1459
CVEs
103
Critical
845
High
24
KEV
103
PoC
867
Unpatched C/H
12.3%
Patch Rate
0.8%
Avg EPSS
Severity Breakdown
CRITICAL
103
HIGH
845
MEDIUM
466
LOW
40
Monthly CVE Trend
Affected Products (30)
Windows
1267
Windows Server 2025
720
Windows Server 2022
714
Windows Server 2022 23h2
713
Windows Server 2019
687
Windows 11 23h2
662
Windows 11 24h2
649
Windows 10 22h2
636
Windows 10 21h2
634
Windows 10 1809
607
Windows Server 2016
602
Windows 10 1607
522
Windows 11 22h2
497
Windows Server 2012
486
Windows 10 1507
378
Windows Server 2008
367
Memory Corruption
195
Use After Free
187
Windows 11 25h2
177
Heap Overflow
164
365 Apps
137
Office Long Term Servicing Channel
137
Office
130
Race Condition
84
Excel
52
Chrome
51
Office Online Server
49
Command Injection
47
Sharepoint Server
43
macOS
42
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-53770 | Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. | CRITICAL | 9.8 | 90.5% | 220 |
KEV
PoC
No patch
|
| CVE-2025-9242 | WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execution on WatchGuard firewalls. | CRITICAL | 9.3 | 69.0% | 185 |
KEV
PoC
No patch
|
| CVE-2025-33073 | Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems. | HIGH | 8.8 | 57.6% | 172 |
KEV
PoC
No patch
|
| CVE-2025-49704 | Microsoft Office SharePoint contains a code injection vulnerability (CVE-2025-49704, CVSS 8.8) enabling authenticated attackers to execute arbitrary code over the network. KEV-listed with EPSS 63.8%, this vulnerability requires only basic SharePoint authentication and enables server-level code execution, threatening the documents, workflows, and data stored across the organization's SharePoint infrastructure. | HIGH | 8.8 | 63.8% | 168 |
KEV
No patch
|
| CVE-2025-33053 | Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files. | HIGH | 8.8 | 48.5% | 163 |
KEV
PoC
No patch
|
| CVE-2025-49706 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | MEDIUM | 6.5 | 59.9% | 152 |
KEV
No patch
|
| CVE-2025-30397 | Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine. | HIGH | 7.5 | 21.3% | 129 |
KEV
PoC
No patch
|
| CVE-2026-20963 | Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | CRITICAL | 9.8 | 1.6% | 126 |
KEV
PoC
No patch
|
| CVE-2025-34101 | Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/action API endpoint. The checkStreamUrl method passes the VIDEO parameter directly to cmd.exe without sanitization, enabling remote code execution on the media server. | CRITICAL | 9.3 | 53.9% | 120 |
PoC
No patch
|
| CVE-2025-34095 | Mako Server versions 2.5 and 2.6 contain an unauthenticated OS command injection via the tutorial interface at examples/save.lsp. Attackers can send crafted PUT requests with arbitrary Lua os.execute() code that is persisted on disk and executed, achieving remote code execution on the embedded web server. | CRITICAL | 9.3 | 45.4% | 112 |
PoC
No patch
|
| CVE-2025-32706 | Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday. | HIGH | 7.8 | 1.3% | 110 |
KEV
PoC
No patch
|
| CVE-2026-21509 | Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in security decisions allows local attackers to bypass protections designed to prevent execution of malicious content. KEV-listed with EPSS 9.3%, this vulnerability enables attackers to circumvent Office security features like Protected View or macro restrictions through crafted documents. | HIGH | 7.8 | 9.3% | 98 |
KEV
No patch
|
| CVE-2026-21510 | Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote attackers to bypass security features over a network. KEV-listed, this vulnerability in the core Windows Shell component enables remote code execution by circumventing security boundaries designed to prevent execution of untrusted content received from the network. | HIGH | 8.8 | 3.8% | 98 |
KEV
PoC
No patch
|
| CVE-2025-47827 | In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | MEDIUM | 4.6 | 1.8% | 95 |
KEV
PoC
No patch
|
| CVE-2026-21514 | Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted inputs, allowing local attackers to bypass protections when opening malicious documents. KEV-listed, this vulnerability enables document-based attacks that circumvent Word's security features designed to protect users from malicious content. | HIGH | 7.8 | 4.5% | 93 |
KEV
No patch
|