616
CVEs
55
Critical
357
High
10
KEV
31
PoC
360
Unpatched C/H
18.2%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
55
HIGH
357
MEDIUM
182
LOW
17
Monthly CVE Trend
Affected Products (30)
Windows
1267
Windows Server 2025
720
Windows Server 2022
714
Windows Server 2022 23h2
713
Windows Server 2019
687
Windows 11 23h2
662
Windows 11 24h2
649
Windows 10 22h2
636
Windows 10 21h2
634
Windows 10 1809
607
Windows Server 2016
602
Windows 10 1607
522
Windows 11 22h2
497
Windows Server 2012
486
Windows 10 1507
378
Windows Server 2008
367
Memory Corruption
195
Use After Free
187
Windows 11 25h2
177
Heap Overflow
164
365 Apps
137
Office Long Term Servicing Channel
137
Office
130
Race Condition
84
Excel
52
Chrome
51
Office Online Server
49
Command Injection
47
Sharepoint Server
43
macOS
42
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20963 | Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | CRITICAL | 9.8 | 1.6% | 126 |
KEV
PoC
No patch
|
| CVE-2026-21509 | Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | HIGH | 7.8 | 9.3% | 98 |
KEV
No patch
|
| CVE-2026-21510 | Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network. | HIGH | 8.8 | 3.8% | 98 |
KEV
PoC
No patch
|
| CVE-2026-21514 | Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted inputs, allowing local attackers to bypass protections when opening malicious documents. KEV-listed, this vulnerability enables document-based attacks that circumvent Word's security features designed to protect users from malicious content. | HIGH | 7.8 | 4.5% | 93 |
KEV
No patch
|
| CVE-2026-21519 | Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling. | HIGH | 7.8 | 3.1% | 92 |
KEV
No patch
|
| CVE-2026-21533 | Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise. | HIGH | 7.8 | 2.7% | 92 |
KEV
PoC
No patch
|
| CVE-2025-62215 | Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization. | HIGH | 7.0 | 0.5% | 85 |
KEV
PoC
No patch
|
| CVE-2026-21525 | Windows Remote Access Connection Manager contains a null pointer dereference flaw affecting Windows 10 (versions 1809 and 21h2) and Windows 11 (version 23h2) that has been confirmed as actively exploited. A local attacker can trigger a denial of service condition without requiring authentication or user interaction. No patch is currently available for this vulnerability. | MEDIUM | 6.2 | 3.4% | 84 |
KEV
No patch
|
| CVE-2026-20805 | Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system. | MEDIUM | 5.5 | 4.8% | 82 |
KEV
No patch
|
| CVE-2025-26155 | NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2026-39912 | Authentication bypass in V2Board 1.6.1-1.7.4 and Xboard ≤0.1.9 enables unauthenticated account takeover including admin privileges. When login_with_mail_link_enable is active, attackers POST known email addresses to the loginWithMailLink endpoint, receiving full authentication URLs in HTTP responses. Tokens extracted from these URLs are exchanged at token2Login for valid bearer tokens granting complete account access. Publicly available exploit code exists. CVSS 9.1 critical severity reflects network-accessible attack with no user interaction required. | CRITICAL | 9.1 | 0.1% | 66 |
PoC
|
| CVE-2025-65958 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to arbitrary URLs. This can be exploited to access cloud metadata endpoints (AWS/GCP/Azure), scan internal networks, access internal services behind firewalls, and exfiltrate sensitive information. No special permissions beyond basic authentication are required. This vulnerability is fixed in 0.6.37. | HIGH | 8.5 | 0.0% | 63 |
PoC
|
| CVE-2026-25172 | Remote code execution in Windows Routing and Remote Access Service (RRAS) across Windows Server 2012, 2022, and 2022 23h2 stems from an integer overflow vulnerability that authenticated network attackers can exploit with user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. No patch is currently available. | HIGH | 8.0 | 0.1% | 60 |
PoC
No patch
|
| CVE-2026-25173 | Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow vulnerability exploitable by authenticated network attackers. Public exploit code exists for this vulnerability, enabling authenticated users to execute arbitrary code with high integrity and confidentiality impact. No patch is currently available, making this a critical exposure for affected Windows environments. | HIGH | 8.0 | 0.1% | 60 |
PoC
No patch
|
| CVE-2026-26111 | Remote code execution in Windows RRAS across Server 2016, 2022, and 2025 via an integer overflow vulnerability allows authenticated attackers to execute arbitrary code over the network with high privileges. Public exploit code exists for this vulnerability, and no patch is currently available. Authenticated users with network access can trigger the vulnerability through a simple interaction to gain complete system compromise. | HIGH | 8.0 | 0.1% | 60 |
PoC
No patch
|