1525
CVEs
134
Critical
919
High
7
KEV
60
PoC
80
Unpatched C/H
92.0%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
134
HIGH
919
MEDIUM
430
LOW
36
Monthly CVE Trend
Affected Products (30)
Windows Server 2016
3953
Windows Server 2019
3686
Windows Server 2012
3310
Windows Server 2008
2807
Windows 10
2557
Windows Server 2022
2368
Windows 7
1931
Windows 8 1
1920
Windows Rt 8 1
1762
Windows 10 22h2
1453
Windows 10 1809
1448
Windows 10 21h2
1442
Windows 11 22h2
1318
Windows
1302
Windows 10 1607
1241
Windows Server 2022 23h2
1185
Windows Server 2025
1175
Windows 11 23h2
1109
Windows 10 1507
943
Internet Explorer
892
Windows 11 24h2
850
Windows 11 21H2
787
Office
744
Flash Player
741
Edge
690
Windows Vista
462
Sharepoint Server
449
Acrobat
430
Chrome
430
Windows 11
427
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-50751 | Authentication bypass in Check Point Quantum Security Gateway and Spark Firewalls allows unauthenticated remote attackers to establish Remote Access and Mobile Access VPN sessions without valid credentials by abusing a logic flaw in deprecated IKEv1 certificate validation. The flaw (CVSS 9.3, CWE-287) was reported by Check Point themselves and publicly available exploit code exists, though EPSS exploitation probability remains very low (0.01%) and the issue is not currently listed in CISA KEV. Affected deployments include multiple Quantum R80.40-R82.10 trains and Spark R80.20.X-R82.00.X firmware. | CRITICAL | 9.3 | 0.0% | 137 |
KEV
PoC
No patch
|
| CVE-2026-56164 | Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. Microsoft has released a patch via MSRC. | CRITICAL | 9.8 | 7.0% | 127 |
KEV
PoC
|
| CVE-2026-41091 | Local privilege escalation in Microsoft Defender (Malware Protection Engine) enables an authenticated low-privileged attacker to elevate to SYSTEM by abusing improper link resolution (CWE-59) before file access. The flaw scores CVSS 7.8 with high impact to confidentiality, integrity, and availability, and no public exploit is identified at time of analysis. Microsoft has released a patch via MSRC, and there is no current CISA KEV listing or EPSS signal indicating active mass exploitation. | HIGH | 7.8 | 12.1% | 126 |
KEV
PoC
|
| CVE-2026-42897 | Cross-site scripting (XSS) in Microsoft Exchange Server enables remote attackers to spoof content and steal credentials without authentication. Affects Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition. Functional exploit code exists (CVSS temporal E:F) though no active exploitation confirmed at analysis time. CVSS 8.1 (High) driven by network vector, no authentication requirement, and dual confidentiality/integrity impact. Microsoft released patches via MSRC security update guide. Medium-high priority for organizations running affected Exchange versions with webmail or OWA exposed. | MEDIUM | 6.1 | 0.2% | 121 |
KEV
PoC
|
| CVE-2026-8398 | Supply chain compromise of DAEMON Tools Lite for Windows delivered trojanized installers through the legitimate vendor website daemon-tools.cc from April 8 to May 5, 2026. Attackers compromised AVB Disc Soft's build infrastructure and injected malicious code into three binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe), all signed with the vendor's legitimate code-signing certificate. This allowed remote attackers to achieve arbitrary code execution on systems installing affected versions (12.5.0.2421 through 12.5.0.2434) with no user interaction required beyond normal installation. The legitimate digital signature bypassed security controls that rely on code-signing verification, making detection extremely difficult during the compromise window. | CRITICAL | 9.3 | 0.0% | 117 |
KEV
PoC
|
| CVE-2026-45659 | Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) stems from unsafe deserialization of untrusted data (CWE-502), enabling an authorized attacker to run arbitrary code on the server over the network. CVSS 8.8 with low privileges required and no user interaction makes this attractive to post-authentication adversaries, though no public exploit identified at time of analysis and CVSS temporal data marks exploit code maturity as Unproven. | HIGH | 8.8 | 0.5% | 115 |
KEV
PoC
|
