7
CVEs
0
Critical
3
High
1
KEV
0
PoC
0
Unpatched C/H
71.4%
Patch Rate
1.1%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
3
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
33
Android
29
Raid Controller Web Interface
22
Windows
10
Dx Netops Spectrum
10
Iphone Os
8
Tvos
5
Debian Linux
5
Emulex Hba Manager
4
Cloud Foundation
3
Aria Operations
3
Telco Cloud Infrastructure
3
Telco Cloud Platform
3
Bcm4355C0 Firmware
3
Mac Os X
3
Watchos
2
Api Gateway Manager
2
Ubuntu Linux
2
H300s Firmware
1
H500s Firmware
1
Pipa C211 Web Interface
1
Ip Phone 8861 Firmware
1
Bcm4329
1
Bcm4325
1
Ip Phone 8865 Firmware
1
Ip Phone 8800 Series With Multiplatform Firmware
1
Hardmac Wi Fi Soc Firmware
1
Ip Phone 8841 Firmware
1
Ip Phone 8811 With Multiplatform Firmware
1
Ipados
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-22719 | VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | HIGH | 8.1 | 7.4% | 98 |
KEV
|
| CVE-2026-8370 | Local privilege escalation in Broadcom Automic Automation Agent versions prior to 24.4.4 HF1 allows authenticated low-privileged users on Unix-family systems (Linux x64, Linux Power 64 BE/LE, zLinux, AIX, Solaris x64, Solaris Sparc 64) to abuse the agent's elevated privileges and target programs running with higher rights. The CVSS 4.0 score of 8.5 reflects high confidentiality, integrity, and availability impact achievable from a local foothold, with no public exploit identified at time of analysis. | HIGH | 8.5 | 0.0% | 42 |
|
| CVE-2026-22720 | Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2025-13918 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. [CVSS 6.7 MEDIUM] | MEDIUM | 6.7 | 0.0% | 34 |
No patch
|
| CVE-2026-22721 | Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001. | MEDIUM | 6.2 | 0.1% | 31 |
|
| CVE-2026-53093 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix error pointer dereference The function brcmf_chip_add_core() | – | 0.2% | 0 |
|
|
| CVE-2026-23041 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources() which destroys the DMA pool and sets bp->hwrm_dma_pool to NULL. | – | 0.0% | 0 |
No patch
|