§ Veille · exploitation active
Menace.
Lecture en temps réel de l’exploitation active : ce qui est réellement attaqué, pas seulement ce qui est grave. Sources publiques (CISA KEV, FIRST EPSS, veille), recoupées et datées.
DERNIÈRE SYNCHRO · 03 juil. 2026, 09:49 · SOURCES PUBLIQUES
CATALOGUE KEV · il y a 59 minutes // SCORES EPSS/CVSS · il y a 59 minutes // VEILLE · il y a 42 minutes // INFRASTRUCTURE C2 · il y a 42 minutes
01 · Ce qui est réellement exploité · priorité au risque réel, pas au volume
1631
Vulnérabilités activement exploitées (KEV)
328
Liées à des campagnes de ransomware
226
Critiques · forte exploitabilité ET ransomware
20
Ajoutées ces 30 derniers jours
Délai de correction imposé (échéance CISA − date d'ajout)
83 urgentes ≤ 7 jours · exploitation massive
■ ≤ 7 j · 83
■ 8 à 21 j · 1284
■ > 21 j · 264
Exploitabilité (EPSS) vs sévérité (CVSS)
« Grave » ne veut pas dire « exploité ». Le quadrant qui compte est en haut à droite · grave ET probable. Les points cuivre sont liés au ransomware.
Couverture CVSS · 1631 sur 1631 vulnérabilités notées (enrichissement en continu depuis CVE.org).
Top · les plus probablement exploités (EPSS %)
Voir les données
| CVE | EPSS % |
|---|---|
| CVE-2021-21985 | 100 % |
| CVE-2021-22005 | 100 % |
| CVE-2019-11510 | 100 % |
| CVE-2021-26855 | 100 % |
| CVE-2021-34473 | 100 % |
| CVE-2019-0708 | 100 % |
| CVE-2018-13379 | 100 % |
| CVE-2021-35464 | 100 % |
| CVE-2020-5902 | 100 % |
| CVE-2019-19781 | 100 % |
Répartition de l'exploitabilité · probabilité EPSS (1631 KEV)
Voir les données
| Probabilité | Vulnérabilités |
|---|---|
| < 10 % | 399 |
| 10 · 50 % | 388 |
| 50 · 90 % | 406 |
| ≥ 90 % | 438 |
Part liée au ransomware
02 · Où et comment · fournisseurs ciblés et familles de faiblesses
Fournisseurs les plus ciblés (catalogue KEV)
Voir les données
| Fournisseur | KEV |
|---|---|
| Microsoft | 378 |
| Cisco | 93 |
| Apple | 93 |
| Adobe | 79 |
| 72 | |
| Oracle | 44 |
| Apache | 39 |
| Ivanti | 35 |
Familles de faiblesses les plus exploitées (CWE)
Voir les données
| Famille (CWE) | KEV |
|---|---|
| Validation d’entrée insuffisante | 118 |
| Injection de commande système (OS) | 104 |
| Écriture hors limites | 100 |
| Utilisation après libération (use-after-free) | 92 |
| Débordement de tampon | 84 |
| Traversée de répertoire | 75 |
| Désérialisation de données non fiables | 67 |
| Injection de code | 65 |
Exploitation active dans le temps · ajouts KEV / mois
Voir les données
| Mois | Total | Ransomware |
|---|---|---|
| août 25 | 15 | 0 |
| sept. 25 | 16 | 1 |
| oct. 25 | 31 | 2 |
| nov. 25 | 11 | 0 |
| déc. 25 | 20 | 1 |
| janv. 26 | 17 | 2 |
| févr. 26 | 28 | 2 |
| mars 26 | 26 | 1 |
| avr. 26 | 31 | 8 |
| mai 26 | 21 | 2 |
| juin 26 | 23 | 2 |
| juil. 26 | 1 | 0 |
Infrastructure de commande et contrôle (C2) suivie
Serveurs de pilotage de botnets suivis par abuse.ch (Feodo Tracker) · familles principales : QakBot (4) · Emotet (1)
5suivis
1en ligne
À corriger en priorité.
