Vulnerabilities exploitable today
4,276in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,293
- High4,219
- Medium3,544
- Low277
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2007-3010—99.9%
KEV—80Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability—CVE-2013-5211—99.9%
——30——CVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.8dCVE-2021-22054—99.9%
KEV—80Omnissa Workspace ONE Server-Side Request Forgery—CVE-2012-1453—99.9%
——30——CVE-2018-15745—99.9%
——30——CVE-2019-16662—99.9%
——30——CVE-2022-43769—99.9%
KEV—80Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability—CVE-2015-7450—99.9%
KEV—80IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.—CVE-2023-0315—99.9%
——30——CVE-2019-18818—99.9%
——30——CVE-2013-0422—99.9%
KEVR80Oracle JRE Remote Code Execution Vulnerability—CVE-2021-36380—99.9%
KEV—80Sunhillo SureLine OS Command Injection Vulnerablity—CVE-2023-48788—99.9%
KEVR80Fortinet FortiClient EMS SQL Injection Vulnerability—CVE-2021-3378—99.9%
——30——CVE-2021-33766—99.9%
KEV—80Microsoft Exchange Server Information Disclosure—CVE-2016-3714—99.9%
KEV—80ImageMagick Improper Input Validation Vulnerability—CVE-2024-4358—99.9%
KEV—80Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability—CVE-2021-26812—99.9%
——30——CVE-2024-56145—99.9%
KEV—80Craft CMS Code Injection Vulnerability—CVE-2024-10914—99.9%
——30——CVE-2016-8869—99.9%
——30——CVE-2019-9082—99.9%
KEV—80ThinkPHP Remote Code Execution Vulnerability—CVE-2020-12116—99.9%
——30——CVE-2016-6601—99.9%
——30——CVE-2023-23397—99.9%
KEV—80Microsoft Office Outlook Privilege Escalation Vulnerability—CVE-2023-27524—99.9%
KEV—80Apache Superset Insecure Default Initialization of Resource Vulnerability—CVE-2019-0230—99.9%
——30——CVE-2018-17456—99.9%
——30——CVE-2023-26360—99.9%
KEV—80Adobe ColdFusion Deserialization of Untrusted Data Vulnerability—CVE-2020-1956—99.9%
KEV—80Apache Kylin OS Command Injection Vulnerability—CVE-2020-25213—99.9%
KEV—80WordPress File Manager Plugin Remote Code Execution Vulnerability—CVE-2020-1943—99.9%
——30——CVE-2017-3248—99.9%
——30——CVE-2025-34028—99.9%
KEV—80Commvault Command Center Path Traversal Vulnerability—CVE-2020-14864—99.9%
KEV—80Oracle Business Intelligence Enterprise Edition Path Transversal—CVE-2021-41277—99.9%
KEV—80Metabase GeoJSON API Local File Inclusion Vulnerability—CVE-2019-3398—99.9%
KEV—80Atlassian Confluence Server and Data Center Path Traversal Vulnerability—CVE-2019-7256—99.9%
KEV—80Nice Linear eMerge E3-Series OS Command Injection Vulnerability—CVE-2020-2555—99.9%
KEV—80Oracle Multiple Products Remote Code Execution Vulnerability—