Vulnerabilidades explotables hoy
9,869en la vista actual
Score único combinando CVSS, membresía KEV y EPSS. Cada CVE con su ficha propia — timeline desde publicación hasta explotación activa.
En catálogo KEV1,644
Nuevos KEV · 24H0
Exploit Today ≥ 701,579
Distribución · última ventana
- Crítico1,283
- Alto4,187
- Medio3,505
- Bajo268
Ventana
Severidad
Filtros
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-32489.8 CRÍ100.0%
KEVR80Langflow Missing Authentication Vulnerability2dCVE-2024-555919.8 CRÍ99.9%
KEVR80Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8dCVE-2021-422379.8 CRÍ99.9%
KEVR80Sitecore XP Remote Command Execution Vulnerability7dCVE-2026-314317.8 ALT99.9%
KEV—80Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability2dCVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2024-121210.0 CRÍ99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability3dCVE-2024-116809.8 CRÍ99.8%
KEV—80ProjectSend Improper Authentication Vulnerability2dCVE-2026-422089.8 CRÍ99.7%
KEV—80BerriAI LiteLLM SQL Injection Vulnerability2dCVE-2023-389507.5 ALT99.7%
KEV—80ZKTeco BioTime Path Traversal Vulnerability7dCVE-2022-262589.8 CRÍ99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability7dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2025-342918.8 ALT99.6%
KEV—80Langflow Origin Validation Error Vulnerability2dCVE-2021-252988.8 ALT99.5%
KEV—80Nagios XI OS Command Injection7dCVE-2021-252968.8 ALT99.3%
KEV—80Nagios XI OS Command Injection7dCVE-2021-252978.8 ALT98.9%
KEV—80Nagios XI OS Command Injection7dCVE-2026-202308.6 ALT98.5%
KEV—80Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability15dCVE-2026-4828210.0 CRÍ97.9%
KEV—79Adobe ColdFusion Path Traversal Vulnerability8dCVE-2008-41284.3 MED97.6%
KEV—79Cisco IOS Cross-Site Request Forgery Vulnerability3dCVE-2026-561645.3 MED92.0%
KEV—78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability2dCVE-2025-105859.8 CRÍ91.8%
KEV—78Google Chromium V8 Type Confusion Vulnerability2dCVE-2025-132238.8 ALT91.1%
KEV—77Google Chromium V8 Type Confusion Vulnerability2dCVE-2026-456598.8 ALT86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability14dCVE-2025-244728.1 ALT86.2%
KEVR76Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8dCVE-2026-562909.8 CRÍ85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability8dCVE-2026-489089.8 CRÍ72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability8dCVE-2026-489399.8 CRÍ71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2026-154107.2 ALT71.1%
KEV—71SonicWall SMA1000 Appliances Code Injection Vulnerability16hCVE-2025-312778.8 ALT71.0%
KEV—71Apple Multiple Products Buffer Overflow Vulnerability2dCVE-2026-1540910.0 CRÍ66.4%
KEV—70SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability16hCVE-2026-125699.8 CRÍ66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability16dCVE-2026-4855810.0 CRÍ63.5%
KEV—69SimpleHelp Authentication Bypass Vulnerability16dCVE-2026-468179.8 CRÍ60.3%
KEV—68Oracle E-Business Suite Improper Privilege Management Vulnerability16hCVE-2025-670389.8 CRÍ55.3%
KEV—67Lantronix EDS5000 Code Injection Vulnerability10dCVE-2023-43467.5 ALT54.2%
KEV—66KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability16hCVE-2026-562919.8 CRÍ53.6%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2026-552558.4 ALT42.8%
KEV—63Langflow Authorization Bypass Through User-Controlled Key Vulnerability8dCVE-2026-561557.8 ALT30.2%
KEV—59Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability 1dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.8dCVE-2023-376799.8 CRÍ99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.8d