Top Exploited Vulnerabilities

Name: Top Exploited Vulnerabilities
Creator: Rankiteo
License: https://www.rankiteo.com/our-company/terms-and-condition

The most actively exploited vulnerabilities across the companies tracked by Rankiteo. Aggregated from real incident data to help you prioritize patching.

4737

Vulnerabilities Tracked

3756

Critical Severity

596

High Severity

6,204

Total Exposures

Vulnerability Rankings

#	Vulnerability	Severity	CVSS	Incidents	Attack Type
1	Human Error	critical	10.0	138	Security Awareness, Privacy Breach, ransomware
2	Unauthorized Access	critical	10.0	79	Data Breach, Data Exfiltration, Security Concerns
3	Email Account	critical	8.5	54	Phishing Scam, Data Breach
4	Physical Security	critical	10.0	40	Data Theft, Data Breach
5	Lack of Multi-Factor Authentication (MFA)	critical	10.0	38	fraud, Cyber Attack, Cyberattack
6	Human	critical	10.0	31	Phishing, Data Breach
7	Misconfiguration	critical	10.0	29	ransomware, API Security Breach, worm-driven campaign
8	Email Account Compromise	critical	10.0	28	Data Breach
9	Improper Access Control	critical	10.0	28	Data Exposure, data breach, SCADA Tampering / Insider Threat
10	Employee Email Account	critical	8.5	27	Data Breach
11	Social Engineering	critical	10.0	23	Phishing Attack, Ransomware, Cryptocurrency Investment Scam (Pig Butchering/Romance Baiting)
12	Unauthorized Access to Email Account	critical	10.0	21	Data Theft, Data Breach
13	Insider Threat	critical	10.0	18	Malicious Insider, Insider Wrongdoing, Unauthorized Access
14	MOVEit software vulnerability	critical	10.0	15	Data Breach
15	SQL Injection	critical	10.0	15	Data Breach, SQL Injection
16	Unpatched systems	critical	10.0	15	ransomware, Data Breach (General Discussion), Surveillance
17	Weak password	critical	10.0	15	ransomware, phishing, Awareness Campaign
18	Improper Data Handling	critical	10.0	14	Fraud, Data Exposure, Data Breach
19	Website Vulnerability	critical	10.0	14	Data Breach
20	Unsecured Database	critical	10.0	13	Data Leak, Data Exposure, Data Breach
21	Human Error (Phishing Susceptibility)	critical	10.0	12	Data Breach (Phishing), Phishing, cybercrime
22	CVE-2024-57727	critical	10.0	11	ransomware, Supply-Chain Attack, Ransomware
23	Unencrypted Data	critical	10.0	11	data breach, Data Breach, Awareness Campaign
24	Weak or Stolen Credentials	critical	10.0	11	ransomware, Data Breach, Data Breach (General Discussion)
25	Lack of Physical Security	critical	10.0	11	Data Leak, cybercrime, Data Breach
26	Compromised Email Account	critical	10.0	11	Data Breach
27	Lack of Password Protection	critical	10.0	11	Data Exposure, Data Breach
28	Previously unknown vulnerability	critical	10.0	10	Ransomware, Data Breach, Ransomware Attack
29	Unsecured cloud environment	critical	10.0	10	Data Breach
30	Stolen Credentials	critical	10.0	10	Destructive Cyberattack, Ransomware, Phishing
31	Human Error (Social Engineering)	critical	10.0	10	cyber theft, Phishing, Cyber Extortion
32	Unsecured Laptop	critical	10.0	9	Data Breach
33	lack of access controls	critical	10.0	9	ransomware, data exposure, data breach
34	Weak Access Controls	critical	10.0	9	Cyber Attack, Unauthorized Access and Data Manipulation, Data Breach
35	MOVEit Transfer application vulnerability	critical	8.5	9	Data Breach
36	Unknown	critical	10.0	8	Data Breach, Website Defacement, Cyberattack, Malware
37	Unencrypted Laptop	critical	10.0	8	Data Breach
38	Inadequate security measures	critical	10.0	8	Data Breach
39	Weak Password Policies	critical	10.0	8	Ransomware, election fraud, DDoS Attack
40	Unencrypted Data Storage	critical	8.5	8	Data Breach, Data Security Incident
41	Unprotected Database	critical	10.0	7	Data Leak, Data Exposure, Data Breach
42	Lack of MFA	critical	10.0	7	Social Engineering, Data Breach, Compliance Failure
43	Zero-day vulnerability	critical	10.0	7	Cyber Attack, Data Breach, Ransomware Attack
44	Inadequately secured network	critical	10.0	7	Data Breach
45	MOVEit file transfer software	critical	10.0	7	Ransomware, Data Breach, Ransomware Attack
46	Compromised Credentials	critical	10.0	7	Quantum Computing Threat, Data Breach
47	Unpatched vulnerability	critical	10.0	7	Data Breach, Ransomware, Ransomware, Data Breach
48	Inadequate Access Controls	critical	10.0	7	ransomware, Ransomware Attack, Data Breach
49	Email Compromise	critical	8.5	7	Data Breach
50	Configuration Error	critical	8.5	7	Data Leak, Data Breach
51	MOVEit Transfer software	critical	8.5	7	Data Breach
52	MOVEit Transfer software vulnerability	critical	8.5	7	Data Breach
53	CVE-2025-47812	critical	10.0	6	Information Disclosure, Remote Code Execution, Remote Code Execution (RCE), Vulnerability Exploitation
54	MOVEit Transfer application	critical	10.0	6	Data Breach
55	Weak OAuth Token Security	critical	10.0	6	Supply Chain Attack, Data Breach
56	CVE-2025-55182 (React2Shell)	critical	10.0	6	Credential Theft, Remote Code Execution (RCE), Vulnerability Exploitation
57	CVE-2024-57728	critical	10.0	6	ransomware, Supply-Chain Attack, Ransomware
58	Phishing	critical	10.0	6	Phishing Attack, Ransomware, Phishing
59	CVE-2024-57726	critical	10.0	6	ransomware, Supply-Chain Attack, Ransomware
60	Software Vulnerability	critical	10.0	6	Cyber Attack, Data Breach
61	Unpatched vulnerabilities	critical	10.0	6	ransomware, Ransomware, Extortion / Data Leak Threat
62	Lack of Multi-Factor Authentication (MFA) Enforcement	critical	10.0	6	Phishing, phishing, Data Breach
63	Human Factor	critical	10.0	6	Data Theft, Social Engineering, Ransomware, Phishing Attack
64	Lack of Multifactor Authentication (MFA)	critical	10.0	6	Ransomware, Cybersecurity Incident, Unauthorized Access
65	outdated software	critical	10.0	6	ransomware, phishing, Data Breach
66	MOVEit Transfer	critical	8.5	6	Cyber Attack, Data Breach
67	Weak or Reused Passwords	critical	8.5	6	Account Compromise, Credential-Stuffing Attack, Data Breach
68	Unauthorized Data Transfer	critical	8.0	6	Data Breach
69	React2Shell	critical	10.0	5	Malware Campaign, Data Breach, Web Traffic Hijacking
70	MOVEit file transfer software vulnerability	critical	10.0	5	Cyber Attack, Ransomware
71	CVE-2025-61882 (Oracle E-Business Suite)	critical	10.0	5	Data Breach, Ransomware, Cybercriminal Alliance Formation, Data Breach
72	CVE-2025-61882	critical	10.0	5	Cyberattack, ransomware, Data Breach
73	CVE-2023-34362	critical	10.0	5	Data Breach, Data Breach and Ransomware Attack, Ransomware
74	Human Error (Phishing)	critical	10.0	5	Targeted Attack, Targeted Cyberattack, Data Breach
75	Zero-day vulnerabilities	critical	10.0	5	Cyber Breach, Cyber Espionage, Ransomware
76	Online Payment System	critical	10.0	5	Data Breach
77	Unsecured cloud storage	critical	10.0	5	Data Leak, data breach, Data Exposure
78	Human Vulnerability	critical	10.0	5	Sex Trafficking and Deepfake Pornography, Phishing, Data Breach
79	Unpatched software	critical	10.0	5	ransomware, general cybersecurity awareness, Data Breach
