3333
CVEs
268
Critical
1366
High
6
KEV
349
PoC
40
Unpatched C/H
98.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
268
HIGH
1366
MEDIUM
1687
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
2489
Ubuntu
818
Debian Linux
421
Chrome
276
Python
175
Kubernetes
101
Windows
72
Docker
69
Imagemagick
65
MySQL
61
Mysql Server
56
Java
53
AI / ML
51
Node.js
51
Freerdp
51
Mattermost Server
51
Golang
50
Android
43
Thunderbird
41
PHP
40
macOS
33
PostgreSQL
32
TLS
30
Tomcat
28
OpenSSL
26
Suricata
25
iOS
25
Assimp
21
Safari
20
Enterprise Linux
20
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-24061 | GNU Inetutils telnetd through version 2.7 contains a critical authentication bypass that allows remote attackers to gain root access by setting the USER environment variable to '-f root' during TELNET negotiation. With EPSS 75% and KEV listing, this trivially exploitable vulnerability (CVE-2026-24061) has been widely weaponized. Public PoC is available and patches exist. | CRITICAL | 9.8 | 75.3% | 194 |
KEV
PoC
|
| CVE-2026-3910 | Chrome's V8 JavaScript engine contains an inappropriate implementation (CVE-2026-3910, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox via crafted HTML pages. KEV-listed with public PoC, this V8 vulnerability affects all Chromium-based browsers and enables drive-by exploitation through any web page containing malicious JavaScript. | HIGH | 8.8 | 0.1% | 119 |
KEV
PoC
|
| CVE-2026-3909 | Google Chrome's Skia graphics library contains an out-of-bounds write (CVE-2026-3909, CVSS 8.8) enabling remote attackers to perform memory corruption through crafted HTML pages. KEV-listed with public PoC and patches available, this vulnerability in the core graphics rendering engine affects all Chromium-based browsers. | HIGH | 8.8 | 0.1% | 119 |
KEV
PoC
|
| CVE-2026-33634 | Trivy security scanner v0.69.4 was compromised in a supply chain attack where a threat actor used stolen credentials to publish malicious releases and force-push credential-stealing malware to GitHub Actions repositories. | CRITICAL | 9.4 | 0.0% | 117 |
KEV
PoC
|
| CVE-2026-2441 | Google Chrome's CSS engine contains a use-after-free vulnerability (CVE-2026-2441, CVSS 8.8) that allows remote attackers to execute arbitrary code within the browser sandbox through crafted HTML pages. KEV-listed with public PoC, this vulnerability enables drive-by exploitation when users visit malicious or compromised websites. | HIGH | 8.8 | 0.1% | 114 |
KEV
PoC
|
| CVE-2025-43529 | WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users. | HIGH | 8.8 | 0.1% | 94 |
KEV
|
| CVE-2025-14009 | Critical code execution vulnerability in NLTK (Natural Language Toolkit) downloader component. The _unzip_iter function can be exploited to achieve arbitrary code execution through crafted downloads. CVSS 10.0, EPSS 0.57%. PoC available. | CRITICAL | 10.0 | 0.6% | 71 |
PoC
|
| CVE-2025-66570 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2026-27944 | Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available. | CRITICAL | 9.8 | 1.0% | 70 |
PoC
|
| CVE-2026-4689 | A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
|
| CVE-2025-56005 | PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%. | CRITICAL | 9.8 | 0.9% | 70 |
PoC
|
| CVE-2026-22688 | WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available. | CRITICAL | 9.9 | 0.3% | 70 |
PoC
|
| CVE-2026-30861 | OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS 9.9 with scope change. PoC available. | CRITICAL | 9.9 | 0.2% | 70 |
PoC
|
| CVE-2026-29042 | Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available. | CRITICAL | 9.8 | 0.7% | 70 |
PoC
|
| CVE-2026-30860 | SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database contents. CVSS 9.9 with scope change. PoC available. | CRITICAL | 9.9 | 0.2% | 70 |
PoC
|