CVE Intelligence Dashboard

Exploitable This Week

High-severity CVEs with known proof-of-concept exploits available

About This Section

This table shows CVEs that have publicly available proof-of-concept (POC) exploits, cross-referenced with severity scores from CISA. These vulnerabilities represent the highest risk as attackers can readily exploit them. Priority should be given to Critical and High severity items with Network attack vectors. GitHub links point to POC repositories, while Ref links provide additional technical details.

Total with POC

Critical Severity

High Severity

Network Exploitable

CVE ID	Product	Description	Score	Severity	Attack Vector	POC Links
CVE-2026-21962	Oracle HTTP Server%2C Oracle Weblogic Server Proxy Plug-in	Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusi...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2026-22686	enclave	Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, th...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-60219	WooCommerce Designer Pro	Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro ...	10.0	CRITICAL	NETWORK	-
CVE-2025-50002	Energia	Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Uploa...	10.0	CRITICAL	NETWORK	-
CVE-2025-9962	P series (P07%2C P10%2C P12%2C P15)	A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2026-24054	kata-containers	Kata Containers is an open source project focusing on a standard implementation of lightweight Virtu...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2026-23830	SandboxJS	SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnera...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2024-57521	n/a	SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrar...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-61937	Process Optimization	The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code exe...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2024-58338	Flamingo XL	Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to e...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-65108	md-to-pdf	md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prio...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-63414	n/a	A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated ...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-63216	n/a	The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper J...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-63224	n/a	The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JW...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-61481	n/a	An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over ...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-59528	Flowise	Flowise is a drag & drop user interface to build a customized large language model flow. In version ...	10.0	CRITICAL	NETWORK	[Ref1]
CVE-2025-58384	n/a	In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code exe...	10.0	CRITICAL	NETWORK	-
CVE-2025-55182	react-server-dom-webpack	A pre-authentication remote code execution vulnerability exists in React Server Components versions ...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2] [Ref3]
CVE-2025-3450	Automation Runtime	An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions b...	10.0	CRITICAL	NETWORK	-
CVE-2025-10363	Topal Finanzbuchhaltung	Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Win...	10.0	CRITICAL	NETWORK	-
CVE-2025-10230	Red Hat Enterprise Linux 8	A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration pack...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2018-25118	GeoVision embedded IP devices	GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injec...	10.0	CRITICAL	NETWORK	[Ref1] [Ref2] [Ref3] [Ref4]
CVE-2026-22039	kyverno	Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2026-23885	alchemy_cms	Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versio...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2026-1470	null	n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluat...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2026-24841	dokploy	Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critic...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2026-24740	dozzle	Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s ag...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-46066	n/a	An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-68668	n8n	n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox by...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-61913	Flowise	Flowise is a drag & drop user interface to build a customized large language model flow. In versions...	9.9	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-60957	n/a	OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6...	9.9	CRITICAL	NETWORK	-
CVE-2025-60306	n/a	code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users c...	9.9	CRITICAL	NETWORK	-
CVE-2025-59832	horilla	Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, t...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-55343	n/a	Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqued...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-55315	Microsoft Visual Studio 2022 version 17.10	Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core all...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-55187	n/a	In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gai...	9.9	CRITICAL	NETWORK	-
CVE-2025-49844	redis	Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an...	9.9	CRITICAL	NETWORK	-
CVE-2025-34267	Flowise	Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authentica...	9.9	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-20333	Cisco Secure Firewall Threat Defense (FTD) Software	A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Sof...	9.9	CRITICAL	NETWORK	-
CVE-2025-12421	Mattermost	Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-12419	Mattermost	Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail...	9.9	CRITICAL	NETWORK	[Ref1]
CVE-2025-11539	grafana-image-renderer	Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnera...	9.9	CRITICAL	NETWORK	-
CVE-2025-10725	Red Hat OpenShift AI 2.22	A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authen...	9.9	CRITICAL	NETWORK	-
CVE-2023-53739	Tinycontrol LAN Controller v	Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allow...	9.9	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-70892	n/a	Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user mana...	9.8	CRITICAL	NETWORK	[Ref1]
CVE-2025-70457	n/a	A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 w...	9.8	CRITICAL	NETWORK	[Ref1] [Ref2]
CVE-2025-34516	EVE X1 Server	Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerab...	9.8	CRITICAL	NETWORK	[Ref1]
CVE-2025-34515	EVE X1 Server	Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privile...	9.8	CRITICAL	NETWORK	[Ref1]
CVE-2025-34513	EVE X1 Server	Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability...	9.8	CRITICAL	NETWORK	[Ref1]
CVE-2025-34223	Print Virtual Appliance Host	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Applicati...	9.8	CRITICAL	NETWORK	[Ref1]