80	MOVEit Transfer programme	critical	8.5	5	Data Breach
81	Lack of Authentication	critical	8.5	5	Data Leak, Data Exposure
82	Human (Employee Email Compromise)	critical	8.5	5	Data Breach
83	Password Reuse	critical	8.5	5	Password Reuse Attack, Credential Theft, Data Breach
84	Inadequate data protection measures	critical	8.5	5	Data Breach
85	Lack of Encryption and Password Protection	critical	8.5	5	data breach, Data Exposure, Data Breach
86	Email Phishing	high	6.0	5	Data Breach
87	Email Phishing Scam	high	6.0	5	Data Breach
88	CVE-2025-49706	critical	10.0	4	Cyberattack, Cyber Espionage, Ransomware
89	Weak or Compromised Credentials	critical	10.0	4	Cyberattack, Data Breach
90	Security breach on a third-party vendor	critical	10.0	4	Data Breach
91	Cloudbleed	critical	10.0	4	Data Breach
92	CVE-2023-27532	critical	10.0	4	Cyber Intrusion, ransomware, Ransomware Attack
93	human trust	critical	10.0	4	fraud, social engineering, phishing
94	MOVEit	critical	10.0	4	Data Breach, Ransomware
95	CVE-2025-49704	critical	10.0	4	Cyberattack, Cyber Espionage, Ransomware
96	Web Application Vulnerability	critical	10.0	4	Cyber Attack, Data Breach
97	Internal Access	critical	10.0	4	Data Theft, Data Breach
98	MOVEit Transfer tool	critical	10.0	4	Data Breach
99	SonicWall firewall vulnerability	critical	10.0	4	Data Breach, Ransomware
100	CVE-2025-11953	critical	10.0	4	Remote Code Execution (RCE), OS Command Injection
101	Unknown vulnerability	critical	10.0	4	Data Breach, Ransomware, Data Breach, Ransomware Attack
102	Zero-day vulnerability in MOVEit Transfer programme	critical	10.0	4	Data Breach
103	CVE-2025-53770	critical	10.0	4	Cyberattack, Ransomware, Ransomware Attack
104	Lack of Network Segmentation	critical	10.0	4	Cyberattack, Cyber-Physical Attack, cyber-espionage
105	MOVEit file transfer software vulnerabilities	critical	10.0	4	Data Breach, Unauthorized Access, Data Breach, Ransomware Attack
106	Default credentials	critical	10.0	4	DDoS Attack, Data Breach, Ransomware
107	Network Vulnerability	critical	10.0	4	Data Breach, Ransomware Attack
108	Insufficient Employee Training	critical	10.0	4	Cyber Attack, Data Breach, Data Breach Risk
109	Insecure Direct Object Reference (IDOR)	critical	10.0	4	Data Breach, unauthorized access
110	legacy systems	critical	10.0	4	Cyberattack, ransomware, Data Breach
111	Weak authentication	critical	10.0	4	Cyber Breach, ransomware, Data Breach
112	Publicly Accessible Server	critical	10.0	4	Data Exposure, data exposure, Data Breach
113	Employee credentials	critical	10.0	4	Phishing Attack, Data Breach, Data Breach, Phishing
114	Weak email security	critical	10.0	4	Cyberattack, Data Breach, defacement
115	Point-of-Sale System	critical	10.0	4	Data Breach
116	Inadequate employee training	critical	10.0	4	phishing, Data Breach, Data Leakage
117	Lack of Encryption	critical	8.5	4	Data Breach
118	Coding Error	critical	8.5	4	Data Breach
119	Compromised login credentials	critical	8.5	4	Data Breach
120	Unauthorized Access by Former Employee	critical	8.5	4	Data Breach
121	Unsecured Server	critical	8.5	4	Data Leak, Data Breach
122	MOVEit Transfer vulnerability	critical	8.5	4	Data Breach
123	Compromised Employee Email Account	critical	8.5	4	Data Breach
124	Publicly Accessible Database	critical	8.5	4	Data Leak, Data Exposure, Data Breach
125	CVE-2025-53771	critical	10.0	3	Ransomware Attack, Ransomware
126	CVE-2017-11882	critical	10.0	3	Cyber Espionage, cyber espionage
127	CVE-2025-53521	critical	10.0	3	Remote Code Execution (RCE), Vulnerability Exploitation
128	CVE-2026-21509	critical	10.0	3	Zero-day exploitation, Zero-Day Vulnerability
129	CVE-2024-7029	critical	10.0	3	Botnet, Malware
130	Supply chain vulnerabilities	critical	10.0	3	Data Breach, Ransomware
131	Unauthorized Access to Sensitive Data	critical	10.0	3	Extortion, Data Breach
132	CVE-2026-20963	critical	10.0	3	Cyberespionage, Remote Code Execution (RCE), Vulnerability Exploitation
133	Third-party software vulnerability	critical	10.0	3	Data Breach, Ransomware Attack
134	CVE-2023-27351 (PaperCut)	critical	10.0	3	ransomware, Ransomware
135	External System Breach	critical	10.0	3	Data Breach
136	Inadequately secured systems	critical	10.0	3	Data Breach
137	Weak Password Security	critical	10.0	3	Data Breach
138	Lack of Oversight	critical	10.0	3	Data Breach (Alleged), Unauthorized Disclosure, Data Breach
139	CVE-2021-36942 (PetitPotam)	critical	10.0	3	Cyber Espionage
140	SQL Injection Flaws	critical	10.0	3	Data Breach
141	CVE-2026-23760	critical	10.0	3	Ransomware, Remote Code Execution (RCE), Ransomware Attack
142	CVE-2024-40711	critical	10.0	3	ransomware, Ransomware, Vulnerability
143	Weak Authentication System	critical	10.0	3	Data Breach
144	null	critical	10.0	3	Data Breach and Ransomware, Data Breach, DDoS
145	CVE-2025-5777	critical	10.0	3	ransomware, Vulnerability Exploitation, Ransomware
146	Lack of Data Encryption	critical	10.0	3	Data Breach
147	Stolen Employee Credentials	critical	10.0	3	Data Breach
148	Excessive Permissions	critical	10.0	3	Data Breach, Malware Infiltration
149	Weak/Stolen Credentials	critical	10.0	3	Data Breach
150	Lack of Role-Based Access Control (RBAC)	critical	10.0	3	Data Breach, Data Breach Risk
151	Weak or Reused Credentials	critical	10.0	3	Data Breach, Unauthorized Access
152	Microsoft Exchange Server	critical	10.0	3	Security Breach, Cyber Espionage, Ransomware
153	Cloud misconfiguration	critical	10.0	3	Data Breach, Extortion, Cloud Misconfiguration Exploitation, Data Breach
154	Weak Credential Management	critical	10.0	3	Data Breach
155	Sandbox escape	critical	10.0	3	Exploit Kit, Espionage, Exploit Kit / Cyber Espionage
156	weak endpoint security	critical	10.0	3	data breach, Data Breach, ransomware
157	outdated systems	critical	10.0	3	data breach, ransomware, Ransomware
158	Improper Email Handling	critical	10.0	3	Data Breach
159	Lack of Cybersecurity Expertise	critical	10.0	3	ransomware, Data Breach
160	Zero-day exploit	critical	10.0	3	Data Breach, Compliance Failure, Ransomware
161	poor network segmentation	critical	10.0	3	Ransomware, cyber attack
162	Misconfigured Amazon S3 bucket	critical	9.0	3	Data Breach
163	Security Vulnerability	critical	8.5	3	Data Breach
164	MOVEit Transfer solution	critical	8.5	3	Data Breach
165	Physical Theft	critical	8.5	3	Data Breach
166	MOVEit Transfer server	critical	8.5	3	Data Breach
167	Point of Sale Systems	critical	8.5	3	Data Breach
168	MOVEit file transfer application	critical	8.5	3	Data Breach
169	Insufficient Access Controls	critical	8.5	3	data breach, Data Breach, Unauthorized Access
170	Weak security controls	critical	8.5	3	Data Breach, Ransomware
171	Server Misconfiguration	critical	8.5	3	Data Breach, Botnet
172	Third-party vendor vulnerability	critical	8.5	3	Data Breach
173	Third-party service provider	critical	8.5	3	Data Breach
174	human trust (social engineering)	critical	8.5	3	cyber theft, phishing, Malware
175	Payment Processing System	critical	8.5	3	Data Breach
