Vulnerabilities exploitable today
349,552in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,647
New KEV · 24H0
Exploit Today ≥ 701,582
Distribution · last window
- Critical1,333
- High4,373
- Medium3,748
- Low298
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-33448—1.0%
——0——CVE-2022-32649—1.0%
——0——CVE-2026-23071—1.0%
——0——CVE-2026-53900—1.0%
——0——CVE-2025-68462—1.0%
——0——CVE-2025-71227—1.0%
——0——CVE-2025-27701—1.0%
——0——CVE-2026-31961—1.0%
——0——CVE-2023-53615—1.0%
——0——CVE-2026-23203—1.0%
——0——CVE-2023-48411—1.0%
——0——CVE-2022-20314—1.0%
——0——CVE-2026-39810—1.0%
——0——CVE-2026-46112—1.0%
——0——CVE-2024-27244—1.0%
——0——CVE-2026-26327—1.0%
——0——CVE-2025-21028—1.0%
——0——CVE-2023-21330—1.0%
——0——CVE-2026-463025.5 MED1.0%
——0In the Linux kernel, the following vulnerability has been resolved:
selinux: allow multiple opens of /sys/fs/selinux/policy
Currently there can only be a single open of /sys/fs/selinux/policy at
any time. This allows any process to block any other process from
reading the kernel policy. The original motivation seems to have been
a mix of preventing an inconsistent view of the policy size and
preventing userspace from allocating kernel memory without bound, but
this is arguably equally bad. Eliminate the policy_opened flag and
shrink the critical section that the policy mutex is held. While we
are making changes here, drop a couple of extraneous BUG_ONs.11dCVE-2026-23393—1.0%
——0——CVE-2026-0466—1.0%
——0——CVE-2026-5515—1.0%
——0——CVE-2025-62089—1.0%
——0——CVE-2026-21786—1.0%
——0——CVE-2026-23259—1.0%
——0——CVE-2026-23114—1.0%
——0——CVE-2026-533195.5 MED1.0%
——0In the Linux kernel, the following vulnerability has been resolved:
blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()
wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from
wbt_alloc() and wbt_init(). However, both are expected failure paths:
- wbt_alloc() can return NULL under memory pressure (-ENOMEM)
- wbt_init() can fail with -EBUSY if wbt is already registered
syzbot triggers this by injecting memory allocation failures during MTD
partition creation via ioctl(BLKPG), causing a spurious warning.
wbt_init_enable_default() is a best-effort initialization called from
blk_register_queue() with a void return type. Failure simply means the
disk operates without writeback throttling, which is harmless.
Replace WARN_ON_ONCE with plain if-checks, consistent with how
wbt_set_lat() in the same file already handles these failures. Add a
pr_warn() for the wbt_init() failure to retain diagnostic information
without triggering a full stack trace.13dCVE-2026-463055.5 MED1.0%
——0In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc
The return value of kzalloc_flex() is used without
ensuring that the allocation succeeded, and the
pointer is dereferenced unconditionally.
Guard the access to the allocated structure to
avoid a potential NULL pointer dereference if the
allocation fails.11dCVE-2025-68243—1.0%
——0——CVE-2022-47341—1.0%
——0——CVE-2026-43478—1.0%
——0——CVE-2017-6296—1.0%
——0——CVE-2026-15997—1.0%
——0Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers.
This vulnerability is associated with program files https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/shake.C, https://github.Com/bcgit/bc-lts-java/blob/main/native_c/arm/sha/sha3.C.
This issue affects BC-LTS: from 2.73.0 before 2.73.12.1.
Issue is only applicable if application involved is accepting memoable SHA3 / SHAKE states from potentially untrusted sources.2dCVE-2024-32110—1.0%
——0——CVE-2024-33055—1.0%
——0——CVE-2026-42645—1.0%
——0——CVE-2023-21129—1.0%
——0——CVE-2025-63014—1.0%
——0——CVE-2026-31710—1.0%
——0——CVE-2022-20377—1.0%
——0——