Vulnerabilities exploitable today
349,525in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,647
New KEV · 24H0
Exploit Today ≥ 701,582
Distribution · last window
- Critical1,333
- High4,369
- Medium3,738
- Low297
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-1790—1.0%
——0——CVE-2024-20097—1.0%
——0——CVE-2026-233685.5 MED1.0%
——0In the Linux kernel, the following vulnerability has been resolved:
net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and
LED_TRIGGER_PHY are enabled:
[ 1362.049207] [<8054e4b8>] led_trigger_register+0x5c/0x1fc <-- Trying to get lock "triggers_list_lock" via down_write(&triggers_list_lock);
[ 1362.054536] [<80662830>] phy_led_triggers_register+0xd0/0x234
[ 1362.060329] [<8065e200>] phy_attach_direct+0x33c/0x40c
[ 1362.065489] [<80651fc4>] phylink_fwnode_phy_connect+0x15c/0x23c
[ 1362.071480] [<8066ee18>] mtk_open+0x7c/0xba0
[ 1362.075849] [<806d714c>] __dev_open+0x280/0x2b0
[ 1362.080384] [<806d7668>] __dev_change_flags+0x244/0x24c
[ 1362.085598] [<806d7698>] dev_change_flags+0x28/0x78
[ 1362.090528] [<807150e4>] dev_ioctl+0x4c0/0x654 <-- Hold lock "rtnl_mutex" by calling rtnl_lock();
[ 1362.094985] [<80694360>] sock_ioctl+0x2f4/0x4e0
[ 1362.099567] [<802e9c4c>] sys_ioctl+0x32c/0xd8c
[ 1362.104022] [<80014504>] syscall_common+0x34/0x58
Here LED_TRIGGER_PHY is registering LED triggers during phy_attach
while holding RTNL and then taking triggers_list_lock.
[ 1362.191101] [<806c2640>] register_netdevice_notifier+0x60/0x168 <-- Trying to get lock "rtnl_mutex" via rtnl_lock();
[ 1362.197073] [<805504ac>] netdev_trig_activate+0x194/0x1e4
[ 1362.202490] [<8054e28c>] led_trigger_set+0x1d4/0x360 <-- Hold lock "triggers_list_lock" by down_read(&triggers_list_lock);
[ 1362.207511] [<8054eb38>] led_trigger_write+0xd8/0x14c
[ 1362.212566] [<80381d98>] sysfs_kf_bin_write+0x80/0xbc
[ 1362.217688] [<8037fcd8>] kernfs_fop_write_iter+0x17c/0x28c
[ 1362.223174] [<802cbd70>] vfs_write+0x21c/0x3c4
[ 1362.227712] [<802cc0c4>] ksys_write+0x78/0x12c
[ 1362.232164] [<80014504>] syscall_common+0x34/0x58
Here LEDS_TRIGGER_NETDEV is being enabled on an LED. It first takes
triggers_list_lock and then RTNL. A classical AB-BA deadlock.
phy_led_triggers_registers() does not require the RTNL, it does not
make any calls into the network stack which require protection. There
is also no requirement the PHY has been attached to a MAC, the
triggers only make use of phydev state. This allows the call to
phy_led_triggers_registers() to be placed elsewhere. PHY probe() and
release() don't hold RTNL, so solving the AB-BA deadlock.5dCVE-2025-64996—1.0%
——0——CVE-2023-33899—1.0%
——0——CVE-2025-46602—1.0%
——0——CVE-2026-5310—1.0%
——0——CVE-2023-33090—1.0%
——0——CVE-2025-54646—1.0%
——0——CVE-2024-42033—1.0%
——0——CVE-2021-0871—1.0%
——0——CVE-2026-11308—1.0%
——0——CVE-2021-25457—1.0%
——0——CVE-2022-20582—1.0%
——0——CVE-2022-32650—1.0%
——0——CVE-2021-39747—1.0%
——0——CVE-2022-32651—1.0%
——0——CVE-2026-622365.4 MED1.0%
——0grav-plugin-login before 3.8.11 contains a cross-site request forgery (CSRF) vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core dispatches the task from the GET 'task:' URI parameter and the default session cookie is SameSite=Lax, an attacker can lure a logged-in victim to an off-site page that performs a top-level GET navigation, rotating the victim's TOTP secret so their enrolled authenticator no longer matches the server, effectively forcing 2FA re-enrollment. Sites configured with session.samesite: Strict are not affected.2dCVE-2024-0041—1.0%
——0——CVE-2025-0044—1.0%
——0——CVE-2025-60791—1.0%
——0——CVE-2026-8863—1.0%
——0——CVE-2022-33700—1.0%
——0——CVE-2025-9164—1.0%
——0——CVE-2026-46165—1.0%
——0——CVE-2026-23357—1.0%
——0——CVE-2025-53103—1.0%
——0——CVE-2025-68083—1.0%
——0——CVE-2024-22451—1.0%
——0——CVE-2025-68082—1.0%
——0——CVE-2022-21763—1.0%
——0——CVE-2021-0943—1.0%
——0——CVE-2022-21764—1.0%
——0——CVE-2022-32653—1.0%
——0——CVE-2023-20753—1.0%
——0——CVE-2023-21214—1.0%
——0——CVE-2022-33698—1.0%
——0——CVE-2024-20095—1.0%
——0——CVE-2022-33699—1.0%
——0——CVE-2023-20966—1.0%
——0——