176	Reused Passwords	critical	8.5	3	Account Compromise, data breach (unverified), Data Breach
177	Email Misconfiguration	high	6.0	3	Data Breach
178	Lack of two-factor authentication	high	6.0	3	Cyber Attack, Data Breach
179	Unauthorized Data Access	high	6.0	3	Data Breach, Data Exfiltration
180	Weak or Stolen Password	high	6.0	3	Data Breach (Unauthorized Access), Data Breach, Authentication Security Improvement
181	Insider Access	low	0.0	3	Insider Threat, Data Breach
182	CVE-2025-7775 (Citrix NetScaler)	critical	10.0	2	Ransomware
183	Code Vulnerability	critical	10.0	2	Data Breach
184	Citrix Vulnerability	critical	10.0	2	Cyberattack
185	Improper security configuration	critical	10.0	2	Data Breach
186	CVE-2023-21529 (Microsoft Exchange)	critical	10.0	2	ransomware, Ransomware
187	Oracle eBusiness Suite security flaw	critical	10.0	2	Data Breach
188	CVE-2017-0199	critical	10.0	2	Cyber Espionage, cyber espionage
189	Weak OAuth Token Management	critical	10.0	2	Data Breach
190	CVE-2024-9680	critical	10.0	2	Zero-Day Exploit, Cyber Espionage
191	Known vulnerability not patched in time	critical	10.0	2	Data Breach, Ransomware
192	Cross-Site Scripting (XSS)	critical	10.0	2	Vulnerability
193	CVE-2025-49113	critical	10.0	2	Remote Code Execution (RCE)
194	CVE-2025-33053	critical	10.0	2	Advanced Persistent Threat (APT), Remote Code Execution
195	Remote code execution	critical	10.0	2	Data Privacy and Cybersecurity Advisory, Espionage
196	Default or Weak Credentials	critical	10.0	2	Cloud Security Breach, Cyberattack
197	CVE-2026-20131 (Cisco Secure Firewall Management Center)	critical	10.0	2	ransomware, Ransomware
198	CVE-2024-36401	critical	10.0	2	Malware Distribution and Data Exfiltration, Exploitation of Vulnerability
199	CVE-2025-48828	critical	10.0	2	Vulnerability Exploitation, Remote Code Execution
200	Weak SSH credentials	critical	10.0	2	DDoS Attack, DDoS
201	CVE-2025-20362	critical	10.0	2	Data Breach, Persistent Malware, Unauthorized Access, Vulnerability Exploitation
202	MOVEit Transfer zero-day vulnerability	critical	10.0	2	Data Breach
203	CVE-2024-1086	critical	10.0	2	Privilege Escalation, vulnerability exploitation
204	CVE-2023-27350 (PaperCut)	critical	10.0	2	ransomware, Ransomware
205	CVE-2025-54309	critical	10.0	2	Zero-Day Exploitation, Zero-Day Vulnerability
206	human vulnerability (social engineering)	critical	10.0	2	data breach, phishing
207	Phished login credentials	critical	10.0	2	Cyber Attack, Hack
208	CVE-2024-55956	critical	10.0	2	Data Breach, Ransomware
209	Leaked credentials	critical	10.0	2	Phishing, Cloud Misconfiguration Exploitation
210	Unpatched IoT Devices	critical	10.0	2	Distributed Denial-of-Service (DDoS) Attack, Data Breach
211	Lack of Employee Awareness	critical	10.0	2	Human Error, Data Breach
212	Email System Vulnerability	critical	10.0	2	Data Breach
213	Internal Account Compromise	critical	10.0	2	Data Breach
214	Known vulnerability that had not been patched	critical	10.0	2	Data Breach, Ransomware
215	CVE-2025-59528	critical	10.0	2	Remote Code Execution (RCE), Code Injection
216	CVE-2026-23760 (SmarterMail)	critical	10.0	2	ransomware, Ransomware
217	CVE-2024-21412	critical	10.0	2	Cyberattack, Ransomware
218	Weak Identity Controls	critical	10.0	2	EDR/XDR Evasion, Data Breach
219	Zero-day vulnerability in Oracle’s E-Business Suite	critical	10.0	2	Ransomware
220	Lack of Multi-Factor Authentication (MFA) (implied)	critical	10.0	2	Phishing, Ransomware Attack
221	CVE-2024-40766	critical	10.0	2	Ransomware
222	CVE-2025-55182	critical	10.0	2	Supply Chain Attack, Remote Code Execution (RCE)
223	lack of user awareness	critical	10.0	2	social engineering, phishing
224	CVE-2025-3248	critical	10.0	2	Vulnerability Exploitation, Remote Code Execution
225	CVE-2025-53770 (ToolShell)	critical	10.0	2	Cyber Espionage
226	Unencrypted, non-password-protected database	critical	10.0	2	Data Leak
227	CVE-2025-1268	critical	10.0	2	Vulnerability and Potential Breach, Vulnerability
228	Oracle eBusiness Suite vulnerability	critical	10.0	2	Data Breach
229	Non-password protected database	critical	10.0	2	Data Breach
230	inadequate network segmentation	critical	10.0	2	ransomware
231	Cleo file transfer software	critical	10.0	2	Ransomware
232	Human vulnerability through phishing	critical	10.0	2	Phishing, Ransomware
233	CVE-2026-0920	critical	10.0	2	Backdoor
234	MOVEit Transfer software zero-day vulnerability	critical	10.0	2	Data Breach
235	Email System	critical	10.0	2	Data Breach
236	Human vulnerability through impersonation	critical	10.0	2	Social Engineering Attack, Data Breach
237	CVE-2025-6543	critical	10.0	2	Zero-day exploitation, Cyber Attack
238	CVE-2024-1708 (ConnectWise ScreenConnect)	critical	10.0	2	ransomware, Ransomware
239	CVE-2026-34980	critical	10.0	2	Zero-Day Vulnerability, Vulnerability Exploitation
240	SonicWall firewall	critical	10.0	2	Data Breach, Ransomware Attack
241	CVE-2024-49039	critical	10.0	2	Zero-Day Exploit, Cyber Espionage
242	Unauthorized access to an employee’s email account	critical	10.0	2	Data Breach
243	Weak Password Management	critical	10.0	2	Malware Infection, Data Breach
244	CI/CD pipeline compromise	critical	10.0	2	Supply Chain Attack, supply chain attack
245	Infostealer Malware	critical	10.0	2	Data Breach
246	CVE-2025-48827	critical	10.0	2	Vulnerability Exploitation, Remote Code Execution
247	Lack of Encryption (Data at Rest/In Transit)	critical	10.0	2	Data Breach (General Discussion), Data Breach
248	Signature-Based Detection Gaps	critical	10.0	2	Supply Chain Attack, Operational Risk
249	CVE-2026-34990	critical	10.0	2	Zero-Day Vulnerability, Vulnerability Exploitation
250	Poor Data Governance	critical	10.0	2	Data Breach
251	CVE-2024-1709 (ConnectWise ScreenConnect)	critical	10.0	2	ransomware, Ransomware
252	Unattended Devices	critical	10.0	2	Insider Threat, Awareness Campaign
253	Network infrastructure	critical	10.0	2	Cyber Sabotage, Data Breach
254	CVE-2021-44026	critical	10.0	2	Cyberespionage, Data Breach
255	CVE-2025-4322	critical	10.0	2	Privilege Escalation
256	CVE-2026-24291 (RegPwn)	critical	10.0	2	Privilege Escalation
257	CVE-2025-8110	critical	10.0	2	Remote Code Execution (RCE)
258	CVE-2024-27198 (JetBrains TeamCity)	critical	10.0	2	ransomware, Ransomware
259	CVE-unknown (MOVEit Transfer zero-day)	critical	10.0	2	ransomware, Data Breach
260	Human (Help Desk Personnel)	critical	10.0	2	Ransomware and Data Theft, Ransomware and Data Breach
261	CVE-2017-17215	critical	10.0	2	Botnet, Malware
262	CVE-2024-50623	critical	10.0	2	Data Breach, Ransomware
263	Outdated infrastructure	critical	10.0	2	Ransomware, GPS spoofing
264	Legacy IT Systems	critical	10.0	2	Cyber Attack, Ransomware Attack
265	Outdated operating systems	critical	10.0	2	Cyberattack, data breach
266	Fortinet vulnerabilities	critical	10.0	2	Vulnerability Exploitation, Ransomware
267	ATM network processing	critical	10.0	2	Data Breach
268	third-party integration risks	critical	10.0	2	third-party breach, Data Breach
