Vulnerabilities exploitable today
4,276in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,283
- High4,187
- Medium3,505
- Low268
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-25506—100.0%
KEV—80D-Link DNS-320 Device Command Injection Vulnerability—CVE-2022-47986—100.0%
KEVR80IBM Aspera Faspex Code Execution Vulnerability—CVE-2015-7297—100.0%
——30——CVE-2012-0158—100.0%
KEV—80Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability—CVE-2020-0688—100.0%
KEVR80Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability—CVE-2019-2725—100.0%
KEVR80Oracle WebLogic Server, Injection—CVE-2021-42013—100.0%
KEVR80Apache HTTP Server Path Traversal Vulnerability—CVE-2025-59287—100.0%
KEV—80Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability—CVE-2019-10149—100.0%
KEV—80Exim Mail Transfer Agent (MTA) Improper Input Validation—CVE-2024-1709—100.0%
KEVR80ConnectWise ScreenConnect Authentication Bypass Vulnerability—CVE-2024-38475—100.0%
KEV—80Apache HTTP Server Improper Escaping of Output Vulnerability—CVE-2022-1388—100.0%
KEVR80F5 BIG-IP Missing Authentication Vulnerability—CVE-2024-29824—100.0%
KEV—80Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability—CVE-2018-15961—100.0%
KEV—80Adobe ColdFusion Unrestricted File Upload Vulnerability—CVE-2023-38035—100.0%
KEVR80Ivanti Sentry Authentication Bypass Vulnerability—CVE-2018-10562—100.0%
KEVR80Dasan GPON Routers Command Injection Vulnerability—CVE-2025-31161—100.0%
KEVR80CrushFTP Authentication Bypass Vulnerability—CVE-2021-27065—100.0%
KEVR80Microsoft Exchange Server Remote Code Execution Vulnerability—CVE-2025-24813—100.0%
KEV—80Apache Tomcat Path Equivalence Vulnerability—CVE-2022-41040—100.0%
KEVR80Microsoft Exchange Server Server-Side Request Forgery Vulnerability—CVE-2017-11882—100.0%
KEVR80Microsoft Office Memory Corruption Vulnerability—CVE-2021-3129—100.0%
KEVR80Laravel Ignition File Upload Vulnerability—CVE-2020-10189—100.0%
KEV—80Zoho ManageEngine Desktop Central File Upload Vulnerability—CVE-2015-3113—100.0%
KEV—80Adobe Flash Player Heap-Based Buffer Overflow Vulnerability—CVE-2022-35405—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2014-7169—100.0%
KEV—80GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability—CVE-2022-22963—100.0%
KEV—80VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability—CVE-2024-27198—100.0%
KEVR80JetBrains TeamCity Authentication Bypass Vulnerability—CVE-2022-30525—100.0%
KEV—80Zyxel Multiple Firewalls OS Command Injection Vulnerability—CVE-2012-1456—100.0%
——30——CVE-2021-26085—100.0%
KEVR80Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability—CVE-2023-34362—100.0%
KEVR80Progress MOVEit Transfer SQL Injection Vulnerability—CVE-2017-0199—100.0%
KEVR80Microsoft Office and WordPad Remote Code Execution Vulnerability—CVE-2022-42889—100.0%
——30——CVE-2021-1497—100.0%
KEV—80Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability—CVE-2019-0604—100.0%
KEVR80Microsoft SharePoint Remote Code Execution Vulnerability—CVE-2019-3396—100.0%
KEVR80Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability—CVE-2021-20038—100.0%
KEVR80SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability—CVE-2025-53771—100.0%
——30——CVE-2025-49704—100.0%
KEVR80Microsoft SharePoint Code Injection Vulnerability—