123
CVEs
24
Critical
69
High
1
KEV
22
PoC
75
Unpatched C/H
22.0%
Patch Rate
2.2%
Avg EPSS
Severity Breakdown
CRITICAL
24
HIGH
69
MEDIUM
28
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
33
Android
29
Raid Controller Web Interface
22
Windows
10
Dx Netops Spectrum
10
Iphone Os
8
Tvos
5
Debian Linux
5
Emulex Hba Manager
4
Cloud Foundation
3
Aria Operations
3
Telco Cloud Infrastructure
3
Telco Cloud Platform
3
Bcm4355C0 Firmware
3
Mac Os X
3
Watchos
2
Api Gateway Manager
2
Ubuntu Linux
2
H300s Firmware
1
H500s Firmware
1
Pipa C211 Web Interface
1
Ip Phone 8861 Firmware
1
Bcm4329
1
Bcm4325
1
Ip Phone 8865 Firmware
1
Ip Phone 8800 Series With Multiplatform Firmware
1
Hardmac Wi Fi Soc Firmware
1
Ip Phone 8841 Firmware
1
Ip Phone 8811 With Multiplatform Firmware
1
Ipados
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2016-0801 | The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.5%. | CRITICAL | 9.8 | 47.5% | 117 |
PoC
No patch
|
| CVE-2017-0561 | A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.9%. | CRITICAL | 9.8 | 38.9% | 108 |
PoC
|
| CVE-2017-9417 | Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.4%. | CRITICAL | 9.8 | 31.4% | 100 |
PoC
No patch
|
| CVE-2026-22719 | VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | HIGH | 8.1 | 7.4% | 98 |
KEV
|
| CVE-2017-11120 | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.4%. | CRITICAL | 9.8 | 24.4% | 93 |
PoC
No patch
|
| CVE-2012-2619 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%. | HIGH | 7.8 | 26.5% | 86 |
PoC
No patch
|
| CVE-2014-2046 | cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information. Rated critical severity (CVSS 9.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%. | CRITICAL | 9.7 | 12.3% | 81 |
PoC
No patch
|
| CVE-2013-4659 | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%. | CRITICAL | 9.8 | 11.5% | 81 |
PoC
No patch
|
| CVE-2017-11121 | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.1% | 71 |
PoC
No patch
|
| CVE-2017-6957 | Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 8.1 | 9.7% | 70 |
PoC
No patch
|
| CVE-2021-42772 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.2% | 69 |
PoC
No patch
|
| CVE-2023-31096 | An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.5% | 59 |
PoC
No patch
|
| CVE-2017-11122 | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 1.0% | 58 |
PoC
No patch
|
| CVE-2017-0569 | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available. | HIGH | 7.0 | 2.7% | 58 |
PoC
No patch
|
| CVE-2013-2852 | Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available. | MEDIUM | 6.9 | 0.2% | 55 |
PoC
No patch
|