1582
CVEs
62
Critical
455
High
1
KEV
17
PoC
8
Unpatched C/H
98.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
62
HIGH
455
MEDIUM
565
LOW
2
Monthly CVE Trend
Affected Products (30)
Linux Kernel
2958
Ubuntu
715
Debian Linux
388
Windows
85
Db2
20
Android
12
Windows Server 2025
12
Windows 11 24h2
11
macOS
11
Exynos 1580 Firmware
10
Dx Netops Spectrum
10
Exynos 1330 Firmware
10
Windows 11 25h2
10
Windows Server 2022
10
Exynos 1380 Firmware
10
Windows Server 2022 23h2
10
Exynos 1480 Firmware
10
Exynos W920 Firmware
9
Exynos 980 Firmware
9
Exynos 1280 Firmware
9
Exynos 1080 Firmware
9
Windows 11 23h2
9
Exynos W930 Firmware
9
Exynos 850 Firmware
9
Exynos W1000 Firmware
9
Cyber Protect
8
Windows 10 22h2
8
Chrome
8
Windows 10 21h2
8
Windows Server 2016
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-31431 | Memory corruption in Linux kernel's algif_aead cryptographic interface allows local authenticated users to achieve arbitrary kernel memory read/write, leading to privilege escalation to root. The vulnerability stems from improper handling of in-place operations introduced in commit 72548b093ee3, affecting kernel versions from 4.14 through 6.19.x. Multiple public exploit codes exist including proof-of-concept demonstrations from security researchers, with EPSS score of 0.01% indicating currently low widespread exploitation likelihood despite POC availability. | HIGH | 7.8 | 0.0% | 109 |
KEV
PoC
|
| CVE-2026-29128 | Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
No patch
|
| CVE-2026-43284 | Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5). | HIGH | 8.8 | 0.0% | 64 |
PoC
|
| CVE-2026-46300 | Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2026-23233 | F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-70616 | A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH] | HIGH | 7.8 | 0.0% | 59 |
PoC
No patch
|
| CVE-2026-43500 | Buffer overflow in Linux kernel rxrpc subsystem allows local authenticated attackers to achieve arbitrary code execution with kernel privileges. The vulnerability stems from improper handling of shared fragment memory in DATA and RESPONSE packet processing, where the kernel fails to unshare externally-owned page fragments before in-place decryption operations. This creates a buffer overflow condition (CWE-787) exploitable by local users with low privileges. Patches are available for kernel versions 6.18.29, 7.0.6, and 7.1-rc3. EPSS and KEV status not provided in available data. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2026-29123 | Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability. | HIGH | 7.8 | 0.0% | 59 |
PoC
No patch
|
| CVE-2026-30798 | RustDesk Client through version 1.4.5 fails to properly verify data authenticity in its heartbeat synchronization loop, allowing remote attackers to manipulate the protocol and cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects Windows, macOS, Linux, Android, and iOS deployments. | HIGH | 7.5 | 0.0% | 58 |
PoC
No patch
|
| CVE-2026-46333 | Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. Publicly available exploit code exists (referenced in OSS-security and a GitHub PoC against ssh-keysign), though EPSS scoring (0.02%) indicates low likelihood of widespread exploitation. | HIGH | 7.1 | 0.0% | 56 |
PoC
|
| CVE-2026-28710 | Improper authentication in Acronis Cyber Protect 17. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-43186 | Heap buffer overflow in Linux kernel's IPv6 IOAM (In-situ Operations, Administration, and Maintenance) packet processing allows remote unauthenticated attackers to corrupt kernel memory and trigger system crashes. Attackers send crafted IPv6 packets with inconsistent IOAM trace headers (nodelen=0 with type bits set), causing __ioam6_fill_trace_data() to write ~100 bytes beyond allocated memory into skb_shared_info structures. Despite CVSS 9.8 critical rating, EPSS exploitation probability is low (0.05%, 16th percentile) and no active exploitation or public POC has been identified. Vendor patches available across multiple stable kernel branches (5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-31402 | Heap overflow in Linux kernel NFSv4.0 LOCK replay cache allows unauthenticated remote attackers to corrupt kernel memory by triggering a denial-of-service or potential code execution. The vulnerability exists in nfsd4_encode_operation() which copies encoded LOCK responses up to 1024 bytes into a fixed 112-byte inline buffer without bounds checking, resulting in up to 944 bytes of slab-out-of-bounds writes. Exploitation requires two cooperating NFSv4.0 clients but no special privileges; upstream fixes are available across multiple stable kernel branches. | CRITICAL | 9.8 | 0.0% | 49 |
|
| CVE-2026-31478 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() | CRITICAL | 9.8 | 0.0% | 49 |
|
| CVE-2026-31669 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table look | CRITICAL | 9.8 | 0.0% | 49 |
|