Skip to main content

Microsoft

Vendor security scorecard – 2737 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 11238
2737
CVEs
227
Critical
1632
High
24
KEV
155
PoC
486
Unpatched C/H
73.0%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
227
HIGH
1632
MEDIUM
799
LOW
72

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-53770 Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. CRITICAL 9.8 90.5% 235
KEV PoC No patch
CVE-2025-9242 WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execution on WatchGuard firewalls. CRITICAL 9.3 69.0% 185
KEV PoC No patch
CVE-2025-13315 Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API bypass. The exposed log contains the administrator's username and encrypted password, which can be decrypted using hard-coded keys (CVE-2025-13316) to gain full administrative control. CRITICAL 9.3 82.4% 149
PoC No patch
CVE-2013-10047 An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.8%. CRITICAL 9.3 61.8% 143
PoC No patch
CVE-2012-10030 FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.1%. CRITICAL 9.3 57.1% 139
PoC No patch
CVE-2026-50751 Authentication bypass in Check Point Quantum Security Gateway and Spark Firewalls allows unauthenticated remote attackers to establish Remote Access and Mobile Access VPN sessions without valid credentials by abusing a logic flaw in deprecated IKEv1 certificate validation. The flaw (CVSS 9.3, CWE-287) was reported by Check Point themselves and publicly available exploit code exists, though EPSS exploitation probability remains very low (0.01%) and the issue is not currently listed in CISA KEV. Affected deployments include multiple Quantum R80.40-R82.10 trains and Spark R80.20.X-R82.00.X firmware. CRITICAL 9.3 0.0% 137
KEV PoC No patch
CVE-2025-13316 Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the credential exposure vulnerability (CVE-2025-13315), this allows attackers to decrypt the admin password from the leaked log file and gain full administrative control of the media server. HIGH 8.2 72.7% 134
PoC No patch
CVE-2026-33825 Privilege escalation in Microsoft Defender Antimalware Platform versions before 4.18.26030.3011 allows authenticated local attackers to gain elevated system privileges through insufficiently granular access controls. CVSS 7.8 (High) reflects local attack vector requiring low privileges. EPSS score of 0.04% (12th percentile) indicates low probability of widespread exploitation. Microsoft has released a patched version (4.18.26030.3011) addressing the access control deficiency. HIGH 7.8 0.0% 129
KEV PoC
CVE-2026-56164 Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. Microsoft has released a patch via MSRC. CRITICAL 9.8 7.0% 127
KEV PoC
CVE-2026-41091 Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation. HIGH 7.8 12.1% 126
KEV PoC
CVE-2026-20963 Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. CRITICAL 9.8 1.6% 126
KEV PoC
CVE-2026-42897 Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials without authentication. Affects Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition. Functional exploit code exists (CVSS temporal E:F) though no active exploitation confirmed at analysis time. CVSS 8.1 (High) driven by network vector, no authentication requirement, and dual confidentiality/integrity impact. Microsoft released patches via MSRC security update guide. Medium-high priority for organizations running affected Exchange versions with webmail or OWA exposed. MEDIUM 6.1 0.2% 121
KEV PoC
CVE-2026-8398 Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. This allowed remote attackers to achieve arbitrary code execution on systems installing affected versions (12.5.0.2421 through 12.5.0.2434) with no user interaction required beyond normal installation. The legitimate digital signature bypassed security controls that rely on code-signing verification, making detection extremely difficult during the compromise window. CRITICAL 9.3 0.0% 117
KEV PoC
CVE-2026-45659 Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) stems from unsafe deserialization of untrusted data (CWE-502), enabling an authorized attacker to run arbitrary code on the server over the network. CVSS 8.8 with low privileges required and no user interaction makes this attractive to post-authentication adversaries, though no public exploit identified at time of analysis and CVSS temporal data marks exploit code maturity as Unproven. HIGH 8.8 0.5% 115
KEV PoC
CVE-2013-10065 A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.9%. HIGH 8.7 48.9% 112
PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy