CVE Intelligence Dashboard

Exploitable This Week

High-severity CVEs with known proof-of-concept exploits available

About This Section

This table shows CVEs that have publicly available proof-of-concept (POC) exploits, cross-referenced with severity scores from CISA. These vulnerabilities represent the highest risk as attackers can readily exploit them. Priority should be given to Critical and High severity items with Network attack vectors. GitHub links point to POC repositories, while Ref links provide additional technical details.

Total with POC

Critical Severity

High Severity

Network Exploitable

CVE ID	Product	Description	Score	Severity	Attack Vector	POC Links
CVE-2025-60219	WooCommerce Designer Pro	Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro ...	10.0	CRITICAL	NETWORK	-
CVE-2025-9962	P series (P07%2C P10%2C P12%2C P15)	A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2024-57521	n/a	SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrar...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2024-58338	Flamingo XL	Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to e...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-65108	md-to-pdf	md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prio...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-63414	n/a	A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated ...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-63216	n/a	The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper J...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-63224	n/a	The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JW...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-61481	n/a	An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over ...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-59528	Flowise	Flowise is a drag & drop user interface to build a customized large language model flow. In version ...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-58384	n/a	In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code exe...	10.0	CRITICAL	NETWORK	-
CVE-2025-55182	react-server-dom-webpack	A pre-authentication remote code execution vulnerability exists in React Server Components versions ...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2] [Ref3]
CVE-2025-3450	Automation Runtime	An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions b...	10.0	CRITICAL	NETWORK	-
CVE-2025-10363	Topal Finanzbuchhaltung	Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Win...	10.0	CRITICAL	NETWORK	-
CVE-2025-10230	Red Hat Enterprise Linux 8	A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration pack...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2018-25118	GeoVision embedded IP devices	GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injec...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2] [Ref3] [Ref4]
CVE-2025-68668	n8n	n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox by...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-61913	Flowise	Flowise is a drag & drop user interface to build a customized large language model flow. In versions...	9.9	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-60957	n/a	OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6...	9.9	CRITICAL	NETWORK	-
CVE-2025-60306	n/a	code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users c...	9.9	CRITICAL	NETWORK	-
CVE-2025-59832	horilla	Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, t...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-55343	n/a	Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqued...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-55315	Microsoft Visual Studio 2022 version 17.10	Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core all...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-55187	n/a	In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gai...	9.9	CRITICAL	NETWORK	-
CVE-2025-49844	redis	Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an...	9.9	CRITICAL	NETWORK	-
CVE-2025-34267	Flowise	Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authentica...	9.9	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-20333	Cisco Secure Firewall Threat Defense (FTD) Software	A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Sof...	9.9	CRITICAL	NETWORK	-
CVE-2025-12421	Mattermost	Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-12419	Mattermost	Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-11539	grafana-image-renderer	Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnera...	9.9	CRITICAL	NETWORK	-
CVE-2025-10725	Red Hat OpenShift AI 2.22	A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authen...	9.9	CRITICAL	NETWORK	-
CVE-2023-53739	Tinycontrol LAN Controller v	Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allow...	9.9	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-65354	n/a	Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0...	9.8	CRITICAL	NETWORK	[Ref1]
CVE-2025-65125	n/a	SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_details.php allows attackers to gai...	9.8	CRITICAL	NETWORK	[Ref1]
CVE-2025-14611	CentreStack and TrioFox	Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their ...	9.8	CRITICAL	NETWORK	[Ref1]
CVE-2025-66456	elysia	Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and c...	9.8	CRITICAL	NETWORK	[Ref1] [Ref2] [Ref3]
CVE-2025-9967	Orion SMS OTP Verification.	The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via accoun...	9.8	CRITICAL	NETWORK	-
CVE-2025-9762	Post By Email	The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t...	9.8	CRITICAL	NETWORK	-
CVE-2025-9485	OAuth Single Sign On %E2%80%93 SSO (OAuth Client)	The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verific...	9.8	CRITICAL	NETWORK	-
CVE-2025-9286	Appy Pie Connect for WooCommerce	The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due ...	9.8	CRITICAL	NETWORK	-
CVE-2025-9054	MultiLoca - WooCommerce Multi Locations Inventory Management	The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable ...	9.8	CRITICAL	NETWORK	-
CVE-2025-7721	JoomSport %E2%80%93 for Sports%3A Team %26 League%2C Football%2C Hockey %26 more	The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerabl...	9.8	CRITICAL	NETWORK	-
CVE-2025-7526	WP Travel Engine %E2%80%93 Tour Booking Plugin %E2%80%93 Tour Operator Software	The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerab...	9.8	CRITICAL	NETWORK	-
CVE-2025-7634	WP Travel Engine %E2%80%93 Tour Booking Plugin %E2%80%93 Tour Operator Software	The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerab...	9.8	CRITICAL	NETWORK	-
CVE-2025-6388	Spirit Framework	The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up ...	9.8	CRITICAL	NETWORK	-
CVE-2025-6553	Ovatheme Events Manager	The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to miss...	9.8	CRITICAL	NETWORK	-
CVE-2025-13597	AI Feeds	The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability ...	9.8	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-13595	CIBELES AI	The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capabilit...	9.8	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-11522	Search %26 Go - Directory WordPress Theme	The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypa...	9.8	CRITICAL	NETWORK	-
CVE-2025-10586	Community Events	The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘event_venue’ param...	9.8	CRITICAL	NETWORK	-