Liées au ransomware ET forte probabilité d'exploitation (EPSS ≥ 50 %)
Dernières vulnérabilités exploitées.
CVE-2026-45659
3% 01 juil. 2026
CVE-2026-48558
1% 29 juin 2026
CVE-2026-20230
42% 25 juin 2026
CVE-2026-12569
1% 25 juin 2026
CVE-2026-34908
2% 23 juin 2026
CVE-2026-34909
2% 23 juin 2026
CVE-2026-34910
79% 23 juin 2026
CVE-2025-67038
1% 23 juin 2026
CVE-2026-20253
88% 18 juin 2026
CVE-2026-48907
80% 16 juin 2026
CVE-2026-20262
8% 15 juin 2026
CVE-2026-54420
1% 15 juin 2026
03 · Veille · sources publiques, recoupées et datées
Agrégat de sources publiques · titre + extrait + lien vers la source
The Hacker Newsdans 3 heures
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data.
The stealer, discovered by Jamf Threat Labs, i...
@cveNotifyil y a 1 heure
🚨 CVE-2026-9756The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType'...
🚨 CVE-2026-9756The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitiz...
@cveNotifyil y a 1 heure
🚨 CVE-2026-4804The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and i...
🚨 CVE-2026-4804The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields (zakra_menu_item_color,...
@cveNotifyil y a 1 heure
🚨 CVE-2026-47896Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.N...
🚨 CVE-2026-47896Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through...
@cveNotifyil y a 1 heure
🚨 CVE-2026-35159Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker...
🚨 CVE-2026-35159Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure...
@cveNotifyil y a 1 heure
🚨 CVE-2026-11900The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versio...
🚨 CVE-2026-11900The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the [adinserter] shortcode. This is due to...
@cveNotifyil y a 1 heure
🚨 CVE-2026-11778The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrar...
🚨 CVE-2026-11778The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allo...
@cveNotifyil y a 1 heure
🚨 CVE-2026-11398The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization byp...
🚨 CVE-2026-11398The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying th...
@cveNotifyil y a 1 heure
🚨 CVE-2026-35075An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full acce...
🚨 CVE-2026-35075An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.🎖@cveNotify
The Registeril y a 2 heures
User swore hacker called General Failure had invaded his PC
Maybe they were looking for Private Data
@cveNotifyil y a 2 heures
🚨 CVE-2026-9230The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in...
🚨 CVE-2026-9230The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a u...
@cveNotifyil y a 2 heures
🚨 CVE-2026-9148The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website'...
🚨 CVE-2026-9148The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the ge...
@cveNotifyil y a 2 heures
🚨 CVE-2026-8804Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive f...
🚨 CVE-2026-8804Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cle...
@cveNotifyil y a 2 heures
🚨 CVE-2026-8351The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background T...
🚨 CVE-2026-8351The RTMKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget's 'Background Text' parameter in versions up to, and including, 2.0.7 This is due to insufficient output escaping o...
@cveNotifyil y a 2 heures
🚨 CVE-2026-47898Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common librar...
🚨 CVE-2026-47898Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library).This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018...
@cveNotifyil y a 2 heures
🚨 CVE-2026-47897Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.N...
🚨 CVE-2026-47897Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before...
@cveNotifyil y a 2 heures
🚨 CVE-2026-14544A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631...
🚨 CVE-2026-14544A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can o...
@cveNotifyil y a 3 heures
🚨 CVE-2026-9547When a libcurl-based application performs transfers via `SCP://` or `SFTP://`and utilizes the `CURLOPT_SSH_KEYFUNCTION` call...
🚨 CVE-2026-9547When a libcurl-based application performs transfers via `SCP://` or `SFTP://`and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept anuntrusted server. This vulnerability occurs when a server presents a...