8066
CVEs
684
Critical
3168
High
132
KEV
616
PoC
3417
Unpatched C/H
12.5%
Patch Rate
1.5%
Avg EPSS
Severity Breakdown
CRITICAL
684
HIGH
3168
MEDIUM
3744
LOW
469
Monthly CVE Trend
Affected Products (30)
Iphone Os
2907
macOS
1894
Mac Os X
1833
Tvos
1491
Ipados
1334
Watchos
1302
Safari
922
Itunes
589
iOS
556
Ios Xe
464
Icloud
319
Ios Xr
159
Visionos
156
Chrome
132
Debian Linux
95
Webkitgtk
87
Fedora
79
Quicktime
72
Webkit
64
Ipad Os
63
Ubuntu Linux
60
Ios And Ipados
56
Jwt Attack
49
Open Redirect
44
Mac Os X Server
43
Firefox
42
Windows
40
Python
35
Enterprise Linux Workstation
34
Enterprise Linux Server
34
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-3881 | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 94.3% | 213 |
KEV
PoC
No patch
|
| CVE-2016-4657 | WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 77.1% | 206 |
KEV
PoC
No patch
|
| CVE-2017-6736 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 89.0% | 203 |
KEV
PoC
No patch
|
| CVE-2016-6415 | The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.5 | 93.0% | 200 |
KEV
PoC
No patch
|
| CVE-2016-4655 | The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | MEDIUM | 5.5 | 81.7% | 194 |
KEV
PoC
No patch
|
| CVE-2016-4656 | The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.8 | 66.7% | 191 |
KEV
PoC
No patch
|
| CVE-2014-4404 | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.8 | 62.0% | 186 |
KEV
PoC
No patch
|
| CVE-2013-1017 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 81.3%. | CRITICAL | 9.3 | 81.3% | 163 |
PoC
No patch
|
| CVE-2012-3752 | Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 79.1%. | CRITICAL | 9.3 | 79.1% | 161 |
PoC
No patch
|
| CVE-2012-3753 | Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 78.1%. | CRITICAL | 9.3 | 78.1% | 160 |
PoC
No patch
|
| CVE-2017-13872 | An issue was discovered in certain Apple products. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 76.7%. | HIGH | 8.1 | 76.7% | 152 |
PoC
No patch
|
| CVE-2012-0663 | Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 69.6%. | CRITICAL | 9.3 | 69.6% | 151 |
PoC
No patch
|
| CVE-2015-7007 | Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.2%. | HIGH | 7.5 | 78.2% | 151 |
PoC
No patch
|
| CVE-2025-24085 | Apple CoreMedia contains a use-after-free vulnerability allowing malicious applications to elevate privileges, exploited in the wild against iOS versions before iOS 17.2 as part of targeted surveillance operations. | CRITICAL | 10.0 | 25.2% | 145 |
KEV
PoC
No patch
|
| CVE-2015-1130 | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.8 | 20.4% | 144 |
KEV
PoC
No patch
|