Actief Misbruikte Kwetsbaarheden

Top 10 Misbruikte Kwetsbaarheden

Bijgewerkt: 13 april 2026 | Bronnen: CISA KEV, NCSC, ENISA EUVD, FIRST EPSS, NVD (NIST)

Deze pagina toont kwetsbaarheden die actief worden misbruikt door cybercriminelen. De data komt van CISA (VS), het NCSC (NL) en FIRST EPSS. Dit is geen trending-lijst op sociale media, maar een overzicht van bewezen gevaarlijke kwetsbaarheden.

Top 10 Misbruikte Kwetsbaarheden - Nederland en Belgie

Gebaseerd op NCSC advisories, verrijkt met CISA KEV en EPSS data

CVE-2026-20131 Cisco - Secure Firewall Management Center (FMC)

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based manageme...

CVSS 10.0 KRITIEK EPSS 0.8% (P74) → CISA KEV Ransomware NCSC [H/H]

CVE-2026-20963 Microsoft - SharePoint

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

CVSS 9.8 KRITIEK EPSS 6.0% (P91) → CISA KEV NCSC [M/H]

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on a...

CVSS 10.0 KRITIEK EPSS 0.1% (P17) → NCSC [H/H]

CVE-2026-21643

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized ...

CVSS 9.8 KRITIEK EPSS 13.7% (P94) ↑ NCSC [M/H]

CVE-2026-3910

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...

CVSS 8.8 HOOG EPSS 0.6% (P70) → NCSC [M/H]

CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVSS 8.8 HOOG EPSS 0.3% (P50) → NCSC [M/H]

CVE-2026-20944

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS 8.4 HOOG EPSS 0.0% (P9) → NCSC [M/H]

CVE-2026-20948

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVSS 7.8 HOOG EPSS 0.0% (P7) → NCSC [M/H]

CVE-2026-20947

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS 8.8 HOOG EPSS 0.1% (P19) → NCSC [M/H]

#10

CVE-2026-20951

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS 7.8 HOOG EPSS 0.1% (P21) → NCSC [M/H]

Top 10 Misbruikte Kwetsbaarheden - Wereldwijd

Gebaseerd op CISA Known Exploited Vulnerabilities, gerangschikt op exploitatiekans (EPSS)

CVE-2025-32432 Craft CMS - Craft CMS

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

CVSS 10.0 KRITIEK EPSS 88.4% (P99) → CISA KEV

CVE-2026-1340 Ivanti - Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

CVSS 9.8 KRITIEK EPSS 67.8% (P99) ↑ CISA KEV

CVE-2025-54068 Laravel - Livewire

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

CVSS 9.8 KRITIEK EPSS 59.4% (P98) ↑ CISA KEV

CVE-2026-3055 Citrix - NetScaler

Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP l...

CVSS 9.8 KRITIEK EPSS 50.8% (P98) ↑ CISA KEV EUVD sinds Mar 30, 20

CVE-2025-53521 F5 - BIG-IP

F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

CVSS 9.8 KRITIEK EPSS 41.4% (P97) → CISA KEV

CVE-2025-47813 Wing FTP Server - Wing FTP Server

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie.

CVSS 4.3 MIDDEL EPSS 25.5% (P96) ↑ CISA KEV

CVE-2026-35616 Fortinet - FortiClient EMS

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

CVSS 9.8 KRITIEK EPSS 25.3% (P96) ↑ CISA KEV EUVD sinds Apr 6, 202

CVE-2026-33634 Aquasecurity - Trivy

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud creden...

CVSS 8.8 HOOG EPSS 21.2% (P96) → CISA KEV EUVD sinds Mar 26, 20

CVE-2025-66376 Synacor - Zimbra Collaboration Suite (ZCS)

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

CVSS 6.1 MIDDEL EPSS 10.0% (P93) → CISA KEV

#10

CVE-2026-20963 Microsoft - SharePoint

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

CVSS 9.8 KRITIEK EPSS 6.0% (P91) → CISA KEV NCSC [M/H]

Top 10 Misbruikte Kwetsbaarheden - Gecombineerd

Gewogen ranking op basis van CISA KEV, NCSC severity, EPSS score, ransomware en recentheid

CVE-2026-20131 Cisco - Secure Firewall Management Center (FMC)

CVSS 10.0 KRITIEK EPSS 0.8% (P74) → CISA KEV Ransomware NCSC [H/H]

CVE-2026-1340 Ivanti - Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

CVSS 9.8 KRITIEK EPSS 67.8% (P99) ↑ CISA KEV

CVE-2025-32432 Craft CMS - Craft CMS

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

CVSS 10.0 KRITIEK EPSS 88.4% (P99) → CISA KEV

CVE-2026-3055 Citrix - NetScaler

CVSS 9.8 KRITIEK EPSS 50.8% (P98) ↑ CISA KEV EUVD sinds Mar 30, 20

CVE-2025-54068 Laravel - Livewire

Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios.

CVSS 9.8 KRITIEK EPSS 59.4% (P98) ↑ CISA KEV

CVE-2025-53521 F5 - BIG-IP

F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution.

CVSS 9.8 KRITIEK EPSS 41.4% (P97) → CISA KEV

CVE-2026-35616 Fortinet - FortiClient EMS

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

CVSS 9.8 KRITIEK EPSS 25.3% (P96) ↑ CISA KEV EUVD sinds Apr 6, 202

CVE-2026-20963 Microsoft - SharePoint

Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.

CVSS 9.8 KRITIEK EPSS 6.0% (P91) → CISA KEV NCSC [M/H]

CVE-2026-33634 Aquasecurity - Trivy

CVSS 8.8 HOOG EPSS 21.2% (P96) → CISA KEV EUVD sinds Mar 26, 20

#10

CVE-2026-33017 Langflow - Langflow

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.

CVSS 9.8 KRITIEK EPSS 5.7% (P90) → CISA KEV EUVD sinds Mar 25, 20

Legenda: CVSS = ernst-score (0-10): 9.0-10 Kritiek 7.0-8.9 Hoog 4.0-6.9 Middel 0.1-3.9 Laag | EPSS = kans op exploitatie (FIRST.org), P = percentiel, ↑ stijgend ↓ dalend | CISA KEV = bevestigd actief misbruikt (VS) | EUVD = ENISA Europese kwetsbaarhedenlijst | Ransomware = gebruikt in ransomware-campagnes | NCSC = NCSC advisory met ernst-rating