Exposure Overview

Unified view of CVE inventory and exploit pressure
Live corpus
CRITICAL: 9,440 (9.0%)HIGH: 34,866 (33.4%)MEDIUM: 47,718 (45.7%)LOW: 6,207 (5.9%)NONE: 6,120 (5.9%)104,351Total CVEs
KEV Listed 370 CISA known-exploited
Emergency 370 Critical + KEV overlap
New CVEs (24h) 0 Published today
New KEV (7d) 6 Added this week
CRITICAL 9.0%
9,440
HIGH 33.4%
34,866
MEDIUM 45.7%
47,718
LOW 5.9%
6,207
NONE 5.9%
6,120

90-Day KEV Inflow

New exploited CVEs per day
View All

Publication Trend

CVE publication velocity
PEAK 748/day
AVG 207/day
LATEST 0/day

EPSS Risk Bands

Exploit probability distribution
Live
Imminent ≥ 90%
2,080 2%
Elevated 70–90%
2,640 3%
Moderate 50–70%
6,011 6%
Low Risk < 50%
90,374 89%

101,105 CVEs with EPSS scores

CVSS Distribution

Score frequency across corpus
0–1: 94 CVEs01–2: 1,003 CVEs12–3: 4,053 CVEs23–4: 1,110 CVEs34–5: 7,964 CVEs45–6: 23,487 CVEs56–7: 16,267 CVEs67–8: 20,935 CVEs78–9: 13,931 CVEs89–10: 9,440 CVEs9
Low Medium High Critical

Top Weakness Types

CWE categories by frequency
Explore
1
CWE-79 Cross-site Scripting
15,645
2
CWE-89 SQL Injection
7,392
3
CWE-862 Missing Authorization
5,119
4
CWE-74 CWE-74
3,823
5
CWE-352 Cross-Site Request Forgery (CSRF)
3,128
6
CWE-787 Out-of-bounds Write
2,977
7
CWE-22 Path Traversal
2,869
8
CWE-94 Improper Control of Generation of Code (Code Injection)
2,755
9
CWE-416 Use After Free
2,724
10
CWE-284 CWE-284
2,581

Top Vendors by Exposure

CVE count and KEV overlap
View All
Top 5 vendors by CVE volume KEV overlap highlighted in amber

EPSS Risers

Highest exploit-probability CVEs
View All

Loading EPSS data...

Critical Watch List

Highest-priority CVEs
View All
CVE / Description Severity CVSS KEV Published
CVE-2026-10520 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-lev
CRITICAL 10 Jun 9
CVE-2026-48907 A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code up
CRITICAL 10 Jun 5
CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CRITICAL 10 May 22
CVE-2026-34909 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system tha
CRITICAL 10 May 22
CVE-2026-34908 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to th
CRITICAL 10 May 22
CVE-2026-48172 LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a
CRITICAL 10 May 21