Vulnerabilidades explotables hoy
349,489en la vista actual
Score único combinando CVSS, membresía KEV y EPSS. Cada CVE con su ficha propia — timeline desde publicación hasta explotación activa.
En catálogo KEV1,647
Nuevos KEV · 24H0
Exploit Today ≥ 701,582
Distribución · última ventana
- Crítico1,331
- Alto4,356
- Medio3,715
- Bajo289
Ventana
Severidad
Filtros
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-32317—0.0%
——0——CVE-2025-20801—0.0%
——0——CVE-2026-62287——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61873. Reason: This candidate is a duplicate of CVE-2026-61873. Notes: All CVE users should reference CVE-2026-61873 instead of this candidate.3dCVE-2026-49944——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.10dCVE-2026-25260—0.0%
——0——CVE-2026-58407——
——0Rejected reason: Please submit CVE requests for each vulnerability.5dCVE-2026-12374—0.0%
——0Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller verification and a symlink swap during package installation.16dCVE-2026-24349—0.0%
——0——CVE-2025-45764—0.0%
——0——CVE-2025-36916—0.0%
——0——CVE-2025-27070—0.0%
——0——CVE-2026-213845.3 MED0.0%
——0Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.11dCVE-2025-66334—0.0%
——0——CVE-2023-20914—0.0%
——0——CVE-2026-148685.5 MED0.0%
——0The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.9dCVE-2025-47332—0.0%
——0——CVE-2026-49945——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.10dCVE-2026-58212——
——0Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies have Vulnerabilities.10dCVE-2026-213705.3 MED0.0%
——0Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.11dCVE-2026-14253——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2dCVE-2026-11740——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2dCVE-2026-62173——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61433. Reason: This candidate is a duplicate of CVE-2026-61433. Notes: All CVE users should reference CVE-2026-61433 instead of this candidate.3dCVE-2026-62172——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61436. Reason: This candidate is a duplicate of CVE-2026-61436. Notes: All CVE users should reference CVE-2026-61436 instead of this candidate.3dCVE-2026-62168——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61443. Reason: This candidate is a duplicate of CVE-2026-61443. Notes: All CVE users should reference CVE-2026-61443 instead of this candidate.3dCVE-2026-62164——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-60087. Reason: This candidate is a duplicate of CVE-2026-60087. Notes: All CVE users should reference CVE-2026-60087 instead of this candidate.3dCVE-2026-62169——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61430. Reason: This candidate is a duplicate of CVE-2026-61430. Notes: All CVE users should reference CVE-2026-61430 instead of this candidate.3dCVE-2026-61829——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61452. Reason: This candidate is a duplicate of CVE-2026-61452. Notes: All CVE users should reference CVE-2026-61452 instead of this candidate.3dCVE-2026-61841——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61449. Reason: This candidate is a duplicate of CVE-2026-61449. Notes: All CVE users should reference CVE-2026-61449 instead of this candidate.3dCVE-2025-66332—0.0%
——0——CVE-2025-47330—0.0%
——0——CVE-2026-61692——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61454. Reason: This candidate is a duplicate of CVE-2026-61454. Notes: All CVE users should reference CVE-2026-61454 instead of this candidate.5dCVE-2026-61839——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-61451. Reason: This candidate is a duplicate of CVE-2026-61451. Notes: All CVE users should reference CVE-2026-61451 instead of this candidate.3dCVE-2026-252717.8 ALT0.0%
——0Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.11dCVE-2026-61605——
——0Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-58655. Reason: This candidate is a duplicate of CVE-2026-58655. Notes: All CVE users should reference CVE-2026-58655 instead of this candidate.3dCVE-2026-8281——
——0Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.3dCVE-2025-71397——
——0SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions (at the root, namespace, or database level) to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is constrained, nesting multiple loops (e.g., each with 1,000,000 iterations) is not, so an attacker can execute a function that consumes all server CPU time. Configured timeouts do not stop the execution, rendering the server unresponsive to other queries and connections until it is manually restarted.5hCVE-2026-156318.7 ALT—
——0Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which collapses dot segments, so a crafted upgrade request with path traversal sequences can escape the rewrite prefix and reach upstream endpoints that were not meant to be exposed by the proxy. This is a variant of CVE-2021-21322 in a code path that never went through the HTTP fix in fastify/reply-from. Exploitation requires a non-normalizing WebSocket client, since browsers and the ws package normalize the request path before sending, but raw HTTP clients or downstream proxies that forward the request target unchanged make the attack reachable in production topologies.
Patches: upgrade to @fastify/http-proxy 11.6.0.
Workarounds: none.6hCVE-2024-583584.9 MED—
——0SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with nonexistent roles. Attackers can trigger an uncaught panic by signing in with a user assigned an invalid role, crashing the server.5hCVE-2024-583576.5 MED—
——0SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time() function that panics when unwrap is called on a None result from timestamp_opt. Authorized clients can repeatedly invoke rand::time() to reliably trigger server panics and cause denial of service.5hCVE-2024-58356——
——0SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, and the administrator may incorrectly believe the change was applied. As a result, a client authorized to run queries may continue to access data in that table that the updated (but unapplied) permissions were intended to restrict.5h