269	network vulnerabilities	critical	10.0	2	ransomware, Ransomware
270	System Misconfiguration	critical	10.0	2	Data Breach, AI-driven cyberattack
271	Misconfigured Access Controls	critical	10.0	2	Data Privacy and Cybersecurity Advisory, Data Breach
272	lack_of_MFA	critical	10.0	2	ransomware, data_breach
273	Cloud Storage Service Vulnerability	critical	10.0	2	Data Breach
274	Lack of multi-factor authentication	critical	10.0	2	general cybersecurity awareness, Data Breach
275	Remote code execution vulnerability	critical	10.0	2	Remote Code Execution (RCE), Remote Code Execution
276	lack of employee training	critical	10.0	2	phishing, Ransomware
277	User Trust in App Store	critical	10.0	2	Malware
278	Human error (social engineering susceptibility)	critical	10.0	2	Data Breach, Ransomware
279	Zero-day vulnerability in SonicWall SSL VPN	critical	10.0	2	Ransomware
280	Lack of phishing-resistant MFA	critical	10.0	2	Extortion, Data Breach
281	Misconfigured deployments	critical	10.0	2	Misconfiguration, Ransomware
282	Phishing Email	critical	10.0	2	Data Breach
283	Misconfigured MongoDB Database	critical	10.0	2	Data Exposure, Data Breach
284	lack of signal authentication	critical	10.0	2	Data Interception, spoofing
285	Lack of Multifactor Authentication	critical	10.0	2	Supply Chain Breach, Awareness Campaign
286	Citrix NetScaler ADC/Gateway vulnerabilities	critical	10.0	2	Vulnerability Exploitation, Ransomware
287	Lack of Package Integrity Verification	critical	10.0	2	Supply Chain Attack, supply-chain attack
288	unknown security gap	critical	10.0	2	ransomware
289	Online Payment System Vulnerability	critical	10.0	2	Data Breach
290	Weak Authentication Mechanisms	critical	10.0	2	cybercrime, Data Breach
291	Known vulnerability	critical	10.0	2	Data Leak, Ransomware Attack
292	remote access vulnerabilities	critical	10.0	2	ransomware, Ransomware
293	Microsoft Exchange server vulnerabilities	critical	10.0	2	Vulnerability Exploitation, Ransomware
294	Misconfigured system	critical	10.0	2	Alleged Data Breach, Data Breach
295	poor password hygiene	critical	10.0	2	Human Error, ransomware
296	Brute force attacks	critical	10.0	2	Extortion / Data Leak Threat, Authentication Security Improvement
297	CVE-2025-61884 (Oracle E-Business Suite Zero-Day)	critical	10.0	2	data breach, Data Breach
298	Insufficient Multi-Factor Authentication (MFA)	critical	8.5	2	Data Breach
299	Insufficient security measures	critical	8.5	2	Data Breach
300	CVE-2026-2413	critical	8.5	2	SQL Injection
301	CVE-2026-34621 (Adobe Acrobat Reader)	critical	8.5	2	Data Breach, Vulnerability Exploitation
302	System Configuration Error	critical	8.5	2	Data Breach
303	Information Disclosure	critical	8.5	2	Data Leak, Data Breach
304	Inadequate Vendor Vetting	critical	8.5	2	Data Breach
305	CVE-2026-22219	critical	8.5	2	Data Breach, Vulnerability Exploitation
306	Compromised User Account	critical	8.5	2	Data Breach
307	Progress Software's MOVEit Transfer software	critical	8.5	2	Data Breach
308	Incorrect privacy settings on a public mapping website	critical	8.5	2	Data Exposure, Data Breach
309	Critical security flaw in License Express system	critical	8.5	2	Data Breach, Data Security Failure
310	CVE-2026-26110 (Type Confusion - CWE-843)	critical	8.5	2	Remote Code Execution (RCE), Vulnerability
311	CVE-2025-41244	critical	8.5	2	Privilege Escalation
312	Access Control	critical	8.5	2	Data Breach
313	Software Coding Issue	critical	8.5	2	Data Breach
314	Lack of Identity Verification	critical	8.5	2	Fraud, Data Breach
315	CVE-2025-47813	critical	8.5	2	Information Disclosure, Remote Code Execution, Vulnerability Exploitation
316	CVE-2026-22218	critical	8.5	2	Data Breach, Vulnerability Exploitation
317	Oracle E-Business Suite software vulnerability	critical	8.5	2	Data Breach
318	Code Injection	critical	8.5	2	Data Breach
319	MOVEit web transfer application vulnerability	critical	8.5	2	Data Breach
320	CVE-2026-3910	critical	8.5	2	Zero-day Exploitation, Zero-Day Vulnerability Exploitation
321	CVE-2026-3909	critical	8.5	2	Zero-day Exploitation, Zero-Day Vulnerability Exploitation
322	Inadvertent Disclosure	critical	8.5	2	Data Breach
323	CVE-2026-23795	critical	8.5	2	Supply Chain Attack, XXE (XML External Entity) Vulnerability
324	Poor data visibility settings	critical	8.5	2	Data Exposure
325	CVE-2026-32201 (Improper Input Validation - CWE-20)	critical	8.5	2	Zero-Day Exploitation, Zero-Day Vulnerability
326	CVE-2026-21510	critical	8.5	2	Zero-Day Vulnerability
327	MOVEit Transfer (CVE-2023-34362 or related)	critical	8.5	2	Data Breach
328	Misconfigured Elasticsearch Database	critical	8.5	2	Data Leak, Data Exposure
329	React2Shell vulnerability	critical	8.5	2	Data Breach
330	Weak email account security	critical	8.5	2	Data Breach
331	CVE-2025-55177 (WhatsApp incomplete authorization)	critical	8.5	2	Zero-day vulnerability, Zero-day exploit
332	Unprotected Server	critical	8.5	2	Data Breach
333	CVE-2025-66376	critical	8.5	2	Cyberespionage, Phishing, Espionage
334	missing authentication	critical	8.5	2	data breach
335	Human Error (Falling for Phishing Scam)	critical	8.5	2	Data Breach (Phishing), Data Breach
336	Unpatched network devices	critical	8.5	2	Malware, DDoS
337	Unsecured Flash Drive	critical	8.5	2	Data Breach
338	unencrypted sensitive data	critical	8.5	2	Quantum Computing Threat, data breach
339	CVE-2025-21043 (Out-of-bounds Write in libimagecodec.quram.so)	critical	8.5	2	Vulnerability Exploitation
340	Misconfigured Elasticsearch Instance	critical	8.5	2	Data Exposure, Data Breach
341	Compromised employee credentials	critical	8.5	2	Data Breach
342	credential harvesting	critical	8.5	2	Phishing-as-a-Service (PhaaS), wire fraud
343	Improper access controls on Amazon S3 bucket	critical	8.5	2	Data Breach
344	Unauthorized code injection	critical	8.5	2	Data Breach
345	Long-lived tokens	critical	8.5	2	Data Breach
346	Unsecured MongoDB instance	critical	8.5	2	Data Exposure, Data Breach
347	Lack of Physical Security for Sensitive Device	critical	8.5	2	Data Breach (Physical Theft)
348	improper access controls (publicly accessible database)	critical	8.5	2	Data Leak, data breach
349	Misconfigured Rsync Server	critical	8.5	2	Data Exposure, Data Breach
350	Publicly available data	critical	8.5	2	Data Breach
351	weak email security controls	critical	8.5	2	data breach, Data Breach
352	Access credentials	critical	8.5	2	Data Breach
353	Oracle E-Business Suite (EBS) Vulnerability	critical	8.5	2	Data Breach
354	Missing access controls	critical	8.5	2	Data Exposure, Unauthorized Access
355	GoAnywhere Zero-Day Vulnerability	critical	8.5	2	Data Breach, Ransomware, Ransomware
356	Unsecured Amazon S3 Bucket	critical	8.5	2	Data Breach
357	Credential Theft	critical	8.5	2	Data Breach, Malware
358	Salesforce Misconfiguration	critical	8.5	2	Data Breach
359	Identity Theft	critical	8.0	2	Identity Theft, Data Breach
360	Unauthorized Data Sharing	critical	8.0	2	Data Breach
