153
Open CVEs
0
Exploited
0
KEV
10
Unpatched
0
No Workaround
52
Internet-facing
Why this provider is risky now
This provider has 153 open CVE(s) in the last 30 days. 10 have no vendor patch. 52 affect internet-facing services. 11 impact the management/identity plane.
10 Unpatched
11 Mgmt / Admin Plane
52 Internet-facing
Top Risky CVEs
CVE-2026-33054
Act Now
A path traversal vulnerability in A Path Traversal vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affected systems.
Within 24 hours: Inventory all systems and applications using the Mesop pip package; isolate affected systems from production networks if critical. Within 7 days: Implement network segmentation to restrict Mesop application access; deploy WAF rules to block path traversal patterns; disable FileStateSessionBackend if alternative session backends are available. Within 30 days: Migrate to alternative web frameworks; establish vendor communication for patch timeline; conduct forensic review of server access logs for exploitation indicators.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-22: Path Traversal)
- • Third-party ICT: Microsoft Windows
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Microsoft Windows (Operating Systems)
10.0
CVSS
0.1%
EPSS
50
Priority
GV Edge Recording Manager (ERM) v2.3.1 improperly executes application components with SYSTEM-level privileges, allowing any local user to escalate privileges and gain full control of the operating system. The vulnerability stems from the Windows service running under the LocalSystem account and spawning child processes with elevated privileges, particularly when file dialogs are invoked during operations like data import. This is a local privilege escalation vulnerability with high real-world risk due to the ease of exploitation and the severity of the impact.
Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.
ICT dependency
No patch available
Management plane
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Third-party ICT: Microsoft Windows
- • No patch available
- • Management plane (Execution with Unnecessary Privileges)
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Microsoft Windows (Operating Systems)
- • No remediation available
- • Authentication / access control weakness
10.0
CVSS
0.0%
EPSS
50
Priority
CVE-2026-26167
This Week
Local privilege escalation in Windows Push Notifications across Windows 10/11 and Server 2016-2025 allows low-privileged authenticated users to gain SYSTEM-level access via race condition exploitation. The vulnerability affects all currently supported Windows versions with confirmed vendor patches available. Attack complexity is low with no user interaction required, enabling straightforward exploitation once local access is obtained. The scope change (S:C) indicates the attacker can impact reso
Within 24 hours: Inventory all Windows 10, 11, and Server 2016-2025 systems in your environment and confirm current patch levels. Within 7 days: Apply vendor-released security updates to all affected systems-prioritize domain controllers, privileged access workstations, and systems handling sensitive data. Within 30 days: Complete remediation across all remaining Windows systems; verify patch installation via Windows Update history or WSUS reporting.
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Microsoft Windows
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Microsoft Windows (Operating Systems)
8.8
CVSS
0.1%
EPSS
49
Priority
CVE-2026-33824
Act Now
Remote code execution vulnerability in Windows IKE Extension affects Windows 10/11 and Windows Server 2016-2025 via double-free memory corruption (CWE-415). Unauthenticated remote attackers can exploit this over the network with low complexity to achieve complete system compromise (CVSS 9.8). Vendor-released patches are available per Microsoft's security update guide. No public exploit identified at time of analysis, but the critical CVSS score and network attack vector indicate high real-world
Within 24 hours: Verify all Windows 10, 11, and Server 2016-2025 systems in the environment and confirm patch availability status from Microsoft security updates. Within 7 days: Deploy the vendor-released patch across all affected systems, prioritizing internet-facing and critical infrastructure servers. Within 30 days: Complete patch deployment across the entire Windows estate and validate remediation through vulnerability scanning.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing technique: authentication-bypass
- • Third-party ICT: Microsoft Windows
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Microsoft Windows (Operating Systems)
9.8
CVSS
0.1%
EPSS
49
Priority
CVE-2026-33066
Act Now
SiYuan's Bazaar (community package marketplace) fails to sanitize HTML in package README files during rendering, allowing stored XSS that escalates to remote code execution due to unsafe Electron configuration. An attacker can submit a malicious package with embedded JavaScript in the README that executes with full Node.js access when any user views the package details in the Bazaar. This affects SiYuan versions 3.5.9 and earlier across Windows, macOS, and Linux, with a CVSS score of 9.6 and multiple real-world exploitation vectors including data theft, reverse shells, and persistent backdoors.
Within 24 hours: Identify all affected systems and apply vendor patches immediately. Verify anti-CSRF tokens and content security policies are enforced.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-79: Cross-site Scripting (XSS))
- • Third-party ICT: Microsoft Windows, Apple
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Microsoft Windows (Operating Systems)
- • ICT provider: Apple (Operating Systems)
9.0
CVSS
0.5%
EPSS
45
Priority
CVE-2026-33067
Act Now
SiYuan's Bazaar marketplace fails to sanitize package metadata (displayName, description) before rendering in the Electron desktop application, allowing stored XSS that escalates to arbitrary remote code execution. Any SiYuan user (versions ≤3.5.9) who browses the Bazaar will automatically execute attacker-controlled code with full OS-level privileges when a malicious package card renders-no installation or user interaction required. A functional proof-of-concept exists demonstrating command execution via img onerror handlers, and this vulnerability is actively tracked in GitHub's advisory database (GHSA-mvpm-v6q4-m2pf), making it a critical supply-chain risk to the SiYuan user community.