Vendor/Product Watch

CVE distribution across vendors and products

Top Vendors by CVE Count

n/a

145584

Microsoft

81433

Linux

11626

Apple

8393

Google

3812

Total Unique Vendors

Total Products Tracked

150

Vendor	Product	CVE Count	Avg Severity	Latest CVE	Sample CVEs
n/a	n/a	142975	N/A	2026-05-15	CVE-2026-34253, CVE-2026-39054, CVE-2026-39053
Linux	Linux	11626	7.1	2026-05-15	CVE-2026-46333, CVE-2026-46333, CVE-2026-43490
Microsoft	Windows Server 2019	3553	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2019 (Server Core installation)	3457	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2016	3191	N/A	2026-05-12	CVE-2026-40413, CVE-2026-40403, CVE-2026-40401
Microsoft	Windows 10 Version 1809	3186	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2016 (Server Core installation)	2987	N/A	2026-05-12	CVE-2026-40413, CVE-2026-40403, CVE-2026-40401
Apple	macOS	2966	N/A	2026-05-11	CVE-2026-28976, CVE-2026-43653, CVE-2026-28848
Microsoft	Windows Server 2022	2865	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows 10 Version 1607	2699	N/A	2026-05-12	CVE-2026-40413, CVE-2026-40403, CVE-2026-40401
Google	Chrome	2644	N/A	2026-05-14	CVE-2026-8587, CVE-2026-8586, CVE-2026-8585
Microsoft	Windows Server 2012 R2	2605	N/A	2026-05-12	CVE-2026-40413, CVE-2026-40403, CVE-2026-40401
Microsoft	Windows 10 Version 21H2	2501	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2012 R2 (Server Core installation)	2460	N/A	2026-05-12	CVE-2026-40413, CVE-2026-40403, CVE-2026-40401
Microsoft	Windows Server 2012	2450	N/A	2026-05-12	CVE-2026-40413, CVE-2026-40403, CVE-2026-40401
n/a	Android	2437	N/A	2023-06-28	CVE-2023-21237, CVE-2023-21167, CVE-2023-21171
Microsoft	Windows Server 2012 (Server Core installation)	2317	N/A	2026-05-12	CVE-2026-40413, CVE-2026-40403, CVE-2026-40401
Microsoft	Windows 10 Version 1507	2277	N/A	2025-12-09	CVE-2025-64680, CVE-2025-64679, CVE-2025-62209
Microsoft	Windows 10 Version 22H2	2002	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2008 R2 Service Pack 1	1874	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)	1860	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Microsoft	Windows 11 version 22H2	1775	N/A	2025-12-09	CVE-2025-64680, CVE-2025-64679, CVE-2025-62209
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	1726	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	1667	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Microsoft	Windows Server 2008 Service Pack 2	1664	N/A	2026-01-13	CVE-2026-20936, CVE-2026-20931, CVE-2026-20929
Mozilla	Firefox	1581	N/A	2026-05-12	CVE-2026-8401, CVE-2026-8391, CVE-2026-8390
Microsoft	Windows 11 Version 23H2	1560	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows 11 version 21H2	1560	N/A	2024-10-08	CVE-2024-43583, CVE-2024-43599, CVE-2024-43585
Microsoft	Windows 11 version 22H3	1556	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Apple	iOS and iPadOS	1527	N/A	2026-05-12	CVE-2025-46311, CVE-2026-28872, CVE-2026-43653
Microsoft	Windows Server 2008 Service Pack 2	1526	N/A	2025-07-08	CVE-2025-49742, CVE-2025-49732, CVE-2025-49730
Microsoft	Windows 10 Version 20H2	1260	N/A	2023-12-20	CVE-2022-44684, CVE-2022-35759, CVE-2022-35758
Microsoft	Windows 11 Version 24H2	1244	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2025	1206	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Microsoft	Windows Server 2025 (Server Core installation)	1206	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Google	Android	1168	N/A	2026-05-04	CVE-2026-0073, CVE-2026-0049, CVE-2025-48651
Apple	watchOS	1129	N/A	2026-05-11	CVE-2026-28995, CVE-2026-28983, CVE-2026-28917
Apple	tvOS	1094	N/A	2026-05-11	CVE-2026-43653, CVE-2026-28995, CVE-2026-28983
Microsoft	Windows 8.1	1087	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35756
Microsoft	Windows 10 Version 1903 for x64-based Systems	1070	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Huawei	HarmonyOS	1065	N/A	2026-05-15	CVE-2026-41970, CVE-2026-41969, CVE-2026-41968
Microsoft	Windows Server, version 1903 (Server Core installation)	1056	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Microsoft	Windows 10 Version 1903 for ARM64-based Systems	1038	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Microsoft	Windows 10 Version 1903 for 32-bit Systems	1035	N/A	2021-02-25	CVE-2020-17162, CVE-2020-17140, CVE-2020-17139
Oracle Corporation	MySQL Server	997	N/A	2026-04-21	CVE-2026-35240, CVE-2026-35239, CVE-2026-35238
Microsoft	Windows Server, version 1909 (Server Core installation)	990	N/A	2021-07-14	CVE-2021-33760, CVE-2021-31194, CVE-2021-31193
GitLab	GitLab	973	N/A	2026-05-14	CVE-2025-12669, CVE-2025-13874, CVE-2025-14869
Microsoft	Windows 10 Version 1909	968	N/A	2022-05-18	CVE-2022-30138, CVE-2022-29142, CVE-2022-29141
Adobe	Adobe Experience Manager	966	N/A	2026-04-14	CVE-2026-34625, CVE-2026-34623, CVE-2026-34624
Microsoft	Windows Server version 20H2	965	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35757
Google Inc.	Android	960	N/A	2018-12-07	CVE-2018-9574, CVE-2018-9573, CVE-2018-9519
Microsoft	Windows 7	922	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35756
Qualcomm, Inc.	Snapdragon	918	N/A	2026-05-04	CVE-2026-25293, CVE-2026-25266, CVE-2026-24082
Mozilla	Firefox ESR	907	N/A	2026-04-07	CVE-2026-5734, CVE-2026-5732, CVE-2026-5731
Mozilla	Thunderbird	904	N/A	2026-03-24	CVE-2026-4371, CVE-2026-4371, CVE-2026-3889
Microsoft	Windows Server	831	N/A	2020-07-14	CVE-2020-1463, CVE-2020-1468, CVE-2020-1438
Microsoft	Windows	823	N/A	2025-09-08	CVE-2022-50238, CVE-2025-59033, CVE-2025-9491
Microsoft	Windows 7 Service Pack 1	817	N/A	2023-05-31	CVE-2022-35759, CVE-2022-35758, CVE-2022-35756
Microsoft	Windows 10 Version 21H1	780	N/A	2023-12-20	CVE-2022-44684, CVE-2022-35759, CVE-2022-35758
Microsoft	Windows 10 Version 2004	757	N/A	2021-12-15	CVE-2021-43893, CVE-2021-43883, CVE-2021-43248
Samsung Mobile	Samsung Mobile Devices	753	N/A	2026-05-13	CVE-2026-21022, CVE-2026-21021, CVE-2026-21020
Microsoft	Windows Server version 2004	748	N/A	2021-12-15	CVE-2021-43893, CVE-2021-43883, CVE-2021-43248
Huawei	EMUI	742	N/A	2026-05-15	CVE-2026-41970, CVE-2026-41969, CVE-2026-41960
Juniper Networks	Junos OS	662	N/A	2026-04-09	CVE-2026-33791, CVE-2026-33790, CVE-2026-33787
Red Hat	Red Hat Enterprise Linux 9	649	N/A	2026-05-11	CVE-2026-4802, CVE-2026-42011, CVE-2026-42010
Red Hat	Red Hat Enterprise Linux 8	642	N/A	2026-05-11	CVE-2026-4802, CVE-2026-42011, CVE-2026-42010
Red Hat	Red Hat Enterprise Linux 7	560	N/A	2026-05-11	CVE-2026-4802, CVE-2026-42011, CVE-2026-42010
Microsoft	Windows 10 Version 1803	552	N/A	2021-05-11	CVE-2021-31194, CVE-2021-31193, CVE-2021-31191
Adobe	Adobe Acrobat and Reader	516	N/A	2020-08-19	CVE-2020-9723, CVE-2020-9722, CVE-2020-9721
Microsoft	Windows 10 Version 1909 for x64-based Systems	512	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows 11 Version 25H2	510	7.2	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
Red Hat	Red Hat Enterprise Linux 6	504	N/A	2026-05-07	CVE-2026-42011, CVE-2026-42010, CVE-2026-34002
Microsoft	Windows 10 Version 1909 for 32-bit Systems	503	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows 10 Version 1909 for ARM64-based Systems	502	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Apple	iOS	480	N/A	2026-03-17	CVE-2026-20643, CVE-2022-32871, CVE-2022-32891
Microsoft	Microsoft 365 Apps for Enterprise	462	N/A	2026-05-12	CVE-2026-40420, CVE-2026-35436, CVE-2026-40418
OpenClaw	OpenClaw	446	N/A	2026-05-11	CVE-2026-45006, CVE-2026-45005, CVE-2026-45004
Apple	visionOS	438	N/A	2026-05-11	CVE-2026-28995, CVE-2026-28983, CVE-2026-28940
Adobe	Acrobat Reader	422	N/A	2026-04-14	CVE-2026-34622, CVE-2026-34626, CVE-2026-34621
Microsoft	Microsoft Office 2019	403	N/A	2026-05-12	CVE-2026-40420, CVE-2026-35436, CVE-2026-40418
tensorflow	tensorflow	401	N/A	2024-07-30	CVE-2023-33976, CVE-2024-3660, CVE-2023-25661
Apple	Safari	386	N/A	2026-03-25	CVE-2026-20691, CVE-2026-20664, CVE-2026-20665
google	android	382	N/A	2024-12-05	CVE-2018-9391, CVE-2018-9390, CVE-2018-9388
Red Hat	Red Hat Enterprise Linux 10	355	N/A	2026-05-11	CVE-2026-4802, CVE-2026-42011, CVE-2026-42010
Mattermost	Mattermost	344	N/A	2026-05-15	CVE-2026-4053, CVE-2026-4054, CVE-2026-3590
Microsoft	Microsoft Office LTSC 2021	331	N/A	2026-05-12	CVE-2026-40420, CVE-2026-35436, CVE-2026-40418
Unisoc (Shanghai) Technologies Co., Ltd.	SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000	327	N/A	2023-07-12	CVE-2022-48451, CVE-2023-33905, CVE-2023-33904
Qualcomm, Inc.	Android for MSM, Firefox OS for MSM, QRD Android	306	N/A	2019-02-11	CVE-2018-13893, CVE-2018-13889, CVE-2018-11962
Oracle Corporation	VM VirtualBox	280	N/A	2024-07-16	CVE-2024-21164, CVE-2024-21161, CVE-2024-21141
PDF-XChange	PDF-XChange Editor	280	N/A	2026-02-20	CVE-2026-2040, CVE-2025-6640, CVE-2025-6641
Microsoft	Windows 10 Version 1709	270	N/A	2020-10-16	CVE-2020-1243, CVE-2020-1167, CVE-2020-1047
Microsoft	Windows 10 Version 1709 for 32-bit Systems	256	N/A	2020-10-16	CVE-2020-1167, CVE-2020-17022, CVE-2020-16976
F5	BIG-IP	255	N/A	2026-05-13	CVE-2026-40423, CVE-2026-42930, CVE-2026-24464
google	chrome	252	N/A	2024-12-03	CVE-2024-12053, CVE-2024-7025, CVE-2024-11395
Foxit	Foxit Reader	247	N/A	2025-08-13	CVE-2025-32451, CVE-2013-10068, CVE-2024-49576
Juniper Networks	Junos OS Evolved	246	N/A	2026-04-09	CVE-2026-33791, CVE-2026-33783, CVE-2026-33776
Cisco	Cisco Small Business RV Series Router Firmware	243	N/A	2024-11-18	CVE-2020-3431, CVE-2024-20524, CVE-2024-20523
Microsoft	Microsoft SharePoint Server 2019	243	N/A	2026-05-12	CVE-2026-40367, CVE-2026-40365, CVE-2026-40357
Microsoft	Windows 11 version 26H1	240	N/A	2026-05-12	CVE-2026-41097, CVE-2026-40413, CVE-2026-40403
