1840
CVEs
151
Critical
1076
High
26
KEV
113
PoC
446
Unpatched C/H
62.4%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
151
HIGH
1076
MEDIUM
554
LOW
49
Monthly CVE Trend
Affected Products (30)
Windows
1243
Windows Server 2025
712
Windows Server 2022
706
Windows Server 2022 23h2
705
Windows Server 2019
680
Windows 11 23h2
654
Windows 11 24h2
641
Windows 10 22h2
628
Windows 10 21h2
626
Windows 10 1809
600
Windows Server 2016
596
Windows 10 1607
516
Windows 11 22h2
496
Windows Server 2012
480
Windows 10 1507
377
Windows Server 2008
364
Windows 11 25h2
169
365 Apps
132
Office Long Term Servicing Channel
132
Office
119
Python
54
PHP
52
Excel
52
Chrome
49
Office Online Server
48
Sharepoint Server
43
macOS
42
Windows 11 21H2
34
Windows 11 26h1
33
Android
31
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-53770 | Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. | CRITICAL | 9.8 | 90.5% | 220 |
KEV
PoC
No patch
|
| CVE-2025-9242 | WatchGuard Fireware OS contains an out-of-bounds write in IKEv2 VPN handling enabling unauthenticated remote code execution on WatchGuard firewalls. | CRITICAL | 9.3 | 69.0% | 185 |
KEV
PoC
No patch
|
| CVE-2025-33073 | Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems. | HIGH | 8.8 | 57.6% | 172 |
KEV
PoC
|
| CVE-2025-49704 | Microsoft Office SharePoint contains a code injection vulnerability (CVE-2025-49704, CVSS 8.8) enabling authenticated attackers to execute arbitrary code over the network. KEV-listed with EPSS 63.8%, this vulnerability requires only basic SharePoint authentication and enables server-level code execution, threatening the documents, workflows, and data stored across the organization's SharePoint infrastructure. | HIGH | 8.8 | 63.8% | 168 |
KEV
|
| CVE-2025-33053 | Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files. | HIGH | 8.8 | 48.5% | 163 |
KEV
PoC
|
| CVE-2025-49706 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | MEDIUM | 6.5 | 59.9% | 152 |
KEV
|
| CVE-2026-42897 | Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials without authentication. Affects Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition. Functional exploit code exists (CVSS temporal E:F) though no active exploitation confirmed at analysis time. CVSS 8.1 (High) driven by network vector, no authentication requirement, and dual confidentiality/integrity impact. Microsoft released patches via MSRC security update guide. Medium-high priority for organizations running affected Exchange versions with webmail or OWA exposed. | HIGH | 8.1 | 0.2% | 131 |
KEV
PoC
|
| CVE-2026-33825 | Privilege escalation in Microsoft Defender Antimalware Platform versions before 4.18.26030.3011 allows authenticated local attackers to gain elevated system privileges through insufficiently granular access controls. CVSS 7.8 (High) reflects local attack vector requiring low privileges. EPSS score of 0.04% (12th percentile) indicates low probability of widespread exploitation. Microsoft has released a patched version (4.18.26030.3011) addressing the access control deficiency. | HIGH | 7.8 | 0.0% | 129 |
KEV
PoC
|
| CVE-2026-41091 | Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation. | HIGH | 7.8 | 12.1% | 126 |
KEV
PoC
|
| CVE-2026-20963 | Microsoft Office SharePoint contains a deserialization vulnerability (CVE-2026-20963) that allows authenticated users to execute arbitrary code over the network through crafted serialized objects. KEV-listed with public PoC, this CVSS 8.8 vulnerability enables any SharePoint user to escalate to server-level code execution, making it a critical threat for organizations relying on SharePoint for document management and collaboration. | CRITICAL | 9.8 | 1.6% | 126 |
KEV
PoC
|
| CVE-2025-34101 | Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/action API endpoint. The checkStreamUrl method passes the VIDEO parameter directly to cmd.exe without sanitization, enabling remote code execution on the media server. | CRITICAL | 9.3 | 53.9% | 120 |
PoC
No patch
|
| CVE-2026-8398 | Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. This allowed remote attackers to achieve arbitrary code execution on systems installing affected versions (12.5.0.2421 through 12.5.0.2434) with no user interaction required beyond normal installation. The legitimate digital signature bypassed security controls that rely on code-signing verification, making detection extremely difficult during the compromise window. | CRITICAL | 9.3 | 0.0% | 117 |
KEV
PoC
|
| CVE-2025-34095 | Mako Server versions 2.5 and 2.6 contain an unauthenticated OS command injection via the tutorial interface at examples/save.lsp. Attackers can send crafted PUT requests with arbitrary Lua os.execute() code that is persisted on disk and executed, achieving remote code execution on the embedded web server. | CRITICAL | 9.3 | 45.4% | 112 |
PoC
No patch
|
| CVE-2025-60710 | Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.8 | 0.3% | 109 |
KEV
PoC
No patch
|
| CVE-2026-32201 | Improper input validation in Microsoft SharePoint Server enables network-based spoofing attacks without authentication, allowing attackers to forge communications and deceive users. Affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, making it a critical operational priority despite the moderate CVSS score of 6.5. | MEDIUM | 6.5 | 1.2% | 109 |
KEV
PoC
|