5065
CVEs
86
Critical
1322
High
2
KEV
60
PoC
63
Unpatched C/H
95.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
86
HIGH
1322
MEDIUM
2709
LOW
15
Monthly CVE Trend
Affected Products (30)
Linux Kernel
2958
Ubuntu
715
Debian Linux
388
Windows
85
Db2
20
Android
12
Windows Server 2025
12
Windows 11 24h2
11
macOS
11
Exynos 1580 Firmware
10
Dx Netops Spectrum
10
Exynos 1330 Firmware
10
Windows 11 25h2
10
Windows Server 2022
10
Exynos 1380 Firmware
10
Windows Server 2022 23h2
10
Exynos 1480 Firmware
10
Exynos W920 Firmware
9
Exynos 980 Firmware
9
Exynos 1280 Firmware
9
Exynos 1080 Firmware
9
Windows 11 23h2
9
Exynos W930 Firmware
9
Exynos 850 Firmware
9
Exynos W1000 Firmware
9
Cyber Protect
8
Windows 10 22h2
8
Chrome
8
Windows 10 21h2
8
Windows Server 2016
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-31431 | Memory corruption in Linux kernel's algif_aead cryptographic interface allows local authenticated users to achieve arbitrary kernel memory read/write, leading to privilege escalation to root. The vulnerability stems from improper handling of in-place operations introduced in commit 72548b093ee3, affecting kernel versions from 4.14 through 6.19.x. Multiple public exploit codes exist including proof-of-concept demonstrations from security researchers, with EPSS score of 0.01% indicating currently low widespread exploitation likelihood despite POC availability. | HIGH | 7.8 | 0.0% | 109 |
KEV
PoC
|
| CVE-2025-24983 | A use-after-free vulnerability in the Windows Win32 Kernel Subsystem enables local privilege escalation from authorized user to SYSTEM level. This KEV-listed vulnerability (CVE-2025-24983) requires the attacker to win a race condition but has been actively exploited in targeted attacks. Microsoft has released patches for all supported Windows versions. | HIGH | 7.0 | 0.7% | 86 |
KEV
|
| CVE-2026-26068 | Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%. | CRITICAL | 9.9 | 0.6% | 70 |
PoC
|
| CVE-2026-29128 | Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
No patch
|
| CVE-2021-47796 | Denver SHC-150 Smart WiFi Camera has hardcoded telnet credentials on port 23, providing unauthenticated root shell access. PoC available. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2025-39946 | CVE-2025-39946 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available. | CRITICAL | 9.8 | 0.0% | 69 |
PoC
|
| CVE-2026-23873 | HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets. | CRITICAL | 9.0 | 0.0% | 65 |
PoC
No patch
|
| CVE-2025-66210 | A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions. | HIGH | 8.8 | 0.4% | 64 |
PoC
No patch
|
| CVE-2025-2073 | Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 0.1% | 64 |
PoC
No patch
|
| CVE-2026-43284 | Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5). | HIGH | 8.8 | 0.0% | 64 |
PoC
|
| CVE-2026-27212 | Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input. | HIGH | 7.8 | 0.1% | 59 |
PoC
|
| CVE-2026-46300 | Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-21704 | In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2026-23233 | F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-39939 | In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are... | HIGH | 7.8 | 0.0% | 59 |
PoC
|