277
Open CVEs
1
Exploited
1
KEV
125
Unpatched
6
No Workaround
96
Internet-facing
Why this provider is risky now
This provider has 277 open CVE(s) in the last 90 days. 1 listed in CISA KEV (known exploited). 125 have no vendor patch. 96 affect internet-facing services. 54 impact the management/identity plane.
1 KEV
1 Exploited
125 Unpatched
54 Mgmt / Admin Plane
6 Public PoC
6 No Workaround
96 Internet-facing
Top Risky CVEs
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CVE-2026-20700, CVSS 7.8) that allows attackers with memory write capability to execute arbitrary code at the kernel level. KEV-listed with Apple confirming reports of sophisticated in-the-wild exploitation, this represents an active zero-day targeting the Apple ecosystem at its most fundamental security boundary.
Within 24 hours: Inventory all Apple devices (mobile, desktop, wearables) in your environment and disable non-essential network access where feasible. Within 7 days: Implement enhanced endpoint monitoring for suspicious process behavior, memory access patterns, and lateral movement; escalate this to your SOC. Within 30 days: Establish a rapid patch deployment process with Apple when version 26.3 releases across all platforms, prioritizing devices with sensitive data access.
Edge exposure
ICT dependency
Active exploitation
No patch available
KEV
PoC
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: rce
- • Third-party ICT: Apple
- • Exploited in the wild (CISA KEV)
- • No patch available
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Apple (Operating Systems)
- • Known exploited vulnerability (KEV)
- • No remediation available
7.8
CVSS
0.4%
EPSS
109
Priority
CVE-2026-28403
This Week
Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websites to establish unauthorized connections to the local DirectorServer and inject arbitrary commands. An attacker can exploit this from a browser to gain full remote control of teleprompter content without user interaction beyond visiting a compromised page. Public exploit code exists for this vulnerability; updating to version 1.5.1 or later resolves the issue.
Within 24 hours: Identify and inventory all macOS systems running Textream versions prior to 1.5.1 and restrict network access to affected systems. Within 7 days: Update all instances of Textream to version 1.5.1 or later and verify successful patch deployment. Within 30 days: Conduct audit of Textream usage across the organization and document baseline for future vulnerability tracking.
ICT dependency
PoC
Patched
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Apple
- • Proof of concept available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Apple (Operating Systems)
7.6
CVSS
0.0%
EPSS
58
Priority
RustDesk Client through version 1.4.5 fails to properly verify data authenticity in its heartbeat synchronization loop, allowing remote attackers to manipulate the protocol and cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects Windows, macOS, Linux, Android, and iOS deployments.
Within 24 hours: Identify all RustDesk Client deployments across the organization and assess business-critical usage. Within 7 days: Implement network segmentation to isolate RustDesk traffic, enable enhanced logging/monitoring on RustDesk connections, and restrict RustDesk usage to essential personnel only. Within 30 days: Evaluate alternative remote access solutions, coordinate with RustDesk for patch availability, and develop a migration plan if patches remain unavailable.
ICT dependency
No patch available
PoC
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Microsoft Windows, Linux, Apple
- • Proof of concept available
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • HIGH severity
- • ICT provider: Microsoft Windows (Operating Systems)
- • ICT provider: Linux (Operating Systems)
- • ICT provider: Apple (Operating Systems)
- • No remediation available
7.5
CVSS
0.0%
EPSS
58
Priority
CVE-2026-28412
This Month
Textream versions prior to 1.5.1 lack connection limits on the DirectorServer WebSocket, allowing remote attackers to trigger denial of service by flooding the server with requests that trigger periodic state broadcasts, exhausting system resources and crashing the application during live sessions. Public exploit code exists for this vulnerability. The issue is resolved in version 1.5.1 and later.
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.
ICT dependency
PoC
Patched
Why flagged?
6.5
CVSS
0.0%
EPSS
53
Priority
CVE-2026-3102
This Month
Command injection in exiftool's PNG file parser on macOS allows remote attackers to execute arbitrary OS commands by manipulating the DateTimeOriginal argument in the SetMacOSTags function. Public exploit code exists for this vulnerability, and affected users should upgrade to version 13.50 or later to remediate the issue.
Within 30 days: Identify affected systems running exiftool and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.
Edge exposure
ICT dependency
PoC
Patched
Why flagged?