361	Improper Disposal of Sensitive Information	critical	8.0	2	Data Breach
362	Technical Glitch	critical	8.0	2	Data Breach
363	Inadequate Physical Security	high	7.5	2	Data Breach, physical cyber convergence
364	MOVEit Transfer service	high	6.0	2	Data Breach
365	Inadvertent Email	high	6.0	2	Data Breach
366	ATM Security	high	6.0	2	ATM Skimming/Shimming, Data Breach
367	Unencrypted Payment Card Information	high	6.0	2	Data Breach
368	Human Error/Insider Threat	high	6.0	2	Data Breach
369	CVE-2018-3952	high	6.0	2	Vulnerability Exploitation, Vulnerability Exploit
370	Website Misconfiguration	high	6.0	2	Data Exposure, Data Breach
371	Loss of Physical Media	high	6.0	2	Data Breach
372	Compromised Account Credentials	high	6.0	2	Unauthorized Access, DNS Manipulation, Data Breach
373	Corporate Email Account	high	6.0	2	Data Breach
374	Compromised Microsoft Office 365 account	high	6.0	2	Business Email Compromise (BEC), Data Breach
375	Lack of Multi-Factor Authentication (MFA) on Slack	high	6.0	2	data breach, Data Breach
376	Unauthorized Access to Employee Email Account	high	6.0	2	Data Breach
377	Point-of-Sale Device	high	6.0	2	Data Breach
378	MOVEit Transfer software vulnerabilities	medium	5.0	2	Data Breach
379	Improper Disposal	medium	5.0	2	Data Breach
380	Tax Filing Software	medium	5.0	2	Data Breach
381	Reused Credentials	medium	5.0	2	Data Breach
382	HTML Injection	medium	5.0	2	Prompt Injection, Vulnerability Exploitation
383	CVE-2024-7399	low	2.5	2	Vulnerability Exploitation, Botnet Infection
384	Unsecured Physical Records	low	2.5	2	Data Breach
385	CVE-2026-1504	low	2.5	2	Vulnerability
386	CVE-2026-0049	low	2.5	2	Vulnerability
387	Unencrypted POS devices	critical	10.0	1	Data Breach
388	Citrix Bleed	critical	10.0	1	Ransomware Attack
389	insufficient AI governance	critical	10.0	1	ransomware
390	Insecure Withdrawal Locking Mechanism	critical	10.0	1	Data Breach
391	cloud security weaknesses	critical	10.0	1	ransomware
392	Human-Machine Interfaces (HMIs)	critical	10.0	1	Cyber Sabotage
393	Procedural errors by Special Agent Aaron Spivack; unsecured server in child exploitation forensic lab	critical	10.0	1	Data Breach
394	lack of package cooldown periods	critical	10.0	1	supply chain attack
395	CVE-2025-42999	critical	10.0	1	vulnerability
396	Lack of Multi-Factor Authentication (MFA) for remote hires	critical	10.0	1	Espionage
397	Known vulnerability in the email system	critical	10.0	1	Data Breach
398	LLM Susceptibility to Prompt Injection	critical	10.0	1	Prompt Injection
399	Unpatched vulnerability disclosed in December 2024	critical	10.0	1	Data Breach
400	CVE-2024-7587	critical	10.0	1	Vulnerabilities in SCADA Systems
401	Improper input validation in the plugin’s `prepare_post_data()` function, allowing PHP function injection via placeholders (e.g., `{entryCounter}`).	critical	10.0	1	Remote Code Execution (RCE)
402	CVE-2025-30247 (OS Command Injection in Firmware UI)	critical	10.0	1	Vulnerability
403	weak RDP credentials	critical	10.0	1	ransomware
404	Insufficient Input Validation (CWE-20)	critical	10.0	1	Unauthorized Access
405	Data Scraping Vulnerability	critical	10.0	1	Data Breach
406	Third-party systems (Famly platform and one other unnamed system)	critical	10.0	1	data breach
407	Lack of Advanced DNS Monitoring	critical	10.0	1	Domain Hijacking
408	Absence of Visibility/Monitoring for Non-Email Channels	critical	10.0	1	Phishing (Non-Email)
409	Encrypted master key printed in plain, unencrypted digital language	critical	10.0	1	Data Breach
410	ATM Skimming Devices	critical	10.0	1	ATM Skimming
411	Weakness in GPS navigation systems (susceptibility to spoofing)	critical	10.0	1	GPS spoofing
412	Physical Infrastructure	critical	10.0	1	Sabotage
413	subdomain vulnerabilities	critical	10.0	1	data breach
414	open ports	critical	10.0	1	Ransomware
415	Vulnerabilities in interconnected operational systems	critical	10.0	1	Cyberattack
416	Accidental transmission of private key information	critical	10.0	1	Data Breach
417	Unsegmented Networks	critical	10.0	1	Data Breach
418	Lack of Real-Time Monitoring for Undersea Infrastructure	critical	10.0	1	Physical Sabotage
419	high market value of copper	critical	10.0	1	infrastructure vulnerability
420	Kernel-level hooks in EDR products (28+ vendors targeted)	critical	10.0	1	Ransomware
421	weak supply chain links	critical	10.0	1	ransomware
422	Exposed Credentials in Repositories	critical	10.0	1	Data Breach
423	CVE-2025-30401	critical	10.0	1	Vulnerability Exploitation
424	CVE-2024-21887 (Ivanti Connect Secure)	critical	10.0	1	ransomware
425	Newly discovered vulnerability	critical	10.0	1	Ransomware
426	CVE-2026-25049 (insufficient input sanitization in expression evaluation mechanism)	critical	10.0	1	Remote Code Execution (RCE)
427	Over-reliance on server-side WAFs/IDS for client-side threats	critical	10.0	1	Data Breach
428	Compromised software supply chain	critical	10.0	1	Supply Chain Attack
429	GraphQL interfaces	critical	10.0	1	Data Breach
430	shadow IT (unapproved third-party tool integrations)	critical	10.0	1	third-party breach
431	Atlassian Confluence	critical	10.0	1	Cyberattack (Reconnaissance Campaign)
432	Zero-day vulnerability (claimed by Qilin)	critical	10.0	1	Ransomware
433	Avast Anti-Rootkit driver	critical	10.0	1	Malware Campaign
434	Weak login credentials	critical	10.0	1	Data Breach
435	CVE-2025-59470	critical	10.0	1	Vulnerability Exploitation
436	Supply Chain Weaknesses	critical	10.0	1	Domain Hijacking
437	Misuse of authorized access to medical records under false pretenses	critical	10.0	1	Data Breach
438	Adobe Magento e-commerce platform	critical	10.0	1	Magecart Attack
439	Default credentials (e.g., Hitachi RTU admin account 'Default')	critical	10.0	1	Cyberattack (Wiper Malware, Firmware Tampering)
440	Weaknesses in detection-focused security tools like EDR/XDR	critical	10.0	1	Ransomware
441	CVE-2026-28289 (bypass of CVE-2026-27636)	critical	10.0	1	Remote Code Execution (RCE)
442	Inadequate Contractual Security Provisions	critical	10.0	1	Data Breach
443	Misconfigured cloud databases	critical	10.0	1	Ransomware
444	Publicly exposed cloud buckets with critical vulnerabilities and highly privileged data	critical	10.0	1	Data Exposure
445	weak backup protection (backups were deleted by attacker)	critical	10.0	1	ransomware
446	Lack of proper security policies post-migration due to human error (single employee responsible for manual compilation without second-layer checks)	critical	10.0	1	data breach
447	Legitimate features of Signal	critical	10.0	1	Phishing
448	Unauthorized access to security credentials	critical	10.0	1	Financial Fraud, Insider Threat
449	CVE-2026-1731 (OS command injection, CWE-78)	critical	10.0	1	Zero-Day Vulnerability
450	Human Vulnerability (Bribery/Extortion)	critical	10.0	1	Insider Threat
451	lack of physical safeguards	critical	10.0	1	infrastructure vulnerability
452	File transfer software vulnerability	critical	10.0	1	Data Breach
