Vulnerabilities exploitable today
349,029in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,283
- High4,187
- Medium3,505
- Low268
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-22005—100.0%
KEVR80VMware vCenter Server File Upload Vulnerability—CVE-2025-32489.8 CRI100.0%
KEVR80Langflow Missing Authentication Vulnerability2dCVE-2017-5638—100.0%
KEVR80Apache Struts Remote Code Execution Vulnerability—CVE-2023-1389—100.0%
KEV—80TP-Link Archer AX-21 Command Injection Vulnerability—CVE-2022-26134—100.0%
KEVR80Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability—CVE-2023-22518—100.0%
KEVR80Atlassian Confluence Data Center and Server Improper Authorization Vulnerability—CVE-2017-12617—100.0%
KEV—80Apache Tomcat Remote Code Execution Vulnerability—CVE-2021-26855—100.0%
KEVR80Microsoft Exchange Server Remote Code Execution Vulnerability—CVE-2020-14882—100.0%
KEV—80Oracle WebLogic Server Remote Code Execution Vulnerability—CVE-2024-34102—100.0%
KEV—80Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability—CVE-2023-35082—100.0%
KEVR80Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability—CVE-2024-7593—100.0%
KEV—80Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability—CVE-2024-3273—100.0%
KEV—80D-Link Multiple NAS Devices Command Injection Vulnerability—CVE-2017-10271—100.0%
KEVR80Oracle Corporation WebLogic Server Remote Code Execution Vulnerability—CVE-2015-1635—100.0%
KEV—80Microsoft HTTP.sys Remote Code Execution Vulnerability—CVE-2014-6271—100.0%
KEV—80GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability—CVE-2014-0160—100.0%
KEV—80OpenSSL Information Disclosure Vulnerability—CVE-2025-22457—100.0%
KEVR80Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability—CVE-2017-11882—100.0%
KEVR80Microsoft Office Memory Corruption Vulnerability—CVE-2022-46169—100.0%
KEV—80Cacti Command Injection Vulnerability—CVE-2021-38647—100.0%
KEVR80Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability—CVE-2021-20038—100.0%
KEVR80SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability—CVE-2024-45195—100.0%
KEV—80Apache OFBiz Forced Browsing Vulnerability—CVE-2023-38205—100.0%
KEV—80Adobe ColdFusion Improper Access Control Vulnerability—CVE-2024-45519—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability—CVE-2024-1709—100.0%
KEVR80ConnectWise ScreenConnect Authentication Bypass Vulnerability—CVE-2024-29824—100.0%
KEV—80Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability—CVE-2021-20090—100.0%
KEV—80Arcadyan Buffalo Firmware Path Traversal Vulnerability—CVE-2025-53770—100.0%
KEVR80Microsoft SharePoint Deserialization of Untrusted Data Vulnerability—CVE-2019-15107—100.0%
KEVR80Webmin Command Injection Vulnerability—CVE-2023-4863—100.0%
KEV—80Google Chromium WebP Heap-Based Buffer Overflow Vulnerability—CVE-2022-40684—100.0%
KEVR80Fortinet Multiple Products Authentication Bypass Vulnerability—CVE-2016-10033—100.0%
KEV—80PHPMailer Command Injection Vulnerability—CVE-2019-9670—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference—CVE-2021-45046—100.0%
KEVR80Apache Log4j2 Deserialization of Untrusted Data Vulnerability—CVE-2017-1000353—100.0%
KEV—80Jenkins Remote Code Execution Vulnerability—CVE-2020-10189—100.0%
KEV—80Zoho ManageEngine Desktop Central File Upload Vulnerability—CVE-2022-35405—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2025-49704—100.0%
KEVR80Microsoft SharePoint Code Injection Vulnerability—CVE-2010-2861—100.0%
KEVR80Adobe ColdFusion Directory Traversal Vulnerability—