| CVE-2026-45498 | Denial of service in Microsoft Defender Antimalware Platform allows a local, unprivileged attacker to partially degrade availability with low attack complexity and no user interaction required. The CVSS 4.0 score reflects limited impact - confidentiality and integrity are unaffected, and availability impact is rated Low. Vendor patch is available via Microsoft Security Response Center; no public exploit identified at time of analysis and no CISA KEV listing. | MEDIUM | 4.0 | 2.3% | 92 |
KEV
PoC
|
| CVE-2026-58644 | Remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Server Subscription Edition) allows an unauthenticated network attacker to run arbitrary code on the server by submitting maliciously crafted serialized data (CWE-502). The CVSS 3.1 base score is 9.8 with a fully remote, no-interaction, no-privilege vector (AV:N/AC:L/PR:N/UI:N), placing it among the most severe SharePoint flaws. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but insecure-deserialization RCE in SharePoint has historically been a high-value target for rapid weaponization. | CRITICAL | 9.8 | 1.3% | 85 |
PoC
|
| CVE-2026-41089 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. | CRITICAL | 9.8 | 0.1% | 74 |
PoC
|
| CVE-2026-50522 | Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated attacker run arbitrary code by sending a crafted serialized payload over the network. The flaw is an untrusted-data deserialization (CWE-502) rated CVSS 9.8 with PR:N/UI:N, meaning no credentials or user interaction are required. No public exploit identified at time of analysis, but the pre-auth network vector and SharePoint's long history as an attacker target make this a high-priority patch. | CRITICAL | 9.8 | 19.7% | 74 |
|
| CVE-2026-49798 | Local privilege escalation in the Microsoft Windows Kernel allows an unauthorized attacker to gain elevated (SYSTEM-level) privileges by triggering a use-after-free condition (CWE-416) in kernel memory. The flaw affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. | CRITICAL | 9.3 | 2.2% | 74 |
PoC
|
| CVE-2026-33453 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's cam | CRITICAL | 10.0 | 0.5% | 71 |
PoC
|
| CVE-2026-42904 | Privilege elevation in the Windows TCP/IP networking stack allows an unauthenticated attacker on an adjacent network to gain elevated privileges by triggering a heap-based buffer overflow (CWE-122). The CVSS 9.6 score with scope change (S:C) indicates the compromise crosses security boundaries beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV. | CRITICAL | 9.6 | 0.1% | 68 |
|
| CVE-2026-6722 | Use-after-free memory corruption in PHP 8.2.x enables remote attackers to achieve high-impact exploitation through network-accessible attack vectors, despite high attack complexity and specific timing requirements. PHP 8.2.31 addresses this vulnerability along with seven other security issues in a coordinated security release. The CVSS v4.0 score of 9.5 reflects both confidentiality and integrity impact across vulnerable and subsequent systems, with high availability impact. No public exploit code or active exploitation confirmed at time of analysis, but the vendor urgency indicator (U:Red) and release coordinator emphasis (RE:M) signal critical priority for organizations running PHP 8.2.x in production environments. | CRITICAL | 9.5 | 0.3% | 68 |
PoC
|
| CVE-2026-42281 | Unauthenticated SSRF in MagicMirror ≤2.35.0 allows remote attackers to proxy arbitrary HTTP requests through the server, accessing cloud metadata services (AWS/GCP/Azure IMDSv1), internal network resources, and localhost services via the unrestricted `/cors` endpoint. The vulnerability is compounded by environment variable expansion: attackers can exfiltrate server-side secrets (API keys, database credentials) by embedding placeholders like `**SECRET_API_KEY**` in URLs, which the server resolves from `process.env` before making the request. Vendor-released patch version 2.36.0 disables the CORS proxy by default and implements IP blocklisting when enabled. Publicly available exploit code exists (PoC provided in GitHub advisory GHSA-ph6f-2cvq-79hq). No active exploitation confirmed at time of analysis. | CRITICAL | 9.2 | 0.8% | 67 |
PoC
|