3747
CVEs
27
Critical
910
High
1
KEV
51
PoC
72
Unpatched C/H
88.4%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
27
HIGH
910
MEDIUM
2153
LOW
15
Monthly CVE Trend
Affected Products (30)
Linux Kernel
3415
Ubuntu
725
Null Pointer Dereference
606
Debian Linux
535
Memory Corruption
453
Use After Free
376
Race Condition
132
Windows
86
Integer Overflow
50
Db2
20
Android
13
Windows Server 2025
12
Windows 11 24h2
11
macOS
11
Windows 11 25h2
10
Exynos 1330 Firmware
10
Exynos 1480 Firmware
10
Windows Server 2022 23h2
10
Windows Server 2022
10
Dx Netops Spectrum
10
Exynos 1380 Firmware
10
Exynos 1580 Firmware
10
Exynos 1280 Firmware
9
Exynos 850 Firmware
9
Exynos W1000 Firmware
9
Exynos W930 Firmware
9
Exynos 1080 Firmware
9
Windows 11 23h2
9
Exynos W920 Firmware
9
Exynos 980 Firmware
9
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-24983 | A use-after-free vulnerability in the Windows Win32 Kernel Subsystem enables local privilege escalation from authorized user to SYSTEM level. This KEV-listed vulnerability (CVE-2025-24983) requires the attacker to win a race condition but has been actively exploited in targeted attacks. Microsoft has released patches for all supported Windows versions. | HIGH | 7.0 | 0.7% | 86 |
KEV
|
| CVE-2026-26068 | Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%. | CRITICAL | 9.9 | 0.6% | 70 |
PoC
|
| CVE-2026-29128 | Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
No patch
|
| CVE-2021-47796 | Denver SHC-150 Smart WiFi Camera has hardcoded telnet credentials on port 23, providing unauthenticated root shell access. PoC available. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2025-39946 | CVE-2025-39946 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available. | CRITICAL | 9.8 | 0.0% | 69 |
PoC
|
| CVE-2026-23873 | HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets. | CRITICAL | 9.0 | 0.0% | 65 |
PoC
No patch
|
| CVE-2025-66210 | A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions. | HIGH | 8.8 | 0.4% | 64 |
PoC
No patch
|
| CVE-2025-2073 | Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 0.1% | 64 |
PoC
No patch
|
| CVE-2026-27212 | Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input. | HIGH | 7.8 | 0.1% | 59 |
PoC
|
| CVE-2025-21704 | In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2026-23233 | F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-39939 | In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are... | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-39945 | In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed if it was already running. Additionally, the delayed work item is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only blocks and waits for work items that were already queued to the workqueue prior to its invocation. Any work items submitted after flush_workqueue() is called are not included in the set of tasks that the flush operation awaits. This means that after the cyclic work items have finished executing, a delayed work item may still exist in the workqueue. This leads to use-after-free scenarios where the cnic_dev is deallocated by cnic_free_dev(), while delete_task remains active and attempt to dereference cnic_dev in cnic_delete_task(). A typical race condition is illustrated below: CPU 0 (cleanup) | CPU 1 (delayed work callback) cnic_netdev_event() | cnic_stop_hw() | cnic_delete_task() cnic_cm_stop_bnx2x_hw() | ... cancel_delayed_work() | /* the queue_delayed_work() flush_workqueue() | executes after flush_workqueue()*/ | queue_delayed_work() cnic_free_dev(dev)//free | cnic_delete_task() //new instance | dev = cp->dev; //use Replace cancel_delayed_work() with cancel_delayed_work_sync() to ensure that the cyclic delayed work item is properly canceled and that any ongoing execution of the work item completes before the cnic_dev is deallocated. Furthermore, since cancel_delayed_work_sync() uses __flush_work(work, true) to synchronously wait for any currently executing instance of the work item to finish, the flush_workqueue() becomes redundant and should be removed. This bug was identified through static analysis. To reproduce the issue and validate the fix, I simulated the cnic PCI device in QEMU and introduced intentional delays - such as inserting calls to ssleep() within the cnic_delete_task() function - to increase the likelihood of triggering the bug. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-70616 | A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH] | HIGH | 7.8 | 0.0% | 59 |
PoC
No patch
|
| CVE-2026-29123 | Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability. | HIGH | 7.8 | 0.0% | 59 |
PoC
No patch
|