Within 24 hours: Identify all affected systems and apply vendor patches immediately. Verify anti-CSRF tokens and content security policies are enforced.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-79: Cross-site Scripting (XSS))
- • Third-party ICT: Microsoft Windows, Apple
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Microsoft Windows (Operating Systems)
- • ICT provider: Apple (Operating Systems)
9.0
CVSS
0.4%
EPSS
45
Priority
CVE-2025-65115
This Week
Remote code execution in Hitachi's JP1/IT Desktop Management suite allows authenticated network attackers to execute arbitrary code on Windows systems running Manager, Operations Director, and Client components. Affects multiple product generations spanning versions 9.x through 13.x across nine distinct product lines. CVSS score of 8.8 reflects network-accessible attack surface with low complexity requiring only low-privilege authentication. No public exploit identified at time of analysis, though CWE-73 (external control of file name or path) indicates potential for path traversal-based exploitation. Hitachi has released patches addressing versions 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, and 12-60-12 for actively supported products.
Within 24 hours: Identify all systems running Hitachi JP1/IT Desktop Management suite versions 9.x-13.x (Manager, Operations Director, Client components) and document current installed versions. Within 7 days: Apply vendor-released patches to versions 13-50-02, 13-11-04, 13-10-07, 13-01-07, 13-00-05, and 12-60-12 per Hitachi advisory; prioritize versions 13.x first. Within 30 days: Complete patch deployment across all affected product lines, verify patching in staging environment before production rollout, and conduct post-patch validation testing.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Internet-facing technique: rce
- • Third-party ICT: Microsoft Windows
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Microsoft Windows (Operating Systems)
8.8
CVSS
0.1%
EPSS
44
Priority
CVE-2026-26163
This Week
Windows Kernel double free vulnerability enables local privilege escalation across Windows 10, 11, and Server editions when exploited by authenticated users with low-level privileges. The CWE-415 flaw affects all currently supported Windows versions from legacy Windows Server 2012 R2 through the latest Windows 11 26H1 and Windows Server 2025 builds. With CVSS 7.8 (AV:L/AC:L/PR:L), the vulnerability requires only local access and low-privilege authentication, making it valuable for second-stage a
Within 24 hours: Verify patch availability from Microsoft and prioritize inventory of affected systems (Windows 10, 11, Server 2012 R2-2025). Within 7 days: Deploy vendor-released patch to all production Windows systems, prioritizing servers and high-value endpoints; test patch in non-production environment first. Within 30 days: Achieve 100% patch coverage across the organization and validate remediation via security scanning; review and strengthen controls on local account privilege escalation and lateral movement detection.
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Microsoft Windows
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Microsoft Windows (Operating Systems)
7.8
CVSS
0.1%
EPSS
44
Priority
CVE-2026-26179
This Week
Local privilege escalation in the Windows Kernel via double free vulnerability enables low-privileged authenticated users to gain SYSTEM-level access across Windows 11 (versions 22H3 through 26H1) and Windows Server 2022/2025. The vulnerability requires local access and low privileges (PR:L) but presents low attack complexity (AC:L) with no user interaction required. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the straightforward attack complexity and severe impact make this a priority for patching in enterprise environments.
Within 24 hours: Identify all Windows 11 and Windows Server 2022/2025 systems in your environment and confirm current patch levels. Within 7 days: Deploy vendor-released patches to all affected systems beginning with critical infrastructure and servers handling sensitive data; prioritize Windows Server systems in production environments. Within 30 days: Achieve 100% patch coverage across all Windows 11 and Windows Server 2022/2025 deployments and validate remediation through configuration management tools.
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Microsoft Windows
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Microsoft Windows (Operating Systems)
7.8
CVSS
0.1%
EPSS
44
Priority
CVE-2026-26180
This Week
Heap-based buffer overflow in the Windows Kernel enables local privilege escalation to SYSTEM on Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server (2012 through 2025). Authenticated local attackers with low privileges can exploit this memory corruption vulnerability to gain complete system control. Microsoft has released patches addressing 21 affected product versions. No public exploit identified at time of analysis, though the local attack vec
Within 24 hours: Identify all affected Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2012-2025) systems in your environment. Within 7 days: Deploy Microsoft's released security patch to all affected devices via Windows Update or WSUS; prioritize domain controllers, administrative workstations, and servers hosting sensitive data. Within 30 days: Complete patch deployment across all remaining systems and verify remediation through vulnerability scanning.
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Microsoft Windows
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Microsoft Windows (Operating Systems)
7.8
CVSS
0.1%
EPSS
44
Priority
By Exposure
Internet-facing
52
Mgmt / Admin Plane
11
Identity / Auth
5
Internal only
99
By Exploitability
Known exploited
0
Public PoC
0
High EPSS (>30%)
0
Remote unauthenticated
17
Local only
122
By Remediation
Patch available
143
No patch
10
Workaround available
106
No workaround
0
Affected Services / Product Families
Windows Server 2025
121 CVE(s)
+ 111 more
Windows Server 2022
114 CVE(s)
+ 104 more
Windows Server 2019
104 CVE(s)
+ 94 more
Windows Server 2016
85 CVE(s)
+ 75 more
Windows Server 2012
56 CVE(s)
+ 46 more
Windows
27 CVE(s)
+ 17 more