Vendor/Product Watch

CVE distribution across vendors and products

Top Vendors by CVE Count

n/a

145308

Microsoft

80085

Linux

11013

Apple

8102

Google

3575

Total Unique Vendors

Total Products Tracked

150

Vendor	Product	CVE Count	Avg Severity	Latest CVE	Sample CVEs
n/a	n/a	142699	N/A	2026-04-24	CVE-2026-31050, CVE-2026-31052, CVE-2026-31051
Linux	Linux	11013	7.1	2026-04-25	CVE-2026-31685, CVE-2026-31685, CVE-2026-31684
Microsoft	Windows Server 2019	3499	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows Server 2019 (Server Core installation)	3403	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows Server 2016	3145	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows 10 Version 1809	3135	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows Server 2016 (Server Core installation)	2941	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Apple	macOS	2882	N/A	2026-04-03	CVE-2026-28815, CVE-2025-43236, CVE-2025-43257
Microsoft	Windows Server 2022	2808	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows 10 Version 1607	2656	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows Server 2012 R2	2563	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33827
Microsoft	Windows 10 Version 21H2	2448	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
n/a	Android	2437	N/A	2023-06-28	CVE-2023-21237, CVE-2023-21167, CVE-2023-21171
Microsoft	Windows Server 2012 R2 (Server Core installation)	2418	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33827
Microsoft	Windows Server 2012	2411	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33827
Google	Chrome	2408	N/A	2026-04-23	CVE-2026-6921, CVE-2026-6920, CVE-2026-6919
Microsoft	Windows Server 2012 (Server Core installation)	2278	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33827
Microsoft	Windows 10 Version 1507	2277	N/A	2025-12-09	CVE-2025-64680, CVE-2025-64679, CVE-2025-62209
Microsoft	Windows 10 Version 22H2	1949	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows Server 2008 R2 Service Pack 1	1874	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)	1860	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Microsoft	Windows 11 version 22H2	1775	N/A	2025-12-09	CVE-2025-64680, CVE-2025-64679, CVE-2025-62209
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	1669	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	1667	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Microsoft	Windows Server 2008 Service Pack 2	1664	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Mozilla	Firefox	1566	N/A	2026-04-21	CVE-2026-6786, CVE-2026-6785, CVE-2026-6784
Microsoft	Windows 11 version 21H2	1560	N/A	2024-10-08	CVE-2024-43583, CVE-2024-43599, CVE-2024-43585
Microsoft	Windows Server 2008 Service Pack 2	1526	N/A	2025-07-08	CVE-2025-49742, CVE-2025-49732, CVE-2025-49730
Microsoft	Windows 11 Version 23H2	1505	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows 11 version 22H3	1501	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Apple	iOS and iPadOS	1457	N/A	2026-04-22	CVE-2026-28950, CVE-2026-28950, CVE-2025-43210
Microsoft	Windows 10 Version 20H2	1260	N/A	2023-12-20	CVE-2022-44684, CVE-2022-35759, CVE-2022-35758
Microsoft	Windows 11 Version 24H2	1185	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Google	Android	1167	N/A	2026-04-06	CVE-2026-0049, CVE-2025-48651, CVE-2026-0124
Microsoft	Windows Server 2025	1142	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows Server 2025 (Server Core installation)	1142	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Windows 8.1	1087	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35756
Apple	watchOS	1086	N/A	2026-04-02	CVE-2025-43210, CVE-2026-28864, CVE-2026-20691
Microsoft	Windows 10 Version 1903 for x64-based Systems	1070	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Microsoft	Windows Server, version 1903 (Server Core installation)	1056	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Huawei	HarmonyOS	1053	N/A	2026-04-13	CVE-2026-34866, CVE-2026-34865, CVE-2026-34864
Apple	tvOS	1048	N/A	2026-04-02	CVE-2025-43210, CVE-2026-20687, CVE-2026-28852
Microsoft	Windows 10 Version 1903 for ARM64-based Systems	1038	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Microsoft	Windows 10 Version 1903 for 32-bit Systems	1035	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Oracle Corporation	MySQL Server	997	N/A	2026-04-21	CVE-2026-35240, CVE-2026-35239, CVE-2026-35238
Microsoft	Windows Server, version 1909 (Server Core installation)	990	N/A	2021-07-14	CVE-2021-33760, CVE-2021-31194, CVE-2021-31193
Microsoft	Windows 10 Version 1909	968	N/A	2022-05-18	CVE-2022-30138, CVE-2022-29142, CVE-2022-29141
Adobe	Adobe Experience Manager	966	N/A	2026-04-14	CVE-2026-34625, CVE-2026-34623, CVE-2026-34624
Microsoft	Windows Server version 20H2	965	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35757
