861
CVEs
47
Critical
341
High
1
KEV
15
PoC
4
Unpatched C/H
99.1%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
47
HIGH
341
MEDIUM
473
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
2479
Ubuntu
765
Debian Linux
414
Python
164
Chrome
157
Node.js
118
Java
91
Kubernetes
71
AI / ML
70
Imagemagick
64
MySQL
64
Mysql Server
62
Freerdp
51
Thunderbird
40
Windows
37
Virtuoso
30
iOS
25
macOS
25
Vllm
25
Tomcat
24
Docker
24
Golang
22
Safari
21
Enterprise Linux
21
OpenSSL
20
PostgreSQL
19
Django
19
PHP
19
Pytorch
18
Open Redirect
18
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-42208 | SQL injection in LiteLLM proxy server versions 1.81.16 through 1.83.6 allows unauthenticated remote attackers to read and modify database contents, gaining unauthorized access to managed LLM API credentials. The vulnerability is exploitable via crafted Authorization headers sent to any LLM API route (e.g., POST /chat/completions), triggering the injection through the proxy's error-handling path. Vendor-released patch available in version 1.83.7. No active exploitation confirmed (not in CISA KEV), but the attack vector is simple (CVSS 4.0: AV:N/AC:L/PR:N) and SQL injection POCs are widely known. Discovered by Tencent YunDing Security Lab. | CRITICAL | 9.3 | 0.1% | 117 |
KEV
PoC
|
| CVE-2026-24118 | Remote code execution in VM2 sandbox (npm package) versions ≤3.10.4 allows attackers to escape the JavaScript isolation boundary and execute arbitrary system commands on the host. The vulnerability exploits prototype chain traversal through Buffer.apply and __lookupGetter__ to access the host Function constructor, bypassing VM2's context isolation. Publicly available exploit code exists, and vendor-released patch version 3.11.0 addresses the issue. This is a complete sandbox escape requiring no authentication or user interaction, making it critical for environments executing untrusted code within VM2 contexts. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2026-26956 | Full sandbox escape with arbitrary code execution allows remote attackers to break out of vm2's Node.js sandbox environment (version 3.10.4) and execute commands on the host system. Attacker-controlled code running inside VM.run() can obtain the host process object and execute arbitrary host commands without any cooperation from the host application. EPSS data not available, but this represents complete failure of the sandbox security boundary. Patch released in version 3.10.5 addresses eleven distinct escape vectors including Function constructor leakage, proxy unwrapping, util.inspect exposure, and WebAssembly exception handling. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2026-24120 | Sandbox escape in vm2 for Node.js allows remote unauthenticated attackers to execute arbitrary commands on the host system. The vulnerability represents an insufficient fix for CVE-2023-37466, enabling attackers to circumvent sandbox protections through multiple attack vectors including Function constructor extraction, proxy unwrapping, property descriptor manipulation, and WebAssembly JSTag exploitation. CVSS 9.8 (Critical) with EPSS data unavailable, but the existence of a detailed security advisory and comprehensive patch from GitHub indicates active vendor awareness and rapid response. Patched in version 3.10.5 with eleven distinct fixes addressing various bypass techniques. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2026-31072 | Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deserialize attacker-controlled data via the bundled JSONSerializer or CBORSerializer. The unmarshal_object routine dynamically imports modules and invokes __setstate__ on arbitrary classes, letting an attacker pivot an untrusted payload into code execution; publicly available exploit code exists, though EPSS remains low at 0.06% (19th percentile). | CRITICAL | 9.8 | 0.1% | 69 |
PoC
|
| CVE-2026-42945 | Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker processes and potentially execute code on systems without ASLR. The vulnerability requires specific rewrite directive configurations using PCRE captures with question marks in replacement strings, combined with attacker-crafted HTTP requests and conditions beyond the attacker's control. F5 has released patches addressing this critical flaw. EPSS data unavailable; no KEV listing or public exploit identified at time of analysis, though the specific configuration requirements and dependency on external conditions likely limit widespread exploitation despite the 9.2 CVSS score. | CRITICAL | 9.2 | 0.2% | 66 |
PoC
|