453	Human error (opening infected email attachment)	critical	10.0	1	cyber espionage
454	Abuse of trusted domain (bubble.io) to bypass email security filters	critical	10.0	1	Phishing
455	Unpatched VPN software	critical	10.0	1	Ransomware
456	Misconfigured Elasticsearch Cluster	critical	10.0	1	Data Breach
457	CVE-2025-49155	critical	10.0	1	Vulnerability Exploitation
458	CVE-2025-24893 (Critical RCE in XWiki)	critical	10.0	1	Vulnerability Exploitation
459	Java Vulnerability	critical	10.0	1	Data Breach
460	Failure to randomize hostnames in VMmanager, KMS-enabled unlicensed operation	critical	10.0	1	ransomware
461	lack of up-to-date incident response plans	critical	10.0	1	cyber attack
462	Unauthorized remote access, ATM jackpotting, Point-of-sale data compromise	critical	10.0	1	Cyber Attack
463	CVE-2026-21962	critical	10.0	1	Vulnerability Exploitation
464	Unsecured Public Wi-Fi	critical	10.0	1	Awareness Campaign
465	CVE-2025-7029	critical	10.0	1	Firmware Vulnerability
466	Authenticated Local File Inclusion	critical	10.0	1	Vulnerability Exploitation
467	Legacy System Exploits	critical	10.0	1	Ransomware
468	Lack of access controls (broad permissions)	critical	10.0	1	Ransomware
469	Unsanitized Metadata	critical	10.0	1	Data Leak
470	Obsolete Traditional Detection Systems	critical	10.0	1	Ransomware
471	weak_or_reused_passwords	critical	10.0	1	ransomware
472	CVE-2025-69264 (CVSS 8.8)	critical	10.0	1	Supply Chain Attack
473	CVE-2025-53770 (ToolShell, patch bypass for CVE-2025-49704/CVE-2025-49706)	critical	10.0	1	Cyber Espionage
474	Improper input sanitization in GNU InetUtils telnetd (USER environment variable handling)	critical	10.0	1	Authentication Bypass
475	Liquidity Token Contracts	critical	10.0	1	Cyberattack
476	Modified Files on Server	critical	10.0	1	Data Breach
477	Generative AI applications	critical	10.0	1	ransomware
478	Unsecured Email Channels	critical	10.0	1	Data Breach (General Discussion)
479	Security software vulnerability	critical	10.0	1	Ransomware
480	weaknesses in AIS protocol	critical	10.0	1	spoofing
481	CVE-2022-22948	critical	10.0	1	Advanced Persistent Threat (APT)
482	legacy systems in healthcare and critical infrastructure	critical	10.0	1	ransomware
483	Weak Identity Management (Lack of Privileged Account Separation)	critical	10.0	1	Cyber Espionage
484	Microsoft Exchange (unspecified CVEs)	critical	10.0	1	ransomware
485	CVE-2026-24789	critical	10.0	1	Vulnerability Exploitation
486	insufficient encryption	critical	10.0	1	data breach
487	Internet-exposed databases	critical	10.0	1	Ransomware
488	Lack of Behavioral Anomaly Detection	critical	10.0	1	Insider Threat
489	200+ vulnerabilities in CISA’s KEV catalog (2024–2025)	critical	10.0	1	ransomware
490	Previously unknown vulnerability in email system	critical	10.0	1	Ransomware
491	Insufficient Real-Time Threat Intelligence	critical	10.0	1	Domain Hijacking
492	Spoofable Workflow Notifications	critical	10.0	1	Social Engineering
493	JIT compiler hijacking, .NET Reactor obfuscation, static constructor execution	critical	10.0	1	Supply Chain Attack
494	CVE-2020-3259 (Cisco)	critical	10.0	1	ransomware
495	VPN weaknesses	critical	10.0	1	ransomware
496	Adreno GPU Driver Vulnerabilities	critical	10.0	1	Vulnerability
497	UnDefend	critical	10.0	1	Zero-Day Exploitation
498	System Migration Bug	critical	10.0	1	Data Breach
499	human error (accidental download of malware-laced system administration tool)	critical	10.0	1	ransomware
500	unrestricted PowerShell usage	critical	10.0	1	ransomware
501	Weak Endpoint Detection	critical	10.0	1	Targeted Cyberattack
502	File transfer tool vulnerability	critical	10.0	1	Ransomware
503	Insufficient Anomaly Detection	critical	10.0	1	Data Breach
504	CVE-2024-45347	critical	10.0	1	Authentication Bypass Vulnerability
505	Political Distractions	critical	10.0	1	Operational Risk
506	Client-side file type restrictions without server-side validation	critical	10.0	1	Cloud Account Takeover
507	Unencrypted and unprotected data accessible on the network	critical	10.0	1	Data Breach, Ransomware
508	Compromised Subcontractor Credentials	critical	10.0	1	Data Breach
509	Supply chain compromise (malicious Axios update)	critical	10.0	1	Data Breach
510	CVE-2025-58434 (Unauthenticated Password Reset Token Disclosure in `/api/v1/account/forgot-password`)	critical	10.0	1	Vulnerability Exploitation
511	Weak internal security segmentation	critical	10.0	1	Data Breach
512	publicly available data misrepresented as 'secret' (hallucination exploit)	critical	10.0	1	cyberespionage
513	Misconfigured WAF	critical	10.0	1	Data Breach
514	Unauthorized Admin Role Assignments	critical	10.0	1	Ransomware Prevention Guide
515	Shared Accounts	critical	10.0	1	Data Breach
516	Salesforce Instance Misconfiguration	critical	10.0	1	Data Breach
517	Incorrect mailing of care management letters	critical	10.0	1	Data Breach
518	CVE-2026-0229	critical	10.0	1	Denial-of-Service (DoS)
519	Architectural flaws in perimeter defenses, lack of segmentation and monitoring	critical	10.0	1	Data Breach
520	Insecure Database Configuration	critical	10.0	1	Data Exposure
521	Sonatype Nexus	critical	10.0	1	Cyberattack (Reconnaissance Campaign)
522	Website Security	critical	10.0	1	Data Breach
523	Unsecured GitHub Personal Access Tokens (PATs)	critical	10.0	1	Supply-Chain Attack
524	Outdated Cryptographic Protocols	critical	10.0	1	Data Breach
525	LLM scope violation (CVE-2025-32711)	critical	10.0	1	Data Breach Vulnerability
526	Default credentials, weak cybersecurity oversight, legacy systems	critical	10.0	1	Cyber Espionage, Supply Chain Attack
527	CVE in Tridium’s Niagara Framework (13 vulnerabilities, Nozomi Networks)	critical	10.0	1	Cybersecurity Vulnerability Exposure
528	Phone data hijacking via malicious vCard	critical	10.0	1	Vulnerability Exploitation
529	Vulnerability in the online payment system	critical	10.0	1	Data Breach
530	SQL injection vulnerability in Navy-SWM database	critical	10.0	1	data breach
531	Weak supply chain controls for hardware distribution	critical	10.0	1	Espionage
532	Unsecured RDP	critical	10.0	1	Ransomware
533	Over-Permissive API Access	critical	10.0	1	Supply Chain Attack
534	Compromised AWS API key via supply-chain attack on Trivy	critical	10.0	1	Data Breach
535	Error by a third-party contractor	critical	10.0	1	Data Breach
536	disabled antivirus processes	critical	10.0	1	ransomware
537	CVE-2024-57727 (SimpleHelp remote code execution)	critical	10.0	1	ransomware
538	Deteriorating cyber defenses	critical	10.0	1	Cyberattack
539	Unmonitored Privileged Accounts	critical	10.0	1	Data Breach
540	Lack of anti-jamming protection for GPS systems	critical	10.0	1	GPS jamming
541	IT-OT convergence risks	critical	10.0	1	Ransomware
542	Lack of Monitoring for Renamed Binaries	critical	10.0	1	APT (Advanced Persistent Threat)
543	Weak Token Management in Drift Integration	critical	10.0	1	Supply Chain Attack
