2749
CVEs
195
Critical
1585
High
90
KEV
220
PoC
762
Unpatched C/H
55.2%
Patch Rate
2.6%
Avg EPSS
Severity Breakdown
CRITICAL
195
HIGH
1585
MEDIUM
881
LOW
78
Monthly CVE Trend
Affected Products (30)
Windows
1243
Windows Server 2025
712
Windows Server 2022
706
Windows Server 2022 23h2
705
Windows Server 2019
680
Windows 11 23h2
654
Windows 11 24h2
641
Windows 10 22h2
628
Windows 10 21h2
626
Windows 10 1809
600
Windows Server 2016
596
Windows 10 1607
516
Windows 11 22h2
496
Windows Server 2012
480
Windows 10 1507
377
Windows Server 2008
364
Windows 11 25h2
169
365 Apps
132
Office Long Term Servicing Channel
132
Office
119
Python
54
PHP
52
Excel
52
Chrome
49
Office Online Server
48
Sharepoint Server
43
macOS
42
Windows 11 21H2
34
Windows 11 26h1
33
Android
31
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-7269 | Remote code execution in Microsoft IIS 6.0 WebDAV service allows unauthenticated attackers to execute arbitrary code by sending a specially crafted PROPFIND request with a malicious 'If' header. Confirmed actively exploited (CISA KEV) since July-August 2016, predating public disclosure by 7+ months. EPSS score of 94.43% (100th percentile) reflects widespread exploitation against legacy Windows Server 2003 R2 systems still exposed to the internet. Multiple public exploits exist including Metasploit modules, and vendor patch has been available since March 2017. | CRITICAL | 9.8 | 94.4% | 223 |
KEV
PoC
|
| CVE-2015-5119 | Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16. | CRITICAL | 9.8 | 93.2% | 222 |
KEV
PoC
|
| CVE-2015-3113 | Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations. | CRITICAL | 9.8 | 92.4% | 221 |
KEV
PoC
|
| CVE-2011-2462 | Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files. | CRITICAL | 9.8 | 91.9% | 221 |
KEV
PoC
No patch
|
| CVE-2025-53770 | Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. | CRITICAL | 9.8 | 90.5% | 220 |
KEV
PoC
No patch
|
| CVE-2012-0158 | Remote code execution in Microsoft MSCOMCTL.OCX ActiveX controls allows unauthenticated attackers to execute arbitrary code via maliciously crafted Office documents, RTF files, or web pages. Actively exploited since April 2012 and confirmed in CISA KEV catalog. Despite being patched in 2012, EPSS score of 94.32% (100th percentile) indicates continued exploitation attempts against unpatched systems. Affects broad Microsoft product ecosystem including Office 2003-2010, SQL Server 2000-2008 R2, BizTalk, Commerce Server, Visual FoxPro, and Visual Basic 6.0 Runtime. | HIGH | 8.8 | 94.3% | 218 |
KEV
PoC
|
| CVE-2017-0144 | Remote code execution in Microsoft SMBv1 allows authenticated network attackers to execute arbitrary code on Windows systems via crafted packets. This vulnerability (part of the MS17-010 bulletin and known as 'EternalBlue') is confirmed actively exploited (CISA KEV) with EPSS score of 94.32%, indicating near-certain exploitation probability. Widely weaponized in 2017 WannaCry and NotPetya ransomware campaigns. Affects Windows Vista through Windows 10 1607 and Windows Server 2008-2016, plus Siemens medical imaging systems running vulnerable Windows embedded OS. Multiple public exploits available including DOUBLEPULSAR payload delivery framework. | HIGH | 8.8 | 94.3% | 218 |
KEV
PoC
|
| CVE-2011-0611 | Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute arbitrary code via malicious SWF content, actively exploited in targeted attacks in April 2011. | HIGH | 8.8 | 93.6% | 218 |
KEV
PoC
|
| CVE-2014-0322 | Internet Explorer 9 and 10 contain a use-after-free vulnerability in CMarkup object handling exploitable via crafted JavaScript, used in 'Operation SnowMan' watering hole attacks targeting US military and defense in early 2014. | HIGH | 8.8 | 93.2% | 217 |
KEV
PoC
|
| CVE-2012-1889 | Microsoft XML Core Services 3.0 through 6.0 access uninitialized memory locations, allowing remote attackers to execute code or cause memory corruption through a crafted website, actively exploited before patch availability. | HIGH | 8.8 | 92.9% | 217 |
KEV
PoC
|
| CVE-2012-4792 | Internet Explorer 6 through 8 contain a use-after-free vulnerability in CDwnBindInfo object handling that allows remote code execution through crafted websites, exploited as a zero-day in December 2012. | HIGH | 8.8 | 91.4% | 215 |
KEV
PoC
|
| CVE-2014-6324 | The Windows Kerberos KDC fails to properly validate PAC signatures, allowing any authenticated domain user to forge Kerberos tickets and gain domain administrator privileges. Known as MS14-068, one of the most critical Active Directory vulnerabilities ever disclosed. | HIGH | 8.8 | 90.3% | 214 |
KEV
PoC
|
| CVE-2017-11882 | Remote code execution in Microsoft Office 2007-2016 via malicious documents exploiting a 17-year-old buffer overflow in the Equation Editor component (EQNEDT32.EXE). Attackers deliver weaponized Office files that execute arbitrary code when opened, requiring no macros or user interaction beyond opening the document. Confirmed actively exploited (CISA KEV) with EPSS score of 94.38% indicating widespread exploitation. Multiple public exploit frameworks available including Metasploit modules. Microsoft released patches in November 2017, but exploitation continues against unpatched systems across APT campaigns and commodity malware. | HIGH | 7.8 | 94.4% | 213 |
KEV
PoC
|
| CVE-2017-0199 | Remote code execution in Microsoft Office 2007-2016 and Windows Vista through 10 allows attackers to execute arbitrary code via malicious RTF or Office documents exploiting Windows API object linking. Confirmed actively exploited (CISA KEV) with EPSS score of 94.33% indicating near-certain real-world exploitation probability. Multiple public exploit codes available including weaponized RTF generators. Despite local attack vector classification (AV:L), exploitation occurs remotely through email/web delivery of crafted documents requiring only user interaction to open the file. | HIGH | 7.8 | 94.3% | 213 |
KEV
PoC
|
| CVE-2017-8570 | Remote code execution in Microsoft Office 2007-2016 allows attackers to execute arbitrary code with user privileges by delivering malicious documents containing specially crafted embedded objects. Confirmed actively exploited (CISA KEV) with multiple public exploit tools available. EPSS score of 94.25% (100th percentile) indicates near-certain exploitation attempts against vulnerable systems. Attack requires local file access and user interaction (opening the malicious document), but once triggered achieves full code execution with high impact to confidentiality, integrity, and availability. Microsoft released patches in July 2017; unpatched systems remain high-priority targets for document-based attacks. | HIGH | 7.8 | 94.2% | 213 |
KEV
PoC
|