2635
CVEs
162
Critical
999
High
1
KEV
34
PoC
26
Unpatched C/H
97.7%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
162
HIGH
999
MEDIUM
1474
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
3886
Chrome
840
Ubuntu
801
Debian Linux
414
Python
189
Kubernetes
96
Docker
70
Windows
68
Imagemagick
64
MySQL
61
Mysql Server
56
Mattermost Server
51
AI / ML
47
Java
46
Android
45
Node.js
42
Golang
42
Thunderbird
41
PHP
39
Freerdp
35
macOS
29
OpenSSL
29
TLS
28
Tomcat
26
Suricata
25
Vim
24
iOS
24
PostgreSQL
23
Assimp
21
Red Hat Enterprise Linux 10
18
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-11645 | Remote code execution in Google Chrome's V8 JavaScript engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside the renderer sandbox by enticing a victim to visit a crafted HTML page. The flaw is an out-of-bounds read and write (CWE-125) rated High severity by Chromium with a CVSS 8.8, and no public exploit identified at time of analysis, though V8 memory-corruption issues historically attract exploit development. | HIGH | 8.8 | 0.1% | 119 |
KEV
PoC
|
| CVE-2025-71329 | Denial of service in the image-size Node.js library through version 2.0.2 allows remote unauthenticated attackers to permanently hang the Node.js event loop by supplying a crafted JXL or HEIF image containing a box with a zero-valued size field. Publicly available exploit code exists and an upstream fix has been merged, making this a credible availability threat for any service that accepts user-supplied images and runs them through image-size. No active exploitation has been reported in CISA KEV at time of analysis. | HIGH | 8.7 | 0.1% | 64 |
PoC
|
| CVE-2025-71330 | Denial of service in the image-size Node.js library (versions up to and including 2.0.2) allows remote unauthenticated attackers to permanently stall the Node.js event loop by submitting a malformed ICNS image. The flaw stems from an infinite loop in the ICNS parser when an entry length field is zero, and publicly available exploit code exists per VulnCheck and an independent write-up; no public exploit identified at time of analysis indicates active exploitation, but the POC makes weaponization trivial. | HIGH | 8.7 | 0.1% | 64 |
PoC
|
| CVE-2018-25356 | SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.6 | 0.0% | 63 |
PoC
No patch
|
| CVE-2026-40517 | Command injection in radare2 PDB parser (versions before 6.1.4) enables arbitrary OS command execution when users analyze malicious PDB files. Publicly available exploit code exists. Attackers craft PDB files with newline characters in symbol names to inject radare2 commands during flag renaming operations, which then execute OS commands via radare2's shell operator when victims run the 'idp' command. CVSS 8.4 reflects local attack vector requiring user interaction, though EPSS data not available. Patch released in version 6.1.4 with detailed technical disclosure at blog.calif.io showing 0-day discovery process. | HIGH | 8.4 | 0.0% | 62 |
PoC
|
| CVE-2026-41470 | Authorization bypass in LIVE555 RTSP server (versions before 2026.04.22) allows remote unauthenticated attackers to hijack active streaming sessions by replaying valid Session tokens over a separate TCP connection. By issuing PLAY or TEARDOWN commands with a captured token, attackers can crash the server via virtual function call errors or terminate legitimate viewers' streams. Publicly available exploit code exists, and a vendor patch has been released; no public exploit identified as actively exploited in CISA KEV at time of analysis. | HIGH | 8.2 | 0.1% | 61 |
PoC
|
| CVE-2026-44331 | SQL injection in ProFTPD 1.3.9a and earlier allows remote attackers to execute arbitrary SQL commands when the 'UseReverseDNS on' configuration is enabled. The vulnerability exists in mod_wrap2_sql.c where attacker-controlled reverse DNS hostnames are passed unescaped into SQL queries during client access control checks. Exploitation complexity is high due to DNS character restrictions and specific configuration requirements. No active exploitation confirmed (not in CISA KEV), but upstream fix is available via GitHub commit 7666224. EPSS risk data not provided. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2022-46292 | HIGH | 7.8 | 0.8% | 60 |
PoC
|
|
| CVE-2026-44244 | Arbitrary code execution via Git hook redirection in GitPython 3.1.48 and earlier allows local authenticated users to inject malicious core.hooksPath configuration through newline characters in config_writer().set_value(). Publicly available exploit code exists. The vulnerability enables persistent repository poisoning where attacker-controlled hooks execute with the privileges of any user performing Git operations (commit, merge, checkout) on the poisoned repository. Particularly dangerous in multi-tenant environments like MLRun, DVC, MLflow, or Kedro where shared repositories enable privilege escalation across user contexts. Fixed in GitPython 3.1.49. | HIGH | 7.8 | 0.0% | 59 |
PoC
|
| CVE-2026-34059 | Buffer over-read in Apache HTTP Server through 2.4.66 enables remote unauthenticated information disclosure at network scale. Attackers can read sensitive memory content without authentication or user interaction, achieving high confidentiality impact with low attack complexity. EPSS exploitation probability and KEV status not provided, but SSVC framework confirms the vulnerability is automatable with partial technical impact and no active exploitation detected at time of analysis. Patch released in version 2.4.67. | HIGH | 7.5 | 0.1% | 58 |
PoC
|
| CVE-2018-25282 | Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available. | MEDIUM | 6.9 | 0.0% | 55 |
PoC
|
| CVE-2026-44166 | PocketBase versions before 0.22.42 and 0.30.0-0.37.3 allow account pre-hijacking via OAuth2 autolinking, where an attacker knowing a victim's email can create an unverified account linked to one OAuth2 provider, then retain access when the victim authenticates with a different provider and the accounts are auto-merged, because previous OAuth2 links are not cleared during the upgrade from unverified to verified status. Publicly available exploit code exists; vendor recommends immediate upgrade to v0.37.4 or v0.22.42. | MEDIUM | 6.1 | 0.0% | 51 |
PoC
|
| CVE-2026-13782 | Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox and gain broader code execution on the host via a crafted HTML page. Chromium rates the underlying use-after-free as Critical, though there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.21%). A vendor patch is available and the flaw is a classic second-stage chain component rather than a standalone entry point. | CRITICAL | 10.0 | 0.2% | 50 |
|
| CVE-2017-20230 | Storable versions before 3.05 for Perl has a stack overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. | CRITICAL | 10.0 | 0.0% | 50 |
|
| CVE-2025-15638 | Remote code execution with complete system compromise affects Net::Dropbear Perl module versions before 0.14 due to bundled vulnerable libtomcrypt library. The module ships with Dropbear 2019.78 or earlier containing libtomcrypt v1.18.1, inheriting CVE-2016-6129 (RSA signature forgery) and CVE-2018-12437 (RSA key recovery via side-channel). CVSS 10.0 reflects network-accessible attack with no authentication or user interaction required and complete confidentiality, integrity, and availability impact with scope change. CISA SSVC framework confirms automatable exploitation with total technical impact, though no active exploitation reported. Patch available in Net::Dropbear 0.14 with updated cryptographic dependencies. | CRITICAL | 10.0 | 0.0% | 50 |
|