544	MOVEit file-transfer software zero-day vulnerability	critical	10.0	1	Data Breach
545	Lack of global standards for D2D services	critical	10.0	1	Cyber-Physical Threat
546	Inadequate Email Security Protocols	critical	10.0	1	Data Breach
547	Local privilege escalation	critical	10.0	1	Exploit Kit / Cyber Espionage
548	visibility gaps	critical	10.0	1	ransomware
549	Unpatched VPN Devices	critical	10.0	1	Supply Chain Attack
550	Known software vulnerabilities	critical	10.0	1	Cyber Espionage, Sabotage
551	CVE-2025-7544	critical	10.0	1	Botnet Campaign
552	Microsoft IIS	critical	10.0	1	Supply Chain Attack
553	React2Shell vulnerability in React frontend application	critical	10.0	1	Data Breach
554	weak supply chain security	critical	10.0	1	data breach
555	Exposed Boot Guard private keys	critical	10.0	1	Security Breach
556	Time-Triggered Ethernet (TTEthernet) vulnerabilities	critical	10.0	1	Time Synchronization Attack
557	Weak Authentication for Publish Access (npm, PyPI)	critical	10.0	1	Supply Chain Attack
558	Vulnerabilities in MOVEit software	critical	10.0	1	Cyberattack
559	Microsoft SharePoint zero-day	critical	10.0	1	ransomware
560	Unpatched or end-of-life networking equipment (TP-Link routers)	critical	10.0	1	Cyberespionage, DNS Hijacking, Adversary-in-the-Middle (AiTM) Attack
561	Novel method	critical	10.0	1	Ransomware
562	Potential lack of redundant navigation systems	critical	10.0	1	GPS spoofing (disputed)
563	Inadequate Incident Response Plans	critical	10.0	1	Ransomware
564	Lack of encryption or authentication in GPS signals	critical	10.0	1	GPS spoofing
565	CVE-2025-2783	critical	10.0	1	Zero-Day Vulnerability
566	Remote Control Software Vulnerability	critical	10.0	1	Phishing Attack
567	CVE-2018-0171	critical	10.0	1	Vulnerability Exploitation
568	Insecure support ticketing platform (bulk data export without rate-limiting or access controls)	critical	10.0	1	Data Breach
569	CVE-2025-32714 (Windows Installer EoP)	critical	10.0	1	Patch Release
570	Backup Restoration Failures	critical	10.0	1	Ransomware
571	CVE-2021-36942 (PetitPotam - Windows LSA Spoofing)	critical	10.0	1	Cyber Espionage
572	Stolen secret code for cookie generation	critical	10.0	1	Data Breach
573	Banking security systems	critical	10.0	1	Malware
574	Legitimate utilities repurposed for malicious use (e.g., gpscript.exe)	critical	10.0	1	Ransomware
575	Insufficient Threat Hunting Capabilities	critical	10.0	1	EDR/XDR Evasion
576	SSO Misconfigurations (e.g., Microsoft Entra, Google Workspace, Okta)	critical	10.0	1	Phishing (Non-Email)
577	CVE-2026-3502 (CVSS 7.8)	critical	10.0	1	Zero-Day Exploitation
578	Misconfiguration or compromise in Okta SSO and Salesforce Marketing Cloud	critical	10.0	1	Phishing / Scam
579	tasks.json file execution	critical	10.0	1	Financial Theft
580	Unpatched vulnerability in the network defenses	critical	10.0	1	Ransomware
581	Limited incident response capabilities in SMEs	critical	10.0	1	Extortion
582	Self-propagating payload in NPM packages	critical	10.0	1	Supply Chain Attack
583	CVE-2024-12345	critical	10.0	1	Cyber Espionage
584	Outdated Factory Digital Systems	critical	10.0	1	Cyberattack Surge
585	budget reductions	critical	10.0	1	data breach
586	CVE-2026-20045 (Improper input validation in HTTP requests)	critical	10.0	1	Zero-Day Exploitation
587	Password reminder bug	critical	10.0	1	Account Takeover
588	MOVEit file transfer software zero-day vulnerability	critical	10.0	1	Ransomware
589	Trusted partner relationships, fake Okta login pages, clipboard data theft	critical	10.0	1	Data Theft Extortion
590	Prompt Injection (indirect)	critical	10.0	1	Vulnerability Exploitation
591	Trust in fraudulent bank certificates	critical	10.0	1	Identity Fraud
592	Over-permissioning	critical	10.0	1	AI-driven breach
593	CVE-2026-24135	critical	10.0	1	Remote Code Execution (RCE)
594	CVE-2026-4681 (CWE-94)	critical	10.0	1	Remote Code Execution (RCE)
595	OAuth Token Misuse	critical	10.0	1	Supply Chain Attack
596	Hidden malicious proxy in AI agents	critical	10.0	1	Vulnerability Exploit
597	CVE-2025-34158 (Improper Input Validation)	critical	10.0	1	Vulnerability Exposure
598	Insufficient data access controls	critical	10.0	1	Data Exfiltration
599	Public-Key Cryptography (e.g., RSA, ECC)	critical	10.0	1	Emerging Threat
600	React2Shell (CVE not specified)	critical	10.0	1	Vulnerability Exploitation
601	npm auto-update mechanisms, lifecycle hooks in package installation	critical	10.0	1	Supply Chain Attack
602	Outdated Juniper Networks Junos OS MX routers	critical	10.0	1	Cyber Espionage
603	LiteLLM	critical	10.0	1	Ransomware
604	Process Drift in Third-Party Service Desk	critical	10.0	1	Social Engineering
605	Lack of multi-factor authentication, Lack of encryption	critical	10.0	1	Data Breach, Ransomware
606	CVE-2026-3497 (OpenSSH GSSAPI Key Exchange)	critical	10.0	1	Vulnerability Exploitation
607	Insufficient Access Management	critical	10.0	1	Data Breach
608	Unique validation node	critical	10.0	1	Cryptocurrency Theft
609	Broken Authentication (CWE-287)	critical	10.0	1	Unauthorized Access
610	CVE-2024-36904	critical	10.0	1	Vulnerability Exploitation
611	Inadequate Cybersecurity Defenses	critical	10.0	1	Data Breach
612	npm package hijacking	critical	10.0	1	supply chain attack
613	CVE-2026-3564 (CWE-347: Improper Verification of Cryptographic Signature)	critical	10.0	1	Cryptographic Vulnerability
614	Remote Code Execution in Imunify360 AV deobfuscation logic (versions before v32.7.4.0)	critical	10.0	1	Vulnerability
615	unsecured GenAI prompts	critical	10.0	1	ransomware
616	No rate-limiting or access restrictions on user data	critical	10.0	1	Data Breach
617	PowerShell script abuse	critical	10.0	1	spear-phishing
618	CVE-2025-6000	critical	10.0	1	Vulnerability
619	Veeam Backup & Replication (VBR) servers	critical	10.0	1	Ransomware
620	MSP software flaws	critical	10.0	1	ransomware
621	Lack of AIS/GPS signal authentication	critical	10.0	1	GPS spoofing
622	CVE-2024-24919	critical	10.0	1	Ransomware
623	high_risk_assessment_ignored	critical	10.0	1	data_at_risk
624	upstream services	critical	10.0	1	ransomware
625	Trust in AI Model Updates	critical	10.0	1	Malware
626	Outdated remote access policies	critical	10.0	1	Ransomware
627	Over-Permissioned IAM Roles	critical	10.0	1	Predictive Analysis
628	Diversité des systèmes OT rendant difficile une protection standardisée	critical	10.0	1	Cyberattaque ciblée
629	CVE-2023-3595	critical	10.0	1	Cyber Espionage
630	Ivanti Cloud Service Appliances	critical	10.0	1	Supply Chain Attack
631	Microsoft Word 2010 vulnerability	critical	10.0	1	Cyber Espionage
632	inadequate third-party access controls	critical	10.0	1	data breach
633	Insufficient Integration Lifecycle Management	critical	10.0	1	Supply Chain Attack
634	Cross-jurisdictional regulatory gaps	critical	10.0	1	Cyber-Physical Threat
635	CVE-2025-52665 (Improper Input Validation in Backup API Endpoint)	critical	10.0	1	Remote Code Execution (RCE)
