2623
CVEs
131
Critical
960
High
1
KEV
35
PoC
37
Unpatched C/H
94.6%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
131
HIGH
960
MEDIUM
1322
LOW
14
Monthly CVE Trend
Affected Products (30)
Linux Kernel
9022
Debian Linux
1338
Ubuntu
740
Android
549
Ubuntu Linux
496
Enterprise Linux
259
Fedora
254
Leap
195
Enterprise Linux Server
135
Enterprise Linux Workstation
132
H410c Firmware
130
Enterprise Linux Desktop
130
H700s Firmware
119
H500s Firmware
119
H410s Firmware
119
H300s Firmware
118
Enterprise Linux Server Aus
116
Enterprise Linux Server Tus
90
Windows
84
Active Iq Unified Manager
78
Opensuse
75
Cloud Backup
74
H700E Firmware
68
Enterprise Linux Server Eus
68
H500E Firmware
68
H300E Firmware
68
Enterprise Linux Eus
61
Solidfire
57
Hci Management Node
57
Solaris
53
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-31431 | Memory corruption in Linux kernel's algif_aead cryptographic interface allows local authenticated users to achieve arbitrary kernel memory read/write, leading to privilege escalation to root. The vulnerability stems from improper handling of in-place operations introduced in commit 72548b093ee3, affecting kernel versions from 4.14 through 6.19.x. Multiple public exploit codes exist including proof-of-concept demonstrations from security researchers, with EPSS score of 0.01% indicating currently low widespread exploitation likelihood despite POC availability. | HIGH | 7.8 | 0.0% | 134 |
KEV
PoC
|
| CVE-2026-43284 | Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5). | HIGH | 8.8 | 0.0% | 89 |
PoC
|
| CVE-2026-24479 | HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server. | CRITICAL | 9.8 | 0.6% | 85 |
PoC
|
| CVE-2026-43500 | Buffer overflow in Linux kernel rxrpc subsystem allows local authenticated attackers to achieve arbitrary code execution with kernel privileges. The vulnerability stems from improper handling of shared fragment memory in DATA and RESPONSE packet processing, where the kernel fails to unshare externally-owned page fragments before in-place decryption operations. This creates a buffer overflow condition (CWE-787) exploitable by local users with low privileges. Patches are available for kernel versions 6.18.29, 7.0.6, and 7.1-rc3. EPSS and KEV status not provided in available data. | HIGH | 7.8 | 0.0% | 74 |
PoC
|
| CVE-2026-26068 | Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%. | CRITICAL | 9.9 | 0.6% | 70 |
PoC
|
| CVE-2026-29128 | Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
No patch
|
| CVE-2026-46300 | Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community. | HIGH | 7.8 | 0.0% | 69 |
PoC
|
| CVE-2026-23231 | A use-after-free vulnerability in the Linux kernel's netfilter nf_tables chain registration allows local attackers with user privileges to trigger memory corruption and cause a denial of service, potentially leading to privilege escalation. The flaw occurs when hook registration fails during chain addition, allowing concurrent operations to access freed memory without proper RCU synchronization. The vulnerability affects systems running vulnerable Linux kernels with netfilter enabled, and no patch is currently available. | HIGH | 7.8 | 0.0% | 69 |
PoC
|
| CVE-2026-43494 | Local privilege escalation potential in the Linux kernel's RDS (Reliable Datagram Sockets) subsystem stems from a double-free condition triggered when zerocopy page pinning fails during sendmsg() operations. The flaw, introduced in Linux 4.17, allows local authenticated users to corrupt kernel memory by exploiting an error path in rds_message_zcopy_from_user() that fails to reset op_nents, causing rds_message_purge() to free pages that were already released. Publicly available exploit code exists, though EPSS scoring is very low (0.02%) and the issue is not listed in CISA KEV. | HIGH | 7.8 | 0.0% | 69 |
PoC
|
| CVE-2026-46333 | Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. Publicly available exploit code exists (referenced in OSS-security and a GitHub PoC against ssh-keysign), though EPSS scoring (0.02%) indicates low likelihood of widespread exploitation. | HIGH | 7.1 | 0.0% | 66 |
PoC
|
| CVE-2026-23873 | HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets. | CRITICAL | 9.0 | 0.0% | 65 |
PoC
No patch
|
| CVE-2026-46331 | Local privilege escalation potential in the Linux kernel's net/sched traffic-control subsystem arises from a partial copy-on-write (COW) miss in the pedit action (tcf_pedit_act), where skb_ensure_writable() is sized using tcfp_off_max_hint before the per-key loop and fails to account for the runtime header offset added by typed keys, leaving part of the write region un-COW'd and causing page cache corruption. A local low-privileged attacker able to install tc pedit rules (CAP_NET_ADMIN, obtainable in user namespaces on many distros) can corrupt shared page-cache memory, with CVSS 7.8 reflecting high confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS is low at 0.14% (4th percentile) and the issue is not on CISA KEV. | HIGH | 7.8 | 0.1% | 59 |
PoC
|
| CVE-2026-27212 | Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input. | HIGH | 7.8 | 0.1% | 59 |
PoC
|
| CVE-2026-23233 | F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2026-31581 | In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6fire_chip_abort(), the chip | HIGH | 7.8 | 0.0% | 59 |
PoC
|