1657
CVEs
159
Critical
588
High
4
KEV
327
PoC
32
Unpatched C/H
96.1%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
159
HIGH
588
MEDIUM
791
LOW
1
Monthly CVE Trend
Affected Products (30)
Linux Kernel
2868
Ubuntu
836
Null Pointer Dereference
644
Memory Corruption
595
Debian Linux
568
Use After Free
474
Chrome
199
Firefox
194
Thunderbird
185
Race Condition
136
Integer Overflow
125
Python
109
Kubernetes
77
Heap Overflow
75
Windows
75
MySQL
61
Imagemagick
57
Mysql Server
56
Android
52
Mattermost Server
51
Golang
48
Command Injection
48
Freerdp
45
Stack Overflow
43
AI / ML
43
Java
37
Tls
37
Node.js
35
Docker
32
Enterprise Linux
31
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-24061 | GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | CRITICAL | 9.8 | 75.3% | 194 |
KEV
PoC
|
| CVE-2026-2441 | Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox through crafted HTML pages. KEV-listed with public PoC, this vulnerability enables drive-by exploitation when users visit malicious or compromised websites. | HIGH | 8.8 | 0.1% | 114 |
KEV
PoC
|
| CVE-2025-43529 | WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. | HIGH | 8.8 | 0.1% | 94 |
KEV
|
| CVE-2025-13223 | Google Chrome V8 contains a type confusion vulnerability in the JavaScript engine, the second V8 type confusion zero-day in 2025, exploited in targeted attacks. | HIGH | 8.8 | 2.5% | 94 |
KEV
|
| CVE-2025-14009 | Critical code execution vulnerability in NLTK (Natural Language Toolkit) downloader component. The _unzip_iter function can be exploited to achieve arbitrary code execution through crafted downloads. CVSS 10.0, EPSS 0.57%. PoC available. | CRITICAL | 10.0 | 0.6% | 71 |
PoC
|
| CVE-2025-66570 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2026-27944 | Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available. | CRITICAL | 9.8 | 1.0% | 70 |
PoC
|
| CVE-2025-68121 | Critical certificate validation bypass in Go crypto/tls during session resumption. If ClientCAs or RootCAs fields are mutated between creating the config and resuming a session, the TLS stack uses the modified trust store, potentially accepting certificates from unintended CAs. CVSS 10.0, PoC available, patch available. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2025-56005 | PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%. | CRITICAL | 9.8 | 0.9% | 70 |
PoC
|
| CVE-2026-22688 | WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available. | CRITICAL | 9.9 | 0.3% | 70 |
PoC
|
| CVE-2026-27626 | OS command injection in OliveTin web shell interface through version 3000.10.0. OliveTin provides web-based access to predefined shell commands — the injection allows executing arbitrary commands beyond the whitelist. PoC available. | CRITICAL | 9.9 | 0.1% | 70 |
PoC
|
| CVE-2026-27606 | Path traversal in Rollup JavaScript module bundler before 2.80.0/3.30.0/4.59.0 allows reading arbitrary files on the build server during bundling. PoC and patch available. | CRITICAL | 9.8 | 0.6% | 70 |
PoC
|
| CVE-2026-22039 | Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass and unauthorized cluster operations. | CRITICAL | 9.9 | 0.1% | 70 |
PoC
|
| CVE-2026-24740 | Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope and obtain an interactive root shell on out-of-scope containers. PoC available, patch in v9.0.3. | CRITICAL | 9.9 | 0.0% | 70 |
PoC
|
| CVE-2026-26190 | Unauthenticated API access in Milvus vector database before 2.5.27/2.6.10. TCP port 9091 exposed by default without authentication. EPSS 0.32% with PoC and patch available. | CRITICAL | 9.8 | 0.3% | 69 |
PoC
|