Top 10 Misbruikte Kwetsbaarheden
Bijgewerkt: 20 mei 2026 | Bronnen: CISA KEV, NCSC, ENISA EUVD, FIRST EPSS, NVD (NIST)
Deze pagina toont kwetsbaarheden die actief worden misbruikt door cybercriminelen. De data komt van CISA (VS), het NCSC (NL) en FIRST EPSS. Dit is geen lijst met trending items op sociale media, maar een overzicht van bewezen gevaarlijke kwetsbaarheden.
Top 10 Misbruikte Kwetsbaarheden - Nederland en Belgie
Gebaseerd op NCSC advisories, verrijkt met CISA KEV en EPSS data
#1
CVSS 8.8 HOOG EPSS 0.6% (P70) → NCSC [M/H]
#2
CVSS 8.8 HOOG EPSS 0.6% (P70) → NCSC [M/H]
#3
CVSS 8.8 HOOG EPSS 0.6% (P70) → NCSC [M/H]
#4
CVSS 8.8 HOOG EPSS 0.6% (P70) → NCSC [M/H]
#5
CVSS 8.4 HOOG EPSS 0.2% (P41) → NCSC [M/H]
#6
CVSS 8.0 HOOG EPSS 0.4% (P58) → NCSC [M/H]
#7
CVSS 9.1 KRITIEK EPSS 0.2% (P38) → NCSC [M/H]
#8
CVSS 6.7 MIDDEL EPSS 0.3% (P49) → NCSC [M/H]
#9
CVSS 9.9 KRITIEK EPSS 0.1% (P17) → NCSC [M/H]
#10
CVSS 7.8 HOOG EPSS 0.0% (P14) → NCSC [M/H]
Top 10 Misbruikte Kwetsbaarheden - Wereldwijd
Gebaseerd op CISA Known Exploited Vulnerabilities, gerangschikt op exploitatiekans (EPSS)
#1
CVE-2024-27199
JetBrains - TeamCity
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
CVSS 7.3 HOOG EPSS 90.9% (P100) → CISA KEV Ransomware
#2
CVE-2026-41940
WebPros - cPanel & WHM and WP2 (WordPress Squared)
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthor...
CVSS 9.8 KRITIEK EPSS 87.8% (P99) ↑ CISA KEV EUVD sinds Apr 30, 20 Ransomware
#3
CVE-2023-27351
PaperCut - NG/MF
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
CVSS 7.5 HOOG EPSS 87.0% (P99) → CISA KEV Ransomware
#4
CVE-2024-1708
ConnectWise - ScreenConnect
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
CVSS 8.4 HOOG EPSS 85.3% (P99) → CISA KEV Ransomware
#5
CVE-2024-7399
Samsung - MagicINFO 9 Server
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
CVSS 8.8 HOOG EPSS 82.3% (P99) ↑ CISA KEV
#6
CVE-2026-39987
Marimo - Marimo
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
CVSS 9.8 KRITIEK EPSS 81.8% (P99) ↑ CISA KEV
#7
CVE-2024-57728
SimpleHelp - SimpleHelp
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploit...
CVSS 7.2 HOOG EPSS 58.8% (P98) → CISA KEV Ransomware
#8
CVE-2025-29635
D-Link - DIR-823X
D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting vi...
CVSS 7.2 HOOG EPSS 53.8% (P98) ↓ CISA KEV
#9
CVE-2025-32975
Quest - KACE Systems Management Appliance (SMA)
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
CVSS 10.0 KRITIEK EPSS 46.5% (P98) → CISA KEV
#10
CVE-2024-57726
SimpleHelp - SimpleHelp
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privilege...
CVSS 9.9 KRITIEK EPSS 45.4% (P98) ↓ CISA KEV Ransomware
Top 10 Misbruikte Kwetsbaarheden - Gecombineerd
Gewogen ranking op basis van CISA KEV, NCSC severity, EPSS score, ransomware en recentheid
#1
CVE-2026-41940
WebPros - cPanel & WHM and WP2 (WordPress Squared)
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthor...
CVSS 9.8 KRITIEK EPSS 87.8% (P99) ↑ CISA KEV EUVD sinds Apr 30, 20 Ransomware
#2
CVE-2024-1708
ConnectWise - ScreenConnect
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
CVSS 8.4 HOOG EPSS 85.3% (P99) → CISA KEV Ransomware
#3
CVE-2024-27199
JetBrains - TeamCity
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
CVSS 7.3 HOOG EPSS 90.9% (P100) → CISA KEV Ransomware
#4
CVE-2023-27351
PaperCut - NG/MF
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
CVSS 7.5 HOOG EPSS 87.0% (P99) → CISA KEV Ransomware
#5
CVE-2024-57728
SimpleHelp - SimpleHelp
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploit...
CVSS 7.2 HOOG EPSS 58.8% (P98) → CISA KEV Ransomware
#6
CVE-2024-57726
SimpleHelp - SimpleHelp
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privilege...
CVSS 9.9 KRITIEK EPSS 45.4% (P98) ↓ CISA KEV Ransomware
#7
CVE-2026-39987
Marimo - Marimo
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
CVSS 9.8 KRITIEK EPSS 81.8% (P99) ↑ CISA KEV
#8
CVE-2024-7399
Samsung - MagicINFO 9 Server
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
CVSS 8.8 HOOG EPSS 82.3% (P99) ↑ CISA KEV
#9
CVE-2025-29635
D-Link - DIR-823X
D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting vi...
CVSS 7.2 HOOG EPSS 53.8% (P98) ↓ CISA KEV
#10
CVE-2026-42208
BerriAI - LiteLLM
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and...
CVSS - EPSS 43.2% (P98) ↑ CISA KEV EUVD sinds May 8, 202
Legenda:
CVSS = ernstscore (0-10):
9.0-10 Kritiek
7.0-8.9 Hoog
4.0-6.9 Middel
0.1-3.9 Laag
| EPSS = kans op exploitatie (FIRST.org), P = percentiel, ↑ stijgend ↓ dalend
| CISA KEV = bevestigd actief misbruikt (VS)
| EUVD = ENISA Europese kwetsbaarhedenlijst
| Ransomware = gebruikt in ransomware campagnes
| NCSC = NCSC advisory met ernstrating