Vulnerabilities exploitable today
349,429in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,647
New KEV · 24H0
Exploit Today ≥ 701,582
Distribution · last window
- Critical1,327
- High4,319
- Medium3,691
- Low289
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-57438—0.7%
——0——CVE-2023-42741—0.7%
——0——CVE-2021-0875—0.7%
——0——CVE-2021-0874—0.7%
——0——CVE-2025-7007—0.7%
——0——CVE-2025-48566—0.7%
——0——CVE-2025-32331—0.7%
——0——CVE-2026-409527.8 HIG0.7%
——0CVE-2026-40952 is a privilege misconfiguration
in the Secure Access installer for the Windows client and server prior to
version 14.55. Attackers with local access to the client or server can use it
to elevate privileges to Administrator when Secure Access is installed in a
non-default location.2dCVE-2026-415152.5 LOW0.7%
——0OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses non-constant-time `memcmp()` for label hash verification and has multiple distinguishable error paths. This creates a Manger-style padding oracle that allows an attacker to recover RSA-OAEP plaintext with approximately 1000-2000 adaptive chosen ciphertext queries. Version 4.11.0 contains a patch. As a workaround, disable the NXP CAAM RSA driver with `CFG_CRYPTO_DRV_RSA=n`.11dCVE-2025-21060—0.7%
——0——CVE-2025-54638—0.7%
——0——CVE-2025-46587—0.7%
——0——CVE-2026-33565—0.7%
——0——CVE-2026-40385—0.7%
——0——CVE-2025-7214—0.7%
——0——CVE-2025-46588—0.7%
——0——CVE-2025-13668—0.7%
——0——CVE-2025-48565—0.7%
——0——CVE-2023-32808—0.7%
——0——CVE-2023-32810—0.7%
——0——CVE-2023-32809—0.7%
——0——CVE-2026-0032—0.7%
——0——CVE-2026-53820—0.7%
——0——CVE-2026-561174.7 MED0.7%
——0dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket and send a privileged command such as -x, causing control_recvdata() to free the client object while the same READ+HANGUP event subsequently reaches control_hangup() with the stale pointer, resulting in a use-after-free condition exploitable in deployments using --disable-privsep or where privsep initialization has failed with the control socket operating in mode 0666.3dCVE-2025-22422—0.7%
——0——CVE-2025-7215—0.7%
——0——CVE-2022-26436—0.7%
——0——CVE-2022-50277—0.7%
——0——CVE-2026-133223.8 LOW0.7%
——0A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.12dCVE-2026-23856—0.7%
——0——CVE-2025-38311—0.7%
——0——CVE-2024-47030—0.7%
——0——CVE-2025-48585—0.7%
——0——CVE-2026-8148—0.7%
——0——CVE-2022-42533—0.7%
——0——CVE-2021-0884—0.7%
——0——CVE-2023-20850—0.7%
——0——CVE-2021-0885—0.7%
——0——CVE-2025-48531—0.7%
——0——CVE-2026-0007—0.7%
——0——