17282
CVEs
2483
Critical
9315
High
352
KEV
2001
PoC
5113
Unpatched C/H
56.2%
Patch Rate
7.5%
Avg EPSS
Severity Breakdown
CRITICAL
2483
HIGH
9315
MEDIUM
5148
LOW
329
Monthly CVE Trend
Affected Products (30)
Windows Server 2016
3953
Windows Server 2019
3686
Windows Server 2012
3310
Windows Server 2008
2807
Windows 10
2557
Windows Server 2022
2368
Windows 7
1931
Windows 8 1
1920
Windows Rt 8 1
1762
Windows 10 22h2
1453
Windows 10 1809
1448
Windows 10 21h2
1442
Windows 11 22h2
1318
Windows
1302
Windows 10 1607
1241
Windows Server 2022 23h2
1185
Windows Server 2025
1175
Windows 11 23h2
1109
Windows 10 1507
943
Internet Explorer
892
Windows 11 24h2
850
Windows 11 21H2
787
Office
744
Flash Player
741
Edge
690
Windows Vista
462
Sharepoint Server
449
Acrobat
430
Chrome
430
Windows 11
427
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-7269 | Remote code execution in Microsoft IIS 6.0 WebDAV service allows unauthenticated attackers to execute arbitrary code by sending a specially crafted PROPFIND request with a malicious 'If' header. Confirmed actively exploited (CISA KEV) since July-August 2016, predating public disclosure by 7+ months. EPSS score of 94.43% (100th percentile) reflects widespread exploitation against legacy Windows Server 2003 R2 systems still exposed to the internet. Multiple public exploits exist including Metasploit modules, and vendor patch has been available since March 2017. | CRITICAL | 9.8 | 94.4% | 238 |
KEV
PoC
|
| CVE-2015-5119 | Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16. | CRITICAL | 9.8 | 93.2% | 237 |
KEV
PoC
|
| CVE-2015-3113 | Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations. | CRITICAL | 9.8 | 92.4% | 236 |
KEV
PoC
|
| CVE-2011-2462 | Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files. | CRITICAL | 9.8 | 91.9% | 236 |
KEV
PoC
No patch
|
| CVE-2025-53770 | Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. | CRITICAL | 9.8 | 90.5% | 235 |
KEV
PoC
No patch
|
| CVE-2012-0158 | Remote code execution in Microsoft MSCOMCTL.OCX ActiveX controls allows unauthenticated attackers to execute arbitrary code via maliciously crafted Office documents, RTF files, or web pages. Actively exploited since April 2012 and confirmed in CISA KEV catalog. Despite being patched in 2012, EPSS score of 94.32% (100th percentile) indicates continued exploitation attempts against unpatched systems. Affects broad Microsoft product ecosystem including Office 2003-2010, SQL Server 2000-2008 R2, BizTalk, Commerce Server, Visual FoxPro, and Visual Basic 6.0 Runtime. | HIGH | 8.8 | 94.3% | 233 |
KEV
PoC
|
| CVE-2017-0144 | Remote code execution in Microsoft SMBv1 allows authenticated network attackers to execute arbitrary code on Windows systems via crafted packets. This vulnerability (part of the MS17-010 bulletin and known as 'EternalBlue') is confirmed actively exploited (CISA KEV) with EPSS score of 94.32%, indicating near-certain exploitation probability. Widely weaponized in 2017 WannaCry and NotPetya ransomware campaigns. Affects Windows Vista through Windows 10 1607 and Windows Server 2008-2016, plus Siemens medical imaging systems running vulnerable Windows embedded OS. Multiple public exploits available including DOUBLEPULSAR payload delivery framework. | HIGH | 8.8 | 94.3% | 233 |
KEV
PoC
|
| CVE-2011-0611 | Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute arbitrary code via malicious SWF content, actively exploited in targeted attacks in April 2011. | HIGH | 8.8 | 93.6% | 233 |
KEV
PoC
|
| CVE-2014-0322 | Internet Explorer 9 and 10 contain a use-after-free vulnerability in CMarkup object handling exploitable via crafted JavaScript, used in 'Operation SnowMan' watering hole attacks targeting US military and defense in early 2014. | HIGH | 8.8 | 93.2% | 232 |
KEV
PoC
|
| CVE-2012-1889 | Microsoft XML Core Services 3.0 through 6.0 access uninitialized memory locations, allowing remote attackers to execute code or cause memory corruption through a crafted website, actively exploited before patch availability. | HIGH | 8.8 | 92.9% | 232 |
KEV
PoC
|
| CVE-2012-4792 | Internet Explorer 6 through 8 contain a use-after-free vulnerability in CDwnBindInfo object handling that allows remote code execution through crafted websites, exploited as a zero-day in December 2012. | HIGH | 8.8 | 91.4% | 230 |
KEV
PoC
|
| CVE-2017-11882 | Remote code execution in Microsoft Office 2007-2016 via malicious documents exploiting a 17-year-old buffer overflow in the Equation Editor component (EQNEDT32.EXE). Attackers deliver weaponized Office files that execute arbitrary code when opened, requiring no macros or user interaction beyond opening the document. Confirmed actively exploited (CISA KEV) with EPSS score of 94.38% indicating widespread exploitation. Multiple public exploit frameworks available including Metasploit modules. Microsoft released patches in November 2017, but exploitation continues against unpatched systems across APT campaigns and commodity malware. | HIGH | 7.8 | 94.4% | 228 |
KEV
PoC
|
| CVE-2017-0199 | Remote code execution in Microsoft Office 2007-2016 and Windows Vista through 10 allows attackers to execute arbitrary code via malicious RTF or Office documents exploiting Windows API object linking. Confirmed actively exploited (CISA KEV) with EPSS score of 94.33% indicating near-certain real-world exploitation probability. Multiple public exploit codes available including weaponized RTF generators. Despite local attack vector classification (AV:L), exploitation occurs remotely through email/web delivery of crafted documents requiring only user interaction to open the file. | HIGH | 7.8 | 94.3% | 228 |
KEV
PoC
|
| CVE-2010-3333 | Remote code execution in Microsoft Office 2003-2010 and Office for Mac 2004-2011 allows attackers to execute arbitrary code via malicious RTF documents. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code and an EPSS score of 93.79% (100th percentile), indicating extremely high real-world exploitation likelihood. Microsoft released patches via security bulletin MS10-087. The vulnerability affects a wide range of Office versions across Windows and macOS platforms, representing significant enterprise exposure despite the 2010 disclosure date. | HIGH | 7.8 | 93.8% | 228 |
KEV
PoC
|
| CVE-2014-1761 | Microsoft Word 2003 through 2013 contain a memory corruption vulnerability in RTF file parsing that allows remote code execution, exploited as a zero-day in targeted attacks against government and military organizations. | HIGH | 7.8 | 93.1% | 227 |
KEV
PoC
|