31
CVEs
1
Critical
26
High
0
KEV
1
PoC
13
Unpatched C/H
45.2%
Patch Rate
0.7%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
26
MEDIUM
4
LOW
0
Monthly CVE Trend
Affected Products (30)
Ios Xe
494
iOS
327
Nx Os
266
Adaptive Security Appliance Software
256
Firepower Threat Defense
215
Secure Firewall Management Center
176
Unified Communications Manager
172
Ios Xr
165
Identity Services Engine
146
Webex Meetings Server
132
Rv110W Firmware
132
Rv130W Firmware
131
Unified Computing System
100
Application Extension Platform
79
Prime Infrastructure
79
Rv215W Firmware
71
Wireless Lan Controller Software
68
Rv215W Wireless N Vpn Router Firmware
68
Anyconnect Secure Mobility Client
64
Catalyst Sd Wan Manager
63
Web Security Appliance
63
Rv130 Firmware
63
Rv130 Vpn Router Firmware
62
Webex Meetings
62
Webex Meetings Online
56
Firepower Extensible Operating System
56
Unity Connection
56
Data Center Network Manager
52
Rv325 Firmware
51
Open Redirect
51
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2022-46292 | HIGH | 7.8 | 0.8% | 60 |
PoC
|
|
| CVE-2026-20181 | Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows administrators to run arbitrary OS commands and escalate to root via a crafted HTTP request. The flaw, tracked as CVE-2026-20181 and reported by Cisco with a CVSS 3.1 score of 9.1 (scope-changed), can also crash single-node deployments and deny network access to unauthenticated endpoints. There is no public exploit identified at time of analysis. | CRITICAL | 9.1 | 0.6% | 46 |
No patch
|
| CVE-2026-20150 | Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. | HIGH | 8.8 | – | 44 |
No patch
|
| CVE-2026-20156 | Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector. | HIGH | 8.1 | – | 40 |
No patch
|
| CVE-2022-46280 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-43467 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46293 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46295 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46294 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46291 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46290 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46289 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-44451 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-42885 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-41793 | HIGH | 7.8 | 0.8% | 40 |
|