636	Previously unknown vulnerability in file-sharing system	critical	10.0	1	Ransomware Attack
637	Third-party AI tool vulnerabilities	critical	10.0	1	DDoS
638	Improper Access Controls / Platform Misconfiguration	critical	10.0	1	Data Exposure
639	Unpatched APIs	critical	10.0	1	Cyberattack Surge
640	Insufficient Asset Discovery (IIoT Device Proliferation)	critical	10.0	1	Cyber-Physical Attack
641	Poisoned machine-learning models	critical	10.0	1	Malware Framework
642	Fortinet security devices	critical	10.0	1	Cyberespionage
643	outdated business continuity plans	critical	10.0	1	ransomware
644	CVE-2021-35587	critical	10.0	1	Data Breach
645	Customer Edge (CE) routers	critical	10.0	1	Cyber Espionage
646	CVE-2024-21887	critical	10.0	1	Ransomware
647	human error (social engineering via phishing)	critical	10.0	1	cyberespionage
648	CVE-2017-17215 (TP-Link Routers)	critical	10.0	1	Botnet / DDoS Campaign
649	Unpatched ICS/OT Systems	critical	10.0	1	Ransomware
650	myCare Integrity EMR system	critical	10.0	1	Data Breach
651	MOVEit Transfer zero-day (Clop gang, 2023)	critical	10.0	1	ransomware
652	Command Execution as Root	critical	10.0	1	Vulnerability Exploitation
653	Hidden registration form, JSESSIONID manipulation, and lack of server-side token validation	critical	10.0	1	Privilege Escalation, Remote Code Execution
654	Outdated Industrial Control Systems (ICS)	critical	10.0	1	Cyber Espionage
655	Unsafe dynamic code generation in `Type.generateConstructor` (CVE not assigned, GHSA-xq3m-2v4x-88gg)	critical	10.0	1	Remote Code Execution (RCE)
656	Legitimate Tools Abuse (Bitsadmin, PowerShell, curl)	critical	10.0	1	Targeted Cyberattack
657	Absence of Privacy-Enhancing Technologies (PETs)	critical	10.0	1	Data Breach
658	Lack of file type limitations	critical	10.0	1	Data Breach
659	identity and access weaknesses	critical	10.0	1	ransomware
660	Oracle E-Business Suite vulnerability	critical	10.0	1	Ransomware
661	CVE-2025-33053 (WebDAV External Control of File Name or Path)	critical	10.0	1	Patch Release
662	Systemic weaknesses in U.S. federal cybersecurity posture	critical	10.0	1	Cyber Espionage
663	Weak credentials (e.g., built-in sa account)	critical	10.0	1	Ransomware
664	supply-chain weakness	critical	10.0	1	data breach
665	Claude Code tool's contextual safeguard limitations	critical	10.0	1	cyberespionage
666	Potential Weak Authentication (if credentials were shared)	critical	10.0	1	Insider Threat
667	Insufficient client-side runtime monitoring	critical	10.0	1	Data Breach
668	Inadequate monitoring for suspicious activity	critical	10.0	1	Data Breach
669	Ivanti Connect Secure	critical	10.0	1	Vulnerability Exploitation
670	Human Error (lack of skepticism toward unsolicited interactions)	critical	10.0	1	Cyber Theft
671	lack of AIS authentication mechanisms	critical	10.0	1	sabotage
672	CVE-2018-13379	critical	10.0	1	Ransomware
673	CVE-2025-59469	critical	10.0	1	Vulnerability Exploitation
674	Vulnerability in Huawei routers' VRP network operating system	critical	10.0	1	Cyberattack
675	User Trust in App Store and Social Media Ads	critical	10.0	1	Data Breach
676	Limited control over shipping and air cargo spaces	critical	10.0	1	Economic Vulnerability
677	Outdated network infrastructure	critical	10.0	1	Data Breach
678	Endpoint Detection and Response (EDR) and antivirus process termination	critical	10.0	1	Malware, Ransomware
679	Four-Faith industrial routers	critical	10.0	1	DDoS Attack
680	Vulnerabilities in Accellion file transfer platform	critical	10.0	1	Data Breach
681	Overcollection of Personal Data	critical	10.0	1	Data Privacy Violation
682	GPS signal manipulation	critical	10.0	1	cyber deception
683	outdated cybersecurity protocols	critical	10.0	1	cyber attack
684	Lack of multi-factor authentication (MFA) on an outsourced partner’s administrator account	critical	10.0	1	Ransomware
685	Path traversal (CVE-2025-64712)	critical	10.0	1	Remote Code Execution (RCE)
686	Human error (opening malicious email attachment)	critical	10.0	1	Phishing Attack
687	Default or Weak ESXi Authentication Mechanisms	critical	10.0	1	Ransomware Prevention Guide
688	lack of formal AI-use/data privacy policies	critical	10.0	1	ransomware
689	Cisco AnyConnect software vulnerability	critical	10.0	1	Data Breach
690	Security flaw in Neighbors app	critical	10.0	1	Data Breach
691	Unspecified (32% of attacks involved exploited vulnerabilities)	critical	10.0	1	ransomware
692	user trust in search engine ads	critical	10.0	1	ransomware
693	ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)	critical	10.0	1	ransomware
694	Unmonitored API Queries (Graph, Teams)	critical	10.0	1	Social Engineering
695	Salesforce OAuth Misconfiguration (via Vishing)	critical	10.0	1	Data Breach
696	Over-Permissive Guest/External User Access	critical	10.0	1	Social Engineering
697	Protection insuffisante des terminaux	critical	10.0	1	Cyberattaque ciblée
698	Absence of Standardized Risk Assessments	critical	10.0	1	Ransomware
699	Improper access controls and lack of technical safeguards	critical	10.0	1	Data Breach
700	Weak Helpdesk Authentication	critical	10.0	1	Cyber Extortion
701	Abandoned Vercel-hosted URL takeover	critical	10.0	1	Phishing
702	Off-by-one error in encryption process	critical	10.0	1	Ransomware
703	Legacy Infrastructure Weaknesses	critical	10.0	1	Data Breach
704	Dormant Service Accounts	critical	10.0	1	Data Breach
705	Social engineering (malicious link disguised as system error)	critical	10.0	1	Data Breach
706	weak identity management systems	critical	10.0	1	cyberespionage
707	CVE-2025-5309	critical	10.0	1	Remote Code Execution
708	Payment processing system vulnerability	critical	10.0	1	Data Breach
709	Untrusted App Sources	critical	10.0	1	Awareness Campaign
710	Outdated legacy systems	critical	10.0	1	Cyberattack
711	GPS-based navigation and landing systems	critical	10.0	1	cyber attack
712	Known vulnerability in legacy IT infrastructure (unpatched)	critical	10.0	1	Ransomware, Data Breach
713	Unsecured cloud environment, lack of proper oversight	critical	10.0	1	Data Breach
714	Weak Password Hashing (Early Breaches like LinkedIn 2012)	critical	10.0	1	Data Breach
715	Cryptographic Implementation Flaws	critical	10.0	1	Security Vulnerability
716	CVE-2025-21042 (CVSS 8.8) - Out-of-Bounds Write in libimagecodec.quram.so	critical	10.0	1	Espionage
717	Vulnerabilities in Synology Network-Attached Storage (NAS) devices	critical	10.0	1	Ransomware
718	Lack of browser-layer visibility	critical	10.0	1	Session Hijacking
719	Known vulnerability in the network	critical	10.0	1	Ransomware Attack
720	Unidentified network vulnerability	critical	10.0	1	Ransomware Attack
721	unpatched/end-of-life devices	critical	10.0	1	unauthorized access
722	Indirect prompt injection	critical	10.0	1	Data Privacy and Cybersecurity Advisory
723	Lack of Multi-Factor Authentication (MFA) for high-value targets	critical	10.0	1	Cyber Theft
724	Content management system vulnerability	critical	10.0