2104
CVEs
127
Critical
1198
High
35
KEV
140
PoC
1061
Unpatched C/H
23.1%
Patch Rate
1.5%
Avg EPSS
Severity Breakdown
CRITICAL
127
HIGH
1198
MEDIUM
713
LOW
61
Monthly CVE Trend
Affected Products (30)
Windows
1267
Windows Server 2025
720
Windows Server 2022
714
Windows Server 2022 23h2
713
Windows Server 2019
687
Windows 11 23h2
662
Windows 11 24h2
649
Windows 10 22h2
636
Windows 10 21h2
634
Windows 10 1809
607
Windows Server 2016
602
Windows 10 1607
522
Windows 11 22h2
497
Windows Server 2012
486
Windows 10 1507
378
Windows Server 2008
367
Memory Corruption
195
Use After Free
187
Windows 11 25h2
177
Heap Overflow
164
Office Long Term Servicing Channel
137
365 Apps
137
Office
130
Race Condition
84
Excel
52
Chrome
51
Office Online Server
49
Command Injection
47
Sharepoint Server
43
macOS
42
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-53770 | Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. | CRITICAL | 9.8 | 90.5% | 220 |
KEV
PoC
No patch
|
| CVE-2025-9242 | WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execution on WatchGuard firewalls. | CRITICAL | 9.3 | 69.0% | 185 |
KEV
PoC
No patch
|
| CVE-2025-33073 | Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems. | HIGH | 8.8 | 57.6% | 172 |
KEV
PoC
No patch
|
| CVE-2025-0994 | Trimble Cityworks asset management platform contains a deserialization vulnerability allowing authenticated users to achieve remote code execution on the IIS web server hosting the application. | HIGH | 8.6 | 76.0% | 169 |
KEV
No patch
|
| CVE-2025-49704 | Microsoft Office SharePoint contains a code injection vulnerability (CVE-2025-49704, CVSS 8.8) enabling authenticated attackers to execute arbitrary code over the network. KEV-listed with EPSS 63.8%, this vulnerability requires only basic SharePoint authentication and enables server-level code execution, threatening the documents, workflows, and data stored across the organization's SharePoint infrastructure. | HIGH | 8.8 | 63.8% | 168 |
KEV
No patch
|
| CVE-2025-33053 | Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files. | HIGH | 8.8 | 48.5% | 163 |
KEV
PoC
No patch
|
| CVE-2025-49706 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | MEDIUM | 6.5 | 59.9% | 152 |
KEV
No patch
|
| CVE-2025-30397 | Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine. | HIGH | 7.5 | 21.3% | 129 |
KEV
PoC
No patch
|
| CVE-2026-20963 | Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | CRITICAL | 9.8 | 1.6% | 126 |
KEV
PoC
No patch
|
| CVE-2025-34101 | Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/action API endpoint. The checkStreamUrl method passes the VIDEO parameter directly to cmd.exe without sanitization, enabling remote code execution on the media server. | CRITICAL | 9.3 | 53.9% | 120 |
PoC
No patch
|
| CVE-2025-24054 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM] [CISA KEV - actively exploited] | MEDIUM | 6.5 | 11.9% | 114 |
KEV
PoC
No patch
|
| CVE-2025-26633 | A security feature bypass in Microsoft Management Console (MMC) allows attackers to evade security warnings and execute malicious code locally. KEV-listed and tracked as CVE-2025-26633, this vulnerability has been actively exploited by the Water Gamayun threat group (also tracked as EncryptHub) using crafted .msc files to deploy info-stealing malware. Public PoC is available and EPSS is 7.1%. | HIGH | 7.0 | 7.1% | 112 |
KEV
PoC
No patch
|
| CVE-2025-34095 | Mako Server versions 2.5 and 2.6 contain an unauthenticated OS command injection via the tutorial interface at examples/save.lsp. Attackers can send crafted PUT requests with arbitrary Lua os.execute() code that is persisted on disk and executed, achieving remote code execution on the embedded web server. | CRITICAL | 9.3 | 45.4% | 112 |
PoC
No patch
|
| CVE-2025-32706 | Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday. | HIGH | 7.8 | 1.3% | 110 |
KEV
PoC
No patch
|
| CVE-2025-24071 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. [CVSS 6.5 MEDIUM] | MEDIUM | 6.5 | 57.7% | 110 |
PoC
No patch
|