7c-4a3d-a0bd-db1443ca4144", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T13:53:16+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-10-14T13:53:16+00:00"}, "scope": {"notes": "Affected: Qingdao Easysoft / ZenTao | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 20", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "Qingdao Easysoft", "30d_avg": 1, "90d_avg": 1, "product": "ZenTao", "cisa_kev": "no", "connections": 20, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "ef1e2989-9538-4845-8bee-67cfa187563c", "vulnerability": {"vulnId": "EDB-49955", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "ef1e2989-9538-4845-8bee-67cfa187563c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T22:27:00+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-10-14T22:27:00+00:00"}, "scope": {"notes": "Affected: OptiLink / ONT1GEW | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-14: 2821", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-49955", "url": "https://www.exploit-db.com/exploits/49955"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "OptiLink", "30d_avg": 0, "90d_avg": 0, "product": "ONT1GEW", "cisa_kev": "no", "connections": 2821, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "9b6ce82b-f626-4b78-907a-f9b1a0b849f2", "vulnerability": {"vulnId": "CNVD-2024-38747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "9b6ce82b-f626-4b78-907a-f9b1a0b849f2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-13T05:21:33+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2025-01-13T05:21:33+00:00"}, "scope": {"notes": "Affected: Dahua / Dahua Intelligent Cloud Gateway Registration Management Platform | Class: device-management-platform | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 18", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Dahua", "30d_avg": 0, "90d_avg": 0, "product": "Dahua Intelligent Cloud Gateway Registration Management Platform", "cisa_kev": "no", "connections": 18, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "0a13a8f0-d2f3-4cab-a7c3-d9abff55854f", "vulnerability": {"vulnId": "EDB-52028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "0a13a8f0-d2f3-4cab-a7c3-d9abff55854f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-03T21:41:59+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2025-01-03T21:41:59+00:00"}, "scope": {"notes": "Affected: Aquatronica / Aquatronica Control System | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 3368", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-52028", "url": "https://www.exploit-db.com/exploits/52028"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Aquatronica", "30d_avg": 0, "90d_avg": 0, "product": "Aquatronica Control System", "cisa_kev": "no", "connections": 3368, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "47121c57-6056-4854-948a-3eb21b1cbadb", "vulnerability": {"vulnId": "CNVD-2020-68596", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "47121c57-6056-4854-948a-3eb21b1cbadb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-06T18:06:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-12-06T18:06:47+00:00"}, "scope": {"notes": "Affected: WeiPHP / WeiPHP | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "WeiPHP", "30d_avg": 1, "90d_avg": 2, "product": "WeiPHP", "cisa_kev": "no", "connections": 12, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "cc9ab736-dc39-4fe3-ae34-51fe6f3936ef", "vulnerability": {"vulnId": "CNVD-2021-01627", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "cc9ab736-dc39-4fe3-ae34-51fe6f3936ef", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-17T22:28:13+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-14T00:00:00+00:00", "first_seen_at": "2023-10-17T22:28:13+00:00"}, "scope": {"notes": "Affected: Zhiyuan / Zhiyuan OA | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Zhiyuan", "30d_avg": 0, "90d_avg": 1, "product": "Zhiyuan OA", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "b913c11f-0085-49eb-ae7c-708db340ae40", "vulnerability": {"vulnId": "CVE-2024-9463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "b913c11f-0085-49eb-ae7c-708db340ae40", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-10-15T07:12:31+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-10-15T07:12:31+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / Palo Alto Expedition | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-9463", "url": "https://www.cve.org/CVERecord?id=CVE-2024-9463"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Palo Alto Networks", "30d_avg": 0, "90d_avg": 1, "product": "Palo Alto Expedition", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "f6b2a680-a221-4f65-8014-325a84cc0a1f", "vulnerability": {"vulnId": "CVE-2024-11305", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f6b2a680-a221-4f65-8014-325a84cc0a1f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 63}, "timestamps": {"asserted_at": "2024-12-24T07:06:01+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-12-24T07:06:01+00:00"}, "scope": {"notes": "Affected: APsystems / Altenergy Power Control Software | Class: other-software | Severity: Medium (CVSS 6.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-11305", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11305"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "APsystems", "30d_avg": 0, "90d_avg": 0, "product": "Altenergy Power Control Software", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 6.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "16367e58-f57b-4970-8a0b-0e5a82260b3a", "vulnerability": {"vulnId": "CVE-2022-2487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "16367e58-f57b-4970-8a0b-0e5a82260b3a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WN535K2 and WN535K3 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-2487", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2487"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "WAVLINK", "30d_avg": 0, "90d_avg": 1, "product": "WAVLINK WN535K2 and WN535K3", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "84e1c312-69e2-4202-a3c4-ae7c79c75535", "vulnerability": {"vulnId": "CVE-2021-21978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "84e1c312-69e2-4202-a3c4-ae7c79c75535", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:48+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:48+00:00"}, "scope": {"notes": "Affected: VMware / VMware View Planner 4.x | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21978", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21978"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "VMware", "30d_avg": 0, "90d_avg": 1, "product": "VMware View Planner 4.x", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9db15d4c-84f7-4b4f-bb70-407183cb63e9", "vulnerability": {"vulnId": "CVE-2023-28343", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "9db15d4c-84f7-4b4f-bb70-407183cb63e9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:47+00:00"}, "scope": {"notes": "Affected: APsystems / Altenergy Power Control Software | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-28343", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28343"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "APsystems", "30d_avg": 0, "90d_avg": 0, "product": "Altenergy Power Control Software", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4cafea93-f511-497d-854e-10216ad69a00", "vulnerability": {"vulnId": "CVE-2021-20166", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "4cafea93-f511-497d-854e-10216ad69a00", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:47+00:00"}, "scope": {"notes": "Affected: NETGEAR / RAX43 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20166", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20166"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "NETGEAR", "30d_avg": 0, "90d_avg": 1, "product": "RAX43", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "ee159245-7e0f-4214-b301-ee2381036d1f", "vulnerability": {"vulnId": "CVE-2021-21745", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "ee159245-7e0f-4214-b301-ee2381036d1f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 43}, "timestamps": {"asserted_at": "2023-10-23T23:09:44+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-23T23:09:44+00:00"}, "scope": {"notes": "Affected: ZTE / ZTE MF971R | Class: router | Severity: Medium (CVSS 4.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21745", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21745"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "ZTE", "30d_avg": 1, "90d_avg": 0, "product": "ZTE MF971R", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 4.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "40388925-751b-4351-9f75-37d759bc8b29", "vulnerability": {"vulnId": "CVE-2021-20837", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "40388925-751b-4351-9f75-37d759bc8b29", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:47+00:00"}, "scope": {"notes": "Affected: Six Apart (Movable Type) / Movable Type | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20837", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20837"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 1, "vendor": "Six Apart (Movable Type)", "30d_avg": 1, "90d_avg": 1, "product": "Movable Type", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "168908ed-fc20-4f8b-b253-77f03076cd27", "vulnerability": {"vulnId": "CVE-2021-25899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "168908ed-fc20-4f8b-b253-77f03076cd27", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:56:53+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:53+00:00"}, "scope": {"notes": "Affected: Void Sistemas / Aurall REC Monitor | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-25899", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25899"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Void Sistemas", "30d_avg": 0, "90d_avg": 0, "product": "Aurall REC Monitor", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "649beaf8-b609-4321-add3-a4ba2dfde49d", "vulnerability": {"vulnId": "CVE-2024-0352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "649beaf8-b609-4321-add3-a4ba2dfde49d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-22T10:59:21+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-01-22T10:59:21+00:00"}, "scope": {"notes": "Affected: Likeshop / Likeshop | Class: unknown | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0352", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0352"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "unknown", "7d_avg": 0, "vendor": "Likeshop", "30d_avg": 0, "90d_avg": 1, "product": "Likeshop", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "818b5c1d-0805-44c6-aead-84aedff4848c", "vulnerability": {"vulnId": "CVE-2021-22707", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "818b5c1d-0805-44c6-aead-84aedff4848c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-14T00:45:23+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-02-14T00:45:23+00:00"}, "scope": {"notes": "Affected: Schneider Electric / EVlink City, Parking and Smart Wallbox | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22707", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22707"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Schneider Electric", "30d_avg": 2, "90d_avg": 1, "product": "EVlink City, Parking and Smart Wallbox", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "df947222-4df1-431f-be49-6fe74c872e9a", "vulnerability": {"vulnId": "CVE-2021-22005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "df947222-4df1-431f-be49-6fe74c872e9a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:13+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:13+00:00"}, "scope": {"notes": "Affected: VMware / vCenter | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22005", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22005"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "VMware", "30d_avg": 0, "90d_avg": 0, "product": "vCenter", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "994f5edd-2e69-4641-93d8-5557a46928ba", "vulnerability": {"vulnId": "CVE-2021-25114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "994f5edd-2e69-4641-93d8-5557a46928ba", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-11T10:29:55+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-04-11T10:29:55+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Paid Memberships Pro plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-25114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-25114"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Paid Memberships Pro plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "01e5416a-a7f4-48d6-9402-7754f7f6c0bb", "vulnerability": {"vulnId": "CVE-2023-38035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "01e5416a-a7f4-48d6-9402-7754f7f6c0bb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:53+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:53+00:00"}, "scope": {"notes": "Affected: Ivanti / Sentry | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-38035", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38035"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Ivanti", "30d_avg": 0, "90d_avg": 0, "product": "Sentry", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6ce38a63-72cb-4b3b-bac4-8478321a9b19", "vulnerability": {"vulnId": "CVE-2022-23178", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "6ce38a63-72cb-4b3b-bac4-8478321a9b19", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-26T05:54:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-06-26T05:54:41+00:00"}, "scope": {"notes": "Affected: Crestron / Crestron HD-MD4X2-4K-E | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-23178", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23178"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Crestron", "30d_avg": 1, "90d_avg": 1, "product": "Crestron HD-MD4X2-4K-E", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5a8c1e37-5ef4-454a-b58e-be8462b013dc", "vulnerability": {"vulnId": "CVE-2022-25322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "5a8c1e37-5ef4-454a-b58e-be8462b013dc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:57+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:57+00:00"}, "scope": {"notes": "Affected: ZEROF / ZEROF Web Server | Class: web-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-25322", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25322"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "ZEROF", "30d_avg": 0, "90d_avg": 0, "product": "ZEROF Web Server", "cisa_kev": "no", "connections": 3, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4dc1d6d8-71b9-4607-9f87-db4ad5f36767", "vulnerability": {"vulnId": "CVE-2024-51567", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "4dc1d6d8-71b9-4607-9f87-db4ad5f36767", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-11-01T22:05:13+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-11-01T22:05:13+00:00"}, "scope": {"notes": "Affected: CyberPanel / CyberPanel | Class: device-management-platform | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-51567", "url": "https://www.cve.org/CVERecord?id=CVE-2024-51567"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "CyberPanel", "30d_avg": 0, "90d_avg": 0, "product": "CyberPanel", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "c100bd6f-b9a1-445c-ac96-887b09424d54", "vulnerability": {"vulnId": "CVE-2024-21899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "c100bd6f-b9a1-445c-ac96-887b09424d54", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-18T02:36:50+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-03-18T02:36:50+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP QTS and QuTS Hero | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 7072", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-21899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21899"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "QNAP", "30d_avg": 0, "90d_avg": 0, "product": "QNAP QTS and QuTS Hero", "cisa_kev": "no", "connections": 7072, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "10288923-d9d6-44d2-beac-ce6b5e205a5a", "vulnerability": {"vulnId": "CVE-2023-6634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "10288923-d9d6-44d2-beac-ce6b5e205a5a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-06T22:17:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-04-06T22:17:47+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress LearnPress plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6634", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6634"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress LearnPress plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4ba820dc-9037-484a-b60f-c96bee2836d8", "vulnerability": {"vulnId": "CVE-2021-26294", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "4ba820dc-9037-484a-b60f-c96bee2836d8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2025-01-22T16:32:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2025-01-22T16:32:07+00:00"}, "scope": {"notes": "Affected: AfterLogic / AfterLogic Aurora/WebMail Pro  | Class: email | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-26294", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26294"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "AfterLogic", "30d_avg": 0, "90d_avg": 0, "product": "AfterLogic Aurora/WebMail Pro ", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "e7b5dc49-7f14-4e8b-ad4b-8dcc3afb8eac", "vulnerability": {"vulnId": "CVE-2024-5217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e7b5dc49-7f14-4e8b-ad4b-8dcc3afb8eac", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-07-20T14:05:12+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-07-20T14:05:12+00:00"}, "scope": {"notes": "Affected: ServiceNow / Now Platform (Washington DC, Vancouver, and earlier releases) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-5217", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5217"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "ServiceNow", "30d_avg": 0, "90d_avg": 0, "product": "Now Platform (Washington DC, Vancouver, and earlier releases)", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e0cd15c6-15b6-49de-9525-a2d612bbac24", "vulnerability": {"vulnId": "EDB-49457", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e0cd15c6-15b6-49de-9525-a2d612bbac24", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-23T20:50:08+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-23T20:50:08+00:00"}, "scope": {"notes": "Affected: Selea / Targa IP OCR-ANPR Camera | Class: video-system | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-49457", "url": "https://www.exploit-db.com/exploits/49457"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Selea", "30d_avg": 0, "90d_avg": 0, "product": "Targa IP OCR-ANPR Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "5d63c9f2-6d3c-4ae0-a26c-c367d42360de", "vulnerability": {"vulnId": "CVE-2022-24260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "5d63c9f2-6d3c-4ae0-a26c-c367d42360de", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:27+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:27+00:00"}, "scope": {"notes": "Affected: VoIPmonitor / VoIPmonitor | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-24260", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24260"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "VoIPmonitor", "30d_avg": 0, "90d_avg": 0, "product": "VoIPmonitor", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1196a86a-ed3e-472e-98df-1abe9d40a36d", "vulnerability": {"vulnId": "CVE-2024-0305", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "1196a86a-ed3e-472e-98df-1abe9d40a36d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-03-17T20:10:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-03-17T20:10:07+00:00"}, "scope": {"notes": "Affected: Guangzhou Yingke Electronic Technology / Ncast | Class: video-system | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0305", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0305"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Guangzhou Yingke Electronic Technology", "30d_avg": 0, "90d_avg": 0, "product": "Ncast", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "f894e8bf-a3f7-4dfd-a1a2-dc98f6788e88", "vulnerability": {"vulnId": "CVE-2022-2414", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f894e8bf-a3f7-4dfd-a1a2-dc98f6788e88", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Dogtag / Dogtag - Certificate System | Class: security-management-platform | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-2414", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2414"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "Dogtag", "30d_avg": 0, "90d_avg": 0, "product": "Dogtag - Certificate System", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "5e7e459c-65d4-4149-a239-de0ec61395f5", "vulnerability": {"vulnId": "CVE-2020-35235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "5e7e459c-65d4-4149-a239-de0ec61395f5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:57:26+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:26+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Elfinder plugin | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-35235", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35235"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Elfinder plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "61d4cee6-a8b2-4edf-a284-f3d5dd021ee0", "vulnerability": {"vulnId": "CVE-2018-11409", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "61d4cee6-a8b2-4edf-a284-f3d5dd021ee0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2023-10-19T16:03:03+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-19T16:03:03+00:00"}, "scope": {"notes": "Affected: Splunk / Splunk | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-11409", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11409"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Splunk", "30d_avg": 1, "90d_avg": 0, "product": "Splunk", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "c43de74d-db28-4887-bbcb-0821a22dac07", "vulnerability": {"vulnId": "CVE-2021-30497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "c43de74d-db28-4887-bbcb-0821a22dac07", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-01-31T06:20:31+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-01-31T06:20:31+00:00"}, "scope": {"notes": "Affected: Ivanti / Avalanche | Class: mobile-device-management | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-30497", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30497"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "mobile-device-management", "7d_avg": 0, "vendor": "Ivanti", "30d_avg": 0, "90d_avg": 0, "product": "Avalanche", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "94232434-8211-4f45-bda5-87d28b0a65b5", "vulnerability": {"vulnId": "EDB-46881", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "94232434-8211-4f45-bda5-87d28b0a65b5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-19T00:13:36+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-19T00:13:36+00:00"}, "scope": {"notes": "Affected: Moodle / Moodle JSmol plugin | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-46881", "url": "https://www.exploit-db.com/exploits/46881"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Moodle", "30d_avg": 0, "90d_avg": 0, "product": "Moodle JSmol plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "85baeaa8-48db-4286-a12a-226f93d6ba52", "vulnerability": {"vulnId": "CVE-2020-5776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "85baeaa8-48db-4286-a12a-226f93d6ba52", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:55+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:55+00:00"}, "scope": {"notes": "Affected: Magento / Magento Mass Import (MAGMI) plugin | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-5776", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5776"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Magento", "30d_avg": 0, "90d_avg": 0, "product": "Magento Mass Import (MAGMI) plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "cbcb11de-6fb9-4164-bbd3-f1de8617d5e8", "vulnerability": {"vulnId": "CVE-2023-5148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "cbcb11de-6fb9-4164-bbd3-f1de8617d5e8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-08-06T02:40:08+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-08-06T02:40:08+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DAR-7000 and DAR-8000 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-5148", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5148"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 1, "product": "D-Link DAR-7000 and DAR-8000", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "6bf9e98b-8c75-4bb4-b1b1-574875fadcac", "vulnerability": {"vulnId": "EDB-43907", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "6bf9e98b-8c75-4bb4-b1b1-574875fadcac", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-30T11:05:53+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-07-30T11:05:53+00:00"}, "scope": {"notes": "Affected: RainbowFish Software / PacsOne Server | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-43907", "url": "https://www.exploit-db.com/exploits/43907"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "RainbowFish Software", "30d_avg": 0, "90d_avg": 0, "product": "PacsOne Server", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "b5ef2e35-b631-48ba-afda-31c6a4050db9", "vulnerability": {"vulnId": "CVE-2022-1952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "b5ef2e35-b631-48ba-afda-31c6a4050db9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:31:57+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T18:31:57+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Free Booking Plugin for Hotels, Restaurant and Car Rental (eaSYNC) | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1952", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1952"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Free Booking Plugin for Hotels, Restaurant and Car Rental (eaSYNC)", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e9d25a16-b3ce-4fcf-aef1-07f0bd6e5843", "vulnerability": {"vulnId": "EDB-48857", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e9d25a16-b3ce-4fcf-aef1-07f0bd6e5843", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-20T13:52:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-20T13:52:47+00:00"}, "scope": {"notes": "Affected: Karel / Karel IP Phone IP1211 | Class: other-software | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-48857", "url": "https://www.exploit-db.com/exploits/48857"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Karel", "30d_avg": 0, "90d_avg": 0, "product": "Karel IP Phone IP1211", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "470908cb-1da2-424d-9481-eb85bc98c790", "vulnerability": {"vulnId": "CVE-2019-18935", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "470908cb-1da2-424d-9481-eb85bc98c790", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-23T21:52:33+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-23T21:52:33+00:00"}, "scope": {"notes": "Affected: Telerik / Telerik | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-18935", "url": "https://www.cve.org/CVERecord?id=CVE-2019-18935"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Telerik", "30d_avg": 0, "90d_avg": 0, "product": "Telerik", "cisa_kev": "yes", "connections": 3, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "266210e6-1b62-4d0e-8d58-7fc97017d33d", "vulnerability": {"vulnId": "CVE-2021-21389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "266210e6-1b62-4d0e-8d58-7fc97017d33d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-14T14:56:48+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:48+00:00"}, "scope": {"notes": "Affected: Wordpress / BuddyPress plugin | Class: cms | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21389", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21389"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 1, "product": "BuddyPress plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "ec2a3478-47c3-45e6-acbd-912111ae6459", "vulnerability": {"vulnId": "CVE-2022-21587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "ec2a3478-47c3-45e6-acbd-912111ae6459", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T18:33:52+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T18:33:52+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle E-Business Suite (Oracle Web Applications Desktop Integrator) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-21587", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21587"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 1, "product": "Oracle E-Business Suite (Oracle Web Applications Desktop Integrator)", "cisa_kev": "yes", "connections": 4, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "99b8070d-6d2a-4fad-abd2-bc9739d8af87", "vulnerability": {"vulnId": "CVE-2024-10914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "99b8070d-6d2a-4fad-abd2-bc9739d8af87", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-11-13T08:32:44+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-11-13T08:32:44+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-10914", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10914"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 1, "product": "D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L", "cisa_kev": "no", "connections": 5, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "79e47c6d-59ae-4d18-80dd-59968b778ff3", "vulnerability": {"vulnId": "CVE-2024-10081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "79e47c6d-59ae-4d18-80dd-59968b778ff3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-12-10T13:32:32+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-12-10T13:32:32+00:00"}, "scope": {"notes": "Affected: Ericsson / CodeChecker | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-10081", "url": "https://www.cve.org/CVERecord?id=CVE-2024-10081"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Ericsson", "30d_avg": 1, "90d_avg": 1, "product": "CodeChecker", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "99b42138-adc1-4827-976c-ab17a6f75643", "vulnerability": {"vulnId": "EDB-40735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "99b42138-adc1-4827-976c-ab17a6f75643", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-14T14:55:25+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:55:25+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DSL-2730U/2750U/2750E | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-40735", "url": "https://www.exploit-db.com/exploits/40735"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DSL-2730U/2750U/2750E", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "28806526-f643-4aeb-a8b9-72e0225cad7f", "vulnerability": {"vulnId": "CVE-2021-21479", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "28806526-f643-4aeb-a8b9-72e0225cad7f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-14T14:56:48+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:48+00:00"}, "scope": {"notes": "Affected: SAP / SCIMono | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-21479", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21479"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "SAP", "30d_avg": 0, "90d_avg": 0, "product": "SCIMono", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "0e4e6c44-9c8a-479c-bda9-4fa482fc4891", "vulnerability": {"vulnId": "EDB-49456", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "0e4e6c44-9c8a-479c-bda9-4fa482fc4891", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-18T18:19:24+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-18T18:19:24+00:00"}, "scope": {"notes": "Affected: Selea / Selea Targa IP OCR-ANPR Camera | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-49456", "url": "https://www.exploit-db.com/exploits/49456"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Selea", "30d_avg": 0, "90d_avg": 0, "product": "Selea Targa IP OCR-ANPR Camera", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "e71d3ae7-1fb5-4fdb-b091-0e89069c6e12", "vulnerability": {"vulnId": "CVE-2024-1061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e71d3ae7-1fb5-4fdb-b091-0e89069c6e12", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-14T21:32:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-02-14T21:32:07+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress HTML5 Video Player plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-1061", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1061"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress HTML5 Video Player plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "92b04302-5e5e-415d-8966-1893a3aad17c", "vulnerability": {"vulnId": "CVE-2021-32790", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "92b04302-5e5e-415d-8966-1893a3aad17c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 49}, "timestamps": {"asserted_at": "2024-04-20T23:02:38+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-04-20T23:02:38+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Woocommerce plugin | Class: cms | Severity: Medium (CVSS 4.9) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-32790", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32790"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Woocommerce plugin", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 4.9, "vulnerability_severity": "Medium"}}]}
{"uuid": "aa415008-ece6-4633-a294-d93ed5b071e3", "vulnerability": {"vulnId": "CVE-2018-19365", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "aa415008-ece6-4633-a294-d93ed5b071e3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-14T14:45:01+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:45:01+00:00"}, "scope": {"notes": "Affected: Wowza Media Systems / Wowza Streaming Engine | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-19365", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19365"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Wowza Media Systems", "30d_avg": 0, "90d_avg": 0, "product": "Wowza Streaming Engine", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "f822a942-256b-4155-ae54-bc38b8d53a7b", "vulnerability": {"vulnId": "CVE-2021-30168", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f822a942-256b-4155-ae54-bc38b8d53a7b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T23:16:02+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-13T23:16:02+00:00"}, "scope": {"notes": "Affected: LILIN / LILIN DVR | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-30168", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30168"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "LILIN", "30d_avg": 0, "90d_avg": 0, "product": "LILIN DVR", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6cbdcf79-06ba-4cf4-b852-e050126d44f5", "vulnerability": {"vulnId": "CVE-2023-6038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "6cbdcf79-06ba-4cf4-b852-e050126d44f5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-01-10T10:21:30+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-01-10T10:21:30+00:00"}, "scope": {"notes": "Affected: h20.ai / h20.ai Dashboard | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6038", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6038"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "h20.ai", "30d_avg": 0, "90d_avg": 0, "product": "h20.ai Dashboard", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2ff0e572-624c-46f3-b07b-20db088c970f", "vulnerability": {"vulnId": "CVE-2024-6587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "2ff0e572-624c-46f3-b07b-20db088c970f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-08-22T07:14:14+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-08-22T07:14:14+00:00"}, "scope": {"notes": "Affected: LiteLLM / LiteLLM | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6587", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6587"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "LiteLLM", "30d_avg": 0, "90d_avg": 0, "product": "LiteLLM", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "0f0762c8-0a26-4291-b1c7-449af5204e60", "vulnerability": {"vulnId": "CVE-2024-2389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "0f0762c8-0a26-4291-b1c7-449af5204e60", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-04-26T23:06:32+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-04-26T23:06:32+00:00"}, "scope": {"notes": "Affected: Progress / Flowmon | Class: network-monitoring | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-2389", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2389"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 0, "vendor": "Progress", "30d_avg": 0, "90d_avg": 0, "product": "Flowmon", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "2ac332fa-c94e-4260-be55-540beb766dff", "vulnerability": {"vulnId": "CVE-2021-43163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "2ac332fa-c94e-4260-be55-540beb766dff", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T09:01:54+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-12-05T09:01:54+00:00"}, "scope": {"notes": "Affected: Ruijie Networks / Ruijie RG-EW Series Routers | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-43163", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43163"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Ruijie Networks", "30d_avg": 0, "90d_avg": 0, "product": "Ruijie RG-EW Series Routers", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6d158c94-5875-404f-a244-2d50652b7ec0", "vulnerability": {"vulnId": "CVE-2024-6188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "6d158c94-5875-404f-a244-2d50652b7ec0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2024-07-24T08:39:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2024-07-24T08:39:41+00:00"}, "scope": {"notes": "Affected: Parsec Automation / TrackSYS | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6188", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6188"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Parsec Automation", "30d_avg": 1, "90d_avg": 0, "product": "TrackSYS", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "574a8d99-4dc2-4fdd-9922-4effae21f298", "vulnerability": {"vulnId": "CVE-2022-46169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "574a8d99-4dc2-4fdd-9922-4effae21f298", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:57:51+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:57:51+00:00"}, "scope": {"notes": "Affected: Cacti / Cacti | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-46169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46169"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Cacti", "30d_avg": 0, "90d_avg": 0, "product": "Cacti", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b23513b4-62b9-471d-a3a5-1d293d2ffa31", "vulnerability": {"vulnId": "CVE-2021-22911", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "b23513b4-62b9-471d-a3a5-1d293d2ffa31", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T14:56:49+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:49+00:00"}, "scope": {"notes": "Affected: Rocket.Chat / Rocket.Chat | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22911", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22911"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Rocket.Chat", "30d_avg": 0, "90d_avg": 0, "product": "Rocket.Chat", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "118b5a44-32e0-4e03-ad1c-fdcf706198e5", "vulnerability": {"vulnId": "CVE-2024-12987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-12T06:57:22+00:00"}, "gcve": {"object_uuid": "118b5a44-32e0-4e03-ad1c-fdcf706198e5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 73}, "timestamps": {"asserted_at": "2025-02-12T06:57:22+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-12T06:57:22+00:00", "first_seen_at": "2025-02-12T06:57:22+00:00"}, "scope": {"notes": "Affected: Draytek / Draytek Vigor2960 and Vigor300B | Class: router | Severity: High (CVSS 7.3) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-12: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-12987", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12987"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Draytek", "30d_avg": 0, "90d_avg": 0, "product": "Draytek Vigor2960 and Vigor300B", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 7.3, "vulnerability_severity": "High"}}]}
