_vulnerabilities - RunkIntel

# Vulnerabilidades Base de conhecimento de vulnerabilidades críticas com análise de exploração ativa, contexto de impacto e orientações de mitigação. Cobertura focada em CVEs com **CVSS ≥ 7.0**, presença na **CISA KEV** (Known Exploited Vulnerabilities) ou evidências de uso em campanhas ativas. **Critérios de priorização:** - CVSS Score ≥ 7.0 (High ou Critical) - Inclusão na lista CISA KEV (exploração ativa confirmada) - EPSS Score ≥ 50% (alta probabilidade de exploração nos próximos 30 dias) - Uso documentado por grupos APT ou ransomware ativos - Relevância para infraestrutura comum em organizações brasileiras --- ## Framework de Priorização ```mermaid graph TB subgraph intake["Intake - Todas as CVEs"] NVD["NVD / NIST ~30k CVEs/ano"] MSRC["Microsoft MSRC Patch Tuesday"] VENDOR["Advisories Cisco · Fortinet · Palo Alto"] end subgraph filter["Filtro RunkIntel"] F1["CVSS ≥ 7.0"] F2["CISA KEV?"] F3["EPSS ≥ 50%?"] F4["Exploit público?"] end subgraph output["Cobertura"] CRIT["CISA KEV Patch imediato"] HIGH["CVSS Crítico Monitorar exploit"] WATCH["Watch List Acompanhar evolução"] end NVD --> F1 MSRC --> F1 VENDOR --> F1 F1 --> F2 F2 -->|"Sim"| CRIT F2 -->|"Não"| F3 F3 -->|"Sim"| HIGH F3 -->|"Não"| F4 F4 -->|"Sim"| HIGH F4 -->|"Não"| WATCH classDef source fill:#2c3e50,color:#fff,stroke:#34495e classDef filter fill:#1a3a5c,color:#fff,stroke:#2980b9 classDef critical fill:#5a1a1a,color:#fff,stroke:#e74c3c classDef high fill:#4a3a1a,color:#fff,stroke:#f39c12 classDef watch fill:#1a4a2a,color:#fff,stroke:#27ae60 class NVD,MSRC,VENDOR source class F1,F2,F3,F4 filter class CRIT critical class HIGH high class WATCH watch ``` --- ## CISA KEV - Exploração Ativa Confirmada Vulnerabilidades com exploração ativa confirmada pela CISA. Prioridade máxima de remediação. %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto", patch-available AS "Patch Disponível" FROM "vulnerabilities" WHERE cisa-kev = true SORT cvss-score DESC ``` %%   | CVE | CVSS | Fornecedor | Produto | Patch Disponível | | ---------------------------------------------------------- | ---- | -------------------------- | --------------------------------------------------------------------------------------- | ---------------- | | [[cve-2017-7921\|CVE-2017-7921]] | 10 | Hikvision | Câmeras IP Hikvision | true | | [[cve-2019-11510\|CVE-2019-11510]] | 10 | Ivanti (Pulse Secure) | Pulse Connect Secure | true | | [[cve-2021-22681\|CVE-2021-22681]] | 10 | Rockwell Automation | Logix Controllers | true | | [[cve-2021-22893\|CVE-2021-22893]] | 10 | Ivanti (Pulse Secure) | Pulse Connect Secure | true | | [[cve-2021-44228\|CVE-2021-44228]] | 10 | Apache Software Foundation | Log4j 2 | true | | [[cve-2024-1709\|CVE-2024-1709]] | 10 | ConnectWise | ScreenConnect | true | | [[cve-2024-3400\|CVE-2024-3400]] | 10 | Palo Alto Networks | PAN-OS | true | | [[cve-2024-45519\|CVE-2024-45519]] | 10 | Zimbra | Zimbra Collaboration Suite | true | | [[cve-2025-20393\|CVE-2025-20393]] | 10 | Cisco | Cisco Catalyst Center | true | | [[cve-2025-32432\|CVE-2025-32432]] | 10 | Pixel & Tonic | Craft CMS | true | | [[cve-2025-37164\|CVE-2025-37164]] | 10 | HPE | HPE OneView | true | | [[cve-2026-20131\|CVE-2026-20131]] | 10 | Cisco | Secure Firewall Management Center (FMC) | true | | [[cve-2026-20127\|CVE-2026-20127]] | 10 | Cisco | Cisco Catalyst SD-WAN Controller (vSmart) / SD-WAN Manager (vManage) | true | | [[cve-2026-22769\|CVE-2026-22769]] | 10 | Dell | RecoverPoint for VMs | true | | [[cve-2025-49113\|CVE-2025-49113]] | 9.9 | Roundcube | Roundcube Webmail | true | | [[cve-2016-4117\|CVE-2016-4117]] | 9.8 | Adobe | Adobe Flash Player | true | | [[cve-2018-0150\|CVE-2018-0150]] | 9.8 | Cisco | Cisco IOS XE | true | | [[cve-2018-0171\|CVE-2018-0171]] | 9.8 | Cisco | IOS / IOS XE (Smart Install) | true | | [[cve-2018-13379\|CVE-2018-13379]] | 9.8 | Fortinet | FortiOS SSL VPN | true | | [[cve-2018-4878\|CVE-2018-4878]] | 9.8 | Adobe | Flash Player | true | | [[cve-2019-18935\|CVE-2019-18935]] | 9.8 | Telerik | Telerik UI for ASP.NET AJAX | true | | [[cve-2019-19006\|CVE-2019-19006]] | 9.8 | Sangoma | FreePBX | true | | [[cve-2019-19781\|CVE-2019-19781]] | 9.8 | Citrix | Application Delivery Controller (ADC) / Gateway / SD-WAN WANOP | true | | [[cve-2019-2725\|CVE-2019-2725]] | 9.8 | Oracle | Oracle WebLogic Server | true | | [[cve-2020-10148\|CVE-2020-10148]] | 9.8 | SolarWinds | Orion Platform | true | | [[cve-2020-12812\|CVE-2020-12812]] | 9.8 | Fortinet | FortiOS SSL VPN | true | | [[cve-2020-14750\|CVE-2020-14750]] | 9.8 | Oracle | Oracle WebLogic Server | true | | [[cve-2020-14882\|CVE-2020-14882]] | 9.8 | Oracle | WebLogic Server | true | | [[cve-2020-7796\|CVE-2020-7796]] | 9.8 | Synacor | Zimbra Collaboration Suite | true | | [[cve-2021-22005\|CVE-2021-22005]] | 9.8 | VMware | VMware vCenter Server | true | | [[cve-2021-22175\|CVE-2021-22175]] | 9.8 | GitLab | GitLab CE/EE | true | | [[cve-2021-26084\|CVE-2021-26084]] | 9.8 | Atlassian | Confluence Server / Data Center | true | | [[cve-2021-26855\|CVE-2021-26855]] | 9.8 | Microsoft | Microsoft Exchange Server | true | | [[cve-2021-27101\|CVE-2021-27101]] | 9.8 | Accellion | File Transfer Appliance (FTA) | true | | [[cve-2021-27103\|CVE-2021-27103]] | 9.8 | Accellion | File Transfer Appliance (FTA) | true | | [[cve-2021-27104\|CVE-2021-27104]] | 9.8 | Accellion | File Transfer Appliance (FTA) | true | | [[cve-2021-27860\|CVE-2021-27860]] | 9.8 | FatPipe Networks | WARP / IPVPN / MPVPN | true | | [[cve-2021-34523\|CVE-2021-34523]] | 9.8 | Microsoft | Microsoft Exchange Server | true | | [[cve-2021-40539\|CVE-2021-40539]] | 9.8 | Zoho | ManageEngine ADSelfService Plus | true | | [[cve-2022-3236\|CVE-2022-3236]] | 