Vulnerabilities exploitable today
4,276in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,293
- High4,219
- Medium3,544
- Low277
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2019-7481—100.0%
KEVR80SonicWall SMA100 SQL Injection Vulnerability—CVE-2015-1427—100.0%
KEV—80Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability—CVE-2018-0296—100.0%
KEV—80Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability—CVE-2025-4427—100.0%
KEV—80Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability—CVE-2025-24893—100.0%
KEV—80XWiki Platform Eval Injection Vulnerability—CVE-2021-22986—100.0%
KEVR80F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability—CVE-2021-39226—100.0%
KEV—80Grafana Authentication Bypass Vulnerability—CVE-2014-0497—100.0%
KEV—80Adobe Flash Player Integer Underflow Vulnerablity—CVE-2025-49706—100.0%
KEVR80Microsoft SharePoint Improper Authentication Vulnerability—CVE-2024-45519—100.0%
KEV—80Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability—CVE-2024-29826—100.0%
——30——CVE-2024-29825—100.0%
——30——CVE-2019-1653—100.0%
KEV—80Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability—CVE-2021-33044—100.0%
KEV—80Dahua IP Camera Authentication Bypass Vulnerability—CVE-2025-5777—100.0%
KEVR80Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability—CVE-2021-36260—100.0%
KEV—80Hikvision Improper Input Validation—CVE-2021-44515—100.0%
KEV—80Zoho Desktop Central Authentication Bypass Vulnerability—CVE-2021-35394—100.0%
KEV—80Realtek Jungle SDK Remote Code Execution Vulnerability—CVE-2015-4000—100.0%
——30——CVE-2024-29823—100.0%
——30——CVE-2020-13379—100.0%
——30——CVE-2021-37415—100.0%
KEV—80Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability—CVE-2017-12635—100.0%
——30——CVE-2025-32432—100.0%
KEV—80Craft CMS Code Injection Vulnerability—CVE-2023-23752—100.0%
KEV—80Joomla! Improper Access Control Vulnerability—CVE-2022-46169—100.0%
KEV—80Cacti Command Injection Vulnerability—CVE-2017-8917—100.0%
——30——CVE-2017-7269—100.0%
KEV—80Microsoft Windows Server Buffer Overflow Vulnerability—CVE-2022-39952—100.0%
——30——CVE-2024-36401—100.0%
KEV—80OSGeo GeoServer GeoTools Eval Injection Vulnerability—CVE-2023-21839—100.0%
KEV—80Oracle WebLogic Server Unspecified Vulnerability—CVE-2020-0796—100.0%
KEVR80Microsoft SMBv3 Remote Code Execution Vulnerability—CVE-2012-1459—100.0%
——30——CVE-2022-1040—100.0%
KEV—80Sophos Firewall Authentication Bypass Vulnerability—CVE-2020-7961—100.0%
KEV—80Liferay Portal Deserialization of Untrusted Data Vulnerability—CVE-2021-31207—100.0%
KEVR80Microsoft Exchange Server Security Feature Bypass Vulnerability—CVE-2016-6277—100.0%
KEV—80NETGEAR Multiple Routers Remote Code Execution Vulnerability—CVE-2019-15107—100.0%
KEVR80Webmin Command Injection Vulnerability—CVE-2024-13159—100.0%
KEV—80Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability—CVE-2023-29298—100.0%
KEV—80Adobe ColdFusion Improper Access Control Vulnerability—