Vulnerabilities exploitable today
349,507in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,647
New KEV · 24H0
Exploit Today ≥ 701,582
Distribution · last window
- Critical1,331
- High4,364
- Medium3,727
- Low291
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-20064—1.0%
——0——CVE-2026-9987—1.0%
——0——CVE-2025-46696—1.0%
——0——CVE-2026-46157—1.0%
——0——CVE-2024-39819—1.0%
——0——CVE-2023-42728—1.0%
——0——CVE-2023-21241—1.0%
——0——CVE-2025-15037—1.0%
——0——CVE-2026-46256—1.0%
——0——CVE-2025-52540—1.0%
——0——CVE-2026-42479—1.0%
——0——CVE-2025-48578—1.0%
——0——CVE-2024-56193—1.0%
——0——CVE-2026-32043—1.0%
——0——CVE-2025-60791—1.0%
——0——CVE-2025-0044—1.0%
——0——CVE-2024-40593—1.0%
——0——CVE-2021-39747—1.0%
——0——CVE-2025-0280—1.0%
——0——CVE-2026-34854—1.0%
——0——CVE-2023-33883—1.0%
——0——CVE-2026-8863—1.0%
——0——CVE-2026-622365.4 MED1.0%
——0grav-plugin-login before 3.8.11 contains a cross-site request forgery (CSRF) vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core dispatches the task from the GET 'task:' URI parameter and the default session cookie is SameSite=Lax, an attacker can lure a logged-in victim to an off-site page that performs a top-level GET navigation, rotating the victim's TOTP secret so their enrolled authenticator no longer matches the server, effectively forcing 2FA re-enrollment. Sites configured with session.samesite: Strict are not affected.1dCVE-2024-0041—1.0%
——0——CVE-2023-33900—1.0%
——0——CVE-2022-23427—1.0%
——0——CVE-2026-41009—1.0%
——0——CVE-2026-5420—1.0%
——0——CVE-2022-21777—1.0%
——0——CVE-2025-20640—1.0%
——0——CVE-2026-4242—1.0%
——0——CVE-2025-68083—1.0%
——0——CVE-2024-42033—1.0%
——0——CVE-2025-54646—1.0%
——0——CVE-2025-53103—1.0%
——0——CVE-2025-68082—1.0%
——0——CVE-2026-45942—1.0%
——0——CVE-2022-21763—1.0%
——0——CVE-2022-32653—1.0%
——0——CVE-2021-0943—1.0%
——0——