QNAP Systems Inc.	QTS	237	N/A	2026-03-11	CVE-2024-14026, CVE-2025-47205, CVE-2025-58466
nextcloud	security-advisories	234	N/A	2025-12-05	CVE-2025-66558, CVE-2025-66556, CVE-2025-66554
discourse	discourse	233	N/A	2026-04-03	CVE-2026-34947, CVE-2026-27481, CVE-2026-33415
Cisco	Cisco IOS XE Software	229	N/A	2026-03-25	CVE-2026-20112, CVE-2026-20113, CVE-2026-20114
Microsoft	Microsoft SharePoint Enterprise Server 2016	229	N/A	2026-05-12	CVE-2026-40367, CVE-2026-40365, CVE-2026-40357
xwiki	xwiki-platform	227	N/A	2026-04-15	CVE-2026-40105, CVE-2026-33229, CVE-2026-26000
Microsoft	Microsoft Office LTSC for Mac 2021	225	N/A	2026-05-12	CVE-2026-42832, CVE-2026-40367, CVE-2026-40362
QNAP Systems Inc.	QuTS hero	222	N/A	2026-03-11	CVE-2024-14026, CVE-2025-47205, CVE-2025-48725
Microsoft	Microsoft Office LTSC 2024	216	N/A	2026-05-12	CVE-2026-40420, CVE-2026-35436, CVE-2026-40418
qualcomm	wsa8830_firmware	215	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43049
qualcomm	wsa8835_firmware	215	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43049
Microsoft	Windows 10	214	N/A	2024-09-26	CVE-2024-6769, CVE-2024-6768, CVE-2019-0577
Foxit	PDF Reader	211	N/A	2025-09-02	CVE-2025-9330, CVE-2025-9323, CVE-2025-9324
qualcomm	wcd9380_firmware	211	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
Liferay	DXP	209	N/A	2025-11-01	CVE-2025-62275, CVE-2025-62276, CVE-2025-62267
Liferay	Portal	206	N/A	2025-11-01	CVE-2025-62275, CVE-2025-62276, CVE-2025-62267
Microsoft	Windows 10 Servers	201	N/A	2019-01-08	CVE-2019-0577, CVE-2019-0547, CVE-2019-0575
Huawei	Magic UI	200	N/A	2022-09-16	CVE-2020-36601, CVE-2020-36600, CVE-2022-39003
qualcomm	fastconnect_7800_firmware	197	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
Microsoft	Microsoft Edge (Chromium-based)	195	N/A	2026-05-12	CVE-2026-42838, CVE-2026-40416, CVE-2026-41107
qualcomm	fastconnect_6900_firmware	194	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
qualcomm	qca6696_firmware	194	N/A	2024-12-02	CVE-2024-33063, CVE-2024-33056, CVE-2024-33053
Apple	iTunes for Windows	192	N/A	2024-10-11	CVE-2024-44157, CVE-2024-44193, CVE-2024-27793
qualcomm	wcd9385_firmware	190	N/A	2024-12-02	CVE-2024-43053, CVE-2024-43052, CVE-2024-43050
qualcomm	qca6574au_firmware	188	N/A	2024-12-02	CVE-2024-33063, CVE-2024-33056, CVE-2024-33053
Microsoft	ChakraCore	187	N/A	2021-11-10	CVE-2021-42279, CVE-2020-17131, CVE-2020-17054
Microsoft	Microsoft Edge	186	N/A	2023-04-11	CVE-2023-28284, CVE-2019-1107, CVE-2019-1106
qualcomm	wsa8810_firmware	186	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43048
qualcomm	wsa8815_firmware	184	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43048
Apple	iCloud for Windows	181	N/A	2022-12-15	CVE-2022-46692, CVE-2022-46698, CVE-2022-46693
IrfanView	IrfanView	180	N/A	2025-07-21	CVE-2025-7299, CVE-2025-7325, CVE-2025-7324
qualcomm	qca6391_firmware	180	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-33063
Oracle Corporation	Java	179	N/A	2020-07-15	CVE-2020-14664, CVE-2020-14621, CVE-2020-14593
Oracle Corporation	PeopleSoft Enterprise PT PeopleTools	179	N/A	2024-07-16	CVE-2024-21180, CVE-2024-21178, CVE-2024-21158
Microsoft	Windows 10 Version 2004 for x64-based Systems	177	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows Server, version 2004 (Server Core installation)	177	N/A	2020-07-14	CVE-2020-1463, CVE-2020-1468, CVE-2020-1438
Oracle Corporation	WebLogic Server	177	N/A	2024-07-16	CVE-2024-21183, CVE-2024-21182, CVE-2024-21181
Microsoft	Windows 10 Version 2004 for 32-bit Systems	176	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Microsoft	Windows 10 Version 2004 for ARM64-based Systems	176	N/A	2020-07-27	CVE-2020-1457, CVE-2020-1425, CVE-2020-1463
Red Hat	Red Hat OpenShift Container Platform 4	176	N/A	2026-05-07	CVE-2026-42011, CVE-2026-42010, CVE-2026-34956
qualcomm	qca6574a_firmware	175	N/A	2024-12-02	CVE-2024-33063, CVE-2024-33056, CVE-2024-33044
qualcomm	wcd9370_firmware	175	N/A	2024-12-02	CVE-2024-43052, CVE-2024-43050, CVE-2024-43048
LabRedesCefetRJ	WeGIA	174	N/A	2026-05-11	CVE-2026-45026, CVE-2026-45025, CVE-2026-42873
Qualcomm, Inc.	All Qualcomm products	174	N/A	2017-08-18	CVE-2017-9684, CVE-2017-9679, CVE-2017-9678
WWBN	AVideo	174	N/A	2026-05-11	CVE-2026-43885, CVE-2026-43884, CVE-2026-43883
Palo Alto Networks	PAN-OS	172	N/A	2026-05-13	CVE-2026-0256, CVE-2026-0257, CVE-2026-0258
n/a	kernel	172	N/A	2024-02-08	CVE-2024-1312, CVE-2024-1312, CVE-2023-6200
qualcomm	qca6595au_firmware	172	N/A	2024-12-02	CVE-2024-43050, CVE-2024-33063, CVE-2024-33056
Dell	PowerScale OneFS	170	N/A	2026-05-08	CVE-2026-32803, CVE-2025-43937, CVE-2025-43935
Adobe	Adobe Commerce	169	N/A	2026-05-12	CVE-2026-34656, CVE-2026-34658, CVE-2026-34650
Microsoft	Microsoft Office LTSC for Mac 2024	169	N/A	2026-05-12	CVE-2026-42832, CVE-2026-40367, CVE-2026-40362

