661
CVEs
78
Critical
240
High
0
KEV
11
PoC
16
Unpatched C/H
94.6%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
78
HIGH
240
MEDIUM
321
LOW
19
Monthly CVE Trend
Affected Products (30)
Android
4744
Chrome
3923
Debian Linux
999
Fedora
881
Linux Kernel
509
Enterprise Linux Server
285
Enterprise Linux Desktop
283
Enterprise Linux Workstation
283
Leap
257
Opensuse
210
Edge Chromium
189
Backports Sle
185
Flash Player
163
Firefox
160
Java
144
Ubuntu Linux
114
PHP
104
Adobe Air
87
Adobe Air Sdk
86
Ubuntu
71
Backports
70
Air
61
Enterprise Linux Workstation Supplementary
59
Enterprise Linux Desktop Supplementary
57
Enterprise Linux Server Supplementary
56
Edge
56
Enterprise Linux Server Supplementary Eus
55
Air Sdk
52
Microsoft Edge Chromium Based
47
Open Redirect
45
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2019-25763 | WordPress Ultimate Addons for Beaver Builder 1.2.4.1 contains an authentication bypass vulnerability that allows attackers to gain unauthorized access by exploiting the social media login form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | CRITICAL | 9.3 | 0.4% | 67 |
PoC
|
| CVE-2026-54069 | Origin-validation bypass in SiYuan Note (open-source personal knowledge management) before 3.7.0 lets any installed Chrome/Chromium browser extension obtain RoleAdministrator access to the local kernel HTTP server at 127.0.0.1:6806. Because the kernel unconditionally trusts all chrome-extension:// origins and desktop installs ship with an empty AccessAuthCode by default, a malicious or supply-chain-compromised extension can issue fully authenticated admin API calls with no further authentication, enabling data exfiltration, stored XSS injection, and configuration tampering. Publicly available exploit code exists; there is no public exploit identified as actively exploited. | CRITICAL | 9.2 | 0.6% | 67 |
PoC
|
| CVE-2026-36027 | Arbitrary code execution on Code27 Companion Hub (firmware SQ3A.220705.003.A1) is achievable by a physically proximate attacker through improper access controls on the device's USB debugging (ADB) interface. The Android Debug Bridge component fails to enforce adequate restrictions, allowing an unauthenticated attacker with physical USB access to execute arbitrary commands at elevated privilege. A publicly available proof-of-concept exploit exists on GitHub, and SSVC assessment rates the technical impact as total despite no confirmed active exploitation in the wild. | MEDIUM | 6.8 | 0.3% | 54 |
PoC
No patch
|
| CVE-2026-57572 | Remote code execution in Crawl4AI's Docker API server (versions prior to 0.9.0) lets unauthenticated attackers run arbitrary commands as the container runtime user. The server passes request-supplied browser_config.extra_args directly into Chromium's launch arguments, enabling argument injection (CWE-88) of a malicious child-process launcher combined with --no-zygote. Because the Docker API is unauthenticated by default and CVSS is scored 10.0, a single crafted HTTP request achieves full container compromise; no public exploit identified at time of analysis and it is not listed in CISA KEV. | CRITICAL | 10.0 | 0.5% | 51 |
|
| CVE-2026-57983 | Security-feature bypass in Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 lets a remote, unauthenticated attacker circumvent a browser security control over the network via improper authorization (CWE-285). Microsoft rates it CVSS 10.0 with a changed scope, meaning a successful bypass can affect resources beyond the browser's original security boundary. There is no public exploit identified at time of analysis, and CISA's SSVC framework records exploitation as 'none', so this is a high-severity but not currently-exploited issue with a vendor patch already available. | CRITICAL | 10.0 | 0.5% | 50 |
|
| CVE-2026-12537 | Pre-sandbox host-level code execution in Google Gemini CLI (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (prior to 0.1.22) allows an unprivileged attacker to run arbitrary commands on CI/CD runner hosts by planting a malicious .gemini/.env file in an untrusted workspace. In headless mode the tool automatically trusted workspace folders and loaded their environment variables before sandboxing, so a workflow that processes attacker-controlled content (for example reviewing a submitted pull request) would execute attacker-supplied commands on the host. No public exploit has been identified at time of analysis, but Google rates this CVSS 4.0 10.0 and a vendor advisory (GHSA-wpqr-6v78-jr5g) with fixed releases is available. | CRITICAL | 10.0 | 0.3% | 50 |
|