9.8 | Sophos | Sophos Firewall | true | | [[cve-2022-40684\|CVE-2022-40684]] | 9.8 | Fortinet | FortiOS / FortiProxy / FortiSwitchManager | true | | [[cve-2023-23397\|CVE-2023-23397]] | 9.8 | Microsoft | Microsoft Outlook | true | | [[cve-2023-27997\|CVE-2023-27997]] | 9.8 | Fortinet | FortiOS / FortiProxy SSL-VPN | true | | [[cve-2023-34362\|CVE-2023-34362]] | 9.8 | Progress Software | MOVEit Transfer | true | | [[cve-2023-35036\|CVE-2023-35036]] | 9.8 | Progress Software | MOVEit Transfer | true | | [[cve-2023-3519\|CVE-2023-3519]] | 9.8 | Citrix | NetScaler ADC / NetScaler Gateway | true | | [[cve-2023-42793\|CVE-2023-42793]] | 9.8 | JetBrains | TeamCity | true | | [[cve-2024-0012\|CVE-2024-0012]] | 9.8 | Palo Alto Networks | PAN-OS | true | | [[cve-2024-23113\|CVE-2024-23113]] | 9.8 | Fortinet | FortiOS / FortiPAM / FortiProxy / FortiWeb | true | | [[cve-2024-37079\|CVE-2024-37079]] | 9.8 | Broadcom | vCenter Server | true | | [[cve-2024-43468\|CVE-2024-43468]] | 9.8 | Microsoft | Configuration Manager (SCCM/MECM) | true | | [[cve-2024-47575\|CVE-2024-47575]] | 9.8 | Fortinet | FortiManager | true | | [[cve-2024-55591\|CVE-2024-55591]] | 9.8 | Fortinet | FortiOS / FortiProxy | true | | [[cve-2024-50623\|CVE-2024-50623]] | 9.8 | Cleo | Cleo Harmony / VLTrader / LexiCom | true | | [[cve-2024-55956\|CVE-2024-55956]] | 9.8 | Cleo | Harmony, VLTrader, LexiCom | true | | [[cve-2025-11953\|CVE-2025-11953]] | 9.8 | React Native Community | CLI (@react-native-community/cli) — Metro Dev Server | true | | [[cve-2025-14611\|CVE-2025-14611]] | 9.8 | Gladinet | CentreStack / Triofox | true | | [[cve-2025-26399\|CVE-2025-26399]] | 9.8 | SolarWinds | Web Help Desk | true | | [[cve-2025-40536\|CVE-2025-40536]] | 9.8 | SolarWinds | Web Help Desk | true | | [[cve-2025-40551\|CVE-2025-40551]] | 9.8 | SolarWinds | Web Help Desk | true | | [[cve-2025-53521\|CVE-2025-53521]] | 9.8 | F5 Networks | BIG-IP APM | true | | [[cve-2025-54068\|CVE-2025-54068]] | 9.8 | Laravel | Livewire | true | | [[cve-2025-59374\|CVE-2025-59374]] | 9.8 | ASUS | ASUS Live Update | true | | [[cve-2025-59718\|CVE-2025-59718]] | 9.8 | Fortinet | FortiOS / FortiProxy / FortiSwitchManager | true | | [[cve-2025-68461\|CVE-2025-68461]] | 9.8 | Ivanti | Ivanti Connect Secure / Policy Secure | true | | [[cve-2025-68613\|CVE-2025-68613]] | 9.8 | n8n | n8n Workflow Automation | true | | [[cve-2026-1142\|CVE-2026-1142]] | 9.8 | Apple | iOS | true | | [[cve-2026-1281\|CVE-2026-1281]] | 9.8 | Ivanti | Ivanti Endpoint Manager Mobile (EPMM) | true | | [[cve-2026-1731\|CVE-2026-1731]] | 9.8 | BeyondTrust | BeyondTrust Remote Support | true | | [[cve-2026-20963\|CVE-2026-20963]] | 9.8 | Microsoft | SharePoint | true | | [[cve-2026-24061\|CVE-2026-24061]] | 9.8 | GNU | Inetutils (telnetd) | true | | [[cve-2026-24858\|CVE-2026-24858]] | 9.8 | Fortinet | Fortinet FortiGate / FortiCloud SSO | true | | [[cve-2026-33017\|CVE-2026-33017]] | 9.8 | Langflow | Langflow | true | | [[cve-2024-21762\|CVE-2024-21762]] | 9.6 | Fortinet | FortiOS SSL VPN | true | | [[cve-2023-4966\|CVE-2023-4966]] | 9.4 | Citrix | NetScaler ADC / NetScaler Gateway | true | | [[cve-2008-0015\|CVE-2008-0015]] | 9.3 | Microsoft | Windows Media Services (nssys32.dll) | true | | [[cve-2009-0556\|CVE-2009-0556]] | 9.3 | Microsoft | PowerPoint | true | | [[cve-2011-0611\|CVE-2011-0611]] | 9.3 | Adobe | Adobe Flash Player | true | | [[cve-2016-4656\|CVE-2016-4656]] | 9.3 | Apple | iOS | true | | [[cve-2017-0144\|CVE-2017-0144]] | 9.3 | Microsoft | Windows SMBv1 | true | | [[cve-2023-48788\|CVE-2023-48788]] | 9.3 | Fortinet | FortiClientEMS | true | | [[cve-2025-14733\|CVE-2025-14733]] | 9.3 | WatchGuard | Firebox (Fireware OS) | true | | [[cve-2025-22224\|CVE-2025-22224]] | 9.3 | VMware (Broadcom) | VMware ESXi | true | | [[cve-2026-23760\|CVE-2026-23760]] | 9.3 | SmarterTools | SmarterMail | true | | [[cve-2025-3402\|CVE-2025-3402]] | 9.2 | Versa Networks | Versa Concerto SD-WAN | true | | [[cve-2025-34026\|CVE-2025-34026]] | 9.2 | Versa Networks | Versa Concerto SD-WAN | true | | [[cve-2021-22054\|CVE-2021-22054]] | 9.1 | VMware | Workspace ONE UEM | true | | [[cve-2021-34473\|CVE-2021-34473]] | 9.1 | Microsoft | Microsoft Exchange Server | true | | [[cve-2024-21887\|CVE-2024-21887]] | 9.1 | Ivanti | Connect Secure / Policy Secure | true | | [[cve-2025-6218\|CVE-2025-6218]] | 9.1 | Craft CMS | Craft CMS | true | | [[cve-2026-25108\|CVE-2026-25108]] | 9.1 | Soliton Systems | FileZen | true | | [[cve-2021-45046\|CVE-2021-45046]] | 9 | Apache | Log4j | true | | [[cve-2025-0282\|CVE-2025-0282]] | 9 | Ivanti | Connect Secure / Policy Secure / Neurons for ZTA | true | | [[cve-2025-22457\|CVE-2025-22457]] | 9 | Ivanti | Connect Secure / Policy Secure / ZTA Gateways | true | | [[cve-2026-21385\|CVE-2026-21385]] | 9 | Qualcomm | GPU Driver (Android) | true | | [[cve-2026-1145\|CVE-2026-1145]] | 8.9 | Apple | iOS | true | | [[cve-2016-4657\|CVE-2016-4657]] | 8.8 | Apple | iOS (WebKit) | true | | [[cve-2018-20250\|CVE-2018-20250]] | 8.8 | RARLAB | WinRAR | true | | [[cve-2018-4877\|CVE-2018-4877]] | 8.8 | Adobe | Adobe Flash Player | true | | [[cve-2018-4990\|CVE-2018-4990]] | 8.8 | Adobe | Acrobat DC / Acrobat Reader DC | true | | [[cve-2020-0688\|CVE-2020-0688]] | 8.8 | Microsoft | Microsoft Exchange Server | true | | [[cve-2021-40444\|CVE-2021-40444]] | 8.8 | Microsoft | Windows MSHTML (Internet Explorer engine) | true | | [[cve-2023-32435\|CVE-2023-32435]] | 8.8 | Apple | iOS / iPadOS | true | | [[cve-2023-41974\|CVE-2023-41974]] | 8.8 | Apple | WebKit (Safari, macOS, iOS, iPadOS) | true | | [[cve-2023-43000\|CVE-2023-43000]] | 8.8 | Apple | WebKit (Safari/macOS/iOS/iPadOS) | true | | [[cve-2023-52163\|CVE-2023-52163]] | 8.8 | DigiEver | DS-2105 Pro NVR | false | | [[cve-2025-31277\|CVE-2025-31277]] | 8.8 | Apple | Multiple Products (Safari, iOS, iPadOS, macOS, watchOS, tvOS, visionOS) | true | | [[cve-2025-58360\|CVE-2025-58360]] | 8.8 | Roundcube | Roundcube Webmail | true | | [[cve-2025-6864\|CVE-2025-6864]] | 8.8 | Zimbra | Zimbra Collaboration Suite | true | | [[cve-2025-68645\|CVE-2025-68645]] | 8.8 | Synacor | Zimbra Collaboration Suite | true | | [[cve-2025-8110\|CVE-2025-8110]] | 8.8 | Gogs | Gogs (self-hosted Git service) | true | | [[cve-2026-21510\|CVE-2026-21510]] | 8.8 | Microsoft | Windows Shell | true | | [[cve-2026-21513\|CVE-2026-21513]] | 8.8 | Microsoft | MSHTML (ieframe.dll / Windows) | true | | [[cve-2026-21514\|CVE-2026-21514]] | 8.8 | Microsoft | Microsoft Office | true | | [[cve-2026-21525\|CVE-2026-21525]] | 8.8 | Oracle | Oracle WebLogic Server | true | | [[cve-2026-2441\|CVE-2026-2441]] | 8.8 | Google | Chrome | true | | [[cve-2026-33634\|CVE-2026-33634]] | 8.8 | Aqua Security | Trivy | true | | [[cve-2026-3909\|CVE-2026-3909]] | 8.8 | Google | Google Chrome (biblioteca Skia) | true | | [[cve-2026-3910\|CVE-2026-3910]] | 8.8 | Google | Chrome (Chromium V8 Engine) | true | | [[cve-2026-1146\|CVE-2026-1146]] | 8.7 | Apple | iOS | true | | [[cve-2026-1603\|CVE-2026-1603]] | 8.6 | Ivanti | Ivanti Endpoint Manager (EPM) | true | | [[cve-2025-54313\|CVE-2025-54313]] | 8.5 | Prettier | eslint-config-prettier (npm) | true | | [[cve-2026-1147\|CVE-2026-1147]] | 8.5 | Apple | iOS | true | | [[cve-2026-21533\|CVE-2026-21533]] | 8.4 | Microsoft | Windows Remote Desktop Services (RDS) | true | | [[cve-2023-46805\|CVE-2023-46805]] | 8.2 | Ivanti | Connect Secure (ICS) / Policy Secure | true | | [[cve-2025-22225\|CVE-2025-22225]] | 8.2 | VMware (Broadcom) | VMware ESXi | true | | [[cve-2026-20045\|CVE-2026-20045]] | 8.2 | Cisco | Cisco Unified Communications Manager / IM & Presence / Unity Connection / Webex Calling | true | | [[cve-2026-22719\|CVE-2026-22719]] | 8.1 | Broadcom (VMware) | VMware Aria Operations | true | | [[cve-2016-5195\|CVE-2016-5195]] | 7.8 | Linux Kernel | Linux Kernel | true | | [[cve-2018-0802\|CVE-2018-0802]] | 7.8 | Microsoft | Microsoft Office (Equation Editor) | true | | [[cve-2018-14634\|CVE-2018-14634]] | 7.8 | Linux | Kernel Linux | true | | [[cve-2018-4063\|CVE-2018-4063]] | 7.8 | Cisco | Wireless LAN Controller | true | | [[cve-2021-27102\|CVE-2021-27102]] | 7.8 | Accellion | File Transfer Appliance (FTA) | true | | [[cve-2021-30883\|CVE-2021-30883]] | 7.8 | Apple | iOS / iPadOS / macOS | true | | [[cve-2021-30952\|CVE-2021-30952]] | 7.8 | Apple | WebKit | true | | [[cve-2021-30983\|CVE-2021-30983]] | 7.8 | Apple | iOS / iPadOS | true | | [[cve-2022-20775\|CVE-2022-20775]] | 7.8 | Cisco | Cisco IOS XE SD-WAN | true | | [[cve-2022-30190\|CVE-2022-30190]] | 7.8 | Microsoft | Windows Support