CVSS Score Drift

Comparison of CVSS scores across different versions (v2, v3.1, v4.0)

About CVSS Score Drift

CVSS Score Drift measures how vulnerability severity ratings change between CVSS versions (v2, v3.1, v4.0). Different scoring methodologies can result in the same CVE having significantly different severity ratings.

Why it matters: Security teams using different scanners may see conflicting severity scores for the same vulnerability. Understanding drift helps reconcile these differences and prioritize remediation correctly.

How to use: Focus on CVEs with high drift (=2.0 points) - these require manual review to determine actual risk. An upward arrow (?) indicates newer CVSS versions rate it more severe; downward (?) means less severe.

CVEs with Multiple Scores

150

High Drift (=2.0)

Avg Score Drift

1.93

CVE ID	Published	CVSS v2	CVSS v3.1	CVSS v4.0	Drift
CVE-2026-1533	2026-01-28	5.8	9.8	2.0	7.8 ?
CVE-2026-1552	2026-01-29	6.5	9.8	2.1	7.7 ?
CVE-2026-1547	2026-01-28	6.5	9.8	2.1	7.7 ?
CVE-2026-1546	2026-01-28	6.5	9.8	2.1	7.7 ?
CVE-2026-1597	2026-01-29	6.5	8.8	2.1	6.7 ?
CVE-2026-1596	2026-01-29	6.5	8.8	2.1	6.7 ?
CVE-2026-1551	2026-01-29	6.5	8.8	2.1	6.7 ?
CVE-2026-1550	2026-01-28	6.5	8.8	2.1	6.7 ?
CVE-2026-1548	2026-01-28	6.5	8.8	2.1	6.7 ?
CVE-2026-1544	2026-01-28	6.5	8.8	2.1	6.7 ?
CVE-2020-36962	2026-01-28	N/A	9.8	5.3	4.5 ?
CVE-2026-1601	2026-01-29	6.5	6.3	2.1	4.4 ?
CVE-2026-1597	2026-01-29	6.5	6.3	2.1	4.4 ?
CVE-2026-1596	2026-01-29	6.5	6.3	2.1	4.4 ?
CVE-2026-1552	2026-01-29	6.5	6.3	2.1	4.4 ?
CVE-2026-1551	2026-01-29	6.5	6.3	2.1	4.4 ?
CVE-2026-1550	2026-01-28	6.5	6.3	2.1	4.4 ?
CVE-2026-1548	2026-01-28	6.5	6.3	2.1	4.4 ?
CVE-2026-1547	2026-01-28	6.5	6.3	2.1	4.4 ?
CVE-2026-1546	2026-01-28	6.5	6.3	2.1	4.4 ?
CVE-2026-1544	2026-01-28	6.5	6.3	2.1	4.4 ?
CVE-2026-1595	2026-01-29	7.5	9.8	5.5	4.3 ?
CVE-2026-1594	2026-01-29	7.5	9.8	5.5	4.3 ?
CVE-2026-1593	2026-01-29	7.5	9.8	5.5	4.3 ?
CVE-2026-1590	2026-01-29	7.5	9.8	5.5	4.3 ?
CVE-2026-1589	2026-01-29	7.5	9.8	5.5	4.3 ?
CVE-2026-24857	2026-01-28	N/A	9.8	5.5	4.3 ?
CVE-2026-1545	2026-01-28	7.5	9.8	5.5	4.3 ?
CVE-2026-1535	2026-01-28	7.5	9.8	5.5	4.3 ?
CVE-2026-1534	2026-01-28	7.5	9.8	5.5	4.3 ?
CVE-2026-1533	2026-01-28	5.8	4.7	2.0	3.8 ?
CVE-2026-1532	2026-01-28	2.2	5.5	1.9	3.6 ?
CVE-2020-36944	2026-01-28	N/A	3.3	6.9	3.6 ?
CVE-2026-1598	2026-01-29	4.0	5.4	2.0	3.4 ?
CVE-2020-36995	2026-01-29	N/A	7.5	4.6	2.9 ?
CVE-2026-1188	2026-01-29	N/A	9.8	6.9	2.9 ?
CVE-2020-36944	2026-01-28	N/A	4.0	6.9	2.9 ?
CVE-2025-53869	2026-01-29	N/A	3.7	6.3	2.6 ?
CVE-2026-1587	2026-01-29	5.0	7.5	5.5	2.5 ?
CVE-2026-1586	2026-01-29	5.0	7.5	5.5	2.5 ?
CVE-2026-1522	2026-01-28	5.0	7.5	5.5	2.5 ?
CVE-2026-1521	2026-01-28	5.0	7.5	5.5	2.5 ?
CVE-2026-1600	2026-01-29	4.0	4.3	2.1	2.2 ?
CVE-2026-1599	2026-01-29	4.0	4.3	2.1	2.2 ?
CVE-2026-1549	2026-01-28	4.0	4.3	2.1	2.2 ?
CVE-2020-36973	2026-01-28	N/A	6.5	8.7	2.2 ?
CVE-2026-1598	2026-01-29	4.0	3.5	2.0	2.0 ?
CVE-2026-1595	2026-01-29	7.5	7.3	5.5	2.0 ?
CVE-2026-1594	2026-01-29	7.5	7.3	5.5	2.0 ?
CVE-2026-1593	2026-01-29	7.5	7.3	5.5	2.0 ?
CVE-2026-1590	2026-01-29	7.5	7.3	5.5	2.0 ?
CVE-2026-1589	2026-01-29	7.5	7.3	5.5	2.0 ?
CVE-2026-1545	2026-01-28	7.5	7.3	5.5	2.0 ?
CVE-2026-1535	2026-01-28	7.5	7.3	5.5	2.0 ?
CVE-2026-1534	2026-01-28	7.5	7.3	5.5	2.0 ?
CVE-2026-24835	2026-01-28	N/A	7.1	8.8	1.7 ?
CVE-2020-36994	2026-01-29	N/A	6.2	4.6	1.6 ?
CVE-2026-25067	2026-01-29	N/A	5.3	6.9	1.6 ?
CVE-2025-55704	2026-01-29	N/A	5.3	6.9	1.6 ?
CVE-2026-1469	2026-01-29	N/A	5.4	6.9	1.5 ?
CVE-2020-36970	2026-01-28	N/A	8.4	6.9	1.5 ?
CVE-2020-37010	2026-01-29	N/A	9.8	8.4	1.4 ?
CVE-2020-37000	2026-01-29	N/A	9.8	8.4	1.4 ?
CVE-2020-36997	2026-01-29	N/A	9.8	8.4	1.4 ?
CVE-2020-36967	2026-01-28	N/A	9.8	8.4	1.4 ?
CVE-2020-36961	2026-01-28	N/A	9.8	8.4	1.4 ?
CVE-2026-1520	2026-01-28	3.3	2.4	1.9	1.4 ?
CVE-2026-24414	2026-01-29	N/A	5.5	6.8	1.3 ?
CVE-2026-24413	2026-01-29	N/A	5.5	6.8	1.3 ?
