13974
CVEs
1144
Critical
5836
High
86
KEV
1122
PoC
4110
Unpatched C/H
35.7%
Patch Rate
1.1%
Avg EPSS
Severity Breakdown
CRITICAL
1144
HIGH
5836
MEDIUM
6571
LOW
404
Monthly CVE Trend
Affected Products (30)
Android
4744
Chrome
3923
Debian Linux
999
Fedora
881
Linux Kernel
509
Enterprise Linux Server
285
Enterprise Linux Desktop
283
Enterprise Linux Workstation
283
Leap
257
Opensuse
210
Edge Chromium
189
Backports Sle
185
Flash Player
163
Firefox
160
Java
144
Ubuntu Linux
114
PHP
104
Adobe Air
87
Adobe Air Sdk
86
Ubuntu
71
Backports
70
Air
61
Enterprise Linux Workstation Supplementary
59
Enterprise Linux Desktop Supplementary
57
Enterprise Linux Server Supplementary
56
Edge
56
Enterprise Linux Server Supplementary Eus
55
Air Sdk
52
Microsoft Edge Chromium Based
47
Open Redirect
45
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2011-0611 | Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute arbitrary code via malicious SWF content, actively exploited in targeted attacks in April 2011. | HIGH | 8.8 | 93.6% | 233 |
KEV
PoC
|
| CVE-2015-5122 | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 92.8% | 227 |
KEV
PoC
No patch
|
| CVE-2011-0609 | Adobe Flash Player 10.2 and earlier across all platforms contain an unspecified vulnerability allowing remote code execution, exploited in the wild via Flash content embedded in Microsoft Office documents and web pages. | HIGH | 7.8 | 92.0% | 226 |
KEV
PoC
No patch
|
| CVE-2012-0754 | Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.1 | 91.5% | 217 |
KEV
PoC
|
| CVE-2014-0502 | Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 89.0% | 203 |
KEV
PoC
|
| CVE-2013-6282 | The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 67.7% | 197 |
KEV
PoC
|
| CVE-2016-5198 | V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 77.9% | 192 |
KEV
PoC
No patch
|
| CVE-2017-5070 | Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 71.1% | 185 |
KEV
PoC
No patch
|
| CVE-2016-1646 | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 8.8 | 66.5% | 181 |
KEV
PoC
|
| CVE-2015-3105 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.3%. | CRITICAL | 10.0 | 90.3% | 175 |
PoC
|
| CVE-2015-3864 | Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%. | CRITICAL | 10.0 | 87.0% | 172 |
PoC
No patch
|
| CVE-2013-0634 | Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.3%. | CRITICAL | 9.3 | 90.3% | 172 |
PoC
|
| CVE-2014-0514 | The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.3%. | CRITICAL | 9.3 | 90.3% | 172 |
PoC
|
| CVE-2012-0779 | Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 90.1%. | CRITICAL | 9.3 | 90.1% | 172 |
PoC
No patch
|
| CVE-2014-0556 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.0%. | CRITICAL | 10.0 | 86.0% | 171 |
PoC
|