Vulnerabilities exploitable today
4,276in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,298
- High4,252
- Medium3,575
- Low277
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2019-15976—99.8%
——30——CVE-2023-35628—99.8%
——30——CVE-2022-21907—99.8%
——30——CVE-2026-435007.8 HIG99.8%
——30In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE
handler in rxrpc_verify_response() copy the skb to a linear one before
calling into the security ops only when skb_cloned() is true. An skb
that is not cloned but still carries externally-owned paged fragments
(e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via
__ip_append_data, or a chained skb_has_frag_list()) falls through to
the in-place decryption path, which binds the frag pages directly into
the AEAD/skcipher SGL via skb_to_sgvec().
Extend the gate to also unshare when skb_has_frag_list() or
skb_has_shared_frag() is true. This catches the splice-loopback vector
and other externally-shared frag sources while preserving the
zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC
page_pool RX, GRO). The OOM/trace handling already in place is reused.2dCVE-2016-7547—99.8%
——30——CVE-2016-0492—99.8%
——30——CVE-2022-1329—99.8%
——30——CVE-2012-1429—99.8%
——30——CVE-2022-24706—99.8%
KEV—80Apache CouchDB Insecure Default Initialization of Resource Vulnerability—CVE-2007-0071—99.8%
——30——CVE-2018-16509—99.8%
——30——CVE-2022-3786—99.8%
——30——CVE-2022-40022—99.8%
——30——CVE-2023-23488—99.8%
——30——CVE-2023-0050—99.8%
——30——CVE-2016-3427—99.8%
KEV—80Oracle Java SE and JRockit Unspecified Vulnerability—CVE-2022-21371—99.8%
——30——CVE-2026-35273—99.8%
KEVR80Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability—CVE-2024-9047—99.8%
——30——CVE-2021-25282—99.8%
——30——CVE-2022-43939—99.8%
KEV—80Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability—CVE-2017-5689—99.8%
KEV—80Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability—CVE-2019-2616—99.8%
KEV—80Oracle BI Publisher Unauthorized Access Vulnerability—CVE-2020-1350—99.8%
KEV—80Microsoft Windows DNS Server Remote Code Execution Vulnerability—CVE-2025-2747—99.8%
KEV—80Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability—CVE-2019-5420—99.8%
——30——CVE-2025-11371—99.8%
KEV—80Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability—CVE-2025-54309—99.8%
KEV—80 CrushFTP Unprotected Alternate Channel Vulnerability—CVE-2012-0754—99.8%
KEV—80Adobe Flash Player Memory Corruption Vulnerability—CVE-2019-6340—99.8%
KEV—80Drupal Core Remote Code Execution Vulnerability—CVE-2019-8943—99.8%
——30——CVE-2024-38653—99.8%
——30——CVE-2020-10148—99.8%
KEV—80SolarWinds Orion Authentication Bypass Vulnerability—CVE-2023-45288—99.8%
——30——CVE-2024-7399—99.8%
KEV—80Samsung MagicINFO 9 Server Path Traversal Vulnerability—CVE-2018-11138—99.8%
KEVR80Quest KACE System Management Appliance Remote Command Execution Vulnerability—CVE-2024-20439—99.8%
KEV—80Cisco Smart Licensing Utility Static Credential Vulnerability—CVE-2017-12629—99.8%
——30——CVE-2010-0249—99.8%
KEV—80Microsoft Internet Explorer Use-After-Free Vulnerability—CVE-2019-9193—99.8%
——30——