Google Inc.	Android	960	N/A	2018-12-07	CVE-2018-9574, CVE-2018-9573, CVE-2018-9519
GitLab	GitLab	949	N/A	2026-04-22	CVE-2026-3254, CVE-2026-4922, CVE-2025-0186
Microsoft	Windows 7	922	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35756
Qualcomm, Inc.	Snapdragon	908	N/A	2026-04-06	CVE-2026-21382, CVE-2026-21381, CVE-2026-21380
Mozilla	Firefox ESR	907	N/A	2026-04-07	CVE-2026-5734, CVE-2026-5732, CVE-2026-5731
Mozilla	Thunderbird	904	N/A	2026-03-24	CVE-2026-4371, CVE-2026-4371, CVE-2026-3889
Microsoft	Windows Server	831	N/A	2020-07-14	CVE-2020-1463, CVE-2020-1468, CVE-2020-1438
Microsoft	Windows	823	N/A	2025-09-08	CVE-2022-50238, CVE-2025-59033, CVE-2025-9491
Microsoft	Windows 7 Service Pack 1	817	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35756
Microsoft	Windows 10 Version 21H1	780	N/A	2023-12-20	CVE-2022-44684, CVE-2022-35759, CVE-2022-35758
Microsoft	Windows 10 Version 2004	757	N/A	2021-12-15	CVE-2021-43893, CVE-2021-43883, CVE-2021-43248
Microsoft	Windows Server version 2004	748	N/A	2021-12-15	CVE-2021-43893, CVE-2021-43883, CVE-2021-43248
Samsung Mobile	Samsung Mobile Devices	745	N/A	2026-04-13	CVE-2026-21010, CVE-2026-21008, CVE-2026-21012
Huawei	EMUI	739	N/A	2026-04-13	CVE-2026-34859, CVE-2026-34855, CVE-2026-34854
Juniper Networks	Junos OS	662	N/A	2026-04-09	CVE-2026-33791, CVE-2026-33790, CVE-2026-33787
Red Hat	Red Hat Enterprise Linux 9	639	N/A	2026-04-23	CVE-2026-6732, CVE-2026-2708, CVE-2026-34003
Red Hat	Red Hat Enterprise Linux 8	633	N/A	2026-04-23	CVE-2026-6732, CVE-2026-2708, CVE-2026-34003
Microsoft	Windows 10 Version 1803	552	N/A	2021-05-11	CVE-2021-31194, CVE-2021-31193, CVE-2021-31191
Red Hat	Red Hat Enterprise Linux 7	550	N/A	2026-04-23	CVE-2026-6732, CVE-2026-2708, CVE-2026-34003
Adobe	Adobe Acrobat and Reader	516	N/A	2020-08-19	CVE-2020-9723, CVE-2020-9722, CVE-2020-9721
Microsoft	Windows 10 Version 1909 for x64-based Systems	512	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows 10 Version 1909 for 32-bit Systems	503	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows 10 Version 1909 for ARM64-based Systems	502	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Red Hat	Red Hat Enterprise Linux 6	496	N/A	2026-04-23	CVE-2026-6732, CVE-2026-2708, CVE-2026-34003
Apple	iOS	480	N/A	2026-03-17	CVE-2026-20643, CVE-2022-32871, CVE-2022-32891
Microsoft	Windows 11 Version 25H2	451	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
Microsoft	Microsoft 365 Apps for Enterprise	447	N/A	2026-04-14	CVE-2026-33115, CVE-2026-33114, CVE-2026-32200
Adobe	Acrobat Reader	422	N/A	2026-04-14	CVE-2026-34622, CVE-2026-34626, CVE-2026-34621
tensorflow	tensorflow	401	N/A	2024-07-30	CVE-2023-33976, CVE-2024-3660, CVE-2023-25661
Apple	visionOS	390	N/A	2026-04-02	CVE-2025-43210, CVE-2026-28864, CVE-2026-20691
Microsoft	Microsoft Office 2019	388	N/A	2026-04-14	CVE-2026-32200, CVE-2026-32199, CVE-2026-32198
Apple	Safari	386	N/A	2026-03-25	CVE-2026-20691, CVE-2026-20664, CVE-2026-20665
google	android	382	N/A	2024-12-05	CVE-2018-9391, CVE-2018-9390, CVE-2018-9388
Red Hat	Red Hat Enterprise Linux 10	345	N/A	2026-04-23	CVE-2026-6732, CVE-2026-2708, CVE-2026-34003
Mattermost	Mattermost	342	N/A	2026-04-15	CVE-2026-3590, CVE-2026-28741, CVE-2026-27769
Unisoc (Shanghai) Technologies Co., Ltd.	SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000	327	N/A	2023-07-12	CVE-2022-48451, CVE-2023-33905, CVE-2023-33904
OpenClaw	OpenClaw	319	N/A	2026-04-23	CVE-2026-41361, CVE-2026-41360, CVE-2026-41359
Microsoft	Microsoft Office LTSC 2021	316	N/A	2026-04-14	CVE-2026-33115, CVE-2026-33114, CVE-2026-32200
Qualcomm, Inc.	Android for MSM, Firefox OS for MSM, QRD Android	306	N/A	2019-02-11	CVE-2018-13893, CVE-2018-13889, CVE-2018-11962
Oracle Corporation	VM VirtualBox	280	N/A	2024-07-16	CVE-2024-21164, CVE-2024-21161, CVE-2024-21141
PDF-XChange	PDF-XChange Editor	280	N/A	2026-02-20	CVE-2026-2040, CVE-2025-6640, CVE-2025-6641
Microsoft	Windows 10 Version 1709	270	N/A	2020-10-16	CVE-2020-1243, CVE-2020-1167, CVE-2020-1047
Microsoft	Windows 10 Version 1709 for 32-bit Systems	256	N/A	2020-10-16	CVE-2020-1167, CVE-2020-17022, CVE-2020-16976
google	chrome	252	N/A	2024-12-03	CVE-2024-12053, CVE-2024-7025, CVE-2024-11395
Foxit	Foxit Reader	247	N/A	2025-08-13	CVE-2025-32451, CVE-2013-10068, CVE-2024-49576
Juniper Networks	Junos OS Evolved	246	N/A	2026-04-09	CVE-2026-33791, CVE-2026-33783, CVE-2026-33776
Cisco	Cisco Small Business RV Series Router Firmware	243	N/A	2024-11-18	CVE-2020-3431, CVE-2024-20524, CVE-2024-20523
QNAP Systems Inc.	QTS	237	N/A	2026-03-11	CVE-2024-14026, CVE-2025-47205, CVE-2025-58466
Microsoft	Microsoft SharePoint Server 2019	236	N/A	2026-04-14	CVE-2026-32201, CVE-2026-20945, CVE-2026-26106
nextcloud	security-advisories	234	N/A	2025-12-05	CVE-2025-66558, CVE-2025-66556, CVE-2025-66554
