787
CVEs
56
Critical
497
High
1
KEV
31
PoC
27
Unpatched C/H
95.4%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
56
HIGH
497
MEDIUM
212
LOW
17
Monthly CVE Trend
Affected Products (30)
Windows Server 2016
3953
Windows Server 2019
3686
Windows Server 2012
3310
Windows Server 2008
2807
Windows 10
2557
Windows Server 2022
2368
Windows 7
1931
Windows 8 1
1920
Windows Rt 8 1
1762
Windows 10 22h2
1453
Windows 10 1809
1448
Windows 10 21h2
1442
Windows 11 22h2
1318
Windows
1302
Windows 10 1607
1241
Windows Server 2022 23h2
1185
Windows Server 2025
1175
Windows 11 23h2
1109
Windows 10 1507
943
Internet Explorer
892
Windows 11 24h2
850
Windows 11 21H2
787
Office
744
Flash Player
741
Edge
690
Windows Vista
462
Sharepoint Server
449
Acrobat
430
Chrome
430
Windows 11
427
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-56164 | Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. Microsoft has released a patch via MSRC. | CRITICAL | 9.8 | 7.0% | 127 |
KEV
PoC
|
| CVE-2026-58644 | Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) allows an unauthenticated network attacker to run arbitrary code on the server by submitting maliciously crafted serialized data (CWE-502). The CVSS 3.1 base score is 9.8 with a fully remote, no-interaction, no-privilege vector (AV:N/AC:L/PR:N/UI:N), placing it among the most severe SharePoint flaws. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but insecure-deserialization RCE in SharePoint has historically been a high-value target for rapid weaponization. | CRITICAL | 9.8 | 1.3% | 85 |
PoC
|
| CVE-2026-50522 | Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated attacker run arbitrary code by sending a crafted serialized payload over the network. The flaw is an untrusted-data deserialization (CWE-502) rated CVSS 9.8 with PR:N/UI:N, meaning no credentials or user interaction are required. No public exploit identified at time of analysis, but the pre-auth network vector and SharePoint's long history as an attacker target make this a high-priority patch. | CRITICAL | 9.8 | 19.7% | 74 |
|
| CVE-2026-49798 | Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition (CWE-416) in kernel memory. The flaw affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. | CRITICAL | 9.3 | 2.2% | 74 |
PoC
|
| CVE-2026-49795 | Local privilege escalation in the Windows Kernel lets an already-authenticated attacker corrupt kernel memory via a use-after-free (CWE-416) and gain full control of the host. The CVSS 3.1 vector (AV:L/PR:L, scope-changed with C:H/I:H/A:H) reflects a low-privileged local user escalating to SYSTEM-level compromise across a broad range of Windows 10, Windows 11, and Windows Server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch. | HIGH | 8.8 | 1.8% | 64 |
PoC
|
| CVE-2026-50489 | Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. | HIGH | 8.8 | 0.4% | 64 |
PoC
|
| CVE-2020-37254 | Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.5 | 0.1% | 63 |
PoC
No patch
|
| CVE-2016-20091 | Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.5 | 0.1% | 63 |
PoC
No patch
|
| CVE-2026-58583 | Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys version 1.0.7.2 lets a standard user map arbitrary physical memory via the \Device\PhysicalMemory object and gain kernel-level control. The flaw affects Lenovo systems shipping this signed color-management driver and is fixed in version 1.0.7.6. Publicly available exploit code exists; there is no public exploit identified as actively exploited (not in CISA KEV), though the vulnerability was reported by CISA (cisa-cg). | HIGH | 8.4 | 0.1% | 62 |
PoC
|
| CVE-2026-54128 | Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw affecting a broad range of Windows 10, Windows 11, and Windows Server releases (Server 2012 through Server 2025). Per the CVSS vector an unauthenticated attacker with local access can achieve high-impact code execution with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide. | HIGH | 8.4 | 0.3% | 62 |
PoC
|
| CVE-2026-54992 | Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch. | HIGH | 8.4 | 0.4% | 62 |
PoC
|
| CVE-2026-50518 | Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in the service's packet handling. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and affects Windows Server 2012 through 2025 as well as the underlying Windows 10 1607/1809 code base. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but the unauthenticated network RCE profile makes it a high-priority patch. | CRITICAL | 9.8 | 7.4% | 61 |
|
| CVE-2026-55040 | Security feature bypass in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) lets a network-based, unauthenticated attacker defeat a weak-authentication protection mechanism (CWE-1390) to gain high-impact access to confidentiality and integrity. Rated CVSS 9.1 with no attacker privileges or user interaction required, this is a serious pre-authentication issue in a widely deployed collaboration platform. Microsoft has published a fix, and there is no public exploit identified at time of analysis. | CRITICAL | 9.1 | 0.7% | 61 |
|
| CVE-2026-50655 | Local code execution in the Windows Media component of supported Windows 10, Windows 11, and Windows Server (2016 through 2025) releases lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis. CVSS is 7.8 (High), driven by full confidentiality, integrity, and availability impact but gated by local vector and required user interaction. | HIGH | 7.8 | 0.5% | 59 |
PoC
|
| CVE-2026-50423 | Local privilege escalation in the Microsoft Windows Kernel allows an already-authenticated attacker to elevate to SYSTEM-level privileges across a wide range of Windows 10, Windows 11, and Windows Server builds. The flaw stems from improper access control (CWE-284) in kernel-mode code and requires local low-privileged access with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the trivial attack complexity and SYSTEM-level impact make it a standard patch-Tuesday priority. | HIGH | 7.8 | 2.5% | 59 |
PoC
|