1399
CVEs
23
Critical
252
High
3
KEV
111
PoC
6
Unpatched C/H
98.6%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
23
HIGH
252
MEDIUM
813
LOW
84
Monthly CVE Trend
Affected Products (30)
Ubuntu
1061
Linux Kernel
917
Null Pointer Dereference
190
Debian Linux
169
Memory Corruption
137
Use After Free
90
Chrome
55
Race Condition
40
Integer Overflow
23
Heap Overflow
21
Python
19
Windows
15
Android
11
PHP
10
Htslib
10
MongoDB
9
Stack Overflow
9
Enterprise Linux
8
Firefox
8
Docker
8
Lxd
7
Juju
7
Openshift Container Platform
6
Mattermost Server
6
Nextcloud
5
Redis
5
Java
5
Django
5
Open Redirect
5
Streaming Media
5
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-32463 | Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot. | CRITICAL | 9.3 | 26.5% | 143 |
KEV
PoC
|
| CVE-2025-6554 | Chrome's V8 engine contains a type confusion vulnerability (CVE-2025-6554, CVSS 8.1) enabling arbitrary read/write operations through crafted HTML pages. KEV-listed with public PoC, type confusion in V8 is the most reliable class of browser exploitation primitives, providing full memory read/write capability for code execution within the renderer sandbox. | HIGH | 8.1 | 0.5% | 111 |
KEV
PoC
|
| CVE-2025-48384 | Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to escape header lines and modify config values. KEV-listed, this vulnerability in the world's most widely used version control system enables config injection attacks that could lead to arbitrary code execution through Git hooks, credential theft, or repository manipulation. | HIGH | 8.0 | 0.5% | 90 |
KEV
|
| CVE-2025-66570 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2024-25176 | LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2025-34203 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.3 | 0.1% | 67 |
PoC
No patch
|
| CVE-2025-32023 | Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands. | HIGH | 7.0 | 10.7% | 66 |
PoC
|
| CVE-2024-25178 | LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c. | CRITICAL | 9.1 | 0.1% | 66 |
PoC
|
| CVE-2025-0928 | In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. | HIGH | 8.8 | 0.7% | 65 |
PoC
|
| CVE-2025-66399 | Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29. | HIGH | 8.8 | 0.4% | 64 |
PoC
|
| CVE-2025-53513 | The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm. | HIGH | 8.8 | 0.1% | 64 |
PoC
|
| CVE-2025-54286 | Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication. | HIGH | 8.8 | 0.0% | 64 |
PoC
|
| CVE-2025-53367 | DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29. | HIGH | 8.4 | 0.0% | 62 |
PoC
|
| CVE-2025-46205 | A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue. | HIGH | 8.1 | 0.1% | 61 |
PoC
|
| CVE-2025-54289 | Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format | HIGH | 8.1 | 0.0% | 61 |
PoC
|