CVE-2020-37018	2026-01-29	N/A	6.4	5.1	1.3 ?
CVE-2026-1588	2026-01-29	3.3	2.7	2.0	1.3 ?
CVE-2026-0749	2026-01-28	N/A	6.1	4.8	1.3 ?
CVE-2020-36972	2026-01-28	N/A	7.5	8.8	1.3 ?
CVE-2025-15548	2026-01-29	N/A	6.5	5.3	1.2 ?
CVE-2026-24054	2026-01-29	N/A	10.0	8.8	1.2 ?
CVE-2020-37008	2026-01-29	N/A	7.5	8.7	1.2 ?
CVE-2026-0750	2026-01-28	N/A	7.5	8.7	1.2 ?
CVE-2020-36963	2026-01-28	N/A	7.5	8.7	1.2 ?
CVE-2025-13399	2026-01-29	N/A	8.8	7.7	1.1 ?
CVE-2020-37006	2026-01-29	N/A	8.2	7.1	1.1 ?
CVE-2020-37004	2026-01-29	N/A	8.2	7.1	1.1 ?
CVE-2020-37002	2026-01-29	N/A	9.8	8.7	1.1 ?
CVE-2020-36964	2026-01-28	N/A	9.8	8.7	1.1 ?
CVE-2025-15542	2026-01-29	N/A	5.3	6.3	1.0 ?
CVE-2020-37011	2026-01-29	N/A	7.5	8.4	0.9 ?
CVE-2020-37007	2026-01-29	N/A	4.3	5.1	0.8 ?
CVE-2020-36943	2026-01-28	N/A	7.5	6.7	0.8 ?
CVE-2020-37021	2026-01-29	N/A	7.8	8.5	0.7 ?
CVE-2020-37020	2026-01-29	N/A	7.8	8.5	0.7 ?
CVE-2020-37017	2026-01-29	N/A	7.8	8.5	0.7 ?
CVE-2020-37016	2026-01-29	N/A	7.8	8.5	0.7 ?
CVE-2020-36992	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2020-36991	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2020-36990	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2020-36989	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2020-36987	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2020-36986	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2020-36985	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2020-36984	2026-01-28	N/A	7.8	8.5	0.7 ?
CVE-2025-59895	2026-01-28	N/A	7.5	8.2	0.7 ?
CVE-2026-1610	2026-01-29	7.6	8.1	8.2	0.6 ?
CVE-2026-1610	2026-01-29	7.6	8.1	8.2	0.6 ?
CVE-2025-15541	2026-01-29	N/A	6.3	6.9	0.6 ?
CVE-2020-36999	2026-01-29	N/A	8.2	8.8	0.6 ?
CVE-2026-23743	2026-01-28	N/A	7.5	6.9	0.6 ?
CVE-2025-69218	2026-01-28	N/A	6.5	7.1	0.6 ?
CVE-2025-68666	2026-01-28	N/A	6.5	5.9	0.6 ?
CVE-2020-36972	2026-01-28	N/A	8.2	8.8	0.6 ?
CVE-2020-36968	2026-01-28	N/A	6.5	7.1	0.6 ?
CVE-2020-36945	2026-01-28	N/A	8.2	8.8	0.6 ?
CVE-2026-24685	2026-01-28	N/A	8.8	9.4	0.6 ?
CVE-2020-36988	2026-01-28	N/A	5.4	4.8	0.6 ?
CVE-2026-1453	2026-01-29	N/A	9.8	9.3	0.5 ?
CVE-2025-15543	2026-01-29	N/A	4.6	5.1	0.5 ?
CVE-2025-15545	2026-01-29	N/A	6.8	7.3	0.5 ?
CVE-2020-37012	2026-01-29	N/A	9.8	9.3	0.5 ?
CVE-2026-1587	2026-01-29	5.0	5.3	5.5	0.5 ?
CVE-2026-1586	2026-01-29	5.0	5.3	5.5	0.5 ?
CVE-2026-24769	2026-01-28	N/A	9.0	8.5	0.5 ?
CVE-2026-1532	2026-01-28	2.2	2.4	1.9	0.5 ?
CVE-2026-1522	2026-01-28	5.0	5.3	5.5	0.5 ?
CVE-2026-1521	2026-01-28	5.0	5.3	5.5	0.5 ?
CVE-2025-59894	2026-01-28	N/A	8.0	8.5	0.5 ?
CVE-2025-59893	2026-01-28	N/A	8.0	8.5	0.5 ?
CVE-2025-59892	2026-01-28	N/A	8.0	8.5	0.5 ?
CVE-2020-37015	2026-01-29	N/A	7.5	7.1	0.4 ?
CVE-2026-24768	2026-01-28	N/A	6.1	5.7	0.4 ?
CVE-2026-1457	2026-01-29	N/A	8.8	8.5	0.3 ?
CVE-2025-69289	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2020-36993	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2020-36993	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2025-59900	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2025-59899	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2025-59898	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2025-59897	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2025-59896	2026-01-28	N/A	5.4	5.1	0.3 ?
CVE-2025-15550	2026-01-29	N/A	5.3	5.1	0.2 ?
CVE-2026-24780	2026-01-29	N/A	8.8	8.6	0.2 ?
CVE-2020-37007	2026-01-29	N/A	5.3	5.1	0.2 ?
CVE-2026-0936	2026-01-29	N/A	5.0	5.1	0.1 ?
CVE-2020-37009	2026-01-29	N/A	8.8	8.7	0.1 ?
CVE-2025-68660	2026-01-28	N/A	5.4	5.3	0.1 ?
CVE-2020-36969	2026-01-28	N/A	8.8	8.7	0.1 ?
CVE-2026-22243	2026-01-28	N/A	8.8	8.7	0.1 ?
CVE-2025-15549	2026-01-29	N/A	4.8	4.8	0.0 ?
CVE-2020-37013	2026-01-29	N/A	8.4	8.4	0.0 ?
CVE-2020-37005	2026-01-29	N/A	7.1	7.1	0.0 ?
CVE-2020-37001	2026-01-29	N/A	8.4	8.4	0.0 ?
CVE-2020-36971	2026-01-28	N/A	8.4	8.4	0.0 ?
CVE-2020-36965	2026-01-28	N/A	8.4	8.4	0.0 ?