{"uuid": "55cfe94d-0b9c-42cc-82a7-93a18c4763d0", "vulnerability": {"vulnId": "CVE-2017-11610", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "55cfe94d-0b9c-42cc-82a7-93a18c4763d0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-19T07:48:30+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-12T00:00:00+00:00", "first_seen_at": "2023-10-19T07:48:30+00:00"}, "scope": {"notes": "Affected: Supervisor / XML-RPC Server | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-12: 226", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-11610", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Supervisor", "30d_avg": 0, "90d_avg": 0, "product": "XML-RPC Server", "cisa_kev": "no", "connections": 226, "observation_date": "2025-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "8da956d2-2b3f-4693-88a0-ee20a0349c72", "vulnerability": {"vulnId": "CVE-2022-22954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "8da956d2-2b3f-4693-88a0-ee20a0349c72", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-29T06:32:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-12T00:00:00+00:00", "first_seen_at": "2023-11-29T06:32:07+00:00"}, "scope": {"notes": "Affected: VMware / Workspace ONE Access and Identity Manager | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-12: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22954", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22954"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "VMware", "30d_avg": 0, "90d_avg": 0, "product": "Workspace ONE Access and Identity Manager", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-02-12", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "50b9f865-6d37-408f-8aeb-5324bfa849f3", "vulnerability": {"vulnId": "CVE-2022-22536", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "50b9f865-6d37-408f-8aeb-5324bfa849f3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-03-19T15:10:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-11T00:00:00+00:00", "first_seen_at": "2024-03-19T15:10:07+00:00"}, "scope": {"notes": "Affected: SAP / NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher | Class: app-server | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-11: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22536", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22536"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "SAP", "30d_avg": 0, "90d_avg": 0, "product": "NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-02-11", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "471ee0a5-3a91-47c5-b9a6-3eb42ad07b73", "vulnerability": {"vulnId": "CVE-2017-12615", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "471ee0a5-3a91-47c5-b9a6-3eb42ad07b73", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 81}, "timestamps": {"asserted_at": "2023-10-14T06:18:54+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-11T00:00:00+00:00", "first_seen_at": "2023-10-14T06:18:54+00:00"}, "scope": {"notes": "Affected: Apache / Tomcat | Class: web-server | Severity: High (CVSS 8.1) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-11: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-12615", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12615"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-server", "7d_avg": 0, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "Tomcat", "cisa_kev": "yes", "connections": 4, "observation_date": "2025-02-11", "vulnerability_class": "CVSS", "vulnerability_score": 8.1, "vulnerability_severity": "High"}}]}
{"uuid": "ed84ff42-f700-455b-a9fc-23afda11c8d1", "vulnerability": {"vulnId": "CVE-2022-22963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "ed84ff42-f700-455b-a9fc-23afda11c8d1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-07T05:56:09+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-11T00:00:00+00:00", "first_seen_at": "2023-11-07T05:56:09+00:00"}, "scope": {"notes": "Affected: Spring / Spring Cloud Function | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-11: 88", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22963", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22963"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Spring", "30d_avg": 0, "90d_avg": 0, "product": "Spring Cloud Function", "cisa_kev": "yes", "connections": 88, "observation_date": "2025-02-11", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "43aaa348-982f-498d-987e-df4dd243d4e7", "vulnerability": {"vulnId": "CVE-2023-0656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "43aaa348-982f-498d-987e-df4dd243d4e7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-09-12T20:24:49+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-10T00:00:00+00:00", "first_seen_at": "2024-09-12T20:24:49+00:00"}, "scope": {"notes": "Affected: SonicWall / SonicOS | Class: firewall | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-10: 704", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-0656", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0656"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "237", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 173, "vendor": "SonicWall", "30d_avg": 157, "90d_avg": 106, "product": "SonicOS", "cisa_kev": "no", "connections": 704, "observation_date": "2025-02-10", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "28bd38ef-54df-4c34-bbad-44265d258e4d", "vulnerability": {"vulnId": "CVE-2016-5700", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "28bd38ef-54df-4c34-bbad-44265d258e4d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-21T23:35:21+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-10T00:00:00+00:00", "first_seen_at": "2023-10-21T23:35:21+00:00"}, "scope": {"notes": "Affected: F5 / BIG-IP | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-10: 16", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-5700", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5700"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "F5", "30d_avg": 0, "90d_avg": 0, "product": "BIG-IP", "cisa_kev": "no", "connections": 16, "observation_date": "2025-02-10", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "33b23a72-ef8c-40db-a36a-092c6a7c3fa3", "vulnerability": {"vulnId": "CVE-2022-22274", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "33b23a72-ef8c-40db-a36a-092c6a7c3fa3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-12T20:24:49+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-10T00:00:00+00:00", "first_seen_at": "2024-09-12T20:24:49+00:00"}, "scope": {"notes": "Affected: SonicWall / SonicOS | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-10: 2111", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-22274", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22274"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "238", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 173, "vendor": "SonicWall", "30d_avg": 158, "90d_avg": 107, "product": "SonicOS", "cisa_kev": "no", "connections": 2111, "observation_date": "2025-02-10", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f5e61328-728d-4014-81d8-ceafe1151fb3", "vulnerability": {"vulnId": "CVE-2024-12856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-08T15:28:57+00:00"}, "gcve": {"object_uuid": "f5e61328-728d-4014-81d8-ceafe1151fb3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2025-02-08T15:28:57+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-08T15:28:57+00:00", "first_seen_at": "2025-02-08T15:28:57+00:00"}, "scope": {"notes": "Affected: Four-Faith / Four-Faith F3x24 and F3x36 | Class: router | Severity: High (CVSS 7.2) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-08: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-12856", "url": "https://www.cve.org/CVERecord?id=CVE-2024-12856"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Four-Faith", "30d_avg": 0, "90d_avg": 0, "product": "Four-Faith F3x24 and F3x36", "cisa_kev": "no", "connections": 4, "observation_date": "2025-02-08", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "574d5b65-d6bc-4633-ae2a-4f9be2c41dbc", "vulnerability": {"vulnId": "CVE-2022-36553", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-08T00:00:00+00:00"}, "gcve": {"object_uuid": "574d5b65-d6bc-4633-ae2a-4f9be2c41dbc", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T20:45:45+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-08T00:00:00+00:00", "first_seen_at": "2023-10-13T20:45:45+00:00"}, "scope": {"notes": "Affected: Hytec Inter / Hytec Inter HWL-2511-SS | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-08: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-36553", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36553"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Hytec Inter", "30d_avg": 0, "90d_avg": 0, "product": "Hytec Inter HWL-2511-SS", "cisa_kev": "no", "connections": 2, "observation_date": "2025-02-08", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f2cad87d-46b7-43c4-9a77-36aba122316c", "vulnerability": {"vulnId": "CVE-2024-4040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-07T00:00:00+00:00"}, "gcve": {"object_uuid": "f2cad87d-46b7-43c4-9a77-36aba122316c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-05-14T02:03:34+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-07T00:00:00+00:00", "first_seen_at": "2024-05-14T02:03:34+00:00"}, "scope": {"notes": "Affected: CrushFTP / CrushFTP | Class: file-transfer | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-02-07: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-4040", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4040"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 0, "vendor": "CrushFTP", "30d_avg": 0, "90d_avg": 0, "product": "CrushFTP", "cisa_kev": "yes", "connections": 15, "observation_date": "2025-02-07", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "5a1e84b6-a93c-4f25-8ed8-220865bd8c72", "vulnerability": {"vulnId": "CVE-2012-0297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5a1e84b6-a93c-4f25-8ed8-220865bd8c72", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-20T11:51:16+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-07T00:00:00+00:00", "first_seen_at": "2023-10-20T11:51:16+00:00"}, "scope": {"notes": "Affected: Symantec / Symantec Web Gateway 5.0.2.8 | Class: firewall | Severity: High (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-07: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2012-0297", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0297"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Symantec", "30d_avg": 0, "90d_avg": 0, "product": "Symantec Web Gateway 5.0.2.8", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-07", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "High"}}]}
{"uuid": "69a02b10-ef19-458e-baec-a9d8f26e059f", "vulnerability": {"vulnId": "EDB-22127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-07T00:00:00+00:00"}, "gcve": {"object_uuid": "69a02b10-ef19-458e-baec-a9d8f26e059f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-21T19:52:02+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-07T00:00:00+00:00", "first_seen_at": "2023-10-21T19:52:02+00:00"}, "scope": {"notes": "Affected: DCP Portal / DCP Portal | Class: cms | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-07: 7", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-22127", "url": "https://www.exploit-db.com/exploits/22127"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "DCP Portal", "30d_avg": 0, "90d_avg": 0, "product": "DCP Portal", "cisa_kev": "no", "connections": 7, "observation_date": "2025-02-07", "vulnerability_class": "CVSS", "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "21f1662f-625f-4cba-bb6b-cba18df04422", "vulnerability": {"vulnId": "CVE-2018-9866", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "21f1662f-625f-4cba-bb6b-cba18df04422", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-27T18:11:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-06T00:00:00+00:00", "first_seen_at": "2024-08-27T18:11:41+00:00"}, "scope": {"notes": "Affected: SonicWall / SonicWall Global Management System | Class: security-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-02-06: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-9866", "url": "https://www.cve.org/CVERecord?id=CVE-2018-9866"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 1, "vendor": "SonicWall", "30d_avg": 0, "90d_avg": 0, "product": "SonicWall Global Management System", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-06", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4b424975-d519-41d0-aaee-f6e22d55610c", "vulnerability": {"vulnId": "CVE-2020-29557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "4b424975-d519-41d0-aaee-f6e22d55610c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-07-13T00:44:19+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-04T00:00:00+00:00", "first_seen_at": "2024-07-13T00:44:19+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-825 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-02-04: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-29557", "url": "https://www.cve.org/CVERecord?id=CVE-2020-29557"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-825", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-02-04", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "98d60e0e-bf52-4ac3-963a-f8cd73c2ac79", "vulnerability": {"vulnId": "CVE-2024-6298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-02T04:52:36+00:00"}, "gcve": {"object_uuid": "98d60e0e-bf52-4ac3-963a-f8cd73c2ac79", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-02-02T04:52:36+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-02T04:52:36+00:00", "first_seen_at": "2025-02-02T04:52:36+00:00"}, "scope": {"notes": "Affected: ABB / ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-02: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-6298", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6298"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "ABB", "30d_avg": 0, "90d_avg": 0, "product": "ABB ASPECT-Enterprise on Linux, ABB NEXUS Series on Linux, ABB MATRIX Series on Linux", "cisa_kev": "no", "connections": 9, "observation_date": "2025-02-02", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c396c89e-d378-4f37-ae9d-16e0e5188207", "vulnerability": {"vulnId": "CVE-2020-8958", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-01T00:00:00+00:00"}, "gcve": {"object_uuid": "c396c89e-d378-4f37-ae9d-16e0e5188207", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2023-10-25T14:54:53+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-02-01T00:00:00+00:00", "first_seen_at": "2023-10-25T14:54:53+00:00"}, "scope": {"notes": "Affected: Guangzhou / Guangzhou 1GE ONU (GPON) | Class: router | Severity: High (CVSS 7.2) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-01: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-8958", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8958"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Guangzhou", "30d_avg": 0, "90d_avg": 0, "product": "Guangzhou 1GE ONU (GPON)", "cisa_kev": "no", "connections": 1, "observation_date": "2025-02-01", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "9ded940c-3aad-4c81-b5a8-8a79738ae85b", "vulnerability": {"vulnId": "CVE-2023-3519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-31T00:00:00+00:00"}, "gcve": {"object_uuid": "9ded940c-3aad-4c81-b5a8-8a79738ae85b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-24T22:08:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-31T00:00:00+00:00", "first_seen_at": "2023-10-24T22:08:07+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ADC and Citrix Gateway | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-31: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-3519", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3519"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 0, "90d_avg": 0, "product": "Citrix ADC and Citrix Gateway", "cisa_kev": "yes", "connections": 6, "observation_date": "2025-01-31", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c2ba435b-03b8-4c3a-9378-19966505b0fe", "vulnerability": {"vulnId": "CVE-2023-6553", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-30T00:00:00+00:00"}, "gcve": {"object_uuid": "c2ba435b-03b8-4c3a-9378-19966505b0fe", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-16T21:33:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-30T00:00:00+00:00", "first_seen_at": "2023-12-16T21:33:47+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Backup Migration plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-6553", "url": "https://www.cve.org/CVERecord?id=CVE-2023-6553"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Backup Migration plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a0b2f1d4-37f4-4171-985a-7a43092f3d3e", "vulnerability": {"vulnId": "CVE-2022-26186", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a0b2f1d4-37f4-4171-985a-7a43092f3d3e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-11-03T07:56:30+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-30T00:00:00+00:00", "first_seen_at": "2024-11-03T07:56:30+00:00"}, "scope": {"notes": "Affected: Totolink / Totolink N600R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-30: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-26186", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26186"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "Totolink N600R", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9a2fd1d7-8993-43b3-89d7-fe22261fffe8", "vulnerability": {"vulnId": "CVE-2023-22952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "9a2fd1d7-8993-43b3-89d7-fe22261fffe8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-28T14:25:32+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-26T00:00:00+00:00", "first_seen_at": "2023-10-28T14:25:32+00:00"}, "scope": {"notes": "Affected: SugarCRM / SugarCRM | Class: other-software | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-26: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-22952", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22952"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "SugarCRM", "30d_avg": 0, "90d_avg": 0, "product": "SugarCRM", "cisa_kev": "yes", "connections": 4, "observation_date": "2025-01-26", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "5cdc213d-45fa-4697-90c2-82d1dfd5405f", "vulnerability": {"vulnId": "EDB-46792", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "5cdc213d-45fa-4697-90c2-82d1dfd5405f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-24T22:02:44+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-26T00:00:00+00:00", "first_seen_at": "2023-10-24T22:02:44+00:00"}, "scope": {"notes": "Affected: 5VTechnologies / Blue Angel Software Suite | Class: security-management-platform | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-26: 15", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-46792", "url": "https://www.exploit-db.com/exploits/46792"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "5VTechnologies", "30d_avg": 0, "90d_avg": 0, "product": "Blue Angel Software Suite", "cisa_kev": "no", "connections": 15, "observation_date": "2025-01-26", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "e365c788-0a1b-4765-b7e7-b46c3c31b883", "vulnerability": {"vulnId": "CVE-2021-30461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e365c788-0a1b-4765-b7e7-b46c3c31b883", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-06T17:06:51+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-25T00:00:00+00:00", "first_seen_at": "2024-09-06T17:06:51+00:00"}, "scope": {"notes": "Affected: VoIPmonitor / VoIPmonitor | Class: network-monitoring | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-25: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-30461", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30461"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "network-monitoring", "7d_avg": 0, "vendor": "VoIPmonitor", "30d_avg": 0, "90d_avg": 0, "product": "VoIPmonitor", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-25", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "54477414-fbc6-47a4-a965-6e16c3b6de0a", "vulnerability": {"vulnId": "CVE-2024-22320", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "54477414-fbc6-47a4-a965-6e16c3b6de0a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-03-22T21:00:26+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-24T00:00:00+00:00", "first_seen_at": "2024-03-22T21:00:26+00:00"}, "scope": {"notes": "Affected: IBM / IBM Operational Decision Manager | Class: business-intelligence | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-24: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-22320", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22320"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "business-intelligence", "7d_avg": 0, "vendor": "IBM", "30d_avg": 0, "90d_avg": 0, "product": "IBM Operational Decision Manager", "cisa_kev": "no", "connections": 4, "observation_date": "2025-01-24", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "cb471900-9075-45e4-964f-c2a6d2167e7d", "vulnerability": {"vulnId": "CVE-2014-9727", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "cb471900-9075-45e4-964f-c2a6d2167e7d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2023-10-24T14:11:10+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-24T00:00:00+00:00", "first_seen_at": "2023-10-24T14:11:10+00:00"}, "scope": {"notes": "Affected: AVM / Fritz!Box | Class: router | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-24: 45", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-9727", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9727"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "AVM", "30d_avg": 0, "90d_avg": 0, "product": "Fritz!Box", "cisa_kev": "no", "connections": 45, "observation_date": "2025-01-24", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "c59045f7-9dc1-4e87-b6eb-b0e21ebf67d5", "vulnerability": {"vulnId": "CVE-2024-1021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "c59045f7-9dc1-4e87-b6eb-b0e21ebf67d5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-04T00:46:56+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-23T00:00:00+00:00", "first_seen_at": "2024-04-04T00:46:56+00:00"}, "scope": {"notes": "Affected: Rebuild / Rebuild | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-23: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-1021", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1021"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Rebuild", "30d_avg": 