Vulnerabilidades explotables hoy
4,276en la vista actual
Score único combinando CVSS, membresía KEV y EPSS. Cada CVE con su ficha propia — timeline desde publicación hasta explotación activa.
En catálogo KEV1,644
Nuevos KEV · 24H0
Exploit Today ≥ 701,579
Distribución · última ventana
- Crítico1,298
- Alto4,252
- Medio3,575
- Bajo277
Ventana
Severidad
Filtros
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2019-15976—99.8%
——30——CVE-2023-35628—99.8%
——30——CVE-2022-21907—99.8%
——30——CVE-2026-435007.8 ALT99.8%
——30In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE
handler in rxrpc_verify_response() copy the skb to a linear one before
calling into the security ops only when skb_cloned() is true. An skb
that is not cloned but still carries externally-owned paged fragments
(e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via
__ip_append_data, or a chained skb_has_frag_list()) falls through to
the in-place decryption path, which binds the frag pages directly into
the AEAD/skcipher SGL via skb_to_sgvec().
Extend the gate to also unshare when skb_has_frag_list() or
skb_has_shared_frag() is true. This catches the splice-loopback vector
and other externally-shared frag sources while preserving the
zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC
page_pool RX, GRO). The OOM/trace handling already in place is reused.2dCVE-2016-7547—99.8%
——30——CVE-2016-0492—99.8%
——30——CVE-2022-1329—99.8%
——30——CVE-2012-1429—99.8%
——30——CVE-2022-24706—99.8%
KEV—80Apache CouchDB Insecure Default Initialization of Resource Vulnerability—CVE-2007-0071—99.8%
——30——CVE-2018-16509—99.8%
——30——CVE-2022-3786—99.8%
——30——CVE-2022-40022—99.8%
——30——CVE-2023-23488—99.8%
——30——CVE-2023-0050—99.8%
——30——CVE-2016-3427—99.8%
KEV—80Oracle Java SE and JRockit Unspecified Vulnerability—CVE-2022-21371—99.8%
——30——CVE-2026-35273—99.8%
KEVR80Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability—CVE-2024-9047—99.8%
——30——CVE-2021-25282—99.8%
——30——CVE-2022-43939—99.8%
KEV—80Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability—CVE-2017-5689—99.8%
KEV—80Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability—CVE-2019-2616—99.8%
KEV—80Oracle BI Publisher Unauthorized Access Vulnerability—CVE-2020-1350—99.8%
KEV—80Microsoft Windows DNS Server Remote Code Execution Vulnerability—CVE-2025-2747—99.8%
KEV—80Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability—CVE-2019-5420—99.8%
——30——CVE-2025-11371—99.8%
KEV—80Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability—CVE-2025-54309—99.8%
KEV—80 CrushFTP Unprotected Alternate Channel Vulnerability—CVE-2012-0754—99.8%
KEV—80Adobe Flash Player Memory Corruption Vulnerability—CVE-2019-6340—99.8%
KEV—80Drupal Core Remote Code Execution Vulnerability—CVE-2019-8943—99.8%
——30——CVE-2024-38653—99.8%
——30——CVE-2020-10148—99.8%
KEV—80SolarWinds Orion Authentication Bypass Vulnerability—CVE-2023-45288—99.8%
——30——CVE-2024-7399—99.8%
KEV—80Samsung MagicINFO 9 Server Path Traversal Vulnerability—CVE-2018-11138—99.8%
KEVR80Quest KACE System Management Appliance Remote Command Execution Vulnerability—CVE-2024-20439—99.8%
KEV—80Cisco Smart Licensing Utility Static Credential Vulnerability—CVE-2017-12629—99.8%
——30——CVE-2010-0249—99.8%
KEV—80Microsoft Internet Explorer Use-After-Free Vulnerability—CVE-2019-9193—99.8%
——30——