| CVE-2026-37555 | An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (li | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2026-6321 | Path normalization bypass in fast-uri 3.1.0 and earlier allows remote attackers to circumvent path-based access controls through percent-encoded path traversal sequences. The normalize() and equal() functions decode URL-encoded separators (%2F) and dot segments (%2E) before applying normalization rules, causing distinct URIs to collapse onto identical normalized paths. Applications relying on fast-uri for URL validation in authorization checks can be tricked into allowing access to restricted resources. EPSS exploitation probability not yet calculated given recent disclosure; no active exploitation confirmed (not in CISA KEV), but attack vector is trivial (CVSS AV:N/AC:L/PR:N/UI:N) and patch is available in version 3.1.1. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2026-46333 | Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. Publicly available exploit code exists (referenced in OSS-security and a GitHub PoC against ssh-keysign), though EPSS scoring (0.02%) indicates low likelihood of widespread exploitation. | HIGH | 7.1 | 0.0% | 56 |
PoC
|
| CVE-2026-45829 | {tenant}/databases/{db}/collections endpoint. The flaw carries a maximum CVSS 4.0 score of 10.0 and was disclosed publicly by HiddenLayer; no public exploit identified at time of analysis, though detailed research has been published. | CRITICAL | 10.0 | 0.1% | 50 |
No patch
|
| CVE-2026-25244 | Command injection in @wdio/browserstack-service allows arbitrary code execution when malicious git branch names are processed during test orchestration. Attackers can craft repository branch names containing shell metacharacters that execute when the BrowserStack service's getGitMetadataForAISelection() function unsafely passes branch names to Node.js execSync() calls. Exploitation requires configuring WebdriverIO to point at an attacker-controlled repository or cloning into a directory where tests run, making this primarily a supply chain and CI/CD pipeline risk. Publicly available exploit code exists with working proof-of-concept demonstrating file creation via injected commands. Vendor-released patch available in version 9.24.0 per GitHub advisory GHSA-5c46-x3qw-q7j7. CVSS 9.8 (Critical) reflects maximum impact, but real-world exploitation requires either social engineering developers to use malicious repos or compromising upstream dependencies - exploitation probability depends heavily on organizational code review and repository vetting practices. | CRITICAL | 9.8 | 0.4% | 49 |
|
| CVE-2026-42027 | Apache OpenNLP's model loading mechanism executes arbitrary static initializers through crafted manifest entries, enabling attackers to trigger side effects in any classpath class before type validation occurs. Affects OpenNLP versions before 2.5.9 and 3.0.0-M3. While not direct RCE, exploitation becomes viable when third-party models from untrusted sources (community repositories, model-sharing platforms) are loaded in environments containing classes with JNDI lookups, network I/O, or filesystem operations in static initializers. EPSS score of 0.29% suggests low widespread exploitation probability despite CVSS 9.8, though attack surface grows with model-sharing ecosystem adoption. No public exploit identified at time of analysis; vendor-released patches available. | CRITICAL | 9.8 | 0.3% | 49 |
|
| CVE-2026-24781 | Remote code execution in vm2 (Node.js sandbox library) versions prior to 3.11.0 allows unauthenticated attackers to escape the sandbox environment via the inspect function and execute arbitrary system commands. The vulnerability exploits handler leakage through util.inspect's showProxy option to reconstruct host-realm objects and break isolation guarantees. CRITICAL: This is a complete sandbox bypass affecting all deployments using vm2 for untrusted code execution. Vendor-released patch available in version 3.11.0 with multiple commits addressing eight distinct exploitation primitives discovered during iterative disclosure. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-26332 | Remote code execution in vm2 (Node.js sandbox library) versions prior to 3.11.0 allows unauthenticated network attackers to escape the sandbox and execute arbitrary code on the host system. The SuppressedError vulnerability (GHSA-55hx-c926-fr95) is one of 13 full sandbox-escape primitives patched in this coordinated security release. CVSS 9.8 Critical reflects network-accessible, unauthenticated exploitation with no complexity barriers. No CISA KEV listing or public POC data at time of analysis, but vendor explicitly warns 'embedders running untrusted code should upgrade,' indicating active risk to production deployments using vm2 for sandboxing untrusted JavaScript execution. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-43186 | Heap buffer overflow in Linux kernel's IPv6 IOAM (In-situ Operations, Administration, and Maintenance) packet processing allows remote unauthenticated attackers to corrupt kernel memory and trigger system crashes. Attackers send crafted IPv6 packets with inconsistent IOAM trace headers (nodelen=0 with type bits set), causing __ioam6_fill_trace_data() to write ~100 bytes beyond allocated memory into skb_shared_info structures. Despite CVSS 9.8 critical rating, EPSS exploitation probability is low (0.05%, 16th percentile) and no active exploitation or public POC has been identified. Vendor patches available across multiple stable kernel branches (5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0). | CRITICAL | 9.8 | 0.1% | 49 |
|