Deep insights into vulnerability landscape, exploitation trends and risk metrics.
From NVD publication to confirmed exploitation
| CVE-ID | Severity | CVSS | EPSS | Score |
|---|---|---|---|---|
| CVE-2024-3400 KEV EXP | CRITICAL | 10 | 100.0% | 60.0 |
| CVE-2021-44228 KEV EXP | CRITICAL | 10 | 100.0% | 60.0 |
| CVE-2024-1709 KEV EXP | CRITICAL | 10 | 100.0% | 59.99 |
| CVE-2025-32432 KEV EXP | CRITICAL | 10 | 99.8% | 59.94 |
| CVE-2020-0796 KEV EXP | CRITICAL | 10 | 99.8% | 59.94 |
| CVE-2021-22205 KEV EXP | CRITICAL | 10 | 99.7% | 59.92 |
| CVE-2022-0543 KEV EXP | CRITICAL | 10 | 99.7% | 59.9 |
| CVE-2025-55182 KEV EXP | CRITICAL | 10 | 99.6% | 59.87 |
| CVE-2023-20198 KEV EXP | CRITICAL | 10 | 99.6% | 59.87 |
| CVE-2024-4040 KEV EXP | CRITICAL | 10 | 99.5% | 59.86 |
| Vendor | CVEs | Avg CVSS | Exposure |
|---|---|---|---|
| Microsoft | 94 | 8.0 | |
| 62 | 8.8 | ||
| Apple | 43 | 8.5 | |
| Cisco | 36 | 8.5 | |
| Ivanti | 33 | 8.5 | |
| Apache | 26 | 9.3 | |
| Vmware | 21 | 8.8 | |
| Oracle | 20 | 9.1 | |
| Fortinet | 19 | 9.5 | |
| Adobe | 14 | 9.0 |
| CVE-ID | Previous | Current | Change |
|---|---|---|---|
| CVE-2026-10520 | 3.3% | 99.00% | +95.77% |
| CVE-2026-35273 | 0.0% | 92.30% | +92.31% |
| CVE-2026-20253 | 0.1% | 88.20% | +88.1% |
| CVE-2026-24858 | 4.0% | 85.80% | +81.89% |
| CVE-2026-48907 | 0.1% | 80.40% | +80.28% |
| CVE-2026-9082 | 10.4% | 84.60% | +74.23% |
| CVE-2026-34910 | 4.5% | 78.60% | +74.05% |
| CVE-2023-41763 | 16.5% | 90.40% | +73.86% |
| CVE-2026-33017 | 24.7% | 98.20% | +73.54% |
| CVE-2020-17463 | 17.5% | 90.00% | +72.53% |
| CVE-ID | Severity | Product | Date Added |
|---|---|---|---|
| CVE-2026-48282 | CRITICAL | Adobe ColdFusion | 2026-07-07 |
| CVE-2026-56290 | CRITICAL | JoomlaCK.fr Page Builder CK extension for Joomla | 2026-07-07 |
| CVE-2026-55255 | HIGH | langflow-ai langflow | 2026-07-07 |
| CVE-2026-48908 | CRITICAL | joomshaper.net SP Page Builder extension for Joomla | 2026-07-07 |
| CVE-2026-45659 | HIGH | Microsoft SharePoint Enterprise Server 2016 | 2026-07-01 |
| CVE-2026-48558 | CRITICAL | SimpleHelp | 2026-06-29 |
| CVE-2026-12569 | CRITICAL | PTC Windchill PDMLink | 2026-06-25 |
| CVE-2026-20230 | HIGH | Cisco Unified Communications Manager | 2026-06-25 |
| CVE-2026-34910 | CRITICAL | Ubiquiti Inc UniFi OS Server | 2026-06-23 |
| CVE-2026-34908 | CRITICAL | Ubiquiti Inc UniFi OS Server | 2026-06-23 |
| CVE-ID | SSVC | KEV-ML | EPSS | CVSS | Signals |
|---|---|---|---|---|---|
|
CVE-2024-3400
Palo Alto Networks PAN-OS |
ACT | 72% | 100.0% | 10.0 | KEV EXP RW |
|
CVE-2021-44228
Apache Software Foundation Apa |
ACT | 51% | 100.0% | 10.0 | KEV EXP RW |
|
CVE-2021-21985
VMware vCenter Server |
ACT | 75% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2023-27350