6.3
CVSS
0.2%
EPSS
52
Priority
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
Within 24 hours: Immediately disable or restrict the code-quality.yml workflow to prevent execution on pull requests from forks; review recent pull requests and build artifacts for suspicious activity. Within 7 days: Implement mandatory code review and approval processes for all workflow modifications; audit GitHub Actions permissions and consider using GITHUB_TOKEN with read-only access for fork PRs. Within 30 days: Migrate to GitHub Actions environment protection rules or alternative CI/CD solutions with stronger fork isolation; establish a formal supply chain security review process for all development tooling.
Edge exposure
ICT dependency
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: rce
- • Third-party ICT: Apple
- • No patch available
- • Management plane (Improper Privilege Management)
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Apple (Operating Systems)
- • No remediation available
- • Authentication / access control weakness
10.0
CVSS
0.1%
EPSS
50
Priority
CVE-2026-39842
Act Now
Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c
Within 24 hours: Inventory all OpenRemote deployments and document current versions; restrict write:rules role to only trusted superuser accounts and disable rules engine if possible. Within 7 days: Test upgrade path to OpenRemote 1.20.3 or later in a non-production environment; implement network segmentation to limit rules engine access. Within 30 days: Complete upgrade of all production OpenRemote instances to version 1.20.3 or later; audit logs for any rules created by non-superuser accounts since deployment; validate tenant isolation is functioning post-patch.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-94: Code Injection)
- • Third-party ICT: Docker, PostgreSQL, Apple
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Docker (Dev Platforms & CI/CD)
- • ICT provider: PostgreSQL (Databases & Data Platforms)
- • ICT provider: Apple (Operating Systems)
9.9
CVSS
0.1%
EPSS
50
Priority
Address bar spoofing in Firefox before 148 allows malicious scripts to desynchronize the displayed URL from actual web content before receiving a response, enabling phishing attacks.
Within 24 hours: Issue security alert to all staff using Firefox iOS, advising against business-critical transactions on affected versions and recommending Chrome/Safari as temporary alternatives. Within 7 days: Inventory all Firefox iOS deployments across organization; disable iOS Firefox in Mobile Device Management (MDM) if business-critical usage detected. Within 30 days: Monitor for patch release (v147.4 or later); deploy immediately upon availability through MDM; re-enable Firefox only after patch confirmation.
ICT dependency
No patch available
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Third-party ICT: Apple
- • No patch available
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Apple (Operating Systems)
- • No remediation available
9.8
CVSS
0.1%
EPSS
49
Priority
CVE-2026-28858
Act Now
Insufficient bounds checking in Apple iOS and iPadOS 26.4 allows unauthenticated remote attackers to trigger buffer overflow conditions that corrupt kernel memory or cause system crashes without user interaction. This critical vulnerability affects all devices running the affected OS versions and has no available patch. An attacker can exploit this flaw over the network to achieve denial of service or potentially escalate privileges through kernel memory corruption.
Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Third-party ICT: Apple
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Apple (Operating Systems)
9.8
CVSS
0.0%
EPSS
49
Priority
Missing authentication in Acronis Cyber Protect Cloud Agent (Linux, Windows, macOS).
Within 24 hours: Inventory all systems running affected software and isolate critical instances from untrusted networks; notify stakeholders and activate incident response team. Within 7 days: Deploy compensating controls (network segmentation, WAF rules blocking unauthenticated requests, access restrictions); conduct forensic review for unauthorized access. Within 30 days: Monitor vendor security advisories for patch availability; plan immediate patching upon release; document all mitigation steps for compliance audit trail.
Edge exposure
ICT dependency
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-306: Missing Authentication for Critical Function)
- • Third-party ICT: Microsoft Windows, Linux, Apple
- • No patch available
- • Management plane (Missing Authentication for Critical Function)
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Microsoft Windows (Operating Systems)
- • ICT provider: Linux (Operating Systems)
- • ICT provider: Apple (Operating Systems)
- • No remediation available
- • Authentication / access control weakness
9.8
CVSS
0.0%
EPSS
49
Priority
By Exposure
Internet-facing
96
Mgmt / Admin Plane
54
Identity / Auth
23
Internal only
163
By Exploitability
Known exploited
1
Public PoC
6
High EPSS (>30%)
0
Remote unauthenticated
108
Local only
120
By Remediation
Patch available
152
No patch
125
Workaround available
247
No workaround
6
Affected Services / Product Families
Apple
253 CVE(s)
+ 243 more
macOS
144 CVE(s)
CVE-2025-15523
Unpatched
+ 134 more
iOS
57 CVE(s)
CVE-2025-11598
Unpatched
+ 47 more