0, "90d_avg": 0, "product": "Rebuild", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-23", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9d31fd64-fe37-4f70-be94-a8ce20f1aadb", "vulnerability": {"vulnId": "CVE-2023-27992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "9d31fd64-fe37-4f70-be94-a8ce20f1aadb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2025-01-07T16:10:20+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-23T00:00:00+00:00", "first_seen_at": "2025-01-07T16:10:20+00:00"}, "scope": {"notes": "Affected: Zyxel / Zyxel NAS326/NAS540/NAS542 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-01-23: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27992", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27992"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "Zyxel", "30d_avg": 0, "90d_avg": 0, "product": "Zyxel NAS326/NAS540/NAS542", "cisa_kev": "yes", "connections": 5, "observation_date": "2025-01-23", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "5faa2fb8-6779-41ff-b715-0dc331624d81", "vulnerability": {"vulnId": "CVE-2022-36804", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "5faa2fb8-6779-41ff-b715-0dc331624d81", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-10-18T18:17:40+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-21T00:00:00+00:00", "first_seen_at": "2023-10-18T18:17:40+00:00"}, "scope": {"notes": "Affected: Atlassian / Bitbucket | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-36804", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36804"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 0, "90d_avg": 0, "product": "Bitbucket", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-01-21", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "114435bd-a7ca-4b50-b52f-1b3cdf2a12d1", "vulnerability": {"vulnId": "CVE-2019-10068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "114435bd-a7ca-4b50-b52f-1b3cdf2a12d1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-29T06:32:03+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-21T00:00:00+00:00", "first_seen_at": "2023-11-29T06:32:03+00:00"}, "scope": {"notes": "Affected: Kentico / Kentico | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-10068", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10068"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Kentico", "30d_avg": 0, "90d_avg": 0, "product": "Kentico", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-01-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4f892315-044c-4ac3-a0fe-5f806b1389ad", "vulnerability": {"vulnId": "CVE-2020-25213", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "4f892315-044c-4ac3-a0fe-5f806b1389ad", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T18:15:23+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-21T00:00:00+00:00", "first_seen_at": "2023-10-18T18:15:23+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-21: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-25213", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25213"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-01-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "679381bd-8769-4bf0-aadb-1f205e546345", "vulnerability": {"vulnId": "CVE-2022-25237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "679381bd-8769-4bf0-aadb-1f205e546345", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-05-15T10:47:42+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-21T00:00:00+00:00", "first_seen_at": "2024-05-15T10:47:42+00:00"}, "scope": {"notes": "Affected: Bonitasoft / Bonitasoft | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-25237", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25237"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Bonitasoft", "30d_avg": 0, "90d_avg": 0, "product": "Bonitasoft", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d8b3ddc5-7d6e-46ec-8517-af01b0e21953", "vulnerability": {"vulnId": "CVE-2020-2507", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "d8b3ddc5-7d6e-46ec-8517-af01b0e21953", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-29T20:09:13+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-18T00:00:00+00:00", "first_seen_at": "2024-02-29T20:09:13+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP QTS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-18: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-2507", "url": "https://www.cve.org/CVERecord?id=CVE-2020-2507"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "QNAP", "30d_avg": 7, "90d_avg": 2, "product": "QNAP QTS", "cisa_kev": "no", "connections": 2, "observation_date": "2025-01-18", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a8825af8-afea-463b-80b2-88ae1b4a5a76", "vulnerability": {"vulnId": "CVE-2024-21683", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-16T00:00:00+00:00"}, "gcve": {"object_uuid": "a8825af8-afea-463b-80b2-88ae1b4a5a76", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 83}, "timestamps": {"asserted_at": "2024-05-29T10:27:11+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-16T00:00:00+00:00", "first_seen_at": "2024-05-29T10:27:11+00:00"}, "scope": {"notes": "Affected: Atlassian / Confluence | Class: other-software | Severity: High (CVSS 8.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-16: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-21683", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21683"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Atlassian", "30d_avg": 0, "90d_avg": 0, "product": "Confluence", "cisa_kev": "no", "connections": 3, "observation_date": "2025-01-16", "vulnerability_class": "CVSS", "vulnerability_score": 8.3, "vulnerability_severity": "High"}}]}
{"uuid": "289a742c-ad87-4d3e-a6b2-e5bde14aaceb", "vulnerability": {"vulnId": "CNVD-2021-14544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "289a742c-ad87-4d3e-a6b2-e5bde14aaceb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-07T15:57:17+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2024-08-07T15:57:17+00:00"}, "scope": {"notes": "Affected: Hikvision / Hikvision Streaming Media Management Server | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Hikvision", "30d_avg": 0, "90d_avg": 0, "product": "Hikvision Streaming Media Management Server", "cisa_kev": "no", "connections": 2, "observation_date": "2025-01-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "200e7615-f4dc-4b5b-9351-d8858e278d5a", "vulnerability": {"vulnId": "CVE-2022-31474", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "200e7615-f4dc-4b5b-9351-d8858e278d5a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-11-12T12:00:39+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-11-12T12:00:39+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress BackupBuddy plugin | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31474", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31474"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress BackupBuddy plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "056fe379-47a5-40b6-ba59-6ebe2eb84eb2", "vulnerability": {"vulnId": "CVE-2022-3982", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "056fe379-47a5-40b6-ba59-6ebe2eb84eb2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-12T18:50:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-11-12T18:50:47+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Booking Calendar plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-3982", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3982"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Booking Calendar plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "58b09db9-6f9e-4b62-aa19-7bf636dd8749", "vulnerability": {"vulnId": "CVE-2017-18046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "58b09db9-6f9e-4b62-aa19-7bf636dd8749", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T16:26:11+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-10-18T16:26:11+00:00"}, "scope": {"notes": "Affected: Dasan / Dasan GPON ONT WiFi Router H640X | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-14: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-18046", "url": "https://www.cve.org/CVERecord?id=CVE-2017-18046"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Dasan", "30d_avg": 0, "90d_avg": 0, "product": "Dasan GPON ONT WiFi Router H640X", "cisa_kev": "no", "connections": 6, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f0b49f47-e0cc-4720-8c40-a1f1f894d6d7", "vulnerability": {"vulnId": "CVE-2023-28461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "f0b49f47-e0cc-4720-8c40-a1f1f894d6d7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-03T08:52:05+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2024-12-03T08:52:05+00:00"}, "scope": {"notes": "Affected: Array Networks / Array AG Series and vxAG | Class: firewall | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-28461", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28461"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Array Networks", "30d_avg": 0, "90d_avg": 0, "product": "Array AG Series and vxAG", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9aa78362-3faf-42fe-91a7-6142dc592bc3", "vulnerability": {"vulnId": "CVE-2024-32113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "9aa78362-3faf-42fe-91a7-6142dc592bc3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-06-14T08:40:40+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2024-06-14T08:40:40+00:00"}, "scope": {"notes": "Affected: Apache / OFBiz | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-14: 146", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-32113", "url": "https://www.cve.org/CVERecord?id=CVE-2024-32113"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "61", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 8, "vendor": "Apache", "30d_avg": 2, "90d_avg": 0, "product": "OFBiz", "cisa_kev": "yes", "connections": 146, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "378ada79-12b0-4287-801a-8d76c1beb721", "vulnerability": {"vulnId": "CVE-2022-31793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "378ada79-12b0-4287-801a-8d76c1beb721", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T14:42:13+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-10-14T14:42:13+00:00"}, "scope": {"notes": "Affected: Arris / Arris NVG443, NVG599, NVG589, NVG510 devices and Arris-derived BGW210, BGW320 devices | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-31793", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31793"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Arris", "30d_avg": 0, "90d_avg": 0, "product": "Arris NVG443, NVG599, NVG589, NVG510 devices and Arris-derived BGW210, BGW320 devices", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "3bb90c5e-a1a2-427e-b65e-d15c85704dd4", "vulnerability": {"vulnId": "CVE-2022-1950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "3bb90c5e-a1a2-427e-b65e-d15c85704dd4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-12T14:33:20+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-11-12T14:33:20+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Youzify plugin | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1950", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1950"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Youzify plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "66c02f3d-730e-416d-bf0d-3067da7ce111", "vulnerability": {"vulnId": "CVE-2022-42953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "66c02f3d-730e-416d-bf0d-3067da7ce111", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-18T18:18:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-10-18T18:18:07+00:00"}, "scope": {"notes": "Affected: ZKTeco / ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM | Class: security-management-platform | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-42953", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42953"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "security-management-platform", "7d_avg": 0, "vendor": "ZKTeco", "30d_avg": 0, "90d_avg": 0, "product": "ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "c0352f61-154a-42a4-99ce-5570bbea4de5", "vulnerability": {"vulnId": "CVE-2023-0297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "c0352f61-154a-42a4-99ce-5570bbea4de5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-12T11:42:19+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-11-12T11:42:19+00:00"}, "scope": {"notes": "Affected: pyLoad / pyLoad | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-0297", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0297"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "pyLoad", "30d_avg": 0, "90d_avg": 0, "product": "pyLoad", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1ba4ab13-695b-460d-bf51-bc7ad15a41d3", "vulnerability": {"vulnId": "CVE-2022-29013", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "1ba4ab13-695b-460d-bf51-bc7ad15a41d3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-18T08:55:48+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2024-09-18T08:55:48+00:00"}, "scope": {"notes": "Affected: Razer / Razer Sila | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-29013", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29013"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Razer", "30d_avg": 0, "90d_avg": 0, "product": "Razer Sila", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b0f45534-c629-4dbf-b5dd-5d4c7b0b150d", "vulnerability": {"vulnId": "CVE-2022-40734", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "b0f45534-c629-4dbf-b5dd-5d4c7b0b150d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-24T09:14:36+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2023-10-24T09:14:36+00:00"}, "scope": {"notes": "Affected: UniSharp / Laravel Filemanager | Class: other-software | Severity: Medium (CVSS 6.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-40734", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40734"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "UniSharp", "30d_avg": 0, "90d_avg": 0, "product": "Laravel Filemanager", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "f02e9a69-c1fc-4e68-b14b-c35477660c33", "vulnerability": {"vulnId": "CVE-2024-34102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "f02e9a69-c1fc-4e68-b14b-c35477660c33", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-11-01T14:58:05+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-14T00:00:00+00:00", "first_seen_at": "2024-11-01T14:58:05+00:00"}, "scope": {"notes": "Affected: Adobe / Adobe Commerce and Magento Open Source | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-34102", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Adobe", "30d_avg": 0, "90d_avg": 0, "product": "Adobe Commerce and Magento Open Source", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-01-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f8cb27b7-dc8d-48fc-bf57-da74b5efe9e0", "vulnerability": {"vulnId": "CVE-2023-27034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f8cb27b7-dc8d-48fc-bf57-da74b5efe9e0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-22T00:37:59+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-13T00:00:00+00:00", "first_seen_at": "2024-06-22T00:37:59+00:00"}, "scope": {"notes": "Affected: PrestaShop / PrestaShop jmsblog | Class: cms | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-27034", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27034"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "PrestaShop", "30d_avg": 0, "90d_avg": 0, "product": "PrestaShop jmsblog", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "b5a53ca0-0062-404d-b0a2-81e919a7cd25", "vulnerability": {"vulnId": "CVE-2019-16932", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "b5a53ca0-0062-404d-b0a2-81e919a7cd25", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-14T14:56:06+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-13T00:00:00+00:00", "first_seen_at": "2023-10-14T14:56:06+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Visualizer plugin (by Themeisle) | Class: cms | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-16932", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16932"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Visualizer plugin (by Themeisle)", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "79c6d59d-07a6-43af-baa6-da510248ed3f", "vulnerability": {"vulnId": "CVE-2020-14883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "79c6d59d-07a6-43af-baa6-da510248ed3f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2023-10-13T16:31:17+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-13T00:00:00+00:00", "first_seen_at": "2023-10-13T16:31:17+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Weblogic Server | Class: app-server | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-13: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-14883", "url": "https://www.cve.org/CVERecord?id=CVE-2020-14883"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "Oracle Weblogic Server", "cisa_kev": "yes", "connections": 3, "observation_date": "2025-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "56ca5822-fb6d-4875-b9c0-37cdc32285a4", "vulnerability": {"vulnId": "CVE-2022-21661", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "56ca5822-fb6d-4875-b9c0-37cdc32285a4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-11-15T23:17:33+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-13T00:00:00+00:00", "first_seen_at": "2023-11-15T23:17:33+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress Core | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2025-01-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-21661", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21661"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress Core", "cisa_kev": "no", "connections": 1, "observation_date": "2025-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "3f97fe53-abf1-430a-b353-2a9cfe8f99bb", "vulnerability": {"vulnId": "CVE-2019-8387", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-06T00:00:00+00:00"}, "gcve": {"object_uuid": "3f97fe53-abf1-430a-b353-2a9cfe8f99bb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-13T05:47:02+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-06T00:00:00+00:00", "first_seen_at": "2023-12-13T05:47:02+00:00"}, "scope": {"notes": "Affected: Master / Master IP CAM 01 | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-06: 57", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-8387", "url": "https://www.cve.org/CVERecord?id=CVE-2019-8387"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "3", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Master", "30d_avg": 0, "90d_avg": 0, "product": "Master IP CAM 01", "cisa_kev": "no", "connections": 57, "observation_date": "2025-01-06", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "fecef13a-3b6d-45c4-85da-ab1d28a002fb", "vulnerability": {"vulnId": "CVE-2020-5722", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "fecef13a-3b6d-45c4-85da-ab1d28a002fb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-05T20:44:08+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-04T00:00:00+00:00", "first_seen_at": "2024-01-05T20:44:08+00:00"}, "scope": {"notes": "Affected: Grandstream / UCM6200 series | Class: ip-pbx | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-01-04: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-5722", "url": "https://www.cve.org/CVERecord?id=CVE-2020-5722"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ip-pbx", "7d_avg": 0, "vendor": "Grandstream", "30d_avg": 0, "90d_avg": 0, "product": "UCM6200 series", "cisa_kev": "yes", "connections": 2, "observation_date": "2025-01-04", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "187700a8-5eb9-4616-a131-fbdf53e2f841", "vulnerability": {"vulnId": "CVE-2017-12149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "187700a8-5eb9-4616-a131-fbdf53e2f841", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-15T02:27:05+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-04T00:00:00+00:00", "first_seen_at": "2023-10-15T02:27:05+00:00"}, "scope": {"notes": "Affected: RedHat / JBoss | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-01-04: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-12149", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12149"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "RedHat", "30d_avg": 0, "90d_avg": 0, "product": "JBoss", "cisa_kev": "yes", "connections": 1, "observation_date": "2025-01-04", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "338723ef-a2ca-4710-92eb-d72f8529995a", "vulnerability": {"vulnId": "EDB-40500", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-04T00:00:00+00:00"}, "gcve": {"object_uuid": "338723ef-a2ca-4710-92eb-d72f8529995a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-18T03:34:01+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-04T00:00:00+00:00", "first_seen_at": "2023-10-18T03:34:01+00:00"}, "scope": {"notes": "Affected: AVTECH / AVTECH IP camera, NVR, DVR products | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-01-04: 16", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-40500", "url": "https://www.exploit-db.com/exploits/40500"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "AVTECH", "30d_avg": 0, "90d_avg": 0, "product": "AVTECH IP camera, NVR, DVR products", "cisa_kev": "no", "connections": 16, "observation_date": "2025-01-04", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "2bcd632e-a065-4c78-8ef2-9603c2603483", "vulnerability": {"vulnId": "CVE-2017-6334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2bcd632e-a065-4c78-8ef2-9603c2603483", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-10-21T18:33:29+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2025-01-03T00:00:00+00:00", "first_seen_at": "2024-10-21T18:33:29+00:00"}, "scope": {"notes": "Affected: NETGEAR / NETGEAR DGN2200 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-01-03: 26", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-6334", "url": "https://www.cve.org/CVERecord?id=CVE-2017-6334"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "NETGEAR", "30d_avg": 0, "90d_avg": 0, "product": "NETGEAR DGN2200", "cisa_kev": "yes", "connections": 26, "observation_date": "2025-01-03", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "f231e123-4d92-42be-8b4c-d9100a6bccc4", "vulnerability": {"vulnId": "CVE-2023-26360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f231e123-4d92-42be-8b4c-d9100a6bccc4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-06T18:25:51+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-30T00:00:00+00:00", "first_seen_at": "2023-12-06T18:25:51+00:00"}, "scope": {"notes": "Affected: Adobe / ColdFusion | Class: app-server | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-12-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-26360", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26360"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "Adobe", "30d_avg": 0, "90d_avg": 0, "product": "ColdFusion", "cisa_kev": "yes", "connections": 2, "observation_date": "2024-12-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "559472e9-4bad-4de2-ab65-f6eb6b7a3b43", "vulnerability": {"vulnId": "CVE-2024-8069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-26T00:00:00+00:00"}, "gcve": {"object_uuid": "559472e9-4bad-4de2-ab65-f6eb6b7a3b43", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-11-13T04:53:43+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-26T00:00:00+00:00", "first_seen_at": "2024-11-13T04:53:43+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix Virtual Apps and Desktops | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-26: 19", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-8069", "url": "https://www.cve.org/CVERecord?id=CVE-2024-8069"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 0, "90d_avg": 0, "product": "Citrix Virtual Apps and Desktops", "cisa_kev": "no", "connections": 19, "observation_date": "2024-12-26", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "a3c795c1-8d02-4e23-bd3c-356feb3c7097", "vulnerability": {"vulnId": "CVE-2022-4257", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-26T00:00:00+00:00"}, "gcve": {"object_uuid": "a3c795c1-8d02-4e23-bd3c-356feb3c7097", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T18:13:45+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-26T00:00:00+00:00", "first_seen_at": "2023-10-18T18:13:45+00:00"}, "scope": {"notes": "Affected: C-DATA / C-DATA Web Management System | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-26: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-4257", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4257"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "C-DATA", "30d_avg": 0, "90d_avg": 0, "product": "C-DATA Web Management System", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-26", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1d79a799-b54d-49f4-8694-047a119e11a8", "vulnerability": {"vulnId": "CVE-2022-0591", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-26T00:00:00+00:00"}, "gcve": {"object_uuid": "1d79a799-b54d-49f4-8694-047a119e11a8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-14T18:04:27+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-26T00:00:00+00:00", "first_seen_at": "2023-10-14T18:04:27+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress FormCraft plugin | Class: cms | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-26: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0591", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0591"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress FormCraft plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-26", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "521f3632-6899-449d-9e75-b34d6f2947a6", "vulnerability": {"vulnId": "CVE-2017-8046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-26T00:00:00+00:00"}, "gcve": {"object_uuid": "521f3632-6899-449d-9e75-b34d6f2947a6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-06T06:37:00+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-26T00:00:00+00:00", "first_seen_at": "2024-01-06T06:37:00+00:00"}, "scope": {"notes": "Affected: Spring / Spring Data REST | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-26: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-8046", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8046"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Spring", "30d_avg": 0, "90d_avg": 0, "product": "Spring Data REST", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-26", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "357c0e17-b34c-43d3-b49f-5aaebb4e2de2", "vulnerability": {"vulnId": "CVE-2018-17283", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-26T00:00:00+00:00"}, "gcve": {"object_uuid": "357c0e17-b34c-43d3-b49f-5aaebb4e2de2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-19T08:51:53+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-26T00:00:00+00:00", "first_seen_at": "2023-10-19T08:51:53+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine OpManager | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-26: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-17283", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17283"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Zoho", "30d_avg": 0, "90d_avg": 0, "product": "ManageEngine OpManager", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-26", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "922f9bd1-b5d0-4906-8683-d5d8c32f98f1", "vulnerability": {"vulnId": "CVE-2022-0482", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-26T00:00:00+00:00"}, "gcve": {"object_uuid": "922f9bd1-b5d0-4906-8683-d5d8c32f98f1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 91}, "timestamps": {"asserted_at": "2023-10-19T10:59:02+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-26T00:00:00+00:00", "first_seen_at": "2023-10-19T10:59:02+00:00"}, "scope": {"notes": "Affected: Easy!Appointments / Easy!Appointments | Class: other-software | Severity: Critical (CVSS 9.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-26: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-0482", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0482"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Easy!Appointments", "30d_avg": 0, "90d_avg": 0, "product": "Easy!Appointments", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-26", "vulnerability_class": "CVSS", "vulnerability_score": 9.1, "vulnerability_severity": "Critical"}}]}
{"uuid": "814c9dd9-ea3c-4a54-a053-bb94b28effe2", "vulnerability": {"vulnId": "CVE-2023-34362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-21T00:00:00+00:00"}, "gcve": {"object_uuid": "814c9dd9-ea3c-4a54-a053-bb94b28effe2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-20T16:30:39+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-21T00:00:00+00:00", "first_seen_at": "2023-10-20T16:30:39+00:00"}, "scope": {"notes": "Affected: Progress / MOVEit Transfer | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-12-21: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-34362", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34362"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Progress", "30d_avg": 0, "90d_avg": 0, "product": "MOVEit Transfer", "cisa_kev": "yes", "connections": 2, "observation_date": "2024-12-21", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9d72e497-20ac-4715-a1b7-b641d5908c05", "vulnerability": {"vulnId": "CVE-2024-53677", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-20T08:19:33+00:00"}, "gcve": {"object_uuid": "9d72e497-20ac-4715-a1b7-b641d5908c05", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-12-20T08:19:33+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-20T08:19:33+00:00", "first_seen_at": "2024-12-20T08:19:33+00:00"}, "scope": {"notes": "Affected: Apache / Struts | Class: web-app-framework | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-20: 2277", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-53677", "url": "https://www.cve.org/CVERecord?id=CVE-2024-53677"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "Struts", "cisa_kev": "no", "connections": 2277, "observation_date": "2024-12-20", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "09b55ed0-9e79-42eb-9d13-64a06a6b6110", "vulnerability": {"vulnId": "CVE-2021-42912", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-20T04:21:10+00:00"}, "gcve": {"object_uuid": "09b55ed0-9e79-42eb-9d13-64a06a6b6110", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-12-20T04:21:10+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-20T04:21:10+00:00", "first_seen_at": "2024-12-20T04:21:10+00:00"}, "scope": {"notes": "Affected: FiberHome / FiberHome ONU GPON AN550 | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-20: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-42912", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42912"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "FiberHome", "30d_avg": 0, "90d_avg": 0, "product": "FiberHome ONU GPON AN550", "cisa_kev": "no", "connections": 8, "observation_date": "2024-12-20", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "6e381c83-bb4a-4b23-b98d-881c12c9db94", "vulnerability": {"vulnId": "CVE-2023-25717", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-20T00:00:00+00:00"}, "gcve": {"object_uuid": "6e381c83-bb4a-4b23-b98d-881c12c9db94", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-06T20:59:51+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-20T00:00:00+00:00", "first_seen_at": "2024-03-06T20:59:51+00:00"}, "scope": {"notes": "Affected: Ruckus / Ruckus Wireless Admin | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2024-12-20: 25", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-25717", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25717"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Ruckus", "30d_avg": 0, "90d_avg": 0, "product": "Ruckus Wireless Admin", "cisa_kev": "yes", "connections": 25, "observation_date": "2024-12-20", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "055cbd9d-f507-4442-b60b-1739c452f085", "vulnerability": {"vulnId": "CVE-2018-1000861", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "055cbd9d-f507-4442-b60b-1739c452f085", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-17T15:51:55+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-18T00:00:00+00:00", "first_seen_at": "2024-10-17T15:51:55+00:00"}, "scope": {"notes": "Affected: Jenkins / Jenkins | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-12-18: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-1000861", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000861"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Jenkins", "30d_avg": 0, "90d_avg": 0, "product": "Jenkins", "cisa_kev": "yes", "connections": 4, "observation_date": "2024-12-18", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "aa24fcac-69a0-45a6-af14-a6b41d1198c2", "vulnerability": {"vulnId": "CVE-2019-2618", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "aa24fcac-69a0-45a6-af14-a6b41d1198c2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 55}, "timestamps": {"asserted_at": "2024-05-22T09:51:43+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-18T00:00:00+00:00", "first_seen_at": "2024-05-22T09:51:43+00:00"}, "scope": {"notes": "Affected: Oracle / Oracle Weblogic Server | Class: app-server | Severity: Medium (CVSS 5.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-18: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-2618", "url": "https://www.cve.org/CVERecord?id=CVE-2019-2618"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-server", "7d_avg": 0, "vendor": "Oracle", "30d_avg": 0, "90d_avg": 0, "product": "Oracle Weblogic Server", "cisa_kev": "no", "connections": 8, "observation_date": "2024-12-18", "vulnerability_class": "CVSS", "vulnerability_score": 5.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "2f534af1-c582-45e8-8a18-36a8f8f23a20", "vulnerability": {"vulnId": "CVE-2024-5910", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-16T17:19:38+00:00"}, "gcve": {"object_uuid": "2f534af1-c582-45e8-8a18-36a8f8f23a20", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-16T17:19:38+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-16T17:19:38+00:00", "first_seen_at": "2024-12-16T17:19:38+00:00"}, "scope": {"notes": "Affected: Palo Alto Networks / Palo Alto Networks Expedition | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-12-16: 12", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-5910", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5910"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Palo Alto Networks", "30d_avg": 0, "90d_avg": 0, "product": "Palo Alto Networks Expedition", "cisa_kev": "yes", "connections": 12, "observation_date": "2024-12-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e07066b9-e0a3-460b-b2ff-80e5ee538d64", "vulnerability": {"vulnId": "CVE-2023-36845", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-16T00:00:00+00:00"}, "gcve": {"object_uuid": "e07066b9-e0a3-460b-b2ff-80e5ee538d64", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-22T00:46:52+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-16T00:00:00+00:00", "first_seen_at": "2023-10-22T00:46:52+00:00"}, "scope": {"notes": "Affected: Juniper / Junos OS (J-Web) | Class: router | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-12-16: 9", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-36845", "url": "https://www.cve.org/CVERecord?id=CVE-2023-36845"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Juniper", "30d_avg": 0, "90d_avg": 0, "product": "Junos OS (J-Web)", "cisa_kev": "yes", "connections": 9, "observation_date": "2024-12-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "cc93e6f5-d005-4426-9ab4-77f80a2f08d1", "vulnerability": {"vulnId": "CVE-2013-5948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-14T00:00:00+00:00"}, "gcve": {"object_uuid": "cc93e6f5-d005-4426-9ab4-77f80a2f08d1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-12T22:51:43+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-14T00:00:00+00:00", "first_seen_at": "2023-12-12T22:51:43+00:00"}, "scope": {"notes": "Affected: ASUS / ASUS RT series routers | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2013-5948", "url": "https://www.cve.org/CVERecord?id=CVE-2013-5948"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "ASUS", "30d_avg": 0, "90d_avg": 0, "product": "ASUS RT series routers", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "d904f051-2b6c-402f-ac62-d1d7da92a95a", "vulnerability": {"vulnId": "EDB-14146", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-14T00:00:00+00:00"}, "gcve": {"object_uuid": "d904f051-2b6c-402f-ac62-d1d7da92a95a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-22T14:05:13+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-14T00:00:00+00:00", "first_seen_at": "2024-10-22T14:05:13+00:00"}, "scope": {"notes": "Affected: Ubiquiti / Nanostation5 (Air OS) | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-14: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-14146", "url": "https://www.exploit-db.com/exploits/14146"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Ubiquiti", "30d_avg": 0, "90d_avg": 0, "product": "Nanostation5 (Air OS)", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-14", "vulnerability_class": "CVSS", "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "16413d70-6489-4b91-839b-5c3c2b732358", "vulnerability": {"vulnId": "CVE-2022-36559", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T09:02:58+00:00"}, "gcve": {"object_uuid": "16413d70-6489-4b91-839b-5c3c2b732358", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T09:02:58+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T09:02:58+00:00", "first_seen_at": "2024-12-05T09:02:58+00:00"}, "scope": {"notes": "Affected: Seiko / Seiko Skybridge MB-A200 series | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-36559", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36559"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Seiko", "30d_avg": 0, "90d_avg": 0, "product": "Seiko Skybridge MB-A200 series", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "8078a3c6-c20d-4bf6-ad1c-38a235a09b00", "vulnerability": {"vulnId": "CVE-2024-51211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T09:01:17+00:00"}, "gcve": {"object_uuid": "8078a3c6-c20d-4bf6-ad1c-38a235a09b00", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-12-05T09:01:17+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T09:01:17+00:00", "first_seen_at": "2024-12-05T09:01:17+00:00"}, "scope": {"notes": "Affected: OS4ED / openSIS-Classic Version | Class: other-software | Severity: None (CVSS 0) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-51211", "url": "https://www.cve.org/CVERecord?id=CVE-2024-51211"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "OS4ED", "30d_avg": 0, "90d_avg": 0, "product": "openSIS-Classic Version", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "53e05d37-659d-4948-8766-5ebaf4854226", "vulnerability": {"vulnId": "CVE-2022-23900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T09:01:01+00:00"}, "gcve": {"object_uuid": "53e05d37-659d-4948-8766-5ebaf4854226", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T09:01:01+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T09:01:01+00:00", "first_seen_at": "2024-12-05T09:01:01+00:00"}, "scope": {"notes": "Affected: WAVLINK / WAVLINK WL-WN531P3 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23900"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "WAVLINK", "30d_avg": 0, "90d_avg": 0, "product": "WAVLINK WL-WN531P3", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d71e3608-1695-4a33-8504-689c26c4b131", "vulnerability": {"vulnId": "CVE-2021-20617", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T09:00:48+00:00"}, "gcve": {"object_uuid": "d71e3608-1695-4a33-8504-689c26c4b131", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T09:00:48+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T09:00:48+00:00", "first_seen_at": "2024-12-05T09:00:48+00:00"}, "scope": {"notes": "Affected: acmailer / acmailer | Class: email | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-05: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20617", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20617"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "email", "7d_avg": 0, "vendor": "acmailer", "30d_avg": 0, "90d_avg": 0, "product": "acmailer", "cisa_kev": "no", "connections": 2, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "4111fee1-02c9-47cb-9124-5f70ebe0eee9", "vulnerability": {"vulnId": "CVE-2024-34854", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T08:59:57+00:00"}, "gcve": {"object_uuid": "4111fee1-02c9-47cb-9124-5f70ebe0eee9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-12-05T08:59:57+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T08:59:57+00:00", "first_seen_at": "2024-12-05T08:59:57+00:00"}, "scope": {"notes": "Affected: F-Logic / DataCube3 | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-34854", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34854"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "F-Logic", "30d_avg": 0, "90d_avg": 0, "product": "DataCube3", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "0183a61e-5d91-4b83-800c-9dfd8030a922", "vulnerability": {"vulnId": "EDB-42114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "0183a61e-5d91-4b83-800c-9dfd8030a922", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-27T20:24:14+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T00:00:00+00:00", "first_seen_at": "2024-07-27T20:24:14+00:00"}, "scope": {"notes": "Affected: EnGenius / EnGenius EnShare IoT Gigabit Cloud Service | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-42114", "url": "https://www.exploit-db.com/exploits/42114"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "EnGenius", "30d_avg": 0, "90d_avg": 0, "product": "EnGenius EnShare IoT Gigabit Cloud Service", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "717439db-bca4-406e-a65e-71d7499ca401", "vulnerability": {"vulnId": "CVE-2022-24288", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "717439db-bca4-406e-a65e-71d7499ca401", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2023-11-15T03:31:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T00:00:00+00:00", "first_seen_at": "2023-11-15T03:31:41+00:00"}, "scope": {"notes": "Affected: Apache / Airflow | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-24288", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24288"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Apache", "30d_avg": 0, "90d_avg": 0, "product": "Airflow", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "eacee133-4f70-4665-b13d-7a793a21ea3e", "vulnerability": {"vulnId": "EDB-50753", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "eacee133-4f70-4665-b13d-7a793a21ea3e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-22T09:30:26+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T00:00:00+00:00", "first_seen_at": "2024-06-22T09:30:26+00:00"}, "scope": {"notes": "Affected: Wordpress / Wordpress dzs-zoomsounds plugin | Class: cms | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-50753", "url": "https://www.exploit-db.com/exploits/50753"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Wordpress", "30d_avg": 0, "90d_avg": 0, "product": "Wordpress dzs-zoomsounds plugin", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "c66ec13d-7cf6-440e-a6a9-5ee6af24a614", "vulnerability": {"vulnId": "CVE-2017-17560", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "c66ec13d-7cf6-440e-a6a9-5ee6af24a614", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-01T14:26:16+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T00:00:00+00:00", "first_seen_at": "2023-11-01T14:26:16+00:00"}, "scope": {"notes": "Affected: Western Digital / MyCloud PR4100 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-17560", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17560"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "Western Digital", "30d_avg": 0, "90d_avg": 0, "product": "MyCloud PR4100", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1dd12906-5fbe-4b71-991b-e22da4970368", "vulnerability": {"vulnId": "CVE-2022-32409", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "1dd12906-5fbe-4b71-991b-e22da4970368", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-15T03:32:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T00:00:00+00:00", "first_seen_at": "2023-11-15T03:32:41+00:00"}, "scope": {"notes": "Affected: i3Geo / i3Geo | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-32409", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32409"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "i3Geo", "30d_avg": 0, "90d_avg": 0, "product": "i3Geo", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e18ad977-6d03-4804-a004-6f87b977222f", "vulnerability": {"vulnId": "CVE-2021-46442", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "e18ad977-6d03-4804-a004-6f87b977222f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-18T18:19:51+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T00:00:00+00:00", "first_seen_at": "2023-10-18T18:19:51+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-825 G1 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-46442", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46442"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-825 G1", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1e17183b-d5aa-4598-b134-2ea0728a3ecd", "vulnerability": {"vulnId": "CVE-2020-15227", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "1e17183b-d5aa-4598-b134-2ea0728a3ecd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-14T15:50:46+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-05T00:00:00+00:00", "first_seen_at": "2023-10-14T15:50:46+00:00"}, "scope": {"notes": "Affected: Nette / Nette | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-12-05: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-15227", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15227"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "Nette", "30d_avg": 0, "90d_avg": 0, "product": "Nette", "cisa_kev": "no", "connections": 1, "observation_date": "2024-12-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d5f25766-a9f6-4e36-9411-241e33add713", "vulnerability": {"vulnId": "EDB-46319", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-02T00:00:00+00:00"}, "gcve": {"object_uuid": "d5f25766-a9f6-4e36-9411-241e33add713", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-31T20:10:10+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-12-02T00:00:00+00:00", "first_seen_at": "2024-01-31T20:10:10+00:00"}, "scope": {"notes": "Affected: BEWARD / BEWARD N100 H.264 VGA IP Camera | Class: video-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-12-02: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-46319", "url": "https://www.exploit-db.com/exploits/46319"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "BEWARD", "30d_avg": 0, "90d_avg": 0, "product": "BEWARD N100 H.264 VGA IP Camera", "cisa_kev": "no", "connections": 4, "observation_date": "2024-12-02", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "d718f1d5-8e43-41a4-b34c-2c42add3b7da", "vulnerability": {"vulnId": "CVE-2023-23295", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-29T00:00:00+00:00"}, "gcve": {"object_uuid": "d718f1d5-8e43-41a4-b34c-2c42add3b7da", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-02-05T19:51:26+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-11-29T00:00:00+00:00", "first_seen_at": "2024-02-05T19:51:26+00:00"}, "scope": {"notes": "Affected: Korenix / Jetwave 4200, Jetwave 3000 Series | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-11-29: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-23295", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23295"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Korenix", "30d_avg": 0, "90d_avg": 0, "product": "Jetwave 4200, Jetwave 3000 Series", "cisa_kev": "no", "connections": 1, "observation_date": "2024-11-29", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "4d991549-432c-4e0c-829f-c0a77b2d78e2", "vulnerability": {"vulnId": "CVE-2015-1187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-27T00:00:00+00:00"}, "gcve": {"object_uuid": "4d991549-432c-4e0c-829f-c0a77b2d78e2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-23T21:46:53+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-11-27T00:00:00+00:00", "first_seen_at": "2024-09-23T21:46:53+00:00"}, "scope": {"notes": "Affected: D-Link/TRENDnet / D-Link/TRENDnet multiple devices | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2024-11-27: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2015-1187", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1187"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link/TRENDnet", "30d_avg": 0, "90d_avg": 0, "product": "D-Link/TRENDnet multiple devices", "cisa_kev": "yes", "connections": 1, "observation_date": "2024-11-27", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "f4580ec1-2fb8-4317-8a47-158dc52c6d70", "vulnerability": {"vulnId": "CVE-2024-5806", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-19T00:00:00+00:00"}, "gcve": {"object_uuid": "f4580ec1-2fb8-4317-8a47-158dc52c6d70", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 74}, "timestamps": {"asserted_at": "2024-06-26T02:17:51+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-11-19T00:00:00+00:00", "first_seen_at": "2024-06-26T02:17:51+00:00"}, "scope": {"notes": "Affected: Progress / MOVEit Transfer | Class: other-software | Severity: High (CVSS 7.4) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-11-19: 3", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-5806", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5806"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Progress", "30d_avg": 0, "90d_avg": 0, "product": "MOVEit Transfer", "cisa_kev": "no", "connections": 3, "observation_date": "2024-11-19", "vulnerability_class": "CVSS", "vulnerability_score": 7.4, "vulnerability_severity": "High"}}]}
{"uuid": "5ca5ee29-4db8-4fe6-ae53-ecba9d11a6e7", "vulnerability": {"vulnId": "CVE-2017-16959", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "5ca5ee29-4db8-4fe6-ae53-ecba9d11a6e7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 65}, "timestamps": {"asserted_at": "2023-10-13T19:00:18+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-11-16T00:00:00+00:00", "first_seen_at": "2023-10-13T19:00:18+00:00"}, "scope": {"notes": "Affected: TP-Link / TP-Link multiple devices | Class: router | Severity: Medium (CVSS 6.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-11-16: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-16959", "url": "https://www.cve.org/CVERecord?id=CVE-2017-16959"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "TP-Link", "30d_avg": 0, "90d_avg": 0, "product": "TP-Link multiple devices", "cisa_kev": "no", "connections": 2, "observation_date": "2024-11-16", "vulnerability_class": "CVSS", "vulnerability_score": 6.5, "vulnerability_severity": "Medium"}}]}
{"uuid": "2d151bb0-cb82-4bc1-b0a1-78f9c800e6b8", "vulnerability": {"vulnId": "CVE-2023-40044", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "2d151bb0-cb82-4bc1-b0a1-78f9c800e6b8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-09-27T15:32:21+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-11-14T00:00:00+00:00", "first_seen_at": "2024-09-27T15:32:21+00:00"}, "scope": {"notes": "Affected: Progress / WS_FTP Server | Class: file-transfer | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-11-14: 11", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-40044", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40044"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "file-transfer", "7d_avg": 0, "vendor": "Progress", "30d_avg": 0, "90d_avg": 0, "product": "WS_FTP Server", "cisa_kev": "yes", "connections": 11, "observation_date": "2024-11-14", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "592b691e-64f2-4258-80da-ca077b3b6d84", "vulnerability": {"vulnId": "CVE-2021-44892", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-02T00:00:00+00:00"}, "gcve": {"object_uuid": "592b691e-64f2-4258-80da-ca077b3b6d84", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-07-15T17:54:28+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-11-02T00:00:00+00:00", "first_seen_at": "2024-07-15T17:54:28+00:00"}, "scope": {"notes": "Affected: TopThink / ThinkPHP3 | Class: web-app-framework | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-11-02: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-44892", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44892"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "TopThink", "30d_avg": 0, "90d_avg": 0, "product": "ThinkPHP3", "cisa_kev": "no", "connections": 1, "observation_date": "2024-11-02", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "f1cceec4-a43b-45ad-acaf-08e99f801f54", "vulnerability": {"vulnId": "CVE-2020-25540", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-27T00:00:00+00:00"}, "gcve": {"object_uuid": "f1cceec4-a43b-45ad-acaf-08e99f801f54", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-07-21T15:19:46+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-27T00:00:00+00:00", "first_seen_at": "2024-07-21T15:19:46+00:00"}, "scope": {"notes": "Affected: ThinkAdmin / ThinkAdmin | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-10-27: 107", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-25540", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25540"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "ThinkAdmin", "30d_avg": 0, "90d_avg": 0, "product": "ThinkAdmin", "cisa_kev": "no", "connections": 107, "observation_date": "2024-10-27", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "52fdfc46-a791-4f21-8571-fee1a0802fdb", "vulnerability": {"vulnId": "CVE-2019-4061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-21T00:00:00+00:00"}, "gcve": {"object_uuid": "52fdfc46-a791-4f21-8571-fee1a0802fdb", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2024-04-08T07:11:31+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-21T00:00:00+00:00", "first_seen_at": "2024-04-08T07:11:31+00:00"}, "scope": {"notes": "Affected: IBM / BigFix | Class: device-management-platform | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-10-21: 712", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-4061", "url": "https://www.cve.org/CVERecord?id=CVE-2019-4061"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "30", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 4, "vendor": "IBM", "30d_avg": 5, "90d_avg": 4, "product": "BigFix", "cisa_kev": "no", "connections": 712, "observation_date": "2024-10-21", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "97b8383c-16e0-4d70-8559-3efd66bffc8f", "vulnerability": {"vulnId": "CVE-2019-19356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "97b8383c-16e0-4d70-8559-3efd66bffc8f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-13T16:22:22+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-15T00:00:00+00:00", "first_seen_at": "2023-10-13T16:22:22+00:00"}, "scope": {"notes": "Affected: netis / netis WF2419 | Class: router | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2024-10-15: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-19356", "url": "https://www.cve.org/CVERecord?id=CVE-2019-19356"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "netis", "30d_avg": 0, "90d_avg": 0, "product": "netis WF2419", "cisa_kev": "yes", "connections": 1, "observation_date": "2024-10-15", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "47f4ff6c-5d3d-4111-8422-38be42c78127", "vulnerability": {"vulnId": "CVE-2020-10826", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T07:52:41+00:00"}, "gcve": {"object_uuid": "47f4ff6c-5d3d-4111-8422-38be42c78127", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-12T07:52:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T07:52:41+00:00", "first_seen_at": "2024-10-12T07:52:41+00:00"}, "scope": {"notes": "Affected: Draytek / Draytek Vigor3900, Vigor2960, Vigor300B | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-12: 41", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10826", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10826"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Draytek", "30d_avg": 0, "90d_avg": 0, "product": "Draytek Vigor3900, Vigor2960, Vigor300B", "cisa_kev": "no", "connections": 41, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "30189934-fda4-4b67-b2cf-2dabf5f40839", "vulnerability": {"vulnId": "CVE-2018-20334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T07:52:39+00:00"}, "gcve": {"object_uuid": "30189934-fda4-4b67-b2cf-2dabf5f40839", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-12T07:52:39+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T07:52:39+00:00", "first_seen_at": "2024-10-12T07:52:39+00:00"}, "scope": {"notes": "Affected: ASUS / ASUSWRT | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-12: 51", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-20334", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20334"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "ASUS", "30d_avg": 0, "90d_avg": 0, "product": "ASUSWRT", "cisa_kev": "no", "connections": 51, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "df353ac8-4ad3-4381-9371-8f53a71d96a5", "vulnerability": {"vulnId": "CVE-2019-1652", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T07:52:33+00:00"}, "gcve": {"object_uuid": "df353ac8-4ad3-4381-9371-8f53a71d96a5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2024-10-12T07:52:33+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T07:52:33+00:00", "first_seen_at": "2024-10-12T07:52:33+00:00"}, "scope": {"notes": "Affected: Cisco / Cisco RV320/RV325 | Class: router | Severity: High (CVSS 7.2) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-10-12: 41", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-1652", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1652"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Cisco", "30d_avg": 0, "90d_avg": 0, "product": "Cisco RV320/RV325", "cisa_kev": "yes", "connections": 41, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "1b0df1e3-239e-4b61-a84f-d6fc36611ed2", "vulnerability": {"vulnId": "CVE-2023-0611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T07:52:27+00:00"}, "gcve": {"object_uuid": "1b0df1e3-239e-4b61-a84f-d6fc36611ed2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-10-12T07:52:27+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T07:52:27+00:00", "first_seen_at": "2024-10-12T07:52:27+00:00"}, "scope": {"notes": "Affected: TRENDnet / TRENDnet TEW-652BRP | Class: router | Severity: High (CVSS 8.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-12: 51", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-0611", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0611"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "TRENDnet", "30d_avg": 0, "90d_avg": 0, "product": "TRENDnet TEW-652BRP", "cisa_kev": "no", "connections": 51, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "bfbde60a-912a-4a92-8dbf-28bdf2150ff2", "vulnerability": {"vulnId": "CVE-2013-1599", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T00:00:00+00:00"}, "gcve": {"object_uuid": "bfbde60a-912a-4a92-8dbf-28bdf2150ff2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-13T07:41:34+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T00:00:00+00:00", "first_seen_at": "2024-03-13T07:41:34+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link IP Cameras | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-12: 383", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2013-1599", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1599"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link IP Cameras", "cisa_kev": "no", "connections": 383, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d57594e7-f5c7-464a-aa2e-fa4bba46a2e0", "vulnerability": {"vulnId": "CVE-2020-10215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T00:00:00+00:00"}, "gcve": {"object_uuid": "d57594e7-f5c7-464a-aa2e-fa4bba46a2e0", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-28T01:48:07+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T00:00:00+00:00", "first_seen_at": "2024-08-28T01:48:07+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-825 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-12: 41", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-10215", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10215"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-825", "cisa_kev": "no", "connections": 41, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c886a5b9-c4cd-4dda-9053-6d1684867fb3", "vulnerability": {"vulnId": "CVE-2020-15916", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T00:00:00+00:00"}, "gcve": {"object_uuid": "c886a5b9-c4cd-4dda-9053-6d1684867fb3", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-22T21:31:40+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T00:00:00+00:00", "first_seen_at": "2024-02-22T21:31:40+00:00"}, "scope": {"notes": "Affected: Tenda / AC15/AC1900 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-12: 51", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-15916", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15916"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Tenda", "30d_avg": 0, "90d_avg": 0, "product": "AC15/AC1900", "cisa_kev": "no", "connections": 51, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d7a1d8db-2bee-46c5-9360-4df35765239e", "vulnerability": {"vulnId": "CVE-2019-3914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-12T00:00:00+00:00"}, "gcve": {"object_uuid": "d7a1d8db-2bee-46c5-9360-4df35765239e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2024-08-28T01:49:06+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-12T00:00:00+00:00", "first_seen_at": "2024-08-28T01:49:06+00:00"}, "scope": {"notes": "Affected: Verizon /  Verizon Fios Quantum Gateway (G1100) | Class: router | Severity: High (CVSS 7.2) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-12: 51", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-3914", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3914"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Verizon", "30d_avg": 0, "90d_avg": 0, "product": " Verizon Fios Quantum Gateway (G1100)", "cisa_kev": "no", "connections": 51, "observation_date": "2024-10-12", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "72d21146-30fa-4296-b086-072242878e43", "vulnerability": {"vulnId": "CVE-2023-48022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-11T00:00:00+00:00"}, "gcve": {"object_uuid": "72d21146-30fa-4296-b086-072242878e43", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-05T20:47:12+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-11T00:00:00+00:00", "first_seen_at": "2024-04-05T20:47:12+00:00"}, "scope": {"notes": "Affected: Anyscale / Ray | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-10-11: 77", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-48022", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48022"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Anyscale", "30d_avg": 0, "90d_avg": 0, "product": "Ray", "cisa_kev": "no", "connections": 77, "observation_date": "2024-10-11", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "6787a687-94a6-4cd6-b13f-99846c69207b", "vulnerability": {"vulnId": "CVE-2016-11021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "6787a687-94a6-4cd6-b13f-99846c69207b", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 72}, "timestamps": {"asserted_at": "2024-01-26T19:26:10+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-10T00:00:00+00:00", "first_seen_at": "2024-01-26T19:26:10+00:00"}, "scope": {"notes": "Affected: D-Link / DCS-930L | Class: video-system | Severity: High (CVSS 7.2) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2024-10-10: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2016-11021", "url": "https://www.cve.org/CVERecord?id=CVE-2016-11021"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "DCS-930L", "cisa_kev": "yes", "connections": 1, "observation_date": "2024-10-10", "vulnerability_class": "CVSS", "vulnerability_score": 7.2, "vulnerability_severity": "High"}}]}
