Vulnerabilities exploitable today
4,276in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,283
- High4,187
- Medium3,505
- Low268
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2013-2251—100.0%
KEV—80Apache Struts Improper Input Validation Vulnerability—CVE-2020-14882—100.0%
KEV—80Oracle WebLogic Server Remote Code Execution Vulnerability—CVE-2024-3273—100.0%
KEV—80D-Link Multiple NAS Devices Command Injection Vulnerability—CVE-2022-22954—100.0%
KEVR80VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability—CVE-2019-16920—100.0%
KEV—80D-Link Multiple Routers Command Injection Vulnerability—CVE-2022-44877—100.0%
KEV—80CWP Control Web Panel OS Command Injection Vulnerability—CVE-2023-50387—100.0%
——30——CVE-2024-34102—100.0%
KEV—80Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability—CVE-2017-10271—100.0%
KEVR80Oracle Corporation WebLogic Server Remote Code Execution Vulnerability—CVE-2018-11776—100.0%
KEV—80Apache Struts Remote Code Execution Vulnerability—CVE-2018-7600—100.0%
KEVR80Drupal Core Remote Code Execution Vulnerability—CVE-2020-8515—100.0%
KEV—80Multiple DrayTek Vigor Routers Web Management Page Vulnerability—CVE-2020-3452—100.0%
KEV—80Cisco ASA and FTD Read-Only Path Traversal Vulnerability—CVE-2021-41773—100.0%
KEVR80Apache HTTP Server Path Traversal Vulnerability—CVE-2024-27199—100.0%
KEVR80JetBrains TeamCity Relative Path Traversal Vulnerability—CVE-2025-32489.8 CRI100.0%
KEVR80Langflow Missing Authentication Vulnerability2dCVE-2023-29300—100.0%
KEVR80Adobe ColdFusion Deserialization of Untrusted Data Vulnerability—CVE-2017-12617—100.0%
KEV—80Apache Tomcat Remote Code Execution Vulnerability—CVE-2020-9054—100.0%
KEV—80Zyxel Multiple NAS Devices OS Command Injection Vulnerability—CVE-2021-34523—100.0%
KEVR80Microsoft Exchange Server Privilege Escalation Vulnerability—CVE-2024-7593—100.0%
KEV—80Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability—CVE-2024-4577—100.0%
KEVR80PHP-CGI OS Command Injection Vulnerability—CVE-2019-9670—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference—CVE-2023-46805—100.0%
KEVR80Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability—CVE-2023-22527—100.0%
KEVR80Atlassian Confluence Data Center and Server Template Injection Vulnerability—CVE-2022-40684—100.0%
KEVR80Fortinet Multiple Products Authentication Bypass Vulnerability—CVE-2021-20090—100.0%
KEV—80Arcadyan Buffalo Firmware Path Traversal Vulnerability—CVE-2024-45195—100.0%
KEV—80Apache OFBiz Forced Browsing Vulnerability—CVE-2021-22204—100.0%
KEV—80ExifTool Remote Code Execution Vulnerability—CVE-2025-53770—100.0%
KEVR80Microsoft SharePoint Deserialization of Untrusted Data Vulnerability—CVE-2025-22457—100.0%
KEVR80Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability—CVE-2023-42793—100.0%
KEVR80JetBrains TeamCity Authentication Bypass Vulnerability—CVE-2024-24919—100.0%
KEVR80Check Point Quantum Security Gateways Information Disclosure Vulnerability—CVE-2021-45046—100.0%
KEVR80Apache Log4j2 Deserialization of Untrusted Data Vulnerability—CVE-2014-0195—100.0%
——30——CVE-2024-4879—100.0%
KEV—80ServiceNow Improper Input Validation Vulnerability—CVE-2014-8361—100.0%
KEV—80Realtek SDK Improper Input Validation Vulnerability—CVE-2014-3704—100.0%
——30——CVE-2025-0282—100.0%
KEVR80Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability—CVE-2022-41082—100.0%
KEVR80Microsoft Exchange Server Remote Code Execution Vulnerability—