Vulnerabilities exploitable today
349,130in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,644
New KEV · 24H0
Exploit Today ≥ 701,579
Distribution · last window
- Critical1,293
- High4,219
- Medium3,544
- Low277
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2015-7450—99.9%
KEV—80IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.—CVE-2019-9082—99.9%
KEV—80ThinkPHP Remote Code Execution Vulnerability—CVE-2024-50623—99.9%
KEVR80Cleo Multiple Products Unrestricted File Upload Vulnerability—CVE-2019-5418—99.9%
KEV—80Rails Ruby on Rails Path Traversal Vulnerability—CVE-2024-41713—99.9%
KEVR80Mitel MiCollab Path Traversal Vulnerability—CVE-2022-29303—99.9%
KEV—80SolarView Compact Command Injection Vulnerability—CVE-2021-41277—99.9%
KEV—80Metabase GeoJSON API Local File Inclusion Vulnerability—CVE-2020-1956—99.9%
KEV—80Apache Kylin OS Command Injection Vulnerability—CVE-2021-39144—99.9%
KEV—80XStream Remote Code Execution Vulnerability—CVE-2020-14864—99.9%
KEV—80Oracle Business Intelligence Enterprise Edition Path Transversal—CVE-2025-0108—99.9%
KEV—80Palo Alto Networks PAN-OS Authentication Bypass Vulnerability—CVE-2013-0422—99.9%
KEVR80Oracle JRE Remote Code Execution Vulnerability—CVE-2024-12987—99.9%
KEV—80DrayTek Vigor Routers OS Command Injection Vulnerability—CVE-2022-22947—99.9%
KEV—80VMware Spring Cloud Gateway Code Injection Vulnerability—CVE-2020-25078—99.9%
KEV—80D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability—CVE-2026-41940—99.9%
KEVR80WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability—CVE-2025-32433—99.9%
KEV—80Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability—CVE-2024-56145—99.9%
KEV—80Craft CMS Code Injection Vulnerability—CVE-2021-33766—99.9%
KEV—80Microsoft Exchange Server Information Disclosure—CVE-2023-23397—99.9%
KEV—80Microsoft Office Outlook Privilege Escalation Vulnerability—CVE-2023-38831—99.9%
KEVR80RARLAB WinRAR Code Execution Vulnerability—CVE-2012-4681—99.9%
KEVR80Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability—CVE-2023-25280—99.9%
KEV—80D-Link DIR-820 Router OS Command Injection Vulnerability—CVE-2021-22054—99.9%
KEV—80Omnissa Workspace ONE Server-Side Request Forgery—CVE-2021-35395—99.9%
KEV—80Realtek AP-Router SDK Buffer Overflow Vulnerability—CVE-2021-422379.8 CRI99.9%
KEVR80Sitecore XP Remote Command Execution Vulnerability7dCVE-2019-20500—99.9%
KEV—80D-Link DWL-2600AP Access Point Command Injection Vulnerability—CVE-2019-3398—99.9%
KEV—80Atlassian Confluence Server and Data Center Path Traversal Vulnerability—CVE-2023-26360—99.9%
KEV—80Adobe ColdFusion Deserialization of Untrusted Data Vulnerability—CVE-2018-1000861—99.9%
KEV—80Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability—CVE-2021-36380—99.9%
KEV—80Sunhillo SureLine OS Command Injection Vulnerablity—CVE-2020-6207—99.9%
KEV—80SAP Solution Manager Missing Authentication for Critical Function Vulnerability—CVE-2022-21587—99.9%
KEVR80Oracle E-Business Suite Unspecified Vulnerability—CVE-2022-22536—99.9%
KEV—80SAP Multiple Products HTTP Request Smuggling Vulnerability—CVE-2008-2992—99.9%
KEVR80Adobe Reader and Acrobat Input Validation Vulnerability—CVE-2025-61884—99.9%
KEVR80Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability—CVE-2020-11738—99.9%
KEV—80WordPress Snap Creek Duplicator Plugin File Download Vulnerability—CVE-2024-20767—99.9%
KEV—80Adobe ColdFusion Improper Access Control Vulnerability—CVE-2025-34028—99.9%
KEV—80Commvault Command Center Path Traversal Vulnerability—CVE-2024-555919.8 CRI99.9%
KEVR80Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8d