discourse	discourse	233	N/A	2026-04-03	CVE-2026-34947, CVE-2026-27481, CVE-2026-33415
Cisco	Cisco IOS XE Software	229	N/A	2026-03-25	CVE-2026-20112, CVE-2026-20113, CVE-2026-20114
xwiki	xwiki-platform	227	N/A	2026-04-15	CVE-2026-40105, CVE-2026-33229, CVE-2026-26000
Microsoft	Microsoft SharePoint Enterprise Server 2016	222	N/A	2026-04-14	CVE-2026-32201, CVE-2026-20945, CVE-2026-26106
QNAP Systems Inc.	QuTS hero	222	N/A	2026-03-11	CVE-2024-14026, CVE-2025-47205, CVE-2025-48725
qualcomm	wsa8830_firmware	215	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43049
qualcomm	wsa8835_firmware	215	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43049
Microsoft	Microsoft Office LTSC for Mac 2021	214	N/A	2026-04-14	CVE-2026-33115, CVE-2026-33114, CVE-2026-32199
Microsoft	Windows 10	214	N/A	2024-09-26	CVE-2024-6769, CVE-2024-6768, CVE-2019-0577
F5	BIG-IP	211	N/A	2026-02-18	CVE-2026-2507, CVE-2026-22548, CVE-2026-20732
Foxit	PDF Reader	211	N/A	2025-09-02	CVE-2025-9330, CVE-2025-9323, CVE-2025-9324
qualcomm	wcd9380_firmware	211	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
Liferay	DXP	209	N/A	2025-11-01	CVE-2025-62275, CVE-2025-62276, CVE-2025-62267
Liferay	Portal	206	N/A	2025-11-01	CVE-2025-62275, CVE-2025-62276, CVE-2025-62267
Microsoft	Microsoft Office LTSC 2024	201	N/A	2026-04-14	CVE-2026-33115, CVE-2026-33114, CVE-2026-32200
Microsoft	Windows 10 Servers	201	N/A	2019-01-08	CVE-2019-0577, CVE-2019-0547, CVE-2019-0575
Huawei	Magic UI	200	N/A	2022-09-16	CVE-2020-36601, CVE-2020-36600, CVE-2022-39003
qualcomm	fastconnect_7800_firmware	197	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
qualcomm	fastconnect_6900_firmware	194	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
qualcomm	qca6696_firmware	194	N/A	2024-12-02	CVE-2024-33063, CVE-2024-33056, CVE-2024-33053
Apple	iTunes for Windows	192	N/A	2024-10-11	CVE-2024-44157, CVE-2024-44193, CVE-2024-27793
Microsoft	Microsoft Edge (Chromium-based)	192	N/A	2026-04-10	CVE-2026-33118, CVE-2026-32187, CVE-2026-0102
qualcomm	wcd9385_firmware	190	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
qualcomm	qca6574au_firmware	188	N/A	2024-12-02	CVE-2024-33063, CVE-2024-33056, CVE-2024-33053
Microsoft	ChakraCore	187	N/A	2021-11-10	CVE-2021-42279, CVE-2020-17131, CVE-2020-17054
Microsoft	Microsoft Edge	186	N/A	2023-04-11	CVE-2023-28284, CVE-2019-1107, CVE-2019-1106
qualcomm	wsa8810_firmware	186	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43048
qualcomm	wsa8815_firmware	184	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43048
Apple	iCloud for Windows	181	N/A	2022-12-15	CVE-2022-46692, CVE-2022-46698, CVE-2022-46693
Microsoft	Windows 11 version 26H1	181	N/A	2026-04-14	CVE-2026-32214, CVE-2026-33829, CVE-2026-33824
IrfanView	IrfanView	180	N/A	2025-07-21	CVE-2025-7299, CVE-2025-7325, CVE-2025-7324
qualcomm	qca6391_firmware	180	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-33063
Oracle Corporation	Java	179	N/A	2020-07-15	CVE-2020-14664, CVE-2020-14621, CVE-2020-14593
Oracle Corporation	PeopleSoft Enterprise PT PeopleTools	179	N/A	2024-07-16	CVE-2024-21180, CVE-2024-21178, CVE-2024-21158
Microsoft	Windows 10 Version 2004 for x64-based Systems	177	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows Server, version 2004 (Server Core installation)	177	N/A	2020-07-14	CVE-2020-1463, CVE-2020-1468, CVE-2020-1438
Oracle Corporation	WebLogic Server	177	N/A	2024-07-16	CVE-2024-21183, CVE-2024-21182, CVE-2024-21181
Microsoft	Windows 10 Version 2004 for 32-bit Systems	176	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows 10 Version 2004 for ARM64-based Systems	176	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
qualcomm	qca6574a_firmware	175	N/A	2024-12-02	CVE-2024-33063, CVE-2024-33056, CVE-2024-33044
qualcomm	wcd9370_firmware	175	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43048
Qualcomm, Inc.	All Qualcomm products	174	N/A	2017-08-18	CVE-2017-9684, CVE-2017-9679, CVE-2017-9678
n/a	kernel	172	N/A	2024-02-08	CVE-2024-1312, CVE-2024-1312, CVE-2023-6200
qualcomm	qca6595au_firmware	172	N/A	2024-12-02	CVE-2024-43050, CVE-2024-33063, CVE-2024-33056
Dell	PowerScale OneFS	169	N/A	2026-04-16	CVE-2025-43937, CVE-2025-43935, CVE-2025-43883
linux	linux_kernel	169	N/A	2024-10-23	CVE-2024-50066, CVE-2024-40902, CVE-2024-39495
LabRedesCefetRJ	WeGIA	168	N/A	2026-04-17	CVE-2026-40286, CVE-2026-40285, CVE-2026-40284
Red Hat	Red Hat OpenShift Container Platform 4	168	N/A	2026-04-24	CVE-2026-5367, CVE-2026-5367, CVE-2026-5367
qualcomm	qca6698aq_firmware	168	N/A	2024-12-02	CVE-2024-33063, CVE-2024-33056, CVE-2024-33044
OpenHarmony	OpenHarmony	167	N/A	2026-03-16	CVE-2025-6969, CVE-2025-26474, CVE-2025-52458
Fortinet	FortiOS	164	N/A	2026-04-14	CVE-2025-61624, CVE-2025-53847, CVE-2025-62439