{"uuid": "1f6db9c8-2535-4030-a2a7-b014da1325b8", "vulnerability": {"vulnId": "CVE-2021-39509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-09T03:25:41+00:00"}, "gcve": {"object_uuid": "1f6db9c8-2535-4030-a2a7-b014da1325b8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-09T03:25:41+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-09T03:25:41+00:00", "first_seen_at": "2024-10-09T03:25:41+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-816/DIR-816A2 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-09: 81", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-39509", "url": "https://www.cve.org/CVERecord?id=CVE-2021-39509"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-816/DIR-816A2", "cisa_kev": "no", "connections": 81, "observation_date": "2024-10-09", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "75239f57-b7f7-4264-8ad7-24b486ecce56", "vulnerability": {"vulnId": "CVE-2017-17105", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-06T21:57:18+00:00"}, "gcve": {"object_uuid": "75239f57-b7f7-4264-8ad7-24b486ecce56", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-06T21:57:18+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-06T21:57:18+00:00", "first_seen_at": "2024-10-06T21:57:18+00:00"}, "scope": {"notes": "Affected: Zivif / Zivif PR115-204-P-RS | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-06: 14", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-17105", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17105"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Zivif", "30d_avg": 0, "90d_avg": 0, "product": "Zivif PR115-204-P-RS", "cisa_kev": "no", "connections": 14, "observation_date": "2024-10-06", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "1964966f-d42f-425d-b2d9-f24b157053a2", "vulnerability": {"vulnId": "EDB-52074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-06T09:13:45+00:00"}, "gcve": {"object_uuid": "1964966f-d42f-425d-b2d9-f24b157053a2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-06T09:13:45+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-06T09:13:45+00:00", "first_seen_at": "2024-10-06T09:13:45+00:00"}, "scope": {"notes": "Affected: HPE Aruba / Aruba 501 | Class: router | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-06: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-52074", "url": "https://www.exploit-db.com/exploits/52074"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "HPE Aruba", "30d_avg": 0, "90d_avg": 0, "product": "Aruba 501", "cisa_kev": "no", "connections": 2, "observation_date": "2024-10-06", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "50db49cf-ab22-49bc-8733-3669c8582e47", "vulnerability": {"vulnId": "CVE-2018-13307", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "50db49cf-ab22-49bc-8733-3669c8582e47", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-10-05T16:53:05+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-10-06T00:00:00+00:00", "first_seen_at": "2024-10-05T16:53:05+00:00"}, "scope": {"notes": "Affected: Totolink / A3002RU | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-10-06: 17", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-13307", "url": "https://www.cve.org/CVERecord?id=CVE-2018-13307"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "A3002RU", "cisa_kev": "no", "connections": 17, "observation_date": "2024-10-06", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "d5bb2626-685b-431e-a110-442ad70b2b21", "vulnerability": {"vulnId": "CVE-2019-17621", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-29T00:00:00+00:00"}, "gcve": {"object_uuid": "d5bb2626-685b-431e-a110-442ad70b2b21", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-09-08T02:10:50+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-29T00:00:00+00:00", "first_seen_at": "2024-09-08T02:10:50+00:00"}, "scope": {"notes": "Affected: D-Link / D-Link DIR-859 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2024-09-29: 739", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-17621", "url": "https://www.cve.org/CVERecord?id=CVE-2019-17621"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "D-Link", "30d_avg": 0, "90d_avg": 0, "product": "D-Link DIR-859", "cisa_kev": "yes", "connections": 739, "observation_date": "2024-09-29", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "c3b312f9-1ffa-46eb-b06c-159439fa94a9", "vulnerability": {"vulnId": "CVE-2023-24489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-27T00:00:00+00:00"}, "gcve": {"object_uuid": "c3b312f9-1ffa-46eb-b06c-159439fa94a9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-23T14:39:11+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-27T00:00:00+00:00", "first_seen_at": "2024-08-23T14:39:11+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix ShareFile StorageZones (aka storage zones) Controller | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-09-27: 308", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-24489", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24489"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 0, "90d_avg": 0, "product": "Citrix ShareFile StorageZones (aka storage zones) Controller", "cisa_kev": "yes", "connections": 308, "observation_date": "2024-09-27", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "18cce2fa-31cf-46a9-a001-360a463a9f3a", "vulnerability": {"vulnId": "CVE-2017-5173", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "18cce2fa-31cf-46a9-a001-360a463a9f3a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-05-15T10:53:22+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-14T00:00:00+00:00", "first_seen_at": "2024-05-15T10:53:22+00:00"}, "scope": {"notes": "Affected: Geutebruck / G-Cam/EFD-2250 | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-09-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-5173", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5173"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Geutebruck", "30d_avg": 0, "90d_avg": 0, "product": "G-Cam/EFD-2250", "cisa_kev": "no", "connections": 2, "observation_date": "2024-09-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "44d5133b-9799-4fb3-8950-0855dd2b5573", "vulnerability": {"vulnId": "CVE-2022-36267", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "44d5133b-9799-4fb3-8950-0855dd2b5573", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-05-15T10:49:15+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-14T00:00:00+00:00", "first_seen_at": "2024-05-15T10:49:15+00:00"}, "scope": {"notes": "Affected: Airspan / Airspot 5410 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-09-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-36267", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36267"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Airspan", "30d_avg": 0, "90d_avg": 0, "product": "Airspot 5410", "cisa_kev": "no", "connections": 2, "observation_date": "2024-09-14", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "266b1782-92b5-41db-ac53-d99d8287a8ae", "vulnerability": {"vulnId": "CVE-2020-6308", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "266b1782-92b5-41db-ac53-d99d8287a8ae", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 53}, "timestamps": {"asserted_at": "2024-02-14T02:06:55+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-14T00:00:00+00:00", "first_seen_at": "2024-02-14T02:06:55+00:00"}, "scope": {"notes": "Affected: SAP / BusinessObjects Business Intelligence Platform (Web Services) | Class: other-software | Severity: Medium (CVSS 5.3) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-09-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-6308", "url": "https://www.cve.org/CVERecord?id=CVE-2020-6308"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "SAP", "30d_avg": 0, "90d_avg": 0, "product": "BusinessObjects Business Intelligence Platform (Web Services)", "cisa_kev": "no", "connections": 2, "observation_date": "2024-09-14", "vulnerability_class": "CVSS", "vulnerability_score": 5.3, "vulnerability_severity": "Medium"}}]}
{"uuid": "41382a58-10b4-4da2-80e3-5ba7ebaf7714", "vulnerability": {"vulnId": "CVE-2021-32819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "41382a58-10b4-4da2-80e3-5ba7ebaf7714", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-02-07T14:34:24+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-14T00:00:00+00:00", "first_seen_at": "2024-02-07T14:34:24+00:00"}, "scope": {"notes": "Affected: Squirrelly / Squirrelly | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-09-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-32819", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32819"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Squirrelly", "30d_avg": 0, "90d_avg": 0, "product": "Squirrelly", "cisa_kev": "no", "connections": 2, "observation_date": "2024-09-14", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "3ea894f6-f60b-4344-81bf-5fa6ad64ef89", "vulnerability": {"vulnId": "CVE-2022-1883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "3ea894f6-f60b-4344-81bf-5fa6ad64ef89", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-05-15T11:07:58+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-14T00:00:00+00:00", "first_seen_at": "2024-05-15T11:07:58+00:00"}, "scope": {"notes": "Affected: camptocamp / Terraboard | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-09-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-1883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1883"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "camptocamp", "30d_avg": 0, "90d_avg": 0, "product": "Terraboard", "cisa_kev": "no", "connections": 2, "observation_date": "2024-09-14", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "fdf51558-860c-4f2d-8ef5-6b9425fe1486", "vulnerability": {"vulnId": "EDB-48377", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "fdf51558-860c-4f2d-8ef5-6b9425fe1486", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-09T05:01:35+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-14T00:00:00+00:00", "first_seen_at": "2024-08-09T05:01:35+00:00"}, "scope": {"notes": "Affected: Edimax / Edimax EW-7438RPn | Class: wireless-extender | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-09-14: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-48377", "url": "https://www.exploit-db.com/exploits/48377"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "wireless-extender", "7d_avg": 0, "vendor": "Edimax", "30d_avg": 0, "90d_avg": 0, "product": "Edimax EW-7438RPn", "cisa_kev": "no", "connections": 2, "observation_date": "2024-09-14", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "4ddbdc12-3cda-4641-8804-968591a88f99", "vulnerability": {"vulnId": "EDB-40344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "4ddbdc12-3cda-4641-8804-968591a88f99", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-13T18:53:14+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-13T00:00:00+00:00", "first_seen_at": "2024-01-13T18:53:14+00:00"}, "scope": {"notes": "Affected: SugarCRM / SugarCRM | Class: other-software | IoT: no | In CISA KEV: no | Honeypot connections on 2024-09-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-40344", "url": "https://www.exploit-db.com/exploits/40344"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "SugarCRM", "30d_avg": 0, "90d_avg": 0, "product": "SugarCRM", "cisa_kev": "no", "connections": 1, "observation_date": "2024-09-13", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "9d95d18f-79f5-47b5-bc7c-311ff40da0f1", "vulnerability": {"vulnId": "CVE-2021-3287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "9d95d18f-79f5-47b5-bc7c-311ff40da0f1", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-13T18:52:23+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-09-13T00:00:00+00:00", "first_seen_at": "2024-01-13T18:52:23+00:00"}, "scope": {"notes": "Affected: Zoho / ManageEngine OpManager | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-09-13: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-3287", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3287"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Zoho", "30d_avg": 0, "90d_avg": 0, "product": "ManageEngine OpManager", "cisa_kev": "no", "connections": 1, "observation_date": "2024-09-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "370798fe-91d3-45d1-980d-b926cd9e2b8d", "vulnerability": {"vulnId": "CVE-2023-50358", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-31T00:00:00+00:00"}, "gcve": {"object_uuid": "370798fe-91d3-45d1-980d-b926cd9e2b8d", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-05-16T12:09:05+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-31T00:00:00+00:00", "first_seen_at": "2024-05-16T12:09:05+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP QTS and QuTS Hero | Class: nas | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-08-31: 14", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-50358", "url": "https://www.cve.org/CVERecord?id=CVE-2023-50358"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "QNAP", "30d_avg": 0, "90d_avg": 0, "product": "QNAP QTS and QuTS Hero", "cisa_kev": "no", "connections": 14, "observation_date": "2024-08-31", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "8a741163-215d-4ed2-8a01-d6073e848a1a", "vulnerability": {"vulnId": "CVE-2021-22205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-31T00:00:00+00:00"}, "gcve": {"object_uuid": "8a741163-215d-4ed2-8a01-d6073e848a1a", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2023-10-26T11:30:51+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-31T00:00:00+00:00", "first_seen_at": "2023-10-26T11:30:51+00:00"}, "scope": {"notes": "Affected: GitLab / GitLab CE/EE | Class: other-software | Severity: Critical (CVSS 10) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-08-31: 170", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-22205", "url": "https://www.cve.org/CVERecord?id=CVE-2021-22205"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "10", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 1, "vendor": "GitLab", "30d_avg": 0, "90d_avg": 0, "product": "GitLab CE/EE", "cisa_kev": "yes", "connections": 170, "observation_date": "2024-08-31", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "Critical"}}]}
{"uuid": "562bb734-5954-41b9-8329-774a7745bade", "vulnerability": {"vulnId": "CVE-2021-20090", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-30T00:00:00+00:00"}, "gcve": {"object_uuid": "562bb734-5954-41b9-8329-774a7745bade", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-12-30T08:23:49+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-30T00:00:00+00:00", "first_seen_at": "2023-12-30T08:23:49+00:00"}, "scope": {"notes": "Affected: Arcadyan / Arcadyan manufactured devices (multiple vendors) | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2024-08-30: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-20090", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20090"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Arcadyan", "30d_avg": 0, "90d_avg": 0, "product": "Arcadyan manufactured devices (multiple vendors)", "cisa_kev": "yes", "connections": 2, "observation_date": "2024-08-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "3820ef2e-2c2a-4bc6-bcfe-421cfb010f7c", "vulnerability": {"vulnId": "CVE-2018-20062", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3820ef2e-2c2a-4bc6-bcfe-421cfb010f7c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-15T04:27:47+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-21T00:00:00+00:00", "first_seen_at": "2023-10-15T04:27:47+00:00"}, "scope": {"notes": "Affected: TopThink / ThinkPHP5 | Class: web-app-framework | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-08-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-20062", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20062"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "TopThink", "30d_avg": 0, "90d_avg": 0, "product": "ThinkPHP5", "cisa_kev": "yes", "connections": 1, "observation_date": "2024-08-21", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "874ce531-7b63-4b20-bcc9-373699f157ee", "vulnerability": {"vulnId": "CVE-2014-3120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "874ce531-7b63-4b20-bcc9-373699f157ee", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-15T04:27:42+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-21T00:00:00+00:00", "first_seen_at": "2023-10-15T04:27:42+00:00"}, "scope": {"notes": "Affected: Elastic / Elasticsearch | Class: database | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-08-21: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2014-3120", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3120"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "2", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "database", "7d_avg": 1, "vendor": "Elastic", "30d_avg": 0, "90d_avg": 0, "product": "Elasticsearch", "cisa_kev": "yes", "connections": 2, "observation_date": "2024-08-21", "vulnerability_class": "CVSS", "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "775b2dad-31dd-4229-bdcd-2c9beb7bebe5", "vulnerability": {"vulnId": "CVE-2019-9082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "775b2dad-31dd-4229-bdcd-2c9beb7bebe5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-15T04:27:45+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-21T00:00:00+00:00", "first_seen_at": "2023-10-15T04:27:45+00:00"}, "scope": {"notes": "Affected: TopThink / ThinkPHP5 | Class: web-app-framework | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-08-21: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-9082", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9082"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "TopThink", "30d_avg": 0, "90d_avg": 0, "product": "ThinkPHP5", "cisa_kev": "yes", "connections": 1, "observation_date": "2024-08-21", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "c17294bd-1726-4bfc-ae9c-f7013272e8f9", "vulnerability": {"vulnId": "CVE-2017-17106", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c17294bd-1726-4bfc-ae9c-f7013272e8f9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-11-23T08:37:34+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-10T00:00:00+00:00", "first_seen_at": "2023-11-23T08:37:34+00:00"}, "scope": {"notes": "Affected: Zivif / Zivif PR115-204-P-RS | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-08-10: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-17106", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17106"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Zivif", "30d_avg": 0, "90d_avg": 0, "product": "Zivif PR115-204-P-RS", "cisa_kev": "no", "connections": 1, "observation_date": "2024-08-10", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ec1ddcb6-eb34-4cc2-aa1c-e35c684e3618", "vulnerability": {"vulnId": "CVE-2024-27130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "ec1ddcb6-eb34-4cc2-aa1c-e35c684e3618", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 0}, "timestamps": {"asserted_at": "2024-05-27T10:48:06+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-07T00:00:00+00:00", "first_seen_at": "2024-05-27T10:48:06+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP QTS, QuTSCloud, QuTS Hero | Class: nas | Severity: None (CVSS 0) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-08-07: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-27130", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27130"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "QNAP", "30d_avg": 0, "90d_avg": 0, "product": "QNAP QTS, QuTSCloud, QuTS Hero", "cisa_kev": "no", "connections": 8, "observation_date": "2024-08-07", "vulnerability_class": "CVSS", "vulnerability_score": 0, "vulnerability_severity": "None"}}]}
