PULSE
LIVE23signals / 24h
FEED
ransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a The Nueva School · US · Educationransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Foundransomqilin reclama a KLD Labs · US · Technologyransomqilin reclama a Armara · FR · Not Foundransomqilin reclama a AK Preparedness · Business Servicesransomthreeam reclama a tws-tac.net · DE · Not Foundransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomnova reclama a FMZ Tecnologia em Sistemas · BR · Technologyransomqilin reclama a Heartland Catfish · US · Agriculture and Food Productionransomqilin reclama a Salina Supply · US · Business Servicesransomqilin reclama a St Martha Catholic Church · US · Consumer Servicesransomqilin reclama a The Nueva School · US · Educationransomdragonforce reclama a NewNet · SA · Telecommunicationransomqilin reclama a Sicc · IT · Not Foundransomqilin reclama a KLD Labs · US · Technologyransomqilin reclama a Armara · FR · Not Foundransomqilin reclama a AK Preparedness · Business Servicesransomthreeam reclama a tws-tac.net · DE · Not Foundransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturing
CVE Watch349,445 in full archive

Vulnerabilities exploitable today

349,445in current view

Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.

In KEV catalog1,647
New KEV · 24H0
Exploit Today ≥ 701,582

Distribution · last window

  • Critical
    1,330
  • High
    4,339
  • Medium
    3,697
  • Low
    289
Filters

Window

Severity

Flags

Vulnerabilities346,201–346,240 · 349,445
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-48552
0.9%
0
CVE-2026-156837.5 HIG
0.9%
0Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to exploit this vulnerability. The specific flaw exists within the device management functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-26851.4d
CVE-2022-47497
0.9%
0
CVE-2025-20248
0.9%
0
CVE-2021-25460
0.9%
0
CVE-2024-38302
0.9%
0
CVE-2022-20290
0.9%
0
CVE-2022-48239
0.9%
0
CVE-2022-20279
0.8%
0
CVE-2022-20289
0.8%
0
CVE-2022-48372
0.8%
0
CVE-2026-33786
0.8%
0
CVE-2022-47469
0.8%
0
CVE-2022-47485
0.8%
0
CVE-2022-48235
0.8%
0
CVE-2022-48237
0.8%
0
CVE-2022-48238
0.8%
0
CVE-2022-20442
0.8%
0
CVE-2025-68956
0.8%
0
CVE-2023-20990
0.8%
0
CVE-2023-20989
0.8%
0
CVE-2024-36323
0.8%
0
CVE-2025-62120
0.8%
0
CVE-2023-21008
0.8%
0
CVE-2023-21007
0.8%
0
CVE-2024-40661
0.8%
0
CVE-2022-4990
0.8%
0** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.1d
CVE-2022-27831
0.8%
0
CVE-2026-581985.5 MED
0.8%
0ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract() uses a predictable home-rooted output directory (~/ubuntu_data/ubuntu_dialogs) with a check-then-create pattern followed by tar.extractall(path=self.data_path), allowing a local attacker who pre-plants a symlink at the predictable path to cause archive contents to be written through the symlink to an attacker-chosen directory. This issue is fixed in version 1.2.14.9d
CVE-2024-47031
0.8%
0
CVE-2023-20986
0.8%
0
CVE-2025-61736
0.8%
0
CVE-2026-02684.4 MED
0.8%
0A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.5d
CVE-2022-20350
0.8%
0
CVE-2023-20993
0.8%
0
CVE-2022-42528
0.8%
0
CVE-2023-21006
0.8%
0
CVE-2022-20180
0.8%
0
CVE-2026-27415
0.8%
0
CVE-2026-415142.5 LOW
0.8%
0OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses non-constant-time `memcmp()` for label hash verification and has multiple distinguishable error paths. This creates a Manger-style padding oracle that allows an attacker to recover RSA-OAEP plaintext with approximately 1000-2000 adaptive chosen ciphertext queries. Only affects plat-d06 with `CFG_HISILICON_ACC_V3=y`, which seems to be disabled by default. Version 4.11.0 contains a patch. As a workaround, disable Hisilicon HPRE RSA driver with `CFG_HISILICON_ACC_V3=n`.11d