CVSS Score Drift

Comparison of CVSS scores across different versions (v2, v3.1, v4.0)

About CVSS Score Drift

CVSS Score Drift measures how vulnerability severity ratings change between CVSS versions (v2, v3.1, v4.0). Different scoring methodologies can result in the same CVE having significantly different severity ratings.

Why it matters: Security teams using different scanners may see conflicting severity scores for the same vulnerability. Understanding drift helps reconcile these differences and prioritize remediation correctly.

How to use: Focus on CVEs with high drift (=2.0 points) - these require manual review to determine actual risk. An upward arrow (?) indicates newer CVSS versions rate it more severe; downward (?) means less severe.

CVEs with Multiple Scores

150

High Drift (=2.0)

Avg Score Drift

1.61

CVE ID	Published	CVSS v2	CVSS v3.1	CVSS v4.0	Drift
CVE-2020-36912	2026-01-06	N/A	9.8	5.1	4.7 ?
CVE-2026-0597	2026-01-05	6.5	9.8	5.3	4.5 ?
CVE-2026-0591	2026-01-05	6.5	9.8	5.3	4.5 ?
CVE-2026-0590	2026-01-05	6.5	9.8	5.3	4.5 ?
CVE-2026-0584	2026-01-05	6.5	9.8	5.3	4.5 ?
CVE-2026-0582	2026-01-05	6.5	9.8	5.3	4.5 ?
CVE-2026-0581	2026-01-05	6.5	9.8	5.3	4.5 ?
CVE-2025-15448	2026-01-05	6.5	9.8	5.3	4.5 ?
CVE-2026-0577	2026-01-04	6.5	9.8	5.3	4.5 ?
CVE-2025-15449	2026-01-05	5.5	9.1	5.3	3.8 ?
CVE-2020-36908	2026-01-06	N/A	8.8	5.1	3.7 ?
CVE-2025-68454	2026-01-05	N/A	8.8	5.2	3.6 ?
CVE-2026-0641	2026-01-06	6.5	8.8	5.3	3.5 ?
CVE-2026-0574	2026-01-04	6.5	8.8	5.3	3.5 ?
CVE-2026-21439	2026-01-06	N/A	5.3	2.0	3.3 ?
CVE-2020-36913	2026-01-06	N/A	5.3	8.5	3.2 ?
CVE-2025-13744	2026-01-06	N/A	5.4	8.4	3.0 ?
CVE-2025-15382	2026-01-06	N/A	8.1	5.1	3.0 ?
CVE-2020-36923	2026-01-06	N/A	9.8	6.9	2.9 ?
CVE-2026-0607	2026-01-06	7.5	9.8	6.9	2.9 ?
CVE-2026-0606	2026-01-05	7.5	9.8	6.9	2.9 ?
CVE-2026-0605	2026-01-05	7.5	9.8	6.9	2.9 ?
CVE-2026-0592	2026-01-05	7.5	9.8	6.9	2.9 ?
CVE-2026-0585	2026-01-05	7.5	9.8	6.9	2.9 ?
CVE-2026-0583	2026-01-05	7.5	9.8	6.9	2.9 ?
CVE-2025-15458	2026-01-05	7.5	9.8	6.9	2.9 ?
CVE-2025-15457	2026-01-05	7.5	9.8	6.9	2.9 ?
CVE-2026-0579	2026-01-04	7.5	9.8	6.9	2.9 ?
CVE-2026-0578	2026-01-04	7.5	9.8	6.9	2.9 ?
CVE-2026-0576	2026-01-04	7.5	9.8	6.9	2.9 ?
CVE-2026-0575	2026-01-04	7.5	9.8	6.9	2.9 ?
CVE-2025-3654	2026-01-04	N/A	9.8	6.9	2.9 ?
CVE-2024-14020	2026-01-07	4.6	5.0	2.3	2.7 ?
CVE-2025-69230	2026-01-06	N/A	5.3	2.7	2.6 ?
CVE-2025-69225	2026-01-06	N/A	5.3	2.7	2.6 ?
CVE-2026-0640	2026-01-06	9.0	9.8	7.4	2.4 ?
CVE-2020-36905	2026-01-06	N/A	7.5	5.1	2.4 ?
CVE-2025-15452	2026-01-05	3.3	2.4	4.8	2.4 ?
CVE-2025-15451	2026-01-05	3.3	2.4	4.8	2.4 ?
CVE-2025-5591	2026-01-05	N/A	5.4	7.7	2.3 ?
CVE-2020-36909	2026-01-06	N/A	6.5	8.7	2.2 ?
CVE-2025-68954	2026-01-06	N/A	5.4	7.5	2.1 ?
CVE-2025-68456	2026-01-05	N/A	9.1	7.0	2.1 ?
CVE-2026-0588	2026-01-05	4.0	6.1	5.1	2.1 ?
CVE-2026-0580	2026-01-05	4.0	6.1	5.1	2.1 ?
CVE-2025-15443	2026-01-04	5.8	7.2	5.1	2.1 ?
CVE-2025-15442	2026-01-04	5.8	7.2	5.1	2.1 ?
CVE-2025-67732	2026-01-05	N/A	6.5	8.4	1.9 ?
CVE-2025-68437	2026-01-05	N/A	6.8	5.0	1.8 ?
CVE-2025-68428	2026-01-05	N/A	7.5	9.2	1.7 ?
CVE-2026-0640	2026-01-06	9.0	8.8	7.4	1.6 ?
CVE-2025-68436	2026-01-05	N/A	6.5	4.9	1.6 ?
CVE-2026-0588	2026-01-05	4.0	3.5	5.1	1.6 ?
CVE-2026-0587	2026-01-05	4.0	3.5	5.1	1.6 ?
CVE-2026-0580	2026-01-05	4.0	3.5	5.1	1.6 ?
CVE-2025-15462	2026-01-05	9.0	8.8	7.4	1.6 ?
CVE-2025-15461	2026-01-05	9.0	8.8	7.4	1.6 ?
CVE-2025-15460	2026-01-05	9.0	8.8	7.4	1.6 ?
CVE-2025-15459	2026-01-05	9.0	8.8	7.4	1.6 ?
CVE-2025-3654	2026-01-04	N/A	5.3	6.9	1.6 ?
CVE-2025-15452	2026-01-05	3.3	4.8	4.8	1.5 ?
CVE-2025-15451	2026-01-05	3.3	4.8	4.8	1.5 ?
CVE-2025-68455	2026-01-05	N/A	7.2	8.6	1.4 ?
CVE-2025-59158	2026-01-05	N/A	8.0	9.4	1.4 ?
CVE-2026-0587	2026-01-05	4.0	5.4	5.1	1.4 ?
CVE-2025-14612	2026-01-07	N/A	6.7	5.4	1.3 ?
CVE-2025-14605	2026-01-07	N/A	6.7	5.4	1.3 ?
CVE-2025-14599	2026-01-07	N/A	6.7	5.4	1.3 ?
CVE-2025-14596	2026-01-07	N/A	6.7	5.4	1.3 ?
