1035
CVEs
94
Critical
610
High
15
KEV
42
PoC
99
Unpatched C/H
84.6%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
94
HIGH
610
MEDIUM
299
LOW
22
Monthly CVE Trend
Affected Products (30)
Windows
1243
Windows Server 2025
712
Windows Server 2022
706
Windows Server 2022 23h2
705
Windows Server 2019
680
Windows 11 23h2
654
Windows 11 24h2
641
Windows 10 22h2
628
Windows 10 21h2
626
Windows 10 1809
600
Windows Server 2016
596
Windows 10 1607
516
Windows 11 22h2
496
Windows Server 2012
480
Windows 10 1507
377
Windows Server 2008
364
Windows 11 25h2
169
365 Apps
132
Office Long Term Servicing Channel
132
Office
119
Python
54
PHP
52
Excel
52
Chrome
49
Office Online Server
48
Sharepoint Server
43
macOS
42
Windows 11 21H2
34
Windows 11 26h1
33
Android
31
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-42897 | Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials without authentication. Affects Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition. Functional exploit code exists (CVSS temporal E:F) though no active exploitation confirmed at analysis time. CVSS 8.1 (High) driven by network vector, no authentication requirement, and dual confidentiality/integrity impact. Microsoft released patches via MSRC security update guide. Medium-high priority for organizations running affected Exchange versions with webmail or OWA exposed. | HIGH | 8.1 | 0.2% | 131 |
KEV
PoC
|
| CVE-2026-33825 | Privilege escalation in Microsoft Defender Antimalware Platform versions before 4.18.26030.3011 allows authenticated local attackers to gain elevated system privileges through insufficiently granular access controls. CVSS 7.8 (High) reflects local attack vector requiring low privileges. EPSS score of 0.04% (12th percentile) indicates low probability of widespread exploitation. Microsoft has released a patched version (4.18.26030.3011) addressing the access control deficiency. | HIGH | 7.8 | 0.0% | 129 |
KEV
PoC
|
| CVE-2026-41091 | Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation. | HIGH | 7.8 | 12.1% | 126 |
KEV
PoC
|
| CVE-2026-20963 | Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | CRITICAL | 9.8 | 1.6% | 126 |
KEV
PoC
|
| CVE-2026-8398 | Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. This allowed remote attackers to achieve arbitrary code execution on systems installing affected versions (12.5.0.2421 through 12.5.0.2434) with no user interaction required beyond normal installation. The legitimate digital signature bypassed security controls that rely on code-signing verification, making detection extremely difficult during the compromise window. | CRITICAL | 9.3 | 0.0% | 117 |
KEV
PoC
|
| CVE-2026-32201 | Improper input validation in Microsoft SharePoint Server enables network-based spoofing attacks without authentication, allowing attackers to forge communications and deceive users. Affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, making it a critical operational priority despite the moderate CVSS score of 6.5. | MEDIUM | 6.5 | 1.2% | 109 |
KEV
PoC
|
| CVE-2026-21509 | Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | HIGH | 7.8 | 9.3% | 98 |
KEV
|
| CVE-2026-21510 | Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network. | HIGH | 8.8 | 3.8% | 98 |
KEV
PoC
|
| CVE-2026-21514 | Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted inputs, allowing local attackers to bypass protections when opening malicious documents. KEV-listed, this vulnerability enables document-based attacks that circumvent Word's security features designed to protect users from malicious content. | HIGH | 7.8 | 4.5% | 93 |
KEV
|
| CVE-2026-45498 | Denial of service in Microsoft Defender Antimalware Platform allows a local, unprivileged attacker to partially degrade availability with low attack complexity and no user interaction required. The CVSS 4.0 score reflects limited impact - confidentiality and integrity are unaffected, and availability impact is rated Low. Vendor patch is available via Microsoft Security Response Center; no public exploit identified at time of analysis and no CISA KEV listing. | MEDIUM | 4.0 | 2.3% | 92 |
KEV
PoC
|
| CVE-2026-21519 | Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables authorized local attackers to escalate privileges. KEV-listed, this kernel-level vulnerability in the Windows compositor allows any authenticated user to achieve SYSTEM-level access through exploitation of an incompatible type access in DWM's resource handling. | HIGH | 7.8 | 3.1% | 92 |
KEV
|
| CVE-2026-21533 | Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise. | HIGH | 7.8 | 2.7% | 92 |
KEV
PoC
|
| CVE-2026-32202 | Windows Shell protection mechanism failure (CVE-2026-32202) allows remote attackers to perform spoofing attacks over a network without authentication, requiring only user interaction. This low-severity vulnerability affects multiple Windows versions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025. While not actively exploited in the wild, vendor patches are available across all affected versions, and the low CVSS score (4.3) reflects limited confidentiality impact and no availability impact despite the network-accessible attack vector. | MEDIUM | 4.3 | 0.1% | 92 |
KEV
PoC
|
| CVE-2026-20805 | Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenticated users, enabling disclosure of confidential data without modifying or disrupting system functionality. This vulnerability is confirmed actively exploited and affects multiple Windows versions with no patch currently available. An authorized attacker can exploit this with minimal complexity to extract sensitive information from the system. | MEDIUM | 5.5 | 4.8% | 87 |
KEV
|
| CVE-2026-21525 | Windows Remote Access Connection Manager contains a null pointer dereference flaw affecting Windows 10 (versions 1809 and 21h2) and Windows 11 (version 23h2) that has been confirmed as actively exploited. A local attacker can trigger a denial of service condition without requiring authentication or user interaction. No patch is currently available for this vulnerability. | MEDIUM | 6.2 | 3.4% | 84 |
KEV
|