CWE Trend Analysis

Common Weakness Enumeration categories and their prevalence trends

About CWE Trends

CWE (Common Weakness Enumeration) is a standardized list of software and hardware weakness types. This analysis tracks which vulnerability categories are most prevalent across your CVE databases.

Why it matters: Understanding CWE trends helps identify systemic weaknesses in your technology stack. If injection vulnerabilities (CWE-89) are rising, it signals a need for input validation improvements across applications.

How to use: Monitor "Rising" trends to anticipate emerging attack vectors. Use the most common CWEs to prioritize developer security training and code review focus areas. Cross-reference with your vendor/product data to identify which products contribute most to each weakness category.

Unique CWEs

Rising Trends

Most Common

CWE-79

Total Occurrences

123103

CWE ID	Description	CVEProject	CISA	Total	Trend
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	20779	2870	23649	Declining
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	8922	1227	10149	Declining
CWE-862	CWE-862 Missing Authorization	5393	1208	6601	Declining
CWE-352	Cross-Site Request Forgery (CSRF)	4538	557	5095	Declining
CWE-74	Injection	3846	790	4636	Declining
CWE-20	Improper Input Validation	3698	311	4009	Declining
CWE-22	Path Traversal	3555	441	3996	Declining
CWE-125	CWE-125 Out-of-bounds read	3053	305	3358	Declining
CWE-78	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	2867	384	3251	Declining
CWE-200	Information Disclosure	2877	350	3227	Declining
CWE-284	Improper Access Controls	2720	476	3196	Declining
CWE-94	Improper Control of Generation of Code ('Code Injection')	2574	419	2993	Declining
CWE-121	Stack-based Buffer Overflow	2588	344	2932	Declining
CWE-416	Use After Free	2588	343	2931	Declining
CWE-787	CWE-787 Out-of-bounds Write	2401	409	2810	Declining
CWE-119	Memory Corruption	2446	315	2761	Declining
CWE-434	Unrestricted Upload	2085	379	2464	Declining
CWE-122	CWE-122: Heap-based Buffer Overflow	2015	190	2205	Declining
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	1819	233	2052	Declining
CWE-502	Deserialization	1705	250	1955	Declining
CWE-918	Server-Side Request Forgery	1651	233	1884	Declining
CWE-77	Command Injection	1540	289	1829	Declining
CWE-400	CWE-400: Uncontrolled Resource Consumption	1524	185	1709	Declining
CWE-863	CWE-863: Incorrect Authorization	1443	194	1637	Declining
CWE-476	CWE-476 NULL Pointer Dereference	1208	318	1526	Declining
CWE-287	Improper Authentication	1365	132	1497	Declining
CWE-306	Missing Authentication for Critical Function	1230	250	1480	Declining
CWE-639	CWE-639: Authorization Bypass Through User-Controlled Key	1132	259	1391	Declining
CWE-98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	1042	344	1386	Declining
CWE-285	Improper Authorization	1061	156	1217	Declining
CWE-269	CWE-269 Improper Privilege Management	1059	129	1188	Declining
CWE-770	Allocation of Resources Without Limits or Throttling	945	171	1116	Declining
CWE-190	CWE-190 Integer Overflow or Wraparound	913	98	1011	Declining
CWE-266	Incorrect Privilege Assignment	758	150	908	Declining
CWE-601	CWE-601: URL Redirection to Untrusted Site ('Open Redirect')	756	90	846	Declining
CWE-427	CWE-427 Uncontrolled Search Path Element	721	101	822	Declining
CWE-532	CWE-532: Insertion of Sensitive Information into Log File	634	59	693	Declining
CWE-798	CWE-798 Use of Hard-coded Credentials	590	90	680	Declining
CWE-362	Race Condition	488	132	620	Declining
CWE-276	CWE-276 Incorrect Default Permissions	517	66	583	Declining
CWE-80	CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	495	72	567	Declining
CWE-732	CWE-732 Incorrect Permission Assignment for Critical Resource	487	70	557	Declining
CWE-59	CWE-59: Improper Link Resolution Before File Access ('Link Following')	467	58	525	Declining
CWE-288	CWE-288: Authentication Bypass Using an Alternate Path or Channel	439	67	506	Declining
CWE-295	CWE-295: Improper Certificate Validation	500	0	500	Declining
CWE-404	Denial of Service	490	0	490	Declining
CWE-126	Buffer Over-read	431	0	431	Declining
CWE-611	CWE-611: Improper Restriction of XML External Entity Reference	429	0	429	Declining
CWE-522	CWE-522: Insufficiently Protected Credentials	410	0	410	Declining
CWE-347	CWE-347: Improper Verification of Cryptographic Signature	395	0	395	Declining

Time to Exploit Intelligence

Analysis of time between CVE publication and first public exploit availability (2025-2026 only)

About Time to Exploit

Time to Exploit (TTE) measures the window between when a CVE is publicly disclosed and when a working proof-of-concept exploit becomes available. This metric is critical for understanding your actual patch window.