CVE-2025-69229	2026-01-06	N/A	5.3	6.6	1.3 ?
CVE-2025-3660	2026-01-04	N/A	8.2	6.9	1.3 ?
CVE-2026-0641	2026-01-06	6.5	6.3	5.3	1.2 ?
CVE-2020-36915	2026-01-06	N/A	7.5	8.7	1.2 ?
CVE-2020-36907	2026-01-06	N/A	7.5	8.7	1.2 ?
CVE-2026-0621	2026-01-05	N/A	7.5	8.7	1.2 ?
CVE-2025-64422	2026-01-05	N/A	4.3	5.5	1.2 ?
CVE-2026-0597	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2026-0591	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2026-0590	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2026-0584	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2026-0582	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2026-0581	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2025-15453	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2025-15450	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2025-15448	2026-01-05	6.5	6.3	5.3	1.2 ?
CVE-2026-0577	2026-01-04	6.5	6.3	5.3	1.2 ?
CVE-2026-0574	2026-01-04	6.5	6.3	5.3	1.2 ?
CVE-2025-15471	2026-01-07	10.0	9.8	8.9	1.1 ?
CVE-2020-36925	2026-01-06	N/A	9.8	8.7	1.1 ?
CVE-2020-36917	2026-01-06	N/A	7.5	8.6	1.1 ?
CVE-2020-36914	2026-01-06	N/A	7.5	8.6	1.1 ?
CVE-2025-64423	2026-01-05	N/A	8.8	7.7	1.1 ?
CVE-2026-0586	2026-01-05	5.0	6.1	5.3	1.1 ?
CVE-2025-15443	2026-01-04	5.8	4.7	5.1	1.1 ?
CVE-2025-15442	2026-01-04	5.8	4.7	5.1	1.1 ?
CVE-2025-7048	2026-01-06	N/A	4.3	5.3	1.0 ?
CVE-2020-36906	2026-01-06	N/A	4.3	5.3	1.0 ?
CVE-2025-69226	2026-01-05	N/A	5.3	6.3	1.0 ?
CVE-2026-0586	2026-01-05	5.0	4.3	5.3	1.0 ?
CVE-2025-15237	2026-01-05	N/A	4.3	5.3	1.0 ?
CVE-2025-15236	2026-01-05	N/A	4.3	5.3	1.0 ?
CVE-2025-69228	2026-01-06	N/A	7.5	6.6	0.9 ?
CVE-2025-69227	2026-01-06	N/A	7.5	6.6	0.9 ?
CVE-2020-36924	2026-01-06	N/A	6.1	5.3	0.8 ?
CVE-2020-36924	2026-01-06	N/A	6.1	5.3	0.8 ?
CVE-2020-36918	2026-01-06	N/A	4.3	5.1	0.8 ?
CVE-2025-15454	2026-01-05	2.6	3.1	2.3	0.8 ?
CVE-2025-14979	2026-01-06	N/A	7.8	8.5	0.7 ?
CVE-2025-12793	2026-01-06	N/A	7.8	8.5	0.7 ?
CVE-2025-64421	2026-01-05	N/A	8.0	8.7	0.7 ?
CVE-2020-36922	2026-01-06	N/A	7.5	6.9	0.6 ?
CVE-2020-36921	2026-01-06	N/A	7.5	6.9	0.6 ?
CVE-2026-0607	2026-01-06	7.5	7.3	6.9	0.6 ?
CVE-2026-0606	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2026-0605	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2025-64424	2026-01-05	N/A	8.8	9.4	0.6 ?
CVE-2025-59156	2026-01-05	N/A	8.8	9.4	0.6 ?
CVE-2026-0592	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2026-0589	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2026-0585	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2026-0583	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2025-15239	2026-01-05	N/A	6.5	7.1	0.6 ?
CVE-2025-15238	2026-01-05	N/A	6.5	7.1	0.6 ?
CVE-2025-15235	2026-01-05	N/A	6.5	7.1	0.6 ?
CVE-2025-15458	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2025-15457	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2025-15456	2026-01-05	7.5	7.3	6.9	0.6 ?
CVE-2025-15456	2026-01-05	7.5	7.5	6.9	0.6 ?
CVE-2026-0579	2026-01-04	7.5	7.3	6.9	0.6 ?
CVE-2026-0578	2026-01-04	7.5	7.3	6.9	0.6 ?
CVE-2026-0576	2026-01-04	7.5	7.3	6.9	0.6 ?
CVE-2026-0575	2026-01-04	7.5	7.3	6.9	0.6 ?
CVE-2025-14346	2026-01-05	N/A	9.8	9.3	0.5 ?
CVE-2025-15455	2026-01-05	6.4	6.5	6.9	0.5 ?
CVE-2025-15455	2026-01-05	6.4	6.5	6.9	0.5 ?
CVE-2025-14942	2026-01-06	N/A	9.8	9.4	0.4 ?
CVE-2025-64425	2026-01-05	N/A	8.1	8.5	0.4 ?
CVE-2025-3660	2026-01-04	N/A	6.5	6.9	0.4 ?
CVE-2020-36916	2026-01-06	N/A	8.8	8.5	0.3 ?
CVE-2025-63083	2026-01-06	N/A	6.1	5.9	0.2 ?
CVE-2025-63082	2026-01-06	N/A	6.1	5.9	0.2 ?
CVE-2020-36908	2026-01-06	N/A	5.3	5.1	0.2 ?
CVE-2025-69224	2026-01-05	N/A	6.5	6.3	0.2 ?
CVE-2025-15449	2026-01-05	5.5	5.4	5.3	0.2 ?
CVE-2020-36920	2026-01-06	N/A	8.8	8.7	0.1 ?
CVE-2020-36910	2026-01-06	N/A	8.8	8.7	0.1 ?
CVE-2020-36909	2026-01-06	N/A	8.8	8.7	0.1 ?
CVE-2025-15240	2026-01-05	N/A	8.8	8.7	0.1 ?
CVE-2025-59955	2026-01-05	N/A	5.7	5.7	0.0 ?
CVE-2025-66518	2026-01-05	N/A	8.8	8.8	0.0 ?

