Actief Misbruikte Kwetsbaarheden

Top 10 Misbruikte Kwetsbaarheden

Bijgewerkt: 3 mei 2026 | Bronnen: CISA KEV, NCSC, ENISA EUVD, FIRST EPSS, NVD (NIST)

Deze pagina toont kwetsbaarheden die actief worden misbruikt door cybercriminelen. De data komt van CISA (VS), het NCSC (NL) en FIRST EPSS. Dit is geen lijst met trending items op sociale media, maar een overzicht van bewezen gevaarlijke kwetsbaarheden.

Top 10 Misbruikte Kwetsbaarheden - Nederland en Belgie

Gebaseerd op NCSC advisories, verrijkt met CISA KEV en EPSS data

CVE-2026-33825 Microsoft - Defender

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

CVSS 7.8 HOOG EPSS 3.9% (P88) → CISA KEV EUVD sinds Apr 22, 20 NCSC [H/H]

CVE-2026-32202 Microsoft - Windows

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.

CVSS 4.3 MIDDEL EPSS 7.2% (P92) ↑ CISA KEV EUVD sinds Apr 28, 20 NCSC [M/H]

CVE-2026-32201 Microsoft - SharePoint Server

Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.

CVSS 6.5 MIDDEL EPSS 7.9% (P92) → CISA KEV EUVD sinds Apr 14, 20 NCSC [M/H]

CVE-2026-39808

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unaut...

CVSS 9.8 KRITIEK EPSS 13.1% (P94) ↑ NCSC [M/H]

CVE-2026-39813

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert at...

CVSS 9.8 KRITIEK EPSS 0.1% (P29) → NCSC [M/H]

CVE-2026-33824

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

CVSS 9.8 KRITIEK EPSS 0.1% (P26) → NCSC [M/H]

CVE-2024-55414

A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This c...

CVSS 9.8 KRITIEK EPSS 0.1% (P25) → NCSC [M/H]

CVE-2026-33116

Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

CVSS 7.5 HOOG EPSS 0.8% (P74) → NCSC [M/H]

CVE-2026-26171

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.

CVSS 7.5 HOOG EPSS 0.5% (P66) → NCSC [M/H]

#10

CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.

CVSS 8.0 HOOG EPSS 0.8% (P74) → NCSC [M/H]

Top 10 Misbruikte Kwetsbaarheden - Wereldwijd

Gebaseerd op CISA Known Exploited Vulnerabilities, gerangschikt op exploitatiekans (EPSS)

CVE-2024-27199 JetBrains - TeamCity

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

CVSS 7.3 HOOG EPSS 91.4% (P100) → CISA KEV Ransomware

CVE-2023-27351 PaperCut - NG/MF

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

CVSS 7.5 HOOG EPSS 87.0% (P99) → CISA KEV Ransomware

CVE-2024-1708 ConnectWise - ScreenConnect

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

CVSS 8.4 HOOG EPSS 84.9% (P99) ↑ CISA KEV

CVE-2024-7399 Samsung - MagicINFO 9 Server

Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.

CVSS 9.8 KRITIEK EPSS 81.3% (P99) ↑ CISA KEV

CVE-2020-9715 Adobe - Acrobat

Adobe Acrobat contains a use-after-free vulnerability that allows for code execution

CVSS 7.8 HOOG EPSS 76.2% (P99) ↑ CISA KEV

CVE-2009-0238 Microsoft - Office

Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that...

CVSS 8.8 HOOG EPSS 74.9% (P99) → CISA KEV

CVE-2026-1340 Ivanti - Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

CVSS 9.8 KRITIEK EPSS 70.8% (P99) ↑ CISA KEV

CVE-2025-29635 D-Link - DIR-823X

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting vi...

CVSS 7.2 HOOG EPSS 69.7% (P99) ↑ CISA KEV

CVE-2026-34197 Apache - ActiveMQ

Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.

CVSS 8.8 HOOG EPSS 66.7% (P99) ↑ CISA KEV EUVD sinds Apr 16, 20

#10

CVE-2024-57728 SimpleHelp - SimpleHelp

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploit...

CVSS 7.2 HOOG EPSS 59.3% (P98) ↑ CISA KEV

Top 10 Misbruikte Kwetsbaarheden - Gecombineerd

Gewogen ranking op basis van CISA KEV, NCSC severity, EPSS score, ransomware en recentheid

CVE-2024-27199 JetBrains - TeamCity

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.

CVSS 7.3 HOOG EPSS 91.4% (P100) → CISA KEV Ransomware

CVE-2023-27351 PaperCut - NG/MF

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

CVSS 7.5 HOOG EPSS 87.0% (P99) → CISA KEV Ransomware

CVE-2024-1708 ConnectWise - ScreenConnect

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.

CVSS 8.4 HOOG EPSS 84.9% (P99) ↑ CISA KEV

CVE-2024-7399 Samsung - MagicINFO 9 Server

Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.

CVSS 9.8 KRITIEK EPSS 81.3% (P99) ↑ CISA KEV

CVE-2023-21529 Microsoft - Exchange Server

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

CVSS 8.8 HOOG EPSS 23.8% (P96) ↓ CISA KEV Ransomware

CVE-2025-29635 D-Link - DIR-823X

CVSS 7.2 HOOG EPSS 69.7% (P99) ↑ CISA KEV

CVE-2020-9715 Adobe - Acrobat

Adobe Acrobat contains a use-after-free vulnerability that allows for code execution

CVSS 7.8 HOOG EPSS 76.2% (P99) ↑ CISA KEV

CVE-2009-0238 Microsoft - Office

CVSS 8.8 HOOG EPSS 74.9% (P99) → CISA KEV

CVE-2026-39987 Marimo - Marimo

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.

CVSS 9.8 KRITIEK EPSS 56.1% (P98) ↑ CISA KEV EUVD sinds Apr 23, 20

#10

CVE-2026-1340 Ivanti - Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

CVSS 9.8 KRITIEK EPSS 70.8% (P99) ↑ CISA KEV

Legenda: CVSS = ernstscore (0-10): 9.0-10 Kritiek 7.0-8.9 Hoog 4.0-6.9 Middel 0.1-3.9 Laag | EPSS = kans op exploitatie (FIRST.org), P = percentiel, ↑ stijgend ↓ dalend | CISA KEV = bevestigd actief misbruikt (VS) | EUVD = ENISA Europese kwetsbaarhedenlijst | Ransomware = gebruikt in ransomware campagnes | NCSC = NCSC advisory met ernstrating