Vulnerabilities exploitable today
9,869in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,283
- High4,187
- Medium3,505
- Low268
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-32489.8 CRI100.0%
KEVR80Langflow Missing Authentication Vulnerability2dCVE-2024-555919.8 CRI99.9%
KEVR80Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8dCVE-2021-422379.8 CRI99.9%
KEVR80Sitecore XP Remote Command Execution Vulnerability7dCVE-2026-314317.8 HIG99.9%
KEV—80Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability2dCVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2024-121210.0 CRI99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability3dCVE-2024-116809.8 CRI99.8%
KEV—80ProjectSend Improper Authentication Vulnerability2dCVE-2026-422089.8 CRI99.7%
KEV—80BerriAI LiteLLM SQL Injection Vulnerability2dCVE-2023-389507.5 HIG99.7%
KEV—80ZKTeco BioTime Path Traversal Vulnerability7dCVE-2022-262589.8 CRI99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability7dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2025-342918.8 HIG99.6%
KEV—80Langflow Origin Validation Error Vulnerability2dCVE-2021-252988.8 HIG99.5%
KEV—80Nagios XI OS Command Injection7dCVE-2021-252968.8 HIG99.3%
KEV—80Nagios XI OS Command Injection7dCVE-2021-252978.8 HIG98.9%
KEV—80Nagios XI OS Command Injection7dCVE-2026-202308.6 HIG98.5%
KEV—80Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability15dCVE-2026-4828210.0 CRI97.9%
KEV—79Adobe ColdFusion Path Traversal Vulnerability8dCVE-2008-41284.3 MED97.6%
KEV—79Cisco IOS Cross-Site Request Forgery Vulnerability3dCVE-2026-561645.3 MED92.0%
KEV—78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability2dCVE-2025-105859.8 CRI91.8%
KEV—78Google Chromium V8 Type Confusion Vulnerability2dCVE-2025-132238.8 HIG91.1%
KEV—77Google Chromium V8 Type Confusion Vulnerability2dCVE-2026-456598.8 HIG86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability14dCVE-2025-244728.1 HIG86.2%
KEVR76Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8dCVE-2026-562909.8 CRI85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability8dCVE-2026-489089.8 CRI72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability8dCVE-2026-489399.8 CRI71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2026-154107.2 HIG71.1%
KEV—71SonicWall SMA1000 Appliances Code Injection Vulnerability15hCVE-2025-312778.8 HIG71.0%
KEV—71Apple Multiple Products Buffer Overflow Vulnerability2dCVE-2026-1540910.0 CRI66.4%
KEV—70SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability15hCVE-2026-125699.8 CRI66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability16dCVE-2026-4855810.0 CRI63.5%
KEV—69SimpleHelp Authentication Bypass Vulnerability16dCVE-2026-468179.8 CRI60.3%
KEV—68Oracle E-Business Suite Improper Privilege Management Vulnerability15hCVE-2025-670389.8 CRI55.3%
KEV—67Lantronix EDS5000 Code Injection Vulnerability10dCVE-2023-43467.5 HIG54.2%
KEV—66KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability15hCVE-2026-562919.8 CRI53.6%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2026-552558.4 HIG42.8%
KEV—63Langflow Authorization Bypass Through User-Controlled Key Vulnerability8dCVE-2026-561557.8 HIG30.2%
KEV—59Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability 1dCVE-2023-349609.8 CRI99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.8dCVE-2023-376799.8 CRI99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.8d