PaperCut NG |
ACT | 53% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2022-26134
Atlassian Confluence Data Cent |
ACT | 60% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2021-35464
ForgeRock Access Management (A |
ACT | 81% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2023-35082
Ivanti EPMM |
ACT | 70% | 100.0% | 9.8 | KEV RW |
|
CVE-2021-22005
VMware vCenter Server |
ACT | 81% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2024-23897
Jenkins Project Jenkins |
ACT | 77% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2023-1671
Sophos Web Appliance |
ACT | 61% | 100.0% | 9.8 | KEV |
|
CVE-2021-26084
Atlassian Confluence Server |
ACT | 72% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2021-1498
Cisco HyperFlex HX Data Platfo |
ACT | 73% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2020-5902
F5 BIG-IP |
ACT | 34% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2022-29464
WSO2 Multiple Products |
ACT | 73% | 100.0% | 9.8 | KEV EXP RW |
|
CVE-2023-35078
Ivanti Endpoint Manager Mobile |
ACT | 71% | 100.0% | 9.8 | KEV RW |
| CVE-ID | SSVC | EPSS | Severity | Signals |
|---|---|---|---|---|
|
CVE-2023-44487
IETF HTTP/2 |
ACT | 100.0% | HIGH | KEV |
|
CVE-2025-22457
Ivanti Connect Secure |
ACT | 100.0% | CRITICAL | KEV RW |
|
CVE-2023-38035
Ivanti MobileIron Sentry |
ACT | 99.9% | CRITICAL | KEV RW |
|
CVE-2020-0796
Microsoft Windows 10 Version 1 |
ACT | 99.8% | CRITICAL | KEV RW |
|
CVE-2023-29298
Adobe ColdFusion |
ACT | 99.8% | HIGH | KEV |
|
CVE-2023-29357
Microsoft SharePoint Server 20 |
ACT | 99.6% | CRITICAL | KEV RW |
|
CVE-2023-34048
VMware vCenter Server |
ACT | 99.4% | CRITICAL | KEV RW |
|
CVE-2020-14750
Oracle Corporation WebLogic Se |
ACT | 99.3% | CRITICAL | KEV |
|
CVE-2022-24086
Adobe Magento Commerce |
ACT | 99.2% | CRITICAL | KEV RW |
|
CVE-2020-6207
SAP SE SAP Solution Manager (U |
ACT | 98.4% | CRITICAL | KEV |
|
CVE-2022-26138
Atlassian Questions For Conflu |
ACT | 98.2% | CRITICAL | KEV |
|
CVE-2024-3272
D-Link DNS-320L |
ACT | 98.0% | CRITICAL | KEV |
|
CVE-2020-25078
D-Link DCS-2530L and DCS-2670L |
ACT | 97.9% | HIGH | KEV |
|
CVE-2024-4358
Progress Software Corporation |
ACT | 97.5% | CRITICAL | KEV |
|
CVE-2023-27524
Apache Software Foundation Apa |
ACT | 97.4% | CRITICAL | KEV RW |
|
CVE-2020-25213
WordPress File Manager Plugin |
ACT | 97.3% | CRITICAL | KEV |
|
CVE-2020-5847
Unraid Unraid |
ACT | 95.8% | CRITICAL | KEV |
|
CVE-2022-36537
ZK Framework AuUploader |
ACT | 95.3% | HIGH | KEV RW |
|
CVE-2023-24489
Citrix ShareFile Storage Zones |
ACT | 95.1% | CRITICAL | KEV |
|
CVE-2020-2883
Oracle Corporation WebLogic Se |
ACT | 94.9% | CRITICAL | KEV |
CVEs with the greatest EPSS score growth — from negligible to severe risk