Vulnerabilidades explotables hoy
349,489en la vista actual
Score único combinando CVSS, membresía KEV y EPSS. Cada CVE con su ficha propia — timeline desde publicación hasta explotación activa.
En catálogo KEV1,647
Nuevos KEV · 24H0
Exploit Today ≥ 701,582
Distribución · última ventana
- Crítico1,331
- Alto4,356
- Medio3,715
- Bajo289
Ventana
Severidad
Filtros
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-14278——
——0Rejected reason: After further coordination, CVE was determined to not be warranted.9dCVE-2026-0112—0.0%
——0——CVE-2025-59610—0.0%
——0——CVE-2026-58461——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.4dCVE-2026-28549—0.0%
——0——CVE-2026-20415—0.0%
——0——CVE-2026-62178——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61427. Reason: This candidate is a duplicate of CVE-2026-61427. Notes: All CVE users should reference CVE-2026-61427 instead of this candidate.3dCVE-2025-15065—0.0%
——0——CVE-2025-66320—0.0%
——0——CVE-2025-66321—0.0%
——0——CVE-2026-213695.3 MED0.0%
——0Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.11dCVE-2025-66322—0.0%
——0——CVE-2026-62177——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-60085. Reason: This candidate is a duplicate of CVE-2026-60085. Notes: All CVE users should reference CVE-2026-60085 instead of this candidate.3dCVE-2026-62175——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-60091. Reason: This candidate is a duplicate of CVE-2026-60091. Notes: All CVE users should reference CVE-2026-60091 instead of this candidate.3dCVE-2026-62174——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61435. Reason: This candidate is a duplicate of CVE-2026-61435. Notes: All CVE users should reference CVE-2026-61435 instead of this candidate.3dCVE-2026-47105——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.18dCVE-2025-47344—0.0%
——0——CVE-2022-42770—0.0%
——0——CVE-2026-62165——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61446. Reason: This candidate is a duplicate of CVE-2026-61446. Notes: All CVE users should reference CVE-2026-61446 instead of this candidate.3dCVE-2026-43636——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.23hCVE-2025-71398——
——0SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net restrictions by redirecting to blocked IP addresses. Attackers can host a public server that redirects to denied network targets, enabling server-side request forgery to access internal endpoints and retrieve sensitive information.5hCVE-2024-583616.5 MED—
——0SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error rendering, crashing the server.5hCVE-2024-583596.5 MED—
——0SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand() clause. Authorized clients can execute queries with ORDER BY rand() to trigger a panic in the sorting function, crashing the server.5hCVE-2026-161206.3 MED—
——0A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/exec_approval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.5hCVE-2025-66326—0.0%
——0——CVE-2026-161246.3 MED—
——0A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/web_shared.go of the component web_fetch. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 3.15.0-beta.33 is able to mitigate this issue. The name of the patch is 12a0168271827650ddb0026d6277fbadf3dcf3ea. Upgrading the affected component is recommended.3hCVE-2022-42771—0.0%
——0——CVE-2023-20940—0.0%
——0——CVE-2026-50268—0.0%
——0——CVE-2026-49946——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.10dCVE-2026-213685.3 MED0.0%
——0Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.11dCVE-2026-14286——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.8dCVE-2022-33724—0.0%
——0——CVE-2026-50238——
——0Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified as a regular bug and will be addressed through the standard bug-fixing process.15dCVE-2026-20438—0.0%
——0——CVE-2026-58125——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.9dCVE-2025-66331—0.0%
——0——CVE-2026-8055——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-48866. Reason: This candidate is a reservation duplicate of CVE-2026-48866. Notes: All CVE users should reference CVE-2026-48866 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.3dCVE-2025-66333—0.0%
——0——CVE-2026-0121—0.0%
——0——