{"uuid": "d0df9183-fd07-4916-a9eb-2bcc26fd487f", "vulnerability": {"vulnId": "CVE-2021-35327", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-06T00:00:00+00:00"}, "gcve": {"object_uuid": "d0df9183-fd07-4916-a9eb-2bcc26fd487f", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T18:44:14+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-06T00:00:00+00:00", "first_seen_at": "2023-10-13T18:44:14+00:00"}, "scope": {"notes": "Affected: Totolink / A720R | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-08-06: 270", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-35327", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35327"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 1, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "A720R", "cisa_kev": "no", "connections": 270, "observation_date": "2024-08-06", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "ba62498a-d74d-4bb4-baf2-4a10c35a4d94", "vulnerability": {"vulnId": "CVE-2018-20841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-05T17:06:21+00:00"}, "gcve": {"object_uuid": "ba62498a-d74d-4bb4-baf2-4a10c35a4d94", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-08-05T17:06:21+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-08-05T17:06:21+00:00", "first_seen_at": "2024-08-05T17:06:21+00:00"}, "scope": {"notes": "Affected: HooToo / HooToo TripMate Titan HT-TM05 and HT-05 routers  | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-08-05: 8", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2018-20841", "url": "https://www.cve.org/CVERecord?id=CVE-2018-20841"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "HooToo", "30d_avg": 0, "90d_avg": 0, "product": "HooToo TripMate Titan HT-TM05 and HT-05 routers ", "cisa_kev": "no", "connections": 8, "observation_date": "2024-08-05", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a22a730a-2075-46b8-a8cf-85d097ecbc39", "vulnerability": {"vulnId": "CVE-2022-25075", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-26T00:00:00+00:00"}, "gcve": {"object_uuid": "a22a730a-2075-46b8-a8cf-85d097ecbc39", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-13T16:23:23+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-07-26T00:00:00+00:00", "first_seen_at": "2023-10-13T16:23:23+00:00"}, "scope": {"notes": "Affected: Totolink / A3100R, A810R, A830R, A860R, A950RG, A3100R, T6, and T10 routers | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-07-26: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-25075", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25075"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Totolink", "30d_avg": 0, "90d_avg": 0, "product": "A3100R, A810R, A830R, A860R, A950RG, A3100R, T6, and T10 routers", "cisa_kev": "no", "connections": 1, "observation_date": "2024-07-26", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "721a6577-50f5-4f22-a4ff-c48fd5da09ac", "vulnerability": {"vulnId": "CVE-2024-22729", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-02T00:00:00+00:00"}, "gcve": {"object_uuid": "721a6577-50f5-4f22-a4ff-c48fd5da09ac", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-27T07:46:34+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-07-02T00:00:00+00:00", "first_seen_at": "2024-06-27T07:46:34+00:00"}, "scope": {"notes": "Affected: Netis / Netis MW5360 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-07-02: 339", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-22729", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22729"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Netis", "30d_avg": 0, "90d_avg": 0, "product": "Netis MW5360", "cisa_kev": "no", "connections": 339, "observation_date": "2024-07-02", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "a80f5776-3a35-4171-81fd-82b60304fdb8", "vulnerability": {"vulnId": "CVE-2019-20504", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-29T17:09:04+00:00"}, "gcve": {"object_uuid": "a80f5776-3a35-4171-81fd-82b60304fdb8", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-06-29T17:09:04+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-06-29T17:09:04+00:00", "first_seen_at": "2024-06-29T17:09:04+00:00"}, "scope": {"notes": "Affected: Quest / Quest KACE K1000 Systems Management Appliance  | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-06-29: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-20504", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20504"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "Quest", "30d_avg": 0, "90d_avg": 0, "product": "Quest KACE K1000 Systems Management Appliance ", "cisa_kev": "no", "connections": 2, "observation_date": "2024-06-29", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "10e68f71-2bf9-41ad-b896-33745fc6ebd6", "vulnerability": {"vulnId": "CVE-2024-0778", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "10e68f71-2bf9-41ad-b896-33745fc6ebd6", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-03-15T12:14:52+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-05-28T00:00:00+00:00", "first_seen_at": "2024-03-15T12:14:52+00:00"}, "scope": {"notes": "Affected: Uniview / Uniview ISC 2500-S | Class: video-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-05-28: 4", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2024-0778", "url": "https://www.cve.org/CVERecord?id=CVE-2024-0778"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "video-system", "7d_avg": 0, "vendor": "Uniview", "30d_avg": 0, "90d_avg": 0, "product": "Uniview ISC 2500-S", "cisa_kev": "no", "connections": 4, "observation_date": "2024-05-28", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9e7f11a8-fb18-4f57-93b5-a3c617560d92", "vulnerability": {"vulnId": "CVE-2023-32315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-15T00:00:00+00:00"}, "gcve": {"object_uuid": "9e7f11a8-fb18-4f57-93b5-a3c617560d92", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-01-20T02:40:56+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-05-15T00:00:00+00:00", "first_seen_at": "2024-01-20T02:40:56+00:00"}, "scope": {"notes": "Affected: Ignite Realtime / Openfire | Class: other-software | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-05-15: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-32315", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32315"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Ignite Realtime", "30d_avg": 0, "90d_avg": 0, "product": "Openfire", "cisa_kev": "yes", "connections": 1, "observation_date": "2024-05-15", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "2ae06303-6a76-45ad-b39a-29dba97c1bb9", "vulnerability": {"vulnId": "CVE-2023-4473", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2ae06303-6a76-45ad-b39a-29dba97c1bb9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-04-28T13:50:19+00:00", "recorded_at": "2026-07-01T12:47:07+00:00", "last_seen_at": "2024-04-30T00:00:00+00:00", "first_seen_at": "2024-04-28T13:50:19+00:00"}, "scope": {"notes": "Affected: Zyxel / Zyxel NAS326/NAS542 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-04-30: 333", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-4473", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4473"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "Zyxel", "30d_avg": 0, "90d_avg": 0, "product": "Zyxel NAS326/NAS542", "cisa_kev": "no", "connections": 333, "observation_date": "2024-04-30", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "e84e9dfd-e722-4f8a-8f49-0fd822040ba5", "vulnerability": {"vulnId": "EDB-51096", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-10T00:00:00+00:00"}, "gcve": {"object_uuid": "e84e9dfd-e722-4f8a-8f49-0fd822040ba5", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-09T12:34:29+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-04-10T00:00:00+00:00", "first_seen_at": "2024-04-09T12:34:29+00:00"}, "scope": {"notes": "Affected: MiniDVBLinux / MiniDVBLinux | Class: embedded-system | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-04-10: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-51096", "url": "https://www.exploit-db.com/exploits/51096"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "MiniDVBLinux", "30d_avg": 0, "90d_avg": 0, "product": "MiniDVBLinux", "cisa_kev": "no", "connections": 1, "observation_date": "2024-04-10", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "7284163a-c21e-4d9c-899f-8a8f5c9f4ede", "vulnerability": {"vulnId": "CVE-2023-39296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-24T07:08:16+00:00"}, "gcve": {"object_uuid": "7284163a-c21e-4d9c-899f-8a8f5c9f4ede", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2024-03-24T07:08:16+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-03-24T07:08:16+00:00", "first_seen_at": "2024-03-24T07:08:16+00:00"}, "scope": {"notes": "Affected: QNAP / QTS and QuTS Hero | Class: nas | Severity: High (CVSS 7.5) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-03-24: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2023-39296", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39296"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "QNAP", "30d_avg": 0, "90d_avg": 0, "product": "QTS and QuTS Hero", "cisa_kev": "no", "connections": 1, "observation_date": "2024-03-24", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "07a7e9f3-4bac-417a-944b-22524d4efae4", "vulnerability": {"vulnId": "EDB-50775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-21T00:00:00+00:00"}, "gcve": {"object_uuid": "07a7e9f3-4bac-417a-944b-22524d4efae4", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-13T07:41:39+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-03-21T00:00:00+00:00", "first_seen_at": "2024-03-13T07:41:39+00:00"}, "scope": {"notes": "Affected: Dbltek / Dbltek GoIP | Class: ip-pbx | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-03-21: 5", "asset_exposure": ["internet-facing"]}, "references": [{"id": "EDB-50775", "url": "https://www.exploit-db.com/exploits/50775"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "ip-pbx", "7d_avg": 0, "vendor": "Dbltek", "30d_avg": 0, "90d_avg": 0, "product": "Dbltek GoIP", "cisa_kev": "no", "connections": 5, "observation_date": "2024-03-21", "vulnerability_class": null, "vulnerability_score": null, "vulnerability_severity": null}}]}
{"uuid": "6b0a00ac-77dc-4970-85f3-71dc11bfabc2", "vulnerability": {"vulnId": "CVE-2021-32849", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-04T03:07:48+00:00"}, "gcve": {"object_uuid": "6b0a00ac-77dc-4970-85f3-71dc11bfabc2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 88}, "timestamps": {"asserted_at": "2024-03-04T03:07:48+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-03-04T03:07:48+00:00", "first_seen_at": "2024-03-04T03:07:48+00:00"}, "scope": {"notes": "Affected: Gerapy / Gerapy | Class: other-software | Severity: High (CVSS 8.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-03-04: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2021-32849", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32849"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Gerapy", "30d_avg": 0, "90d_avg": 0, "product": "Gerapy", "cisa_kev": "no", "connections": 1, "observation_date": "2024-03-04", "vulnerability_class": "CVSS", "vulnerability_score": 8.8, "vulnerability_severity": "High"}}]}
{"uuid": "3607e65c-fa72-4ad5-a84f-4ff2f8fc846e", "vulnerability": {"vulnId": "CVE-2020-13483", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "3607e65c-fa72-4ad5-a84f-4ff2f8fc846e", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 61}, "timestamps": {"asserted_at": "2023-11-15T03:30:25+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-03-04T00:00:00+00:00", "first_seen_at": "2023-11-15T03:30:25+00:00"}, "scope": {"notes": "Affected: Bitrix / Bitrix24 Web Application Firewall | Class: firewall | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-03-04: 1", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2020-13483", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13483"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "firewall", "7d_avg": 0, "vendor": "Bitrix", "30d_avg": 0, "90d_avg": 0, "product": "Bitrix24 Web Application Firewall", "cisa_kev": "no", "connections": 1, "observation_date": "2024-03-04", "vulnerability_class": "CVSS", "vulnerability_score": 6.1, "vulnerability_severity": "Medium"}}]}
{"uuid": "72c6a061-eb95-47ba-af42-924f35e989d7", "vulnerability": {"vulnId": "CVE-2015-8562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "72c6a061-eb95-47ba-af42-924f35e989d7", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 75}, "timestamps": {"asserted_at": "2023-10-14T13:49:36+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-03-04T00:00:00+00:00", "first_seen_at": "2023-10-14T13:49:36+00:00"}, "scope": {"notes": "Affected: Open Source Matters, Inc/Joomla community / Joomla | Class: cms | Severity: High (CVSS 7.5) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-03-04: 6", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2015-8562", "url": "https://www.cve.org/CVERecord?id=CVE-2015-8562"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "cms", "7d_avg": 0, "vendor": "Open Source Matters, Inc/Joomla community", "30d_avg": 0, "90d_avg": 0, "product": "Joomla", "cisa_kev": "no", "connections": 6, "observation_date": "2024-03-04", "vulnerability_class": "CVSS", "vulnerability_score": 7.5, "vulnerability_severity": "High"}}]}
{"uuid": "a8c9050f-bfb2-4785-8db8-45a7da321082", "vulnerability": {"vulnId": "CVE-2022-24086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-17T00:00:00+00:00"}, "gcve": {"object_uuid": "a8c9050f-bfb2-4785-8db8-45a7da321082", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-02-14T15:46:45+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-02-17T00:00:00+00:00", "first_seen_at": "2024-02-14T15:46:45+00:00"}, "scope": {"notes": "Affected: Adobe / Adobe Commerce (Magento) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-02-17: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2022-24086", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24086"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "other-software", "7d_avg": 0, "vendor": "Adobe", "30d_avg": 0, "90d_avg": 0, "product": "Adobe Commerce (Magento)", "cisa_kev": "yes", "connections": 2, "observation_date": "2024-02-17", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "796c2d6f-dc0d-4622-bdde-4643308faae9", "vulnerability": {"vulnId": "CVE-2019-25065", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-13T18:53:08+00:00"}, "gcve": {"object_uuid": "796c2d6f-dc0d-4622-bdde-4643308faae9", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-13T18:53:08+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-01-13T18:53:08+00:00", "first_seen_at": "2024-01-13T18:53:08+00:00"}, "scope": {"notes": "Affected: OpenNetAdmin / OpenNetAdmin | Class: device-management-platform | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2024-01-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-25065", "url": "https://www.cve.org/CVERecord?id=CVE-2019-25065"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "device-management-platform", "7d_avg": 0, "vendor": "OpenNetAdmin", "30d_avg": 0, "90d_avg": 0, "product": "OpenNetAdmin", "cisa_kev": "no", "connections": 2, "observation_date": "2024-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "accf21c0-d475-46b8-9d1b-d96adf9655dd", "vulnerability": {"vulnId": "CVE-2011-5010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-13T18:52:47+00:00"}, "gcve": {"object_uuid": "accf21c0-d475-46b8-9d1b-d96adf9655dd", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 100}, "timestamps": {"asserted_at": "2024-01-13T18:52:47+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-01-13T18:52:47+00:00", "first_seen_at": "2024-01-13T18:52:47+00:00"}, "scope": {"notes": "Affected: Ctek / SkyRouter | Class: router | Severity: High (CVSS 10) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-01-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2011-5010", "url": "https://www.cve.org/CVERecord?id=CVE-2011-5010"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "router", "7d_avg": 0, "vendor": "Ctek", "30d_avg": 0, "90d_avg": 0, "product": "SkyRouter", "cisa_kev": "no", "connections": 2, "observation_date": "2024-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 10, "vulnerability_severity": "High"}}]}
{"uuid": "10366bd3-0e09-4690-b7c8-1a099d40561c", "vulnerability": {"vulnId": "CVE-2019-11043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-13T18:52:25+00:00"}, "gcve": {"object_uuid": "10366bd3-0e09-4690-b7c8-1a099d40561c", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-13T18:52:25+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-01-13T18:52:25+00:00", "first_seen_at": "2024-01-13T18:52:25+00:00"}, "scope": {"notes": "Affected: PHP / PHP-FPM (FastCGI Process Manager) | Class: web-app-framework | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2024-01-13: 182", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-11043", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "web-app-framework", "7d_avg": 0, "vendor": "PHP", "30d_avg": 0, "90d_avg": 0, "product": "PHP-FPM (FastCGI Process Manager)", "cisa_kev": "yes", "connections": 182, "observation_date": "2024-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "2aeb229b-b6f5-4fda-b1b5-0eae8f90c469", "vulnerability": {"vulnId": "CVE-2019-6814", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-13T18:51:58+00:00"}, "gcve": {"object_uuid": "2aeb229b-b6f5-4fda-b1b5-0eae8f90c469", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2024-01-13T18:51:58+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2024-01-13T18:51:58+00:00", "first_seen_at": "2024-01-13T18:51:58+00:00"}, "scope": {"notes": "Affected: Schneider Electric / Pelco Endura NET55XX Encoder | Class: embedded-system | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-01-13: 2", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-6814", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6814"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "embedded-system", "7d_avg": 0, "vendor": "Schneider Electric", "30d_avg": 0, "90d_avg": 0, "product": "Pelco Endura NET55XX Encoder", "cisa_kev": "no", "connections": 2, "observation_date": "2024-01-13", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "9ca1debb-6012-4d05-8566-6f275c8b3fde", "vulnerability": {"vulnId": "CVE-2019-12988", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-31T04:59:13+00:00"}, "gcve": {"object_uuid": "9ca1debb-6012-4d05-8566-6f275c8b3fde", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-31T04:59:13+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2023-10-31T04:59:13+00:00", "first_seen_at": "2023-10-31T04:59:13+00:00"}, "scope": {"notes": "Affected: Citrix / Citrix SD-WAN and NetScaler SD-WAN | Class: app-delivery-controller | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2023-10-31: 123", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2019-12988", "url": "https://www.cve.org/CVERecord?id=CVE-2019-12988"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "no", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "app-delivery-controller", "7d_avg": 0, "vendor": "Citrix", "30d_avg": 0, "90d_avg": 0, "product": "Citrix SD-WAN and NetScaler SD-WAN", "cisa_kev": "no", "connections": 123, "observation_date": "2023-10-31", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
{"uuid": "90718928-08db-4f70-80ac-5af0ad23e9f2", "vulnerability": {"vulnId": "CVE-2017-7876", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-16T10:27:51+00:00"}, "gcve": {"object_uuid": "90718928-08db-4f70-80ac-5af0ad23e9f2", "origin_uuid": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8"}, "characteristics": {"severity": 98}, "timestamps": {"asserted_at": "2023-10-16T10:27:51+00:00", "recorded_at": "2026-07-01T10:27:13+00:00", "last_seen_at": "2023-10-16T10:27:51+00:00", "first_seen_at": "2023-10-16T10:27:51+00:00"}, "scope": {"notes": "Affected: QNAP / QNAP QTS | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2023-10-16: 6379", "asset_exposure": ["internet-facing"]}, "references": [{"id": "CVE-2017-7876", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7876"}, {"id": "shadowserver", "url": "https://www.shadowserver.org/what-we-do/network-reporting/honeypot-exploited-vulnerabilities-report/"}], "evidence": [{"source": "shadowserver", "type": "honeypot", "signal": "in_the_wild_attempts", "confidence": 0.7, "details": {"1d": "1", "iot": "yes", "feed": "Shadowserver Foundation honeypot/exploited-vulnerabilities", "type": "http-scan", "class": "nas", "7d_avg": 0, "vendor": "QNAP", "30d_avg": 0, "90d_avg": 0, "product": "QNAP QTS", "cisa_kev": "no", "connections": 6379, "observation_date": "2023-10-16", "vulnerability_class": "CVSS", "vulnerability_score": 9.8, "vulnerability_severity": "Critical"}}]}