CWE Trend Analysis

Common Weakness Enumeration categories and their prevalence trends

About CWE Trends

CWE (Common Weakness Enumeration) is a standardized list of software and hardware weakness types. This analysis tracks which vulnerability categories are most prevalent across your CVE databases.

Why it matters: Understanding CWE trends helps identify systemic weaknesses in your technology stack. If injection vulnerabilities (CWE-89) are rising, it signals a need for input validation improvements across applications.

How to use: Monitor "Rising" trends to anticipate emerging attack vectors. Use the most common CWEs to prioritize developer security training and code review focus areas. Cross-reference with your vendor/product data to identify which products contribute most to each weakness category.

Unique CWEs

Rising Trends

Most Common

CWE-79

Total Occurrences

116699

CWE ID	Description	CVEProject	CISA	Total	Trend
CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	20459	2325	22784	Declining
CWE-89	SQL Injection	8707	1052	9759	Declining
CWE-862	CWE-862: Missing Authorization	5244	944	6188	Declining
CWE-352	CWE-352: Cross-Site Request Forgery (CSRF)	4482	468	4950	Declining
CWE-74	Injection	3692	711	4403	Declining
CWE-20	CWE-20 Improper Input Validation	3588	208	3796	Declining
CWE-22	CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	3375	346	3721	Declining
CWE-125	CWE-125: Out-of-bounds Read	2993	240	3233	Declining
CWE-200	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	2811	278	3089	Declining
CWE-78	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	2741	303	3044	Declining
CWE-284	CWE-284: Improper Access Control	2644	389	3033	Declining
CWE-121	CWE-121: Stack-based Buffer Overflow	2546	278	2824	Declining
CWE-94	Remote Code Execution (RCE)	2441	346	2787	Declining
CWE-416	Use after free	2458	271	2729	Declining
CWE-787	CWE-787: Out-of-bounds Write	2347	303	2650	Declining
CWE-119	Memory Corruption	2361	268	2629	Declining
CWE-434	CWE-434 Unrestricted Upload of File with Dangerous Type	2051	292	2343	Declining
CWE-122	Heap-based Buffer Overflow	1952	141	2093	Declining
CWE-120	CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	1716	178	1894	Declining
CWE-502	CWE-502 Deserialization of Untrusted Data	1669	201	1870	Declining
CWE-918	CWE-918: Server-Side Request Forgery (SSRF)	1524	177	1701	Declining
CWE-77	CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')	1417	228	1645	Declining
CWE-400	CWE-400: Uncontrolled Resource Consumption	1483	123	1606	Declining
CWE-863	CWE-863: Incorrect Authorization	1354	146	1500	Declining
CWE-287	CWE-287: Improper Authentication	1323	102	1425	Declining
CWE-476	NULL Pointer Dereference	1172	235	1407	Declining
CWE-306	CWE-306 Missing Authentication for Critical Function	1180	209	1389	Declining
CWE-98	CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	1034	257	1291	Declining
CWE-639	CWE-639 Authorization Bypass Through User-Controlled Key	1044	199	1243	Declining
CWE-285	Improper Authorization	1018	140	1158	Declining
CWE-269	CWE-269 Improper Privilege Management	1029	101	1130	Declining
CWE-770	CWE-770: Allocation of Resources Without Limits or Throttling	881	110	991	Declining
CWE-190	CWE-190: Integer Overflow or Wraparound	874	76	950	Declining
CWE-266	Incorrect Privilege Assignment	729	121	850	Declining
CWE-601	CWE-601: URL Redirection to Untrusted Site ('Open Redirect')	733	74	807	Declining
CWE-427	CWE-427 Uncontrolled Search Path Element	706	87	793	Declining
CWE-532	CWE-532: Insertion of Sensitive Information into Log File	622	49	671	Declining
CWE-798	CWE-798 Use of Hard-coded Credentials	574	69	643	Declining
CWE-276	CWE-276 Incorrect Default Permissions	512	55	567	Declining
CWE-362	Race	465	88	553	Declining
CWE-80	CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	481	59	540	Declining
CWE-732	CWE-732: Incorrect Permission Assignment for Critical Resource	468	57	525	Declining
CWE-59	CWE-59: Improper Link Resolution Before File Access ('Link Following')	446	45	491	Declining
CWE-288	CWE-288 Authentication bypass using an alternate path or channel	426	52	478	Declining
CWE-295	CWE-295: Improper Certificate Validation	473	0	473	Declining
CWE-404	Denial of Service	434	0	434	Declining
CWE-126	CWE-126: Buffer Over-read	422	0	422	Declining
CWE-611	CWE-611: Improper Restriction of XML External Entity Reference	419	0	419	Declining
CWE-522	CWE-522 Insufficiently Protected Credentials	397	0	397	Declining
CWE-347	CWE-347: Improper Verification of Cryptographic Signature	381	0	381	Declining

Time to Exploit Intelligence

Analysis of time between CVE publication and first public exploit availability (2025-2026 only)

About Time to Exploit

Time to Exploit (TTE) measures the window between when a CVE is publicly disclosed and when a working proof-of-concept exploit becomes available. This metric is critical for understanding your actual patch window.

