151
CVEs
7
Critical
88
High
0
KEV
5
PoC
8
Unpatched C/H
88.7%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
7
HIGH
88
MEDIUM
53
LOW
1
Monthly CVE Trend
Affected Products (30)
Linux Kernel
2756
Ubuntu
776
Null Pointer Dereference
595
Debian Linux
561
Memory Corruption
521
Use After Free
425
Firefox
185
Thunderbird
183
Race Condition
124
Python
122
Integer Overflow
94
Chrome
88
Node.js
76
AI / ML
73
MySQL
64
Mysql Server
62
Java
61
Imagemagick
56
Heap Overflow
55
Kubernetes
55
Freerdp
45
Windows
44
Stack Overflow
34
Deserialization
34
Command Injection
32
Enterprise Linux
32
Virtuoso
30
OpenSSL
28
macOS
25
Tls
25
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-26740 | Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when processing Graphic Control Extension blocks, enabling remote attackers to trigger denial of service conditions. Public exploit code exists for this vulnerability, though no patch is currently available. The flaw affects any application using the vulnerable giflib version to process GIF files from untrusted sources. | HIGH | 8.2 | 0.1% | 61 |
PoC
|
| CVE-2026-28490 | Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products. | MEDIUM | 6.5 | 0.0% | 53 |
PoC
|
| CVE-2025-15379 | Critical command injection in MLflow 3.8.0 enables remote code execution during model deployment when attackers supply malicious artifacts via the `env_manager=LOCAL` parameter. The `_install_model_dependencies_to_env()` function unsafely interpolates dependency specifications from `python_env.yaml` directly into shell commands without sanitization. With CVSS 10.0 (network-accessible, no authentication, no complexity) and publicly available exploit code exists (reported via Huntr bug bounty, patched in 3.8.2), this represents an immediate critical risk for organizations using MLflow model serving infrastructure. EPSS data not available, but exploitation scenario is straightforward for adversaries with model deployment access. | CRITICAL | 10.0 | 0.2% | 50 |
|
| CVE-2025-70888 | A privilege escalation vulnerability exists in osslsigncode (mtrojnar) versions 2.10 and earlier within the osslsigncode.c component, allowing remote attackers to escalate privileges. The vulnerability affects users of the osslsigncode code signing utility. While CVSS scoring is not yet available, referenced GitHub issues and pull requests suggest this is an authenticated or context-dependent issue that has been identified and likely patched. | CRITICAL | 9.8 | 0.0% | 49 |
|
| CVE-2025-15036 | Path traversal in MLflow's tar.gz extraction (mlflow/mlflow versions <3.7.0) allows remote attackers to overwrite arbitrary files and potentially escape sandbox isolation via malicious archive uploads. The vulnerability affects the `extract_archive_to_dir` function which fails to validate tar member paths during extraction. Exploitation requires user interaction (CVSS UI:R) but needs no authentication (PR:N). EPSS data not provided, but no CISA KEV listing indicates no confirmed active exploitation at time of analysis. Public exploit code exists via Huntr bounty disclosure. | CRITICAL | 9.6 | 0.1% | 48 |
|
| CVE-2026-27876 | Remote code execution is achievable in Grafana installations through a chained attack combining SQL Expressions with a Grafana Enterprise plugin, affecting both open-source and Enterprise deployments. The vulnerability requires high-privilege authenticated access (PR:H) but enables cross-scope impact with complete system compromise once exploited. Only instances with the sqlExpressions feature toggle enabled are vulnerable, though Grafana recommends all users update to prevent future exploitation paths using this attack vector. No public exploit identified at time of analysis, and authentication as a high-privilege user is required per CVSS vector. | CRITICAL | 9.1 | 0.1% | 46 |
|
| CVE-2026-27962 | A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials. | CRITICAL | 9.1 | 0.0% | 46 |
|
| CVE-2026-22732 | Spring Security fails to properly write HTTP response headers in servlet applications across multiple versions (5.7.0-5.7.21, 5.8.0-5.8.23, 6.3.0-6.3.14, 6.4.0-6.4.14, 6.5.0-6.5.8, 7.0.0-7.0.3), allowing attackers to bypass security controls that rely on these headers such as HSTS, X-Frame-Options, or CSP policies. This header omission could enable various attacks including clickjacking, man-in-the-middle attacks, or other exploits depending on which protections are intended. No patch is currently available for this critical vulnerability. | CRITICAL | 9.1 | 0.0% | 46 |
|
| CVE-2025-15031 | MLflow, a popular open-source machine learning lifecycle platform, contains a path traversal vulnerability in its pyfunc extraction process that allows arbitrary file writes. The vulnerability stems from unsafe use of tarfile.extractall without proper path validation, enabling attackers to craft malicious tar.gz files with directory traversal sequences or absolute paths to write files outside the intended extraction directory. This poses critical risk in multi-tenant environments and can lead to remote code execution, with a CVSS score of 8.1 and confirmed exploit details available via Huntr. | CRITICAL | 9.1 | 0.0% | 46 |
|
| CVE-2026-32748 | Squid proxy versions prior to 7.5 contain use-after-free and premature resource release vulnerabilities in ICP (Internet Cache Protocol) traffic handling that enable reliable, repeatable denial of service attacks. Remote attackers can exploit these memory safety bugs to crash the Squid service by sending specially crafted ICP packets, affecting deployments that have explicitly enabled ICP support via non-zero icp_port configuration. While no CVSS score or EPSS value is currently published, the vulnerability is confirmed by vendor advisory and includes a public patch commit, indicating moderate to high real-world risk for affected deployments. | HIGH | 8.7 | 1.8% | 45 |
|
| CVE-2025-54920 | This issue affects Apache Spark: before 3.5.7 and 4.0.1. | HIGH | 8.8 | 0.2% | 44 |
|
| CVE-2025-67030 | A directory traversal vulnerability exists in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils versions prior to commit 6d780b3378829318ba5c2d29547e0012d5b29642, allowing attackers to escape the intended extraction directory and write arbitrary files to the filesystem, potentially leading to remote code execution. The vulnerability affects any application using vulnerable versions of plexus-utils for archive extraction operations. A proof-of-concept has been publicly disclosed via a GitHub Gist, and the fix has been merged into the project repository. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-5286 | Remote code execution in Google Chrome prior to version 146.0.7680.178 via use-after-free vulnerability in the Dawn graphics library allows unauthenticated remote attackers to execute arbitrary code through a crafted HTML page. The vulnerability affects all Chrome versions below the patched release and carries high severity per Chromium's assessment. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-5274 | Integer overflow in Google Chrome's Codecs component prior to version 146.0.7680.178 enables remote code execution and arbitrary memory read/write operations when a user visits a malicious HTML page. The vulnerability affects all versions before the patch release and requires no user interaction beyond visiting a crafted webpage. Chromium security team classified this as High severity; no public exploit code or active exploitation has been confirmed at the time of analysis. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-5275 | Remote code execution in ANGLE (Almost Native Graphics Layer Engine) within Google Chrome on macOS prior to version 146.0.7680.178 allows unauthenticated remote attackers to execute arbitrary code by crafting a malicious HTML page that triggers a heap buffer overflow. This vulnerability affects all Chrome versions below the patched release and poses an immediate risk to macOS users who visit compromised or malicious websites. | HIGH | 8.8 | 0.0% | 44 |
|