How to use: CVEs with Critical risk (=7 days) require immediate patching - attackers can weaponize these almost instantly. Use this data to set realistic SLAs for your vulnerability management program and prioritize based on actual exploit timelines, not just CVSS scores.

Average Days to Exploit

196.5

Median Days

188

Fastest Exploit

0 days

CVEs with POC

30835

Risk Distribution

Critical (=7 days)

High (=30 days)

Medium (=90 days)

Low (>90 days)

CVE ID	Vendor	Product	Published	POC Date	Risk
CVE-2025-12573	Unknown	Bookingor	2026-01-20	2026-01-20	Critical
CVE-2025-11002	7-Zip	7-Zip	2026-01-23	2026-01-23	Critical
CVE-2026-1413	Sangfor	Operation and Maintenance Security Management System	2026-01-26	2026-01-26	Critical
CVE-2026-1412	Sangfor	Operation and Maintenance Security Management System	2026-01-26	2026-01-26	Critical
CVE-2026-1414	Sangfor	Operation and Maintenance Security Management System	2026-01-26	2026-01-26	Critical
CVE-2025-14316	Unknown	AhaChat Messenger Marketing	2026-01-26	2026-01-26	Critical
CVE-2025-14973	Unknown	Recipe Card Blocks Lite	2026-01-26	2026-01-26	Critical
CVE-2026-23888	pnpm	pnpm	2026-01-26	2026-01-27	Critical
CVE-2026-23889	pnpm	pnpm	2026-01-26	2026-01-27	Critical
CVE-2026-24056	pnpm	pnpm	2026-01-26	2026-01-27	Critical
CVE-2026-24003	EVerest	everest-core	2026-01-26	2026-01-27	Critical
CVE-2026-24478	Mintplex-Labs	anything-llm	2026-01-26	2026-01-27	Critical
CVE-2026-24686	theupdateframework	go-tuf	2026-01-27	2026-01-27	Critical
CVE-2026-1213	askbot	askbot	2026-01-27	2026-01-28	Critical
CVE-2026-1470	None	None	2026-01-27	2026-01-28	Critical
CVE-2026-24881	GnuPG	GnuPG	2026-01-27	2026-01-28	Critical
CVE-2026-24882	GnuPG	GnuPG	2026-01-27	2026-01-28	Critical
CVE-2026-24770	infiniflow	ragflow	2026-01-27	2026-01-28	Critical
CVE-2026-24740	amir20	dozzle	2026-01-27	2026-01-28	Critical
CVE-2026-24909	vlt	vlt	2026-01-27	2026-01-28	Critical
CVE-2026-24910	Bun	Bun	2026-01-27	2026-01-28	Critical
CVE-2026-23830	nyariv	SandboxJS	2026-01-27	2026-01-28	Critical
CVE-2026-24842	isaacs	node-tar	2026-01-28	2026-01-28	Critical
CVE-2026-24841	Dokploy	dokploy	2026-01-28	2026-01-28	Critical
CVE-2025-13471	Unknown	User Activity Log	2026-01-28	2026-01-28	Critical
CVE-2026-24685	opf	openproject	2026-01-28	2026-01-29	Critical
CVE-2026-1544	D-Link	DIR-823X	2026-01-28	2026-01-29	Critical
CVE-2026-1547	Totolink	A7000R	2026-01-28	2026-01-29	Critical
CVE-2026-1552	n/a	SEMCMS	2026-01-29	2026-01-29	Critical
CVE-2025-14975	Unknown	Custom Login Page Customizer	2026-01-29	2026-01-29	Critical
CVE-2026-1587	n/a	Open5GS	2026-01-29	2026-01-30	Critical
CVE-2026-23896	immich-app	immich	2026-01-29	2026-01-30	Critical
CVE-2025-15550	birkir	prime	2026-01-29	2026-01-30	Critical
CVE-2026-25061	simsong	tcpflow	2026-01-29	2026-01-30	Critical
CVE-2026-25117	pwncollege	dojo	2026-01-29	2026-01-30	Critical
CVE-2026-24902	TrustTunnel	TrustTunnel	2026-01-29	2026-01-30	Critical
CVE-2026-24904	TrustTunnel	TrustTunnel	2026-01-29	2026-01-30	Critical
CVE-2026-1637	Tenda	AC21	2026-01-29	2026-01-30	Critical
CVE-2026-1638	Tenda	AC21	2026-01-29	2026-01-30	Critical
CVE-2026-24855	ChurchCRM	CRM	2026-01-30	2026-01-31	Critical
CVE-2025-4686	Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co.	Online Exam and Assessment	2026-01-30	2026-01-31	Critical
CVE-2026-1700	projectworlds	House Rental and Property Listing	2026-01-30	2026-01-31	Critical
CVE-2026-25130	aliasrobotics	cai	2026-01-30	2026-01-31	Critical
CVE-2026-25069	SunFounder	Pironman Dashboard (pm_dashboard)	2026-01-31	2026-02-01	Critical
CVE-2026-0658	Unknown	Five Star Restaurant Reservations	2026-02-02	2026-02-02	Critical
CVE-2025-15030	Unknown	User Profile Builder	2026-02-02	2026-02-02	Critical
CVE-2025-15396	Unknown	Library Viewer	2026-02-02	2026-02-02	Critical
CVE-2026-24071	Native Instruments	Native Access	2026-02-02	2026-02-03	Critical
CVE-2026-23997	NeoRazorX	facturascripts	2026-02-02	2026-02-03	Critical
CVE-2026-25228	SignalK	signalk-server	2026-02-02	2026-02-03	Critical