How to use: CVEs with Critical risk (=7 days) require immediate patching - attackers can weaponize these almost instantly. Use this data to set realistic SLAs for your vulnerability management program and prioritize based on actual exploit timelines, not just CVSS scores.

Average Days to Exploit

197.6

Median Days

188

Fastest Exploit

0 days

CVEs with POC

30092

Risk Distribution

Critical (=7 days)

High (=30 days)

Medium (=90 days)

Low (>90 days)

CVE ID	Vendor	Product	Published	POC Date	Risk
CVE-2025-12573	Unknown	Bookingor	2026-01-20	2026-01-20	Critical
CVE-2025-11002	7-Zip	7-Zip	2026-01-23	2026-01-23	Critical
CVE-2026-1413	Sangfor	Operation and Maintenance Security Management System	2026-01-26	2026-01-26	Critical
CVE-2026-1412	Sangfor	Operation and Maintenance Security Management System	2026-01-26	2026-01-26	Critical
CVE-2026-1414	Sangfor	Operation and Maintenance Security Management System	2026-01-26	2026-01-26	Critical
CVE-2025-14316	Unknown	AhaChat Messenger Marketing	2026-01-26	2026-01-26	Critical
CVE-2025-14973	Unknown	Recipe Card Blocks Lite	2026-01-26	2026-01-26	Critical
CVE-2026-23888	pnpm	pnpm	2026-01-26	2026-01-27	Critical
CVE-2026-23889	pnpm	pnpm	2026-01-26	2026-01-27	Critical
CVE-2026-24056	pnpm	pnpm	2026-01-26	2026-01-27	Critical
CVE-2026-24003	EVerest	everest-core	2026-01-26	2026-01-27	Critical
CVE-2026-24478	Mintplex-Labs	anything-llm	2026-01-26	2026-01-27	Critical
CVE-2026-24686	theupdateframework	go-tuf	2026-01-27	2026-01-27	Critical
CVE-2026-1213	askbot	askbot	2026-01-27	2026-01-28	Critical
CVE-2026-1470	None	None	2026-01-27	2026-01-28	Critical
CVE-2026-24881	GnuPG	GnuPG	2026-01-27	2026-01-28	Critical
CVE-2026-24882	GnuPG	GnuPG	2026-01-27	2026-01-28	Critical
CVE-2026-24770	infiniflow	ragflow	2026-01-27	2026-01-28	Critical
CVE-2026-24740	amir20	dozzle	2026-01-27	2026-01-28	Critical
CVE-2026-24909	vlt	vlt	2026-01-27	2026-01-28	Critical
CVE-2026-24910	Bun	Bun	2026-01-27	2026-01-28	Critical
CVE-2026-23830	nyariv	SandboxJS	2026-01-27	2026-01-28	Critical
CVE-2026-24842	isaacs	node-tar	2026-01-28	2026-01-28	Critical
CVE-2026-24841	Dokploy	dokploy	2026-01-28	2026-01-28	Critical
CVE-2025-13471	Unknown	User Activity Log	2026-01-28	2026-01-28	Critical
CVE-2026-24685	opf	openproject	2026-01-28	2026-01-29	Critical
CVE-2026-1544	D-Link	DIR-823X	2026-01-28	2026-01-29	Critical
CVE-2026-1547	Totolink	A7000R	2026-01-28	2026-01-29	Critical
CVE-2026-1552	n/a	SEMCMS	2026-01-29	2026-01-29	Critical
CVE-2025-14975	Unknown	Custom Login Page Customizer	2026-01-29	2026-01-29	Critical
CVE-2026-1587	n/a	Open5GS	2026-01-29	2026-01-30	Critical
CVE-2026-23896	immich-app	immich	2026-01-29	2026-01-30	Critical
CVE-2025-15550	birkir	prime	2026-01-29	2026-01-30	Critical
CVE-2026-25061	simsong	tcpflow	2026-01-29	2026-01-30	Critical
CVE-2026-25117	pwncollege	dojo	2026-01-29	2026-01-30	Critical
CVE-2026-25040	Budibase	budibase	2026-01-29	2026-01-30	Critical
CVE-2026-24902	TrustTunnel	TrustTunnel	2026-01-29	2026-01-30	Critical
CVE-2026-24904	TrustTunnel	TrustTunnel	2026-01-29	2026-01-30	Critical
CVE-2026-1637	Tenda	AC21	2026-01-29	2026-01-30	Critical
CVE-2026-1638	Tenda	AC21	2026-01-29	2026-01-30	Critical
CVE-2026-24855	ChurchCRM	CRM	2026-01-30	2026-01-31	Critical
CVE-2025-4686	Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co.	Online Exam and Assessment	2026-01-30	2026-01-31	Critical
CVE-2026-1700	projectworlds	House Rental and Property Listing	2026-01-30	2026-01-31	Critical
CVE-2026-25130	aliasrobotics	cai	2026-01-30	2026-01-31	Critical
CVE-2026-25069	SunFounder	Pironman Dashboard (pm_dashboard)	2026-01-31	2026-02-01	Critical
CVE-2026-0658	Unknown	Five Star Restaurant Reservations	2026-02-02	2026-02-02	Critical
CVE-2025-15030	Unknown	User Profile Builder	2026-02-02	2026-02-02	Critical
CVE-2025-15396	Unknown	Library Viewer	2026-02-02	2026-02-02	Critical
CVE-2026-24071	Native Instruments	Native Access	2026-02-02	2026-02-03	Critical
CVE-2026-24070	Native Instruments	Native Access	2026-02-02	2026-02-03	Critical