Vulnerabilities exploitable today
349,427in current view
Single score combining CVSS, KEV membership and EPSS. Every CVE with its own record — timeline from publication to active exploitation.
In KEV catalog1,647
New KEV · 24H0
Exploit Today ≥ 701,582
Distribution · last window
- Critical1,327
- High4,319
- Medium3,685
- Low289
Window
Severity
Flags
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-50590—0.6%
——0——CVE-2025-48647—0.6%
——0——CVE-2026-0115—0.6%
——0——CVE-2026-43446—0.6%
——0——CVE-2023-32835—0.6%
——0——CVE-2022-20344—0.6%
——0——CVE-2023-21374—0.6%
——0——CVE-2026-132086.5 MED0.6%
——0A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity (namespace/name) solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI pipe socket, but no identity tag is propagated from the pipe path to the server handlers. This allows a compromised virt-launcher process to send forged domain lifecycle events for any other VMI scheduled on the same node, causing virt-handler to erroneously update that VMI's state and disrupt its lifecycle management.11dCVE-2022-20300—0.6%
——0——CVE-2022-20305—0.6%
——0——CVE-2026-556555.0 MED0.6%
——0A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.9dCVE-2022-20296—0.6%
——0——CVE-2022-20295—0.6%
——0——CVE-2022-20294—0.6%
——0——CVE-2022-33702—0.6%
——0——CVE-2023-21128—0.6%
——0——CVE-2023-35657—0.6%
——0——CVE-2022-20426—0.6%
——0——CVE-2023-20680—0.6%
——0——CVE-2025-9383—0.6%
——0——CVE-2018-9477—0.6%
——0——CVE-2022-20298—0.6%
——0——CVE-2022-20299—0.6%
——0——CVE-2022-20303—0.6%
——0——CVE-2023-21087—0.6%
——0——CVE-2025-8412—0.6%
——0A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently.
This issue affects Virtual Machine Driver Pack: before e7a602ec232756ead019bdf19d6d3b9d010cc94b.2dCVE-2023-20607—0.6%
——0——CVE-2022-47330—0.6%
——0——CVE-2024-27226—0.6%
——0——CVE-2026-23294—0.6%
——0——CVE-2024-27231—0.6%
——0——CVE-2026-401064.7 MED0.6%
——0Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.6.0 and above prior to 4.14.5 contain a heap-based buffer overflow vulnerability in the syscheck component of the Wazuh agent for Windows. When expanding registry paths containing wildcards (* or ?), the agent allocates a fixed-size heap buffer of 256 bytes (OS_SIZE_256). By creating a registry subkey with a maximum allowed length (255 characters) inside a monitored path, a low-privileged local attacker can force an out-of-bounds write during string concatenation. Since wazuh-agent.exe runs as NT AUTHORITY\SYSTEM, this can lead to a silent Denial of Service (blinding the agent) or potentially Local Privilege Escalation (LPE). This issue has been fixed in version 4.14.5.7hCVE-2022-38697—0.6%
——0——CVE-2022-47487—0.6%
——0——CVE-2026-132434.8 MED0.6%
——0Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3.4dCVE-2022-36847—0.6%
——0——CVE-2022-47340—0.6%
——0——CVE-2026-28711—0.6%
——0——CVE-2022-20312—0.6%
——0——CVE-2026-542666.1 MED0.6%
——0Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering (SSR) so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing request properties (method, response type, mapped URL, serialized body, and sorted query parameters). The cache keys are generated using a weak 32-bit DJB2-like polynomial rolling hash. The 32-bit hash space is extremely small, allowing attackers to find hash collisions. An attacker can easily find a query parameter string (e.g., q=aaCAZMMM for a search request) that produces the exact same 32-bit hash as a sensitive endpoint (e.g., /api/user/profile). When a victim visits a crafted link containing the colliding parameter, the SSR process executes both the search request and the profile request. Due to the hash collision, the search response overwrites the profile response in the TransferState cache. This vulnerability is fixed in 22.0.1, 21.2.17, and 20.3.25.8d