247
CVEs
21
Critical
79
High
0
KEV
25
PoC
14
Unpatched C/H
89.5%
Patch Rate
1.2%
Avg EPSS
Severity Breakdown
CRITICAL
21
HIGH
79
MEDIUM
136
LOW
8
Monthly CVE Trend
Affected Products (30)
Linux Kernel
81
Debian Linux
17
Python
16
Node.js
9
Ubuntu Linux
9
Docker
7
Ubuntu
7
PHP
6
Xen
6
Redis
5
OpenSSL
5
Jwt Attack
4
Xenserver
4
Go Ethereum
3
Leap
2
Cloud Backup
2
Windows Server 2008
2
Glibc
2
Windows 7
2
Chrome
2
Traefik
2
Fedora
2
Snapd
2
Contao
2
Kubernetes
2
PostgreSQL
2
Lxd
2
Gitea
2
Tomcat
1
Erlang Otp
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2012-0217 | The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%. | HIGH | 7.2 | 88.0% | 159 |
PoC
No patch
|
| CVE-2026-33309 | An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory. | CRITICAL | 9.9 | 0.1% | 70 |
PoC
|
| CVE-2019-7304 | Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 61.1% | 69 |
PoC
No patch
|
| CVE-2026-33186 | An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTTP/2 requests with malformed :path pseudo-headers that omit the mandatory leading slash (e.g., 'Service/Method' instead of '/Service/Method'). This affects gRPC-Go servers using path-based authorization interceptors like google.golang.org/grpc/authz with deny rules for canonical paths but fallback allow rules. The vulnerability has a CVSS score of 9.1 (Critical) with network-based exploitation requiring no privileges or user interaction, enabling attackers to access restricted services and potentially exfiltrate or modify sensitive data. | CRITICAL | 9.1 | 0.0% | 66 |
PoC
|
| CVE-2026-50180 | Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfiltrate files from the PostgreSQL host even under the strict default config (allow_dangerous_operations=False, allowed_statement_types=['SELECT']). The _validate_query blocklist enumerates dangerous functions by exact name and misses the pg_read_file/pg_stat_file/pg_ls_*/pg_current_logfile family (plus MSSQL OPENDATASOURCE and keyword-less SQLite ATTACH), so these SELECT-shaped payloads pass both the statement-type allowlist and the regex blocklist and reach the live SQLAlchemy engine. Publicly available exploit code exists (a working PoC ships in the GHSA advisory); no public exploit identified as actively exploited and this is not in CISA KEV. | HIGH | 8.7 | 0.7% | 64 |
PoC
|
| CVE-2020-14966 | An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | HIGH | 7.5 | 1.1% | 59 |
PoC
|
| CVE-2020-13822 | The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 7.7 | 2.6% | 58 |
PoC
|
| CVE-2026-29181 | Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger severe CPU and memory amplification via crafted HTTP baggage headers. The vulnerability allows unauthenticated attackers to send multiple baggage header lines that bypass the 8192-byte per-value parse limit by triggering repeated parsing operations - achieving 77x memory amplification (10.3MB vs 133KB per request) in vendor-provided proof-of-concept testing. Vendor-released patch available in v1.41.0. EPSS data not available; no confirmed active exploitation (not in CISA KEV); publicly available exploit code exists (vendor-provided PoC demonstrating 77x amplification). | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2019-7303 | A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 3.7% | 58 |
PoC
No patch
|
| CVE-2014-4699 | The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows. Rated medium severity (CVSS 6.9). Public exploit code available. | MEDIUM | 6.9 | 1.1% | 56 |
PoC
|
| CVE-2017-7725 | concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.1 | 3.6% | 54 |
PoC
No patch
|
| CVE-2026-48816 | Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity window checks by controlling the `integratedTime` field in an inclusionProof-only tlog entry. Because the inclusionProof-only code path in `@sigstore/verify` does not cryptographically bind `integratedTime` (unlike the signed inclusionPromise/set path), a low-privileged attacker who can present an untrusted bundle can cause the verifier to accept expired or not-yet-valid signing certificates as currently valid. A publicly available proof-of-concept exists; this vulnerability is not in CISA KEV. | MEDIUM | 6.5 | 0.2% | 53 |
PoC
|
| CVE-2022-24899 | Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users. | MEDIUM | 6.1 | 4.4% | 50 |
PoC
|
| CVE-2026-32731 | Path traversal in ApostropheCMS import-export module allows authenticated users with content modification permissions to write files outside the intended export directory via malicious archive entries containing directory traversal sequences. An attacker with editor-level access can exploit this vulnerability to overwrite arbitrary files on the system with CVSS 9.9 critical severity. No patch is currently available for this vulnerability affecting Node.js environments. | CRITICAL | 9.9 | 0.1% | 50 |
|
| CVE-2026-40453 | The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' | CRITICAL | 9.9 | 0.1% | 50 |
|