| CVE-2026-13782 | Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox and gain broader code execution on the host via a crafted HTML page. Chromium rates the underlying use-after-free as Critical, though there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.21%). A vendor patch is available and the flaw is a classic second-stage chain component rather than a standalone entry point. | CRITICAL | 10.0 | 0.2% | 50 |
|
| CVE-2026-28575 | Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.transfer() that allows a local app to trigger memory exhaustion of the system package installer. The flaw, addressed in the Android Security Bulletin for Android 17, can be triggered without user interaction and without elevated privileges, but its impact is confined to denial of service rather than code execution. No public exploit identified at time of analysis. | CRITICAL | 10.0 | 0.2% | 50 |
No patch
|
| CVE-2026-12761 | Authentication bypass in the miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) WordPress plugin through version 7.7.0 lets unauthenticated attackers seize any account, including administrators. The Profile Completion flow trusts an attacker-supplied 'email_field' POST value without confirming it matches the OAuth provider's verified identity, and the send_otp_token() routine leaks a SHA-512(customer_key||otp) hash to the client where the OTP is one of only 99,000 values and customer_key is a static (often empty) option - so the OTP can be brute-forced offline in under a second. Rated CVSS 9.8; no public exploit identified at time of analysis, but the full attack primitive is described in the Wordfence advisory. | CRITICAL | 9.8 | 0.5% | 49 |
No patch
|
| CVE-2026-13776 | Sandbox escape via type confusion in Google Chrome's Dawn WebGPU implementation allows an attacker who already controls a compromised renderer process to break out of the browser sandbox using a crafted HTML page, affecting all Chrome desktop builds prior to 150.0.7871.47. Rated Critical by Chromium and CVSS 9.8, though the score assumes no prior privilege; realistically it is the second stage of an exploit chain. A vendor patch is available and no public exploit has been identified at time of analysis (EPSS 0.24%, 15th percentile). | CRITICAL | 9.8 | 0.2% | 49 |
|
| CVE-2026-13775 | Sandbox escape in Google Chrome desktop prior to 150.0.7871.47 stems from a use-after-free in the GPU process, letting a remote attacker who has already compromised the renderer break out of the browser sandbox via a crafted HTML page. Google rates the Chromium severity as Critical, and a fix is available in the Stable channel update. There is no public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.22% (13th percentile). | CRITICAL | 9.8 | 0.2% | 49 |
|
| CVE-2026-14104 | Sandboxed remote code execution in Google Chrome desktop before 150.0.7871.47 lets a remote attacker run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page, exploiting insufficient input validation in the WebAppInstalls component. Google rates the Chromium severity as Low because execution is contained within the sandbox and no escape is included, and there is no public exploit identified at time of analysis. EPSS is low (0.21%, 12th percentile) and CISA SSVC records exploitation status as none. | CRITICAL | 9.8 | 0.2% | 49 |
|
| CVE-2026-14121 | Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Linux, fixed in 150.0.7871.47, lets a remote attacker corrupt memory via crafted network traffic and potentially run arbitrary code. The flaw is a CWE-416 use-after-free reported by Google's internal Chrome security team; there is no public exploit identified at time of analysis and it is not in CISA KEV. Note a signal conflict: NVD scores this 9.8 (Critical) while Chromium itself rated the security severity 'Low', and EPSS is only 0.20% (10th percentile). | CRITICAL | 9.8 | 0.2% | 49 |
|
| CVE-2026-53260 | Denial of service and potential memory corruption in the Linux kernel TCP stack arises from a refcount underflow / use-after-free in reqsk_queue_hash_req(), affecting kernels built with PREEMPT_RT (real-time preemption). On affected systems a request socket (reqsk) can lose both its ehash and timer reference counts when reqsk_queue_hash_req() is preempted between mod_timer() and refcount_set(), letting reqsk_timer_handler() drop the object twice and trigger a use-after-free flagged by refcount_warn_saturate. The fix was reported via syzbot fuzzing; there is no public weaponized exploit identified at time of analysis and the EPSS score is very low (0.15%, 5th percentile), and despite the NVD 9.8 score real-world exploitability is constrained to PREEMPT_RT kernels and a narrow timing window. | CRITICAL | 9.8 | 0.2% | 49 |
No patch
|
| CVE-2026-12440 | Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox es | CRITICAL | 9.6 | 0.3% | 48 |
|