3950
CVEs
84
Critical
1035
High
1
KEV
54
PoC
54
Unpatched C/H
94.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
84
HIGH
1035
MEDIUM
1887
LOW
11
Monthly CVE Trend
Affected Products (30)
Linux Kernel
2958
Ubuntu
715
Debian Linux
388
Windows
85
Db2
20
Android
12
Windows Server 2025
12
Windows 11 24h2
11
macOS
11
Exynos 1580 Firmware
10
Dx Netops Spectrum
10
Exynos 1330 Firmware
10
Windows 11 25h2
10
Windows Server 2022
10
Exynos 1380 Firmware
10
Windows Server 2022 23h2
10
Exynos 1480 Firmware
10
Exynos W920 Firmware
9
Exynos 980 Firmware
9
Exynos 1280 Firmware
9
Exynos 1080 Firmware
9
Windows 11 23h2
9
Exynos W930 Firmware
9
Exynos 850 Firmware
9
Exynos W1000 Firmware
9
Cyber Protect
8
Windows 10 22h2
8
Chrome
8
Windows 10 21h2
8
Windows Server 2016
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-31431 | Memory corruption in Linux kernel's algif_aead cryptographic interface allows local authenticated users to achieve arbitrary kernel memory read/write, leading to privilege escalation to root. The vulnerability stems from improper handling of in-place operations introduced in commit 72548b093ee3, affecting kernel versions from 4.14 through 6.19.x. Multiple public exploit codes exist including proof-of-concept demonstrations from security researchers, with EPSS score of 0.01% indicating currently low widespread exploitation likelihood despite POC availability. | HIGH | 7.8 | 0.0% | 109 |
KEV
PoC
|
| CVE-2026-26068 | Command injection in emp3r0r C2 framework before 3.21.1. Untrusted agent metadata (Transport, Hostname) injected into commands. PoC and patch available. EPSS 0.61%. | CRITICAL | 9.9 | 0.6% | 70 |
PoC
|
| CVE-2026-29128 | Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
No patch
|
| CVE-2021-47796 | Denver SHC-150 Smart WiFi Camera has hardcoded telnet credentials on port 23, providing unauthenticated root shell access. PoC available. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2025-39946 | CVE-2025-39946 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available. | CRITICAL | 9.8 | 0.0% | 69 |
PoC
|
| CVE-2026-23873 | HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted submissions exported to spreadsheets. | CRITICAL | 9.0 | 0.0% | 65 |
PoC
No patch
|
| CVE-2025-66210 | A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions. | HIGH | 8.8 | 0.4% | 64 |
PoC
No patch
|
| CVE-2026-43284 | Use-after-free in Linux kernel ESP (IPsec) allows local authenticated attackers to decrypt shared memory fragments improperly, potentially exposing encrypted network traffic or causing memory corruption. Affects kernel versions 6.5+ where MSG_SPLICE_PAGES can attach pipe pages directly to UDP socket buffers. The IPv4/IPv6 datagram paths fail to mark spliced pages as shared, causing ESP input decryption to modify memory not privately owned by the packet buffer. Public exploit code exists (POC available on GitHub), EPSS score is low (0.01%) indicating limited widespread exploitation risk, and vendor patches are available across affected stable kernel branches (6.6.138, 6.12.87, 6.18.28, 7.0.5). | HIGH | 8.8 | 0.0% | 64 |
PoC
|
| CVE-2026-27212 | Prototype pollution in Swiper versions 6.5.1 through 12.1.1 allows local authenticated attackers to manipulate Object.prototype through improperly validated user input, enabling authentication bypass, denial of service, and remote code execution. Public exploit code exists for this vulnerability, which affects applications on Linux and Windows using Node.js or Bun runtimes. A patch is available and should be applied immediately to affected systems processing untrusted input. | HIGH | 7.8 | 0.1% | 59 |
PoC
|
| CVE-2026-46300 | Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2026-23233 | F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruption through improper physical block mapping when using fragmented swapfiles smaller than the F2FS section size. Public exploit code exists for this vulnerability, and attackers can trigger dm-verity corruption errors or F2FS node corruption leading to system crashes and data loss. No patch is currently available. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-39939 | In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of device statistics; these counters are... | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-39945 | In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed if it was already running. Additionally, the delayed work item is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only blocks and waits for work items that were already queued to the workqueue prior to its invocation. Any work items submitted after flush_workqueue() is called are not included in the set of tasks that the flush operation awaits. This means that after the cyclic work items have finished executing, a delayed work item may still exist in the workqueue. This leads to use-after-free scenarios where the cnic_dev is deallocated by cnic_free_dev(), while delete_task remains active and attempt to dereference cnic_dev in cnic_delete_task(). A typical race condition is illustrated below: CPU 0 (cleanup) | CPU 1 (delayed work callback) cnic_netdev_event() | cnic_stop_hw() | cnic_delete_task() cnic_cm_stop_bnx2x_hw() | ... cancel_delayed_work() | /* the queue_delayed_work() flush_workqueue() | executes after flush_workqueue()*/ | queue_delayed_work() cnic_free_dev(dev)//free | cnic_delete_task() //new instance | dev = cp->dev; //use Replace cancel_delayed_work() with cancel_delayed_work_sync() to ensure that the cyclic delayed work item is properly canceled and that any ongoing execution of the work item completes before the cnic_dev is deallocated. Furthermore, since cancel_delayed_work_sync() uses __flush_work(work, true) to synchronously wait for any currently executing instance of the work item to finish, the flush_workqueue() becomes redundant and should be removed. This bug was identified through static analysis. To reproduce the issue and validate the fix, I simulated the cnic PCI device in QEMU and introduced intentional delays - such as inserting calls to ssleep() within the cnic_delete_task() function - to increase the likelihood of triggering the bug. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2025-70616 | A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH] | HIGH | 7.8 | 0.0% | 59 |
PoC
No patch
|
| CVE-2026-43500 | Buffer overflow in Linux kernel rxrpc subsystem allows local authenticated attackers to achieve arbitrary code execution with kernel privileges. The vulnerability stems from improper handling of shared fragment memory in DATA and RESPONSE packet processing, where the kernel fails to unshare externally-owned page fragments before in-place decryption operations. This creates a buffer overflow condition (CWE-787) exploitable by local users with low privileges. Patches are available for kernel versions 6.18.29, 7.0.6, and 7.1-rc3. EPSS and KEV status not provided in available data. | HIGH | 7.8 | 0.0% | 59 |
PoC
|