Diagnostic Tool (MSDT) | true | | [[cve-2023-32434\|CVE-2023-32434]] | 7.8 | Apple | iOS / iPadOS / macOS | true | | [[cve-2023-38831\|CVE-2023-38831]] | 7.8 | RARLAB | WinRAR | true | | [[cve-2023-41990\|CVE-2023-41990]] | 7.8 | Apple | iOS / iPadOS | true | | [[cve-2024-21338\|CVE-2024-21338]] | 7.8 | Microsoft | Windows Kernel (appid.sys) | true | | [[cve-2024-38193\|CVE-2024-38193]] | 7.8 | Microsoft | Windows Ancillary Function Driver for WinSock (afd.sys) | true | | [[cve-2025-15556\|CVE-2025-15556]] | 7.8 | Bitdefender | Bitdefender Total Security (componente legado) | true | | [[cve-2025-62221\|CVE-2025-62221]] | 7.8 | Microsoft | Windows Cloud Files Mini Filter Driver | true | | [[cve-2026-20700\|CVE-2026-20700]] | 7.8 | Apple | Apple dyld (iOS, iPadOS, macOS, tvOS, watchOS, visionOS) | true | | [[cve-2026-21509\|CVE-2026-21509]] | 7.8 | Microsoft | Microsoft Office | true | | [[cve-2026-21519\|CVE-2026-21519]] | 7.8 | Microsoft | Windows Desktop Window Manager (DWM) | true | | [[cve-2018-8174\|CVE-2018-8174]] | 7.5 | Microsoft | Windows VBScript Engine (Internet Explorer) | true | | [[cve-2021-39935\|CVE-2021-39935]] | 7.5 | GitLab | GitLab CE/EE | true | | [[cve-2022-27924\|CVE-2022-27924]] | 7.5 | Synacor / Zimbra | Zimbra Collaboration Suite (ZCS) | true | | [[cve-2023-27532\|CVE-2023-27532]] | 7.5 | Veeam | Veeam Backup & Replication | true | | [[cve-2025-14847\|CVE-2025-14847]] | 7.5 | MongoDB | MongoDB Server | true | | [[cve-2025-31125\|CVE-2025-31125]] | 7.5 | Vite | Vite (build tool) | true | | [[cve-2025-47813\|CVE-2025-47813]] | 7.5 | Wing FTP | Wing FTP Server | true | | [[cve-2021-31207\|CVE-2021-31207]] | 7.2 | Microsoft | Microsoft Exchange Server | true | | [[cve-2023-0669\|CVE-2023-0669]] | 7.2 | Fortra | GoAnywhere MFT | true | | [[cve-2024-7694\|CVE-2024-7694]] | 7.2 | TeamT5 | ThreatSonar Anti-Ransomware | true | | [[cve-2024-9474\|CVE-2024-9474]] | 7.2 | Palo Alto Networks | PAN-OS | true | | [[cve-2025-64328\|CVE-2025-64328]] | 7.2 | WordPress | WP Automatic Plugin | true | | [[cve-2025-22226\|CVE-2025-22226]] | 7.1 | VMware (Broadcom) | VMware ESXi | true | | [[cve-2025-43520\|CVE-2025-43520]] | 7.1 | Apple | Multiple Products (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) | true | | [[cve-2025-40602\|CVE-2025-40602]] | 6.6 | SonicWall | SMA1000 | true | | [[cve-2024-43451\|CVE-2024-43451]] | 6.5 | Microsoft | Windows (múltiplas versões) | true | | [[cve-2025-43510\|CVE-2025-43510]] | 6.3 | Apple | Multiple Products (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) | true | | [[cve-2023-37580\|CVE-2023-37580]] | 6.1 | Zimbra | Zimbra Collaboration Suite | true | | [[cve-2024-11182\|CVE-2024-11182]] | 6.1 | MDaemon Technologies | MDaemon Email Server | true | | [[cve-2025-66376\|CVE-2025-66376]] | 6.1 | Synacor | Zimbra Collaboration Suite (ZCS) | true | | [[cve-2023-38606\|CVE-2023-38606]] | 5.5 | Apple | iOS / iPadOS / macOS | true | | [[cve-2026-20805\|CVE-2026-20805]] | 0 | | | false | | [[cve-2026-24423\|CVE-2026-24423]] | 0 | | | false |  --- ## CVEs Críticos (CVSS ≥ 9) %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", epss-score AS "EPSS", exploit-available AS "Exploit Público" FROM "vulnerabilities" WHERE cvss-score >= 9 SORT cvss-score DESC LIMIT 20 ``` %%   | CVE | CVSS | EPSS | Exploit Público | | ---------------------------------------------------------- | ---- | ------ | --------------- | | [[cve-2008-4250\|CVE-2008-4250]] | 10 | 0.9354 | true | | [[cve-2014-1776\|CVE-2014-1776]] | 10 | 0.8019 | true | | [[cve-2015-3113\|CVE-2015-3113]] | 10 | 0.9242 | true | | [[cve-2015-5122\|CVE-2015-5122]] | 10 | 0.9278 | true | | [[cve-2017-7921\|CVE-2017-7921]] | 10 | 0.9423 | true | | [[cve-2019-11510\|CVE-2019-11510]] | 10 | 0.9444 | true | | [[cve-2020-1472\|CVE-2020-1472]] | 10 | 0.9438 | true | | [[cve-2020-5902\|CVE-2020-5902]] | 10 | 0.9443 | true | | [[cve-2021-22681\|CVE-2021-22681]] | 10 | 0.129 | true | | [[cve-2021-22893\|CVE-2021-22893]] | 10 | 0.9361 | true | | [[cve-2021-44228\|CVE-2021-44228]] | 10 | 0.9436 | true | | [[cve-2023-22527\|CVE-2023-22527]] | 10 | 0.9436 | true | | [[cve-2023-35078\|CVE-2023-35078]] | 10 | 0.9447 | true | | [[cve-2023-41892\|CVE-2023-41892]] | 10 | 0.9389 | true | | [[cve-2023-46604\|CVE-2023-46604]] | 10 | 0.9444 | true | | [[cve-2024-1709\|CVE-2024-1709]] | 10 | 0.9432 | true | | [[cve-2024-3400\|CVE-2024-3400]] | 10 | 0.9432 | true | | [[cve-2024-45519\|CVE-2024-45519]] | 10 | | true | | [[cve-2025-20393\|CVE-2025-20393]] | 10 | | true | | [[cve-2025-31324\|CVE-2025-31324]] | 10 | 0.3216 | true |  --- ## CVEs de Alto Risco (CVSS 7–8.9) %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", product AS "Produto" FROM "vulnerabilities" WHERE cvss-score >= 7 AND cvss-score < 9 SORT cvss-score DESC LIMIT 20 ``` %%   | CVE | CVSS | Fornecedor | Produto | | ---------------------------------------------------------- | ---- | --------------- | ----------------------------------------- | | [[cve-2026-1145\|CVE-2026-1145]] | 8.9 | Apple | iOS | | [[cve-2016-4657\|CVE-2016-4657]] | 8.8 | Apple | iOS (WebKit) | | [[cve-2018-0798\|CVE-2018-0798]] | 8.8 | Microsoft | Microsoft Office (Equation Editor) | | [[cve-2018-20250\|CVE-2018-20250]] | 8.8 | RARLAB | WinRAR | | [[cve-2018-4877\|CVE-2018-4877]] | 8.8 | Adobe | Adobe Flash Player | | [[cve-2018-4990\|CVE-2018-4990]] | 8.8 | Adobe | Acrobat DC / Acrobat Reader DC | | [[cve-2020-0688\|CVE-2020-0688]] | 8.8 | Microsoft | Microsoft Exchange Server | | [[cve-2020-10383\|CVE-2020-10383]] | 8.8 | MB Connect Line | mbCONNECT24 / mymbCONNECT24 | | [[cve-2021-1675\|CVE-2021-1675]] | 8.8 | Microsoft | Windows Print Spooler | | [[cve-2021-34527\|CVE-2021-34527]] | 8.8 | Microsoft | Windows Print Spooler | | [[cve-2021-40444\|CVE-2021-40444]] | 8.8 | Microsoft | Windows MSHTML (Internet Explorer engine) | | [[cve-2021-42359\|CVE-2021-42359]] | 8.8 | WordPress | WP DSGVO Tools Plugin | | [[cve-2021-44730\|CVE-2021-44730]] | 8.8 | Canonical | snapd | | [[cve-2022-41040\|CVE-2022-41040]] | 8.8 | Microsoft | Microsoft Exchange Server | | [[cve-2022-41080\|CVE-2022-41080]] | 8.8 | Microsoft | Microsoft Exchange Server | | [[cve-2022-41082\|CVE-2022-41082]] | 8.8 | Microsoft | Microsoft Exchange Server | | [[cve-2023-1389\|CVE-2023-1389]] | 8.8 | TP-Link | TP-Link Archer AX21 (Wi-Fi Router) | | [[cve-2023-32435\|CVE-2023-32435]] | 8.8 | Apple | iOS / iPadOS | | [[cve-2023-37450\|CVE-2023-37450]] | 8.8 | Apple | WebKit (Safari, iOS, iPadOS, macOS) | | [[cve-2023-41974\|CVE-2023-41974]] | 8.8 | Apple | WebKit (Safari, macOS, iOS, iPadOS) |  --- ## Publicações Recentes %% ```dataview TABLE WITHOUT ID cve-id AS "CVE", cvss-score AS "CVSS", vendor AS "Fornecedor", file.mtime AS "Publicado" FROM "vulnerabilities" SORT file.mtime DESC LIMIT 10 ``` %%   | CVE | CVSS | Fornecedor | Publicado | | ---------------------------------------------------------- | ---- | ---------- | ------------------------ | | [[_vulnerabilities]] | \- | \- | 5:49 PM - March 30, 2026 | | [[cve-2023-36025]] | \- | \- | 5:37 PM - March 30, 2026 | | [[cve-2026-2783\|CVE-2026-2783]] | \- | \- | 5:37 PM - March 30, 2026 | | [[cve-2026-4923\|CVE-2026-4923]] | \- | \- | 5:37 PM - March 30, 2026 | | [[cve-2016-4655\|CVE-2016-4655]] | 5.5 | Apple | 5:36 PM - March 30, 2026 | | [[vulnerabilities/2026/_2026.md\|_2026]] | \- | \- | 5:36 PM - March 30, 2026 | | [[cve-2013-3660\|CVE-2013-3660]] | 7.2 | Microsoft | 5:33 PM - March 30, 2026 | | [[cve-2017-7921\|CVE-2017-7921]] | 10 | Hikvision | 5:33 PM - March 30, 2026 | | [[cve-2017-11882\|CVE-2017-11882]] | 7.8 | Microsoft | 5:33 PM - March 30, 2026 | | [[cve-2016-1010\|CVE-2016-1010]] | 9.8 | Adobe | 5:33 PM - March 30, 2026 |  --- ## Últimas Atualizações %% ```dataview TABLE WITHOUT ID type AS "Tipo", dateformat(file.mtime, "yyyy-MM-dd HH:mm") AS "Modificado" FROM "vulnerabilities" WHERE publish = true AND !contains(file.name, "_") SORT file.mtime DESC LIMIT 5 ``` %%   | Nota | Tipo | Modificado | | ---------------------------------------------------------- | ---- | ---------------- | | [[cve-2016-4655\|CVE-2016-4655]] | cve | 2026-03-30 17:36 | | [[cve-2013-3660\|CVE-2013-3660]] | cve | 2026-03-30 17:33 | | [[cve-2017-7921\|CVE-2017-7921]] | cve | 2026-03-30 17:33 | | [[cve-2017-11882\|CVE-2017-11882]] | cve | 2026-03-30 17:33 | | [[cve-2016-1010\|CVE-2016-1010]] | cve | 2026-03-30 17:33 |  --- *Scores CVSS e EPSS obtidos via NVD e FIRST. Presença na CISA KEV verificada diariamente. Para ver campanhas explorando vulnerabilidades específicas, consulte [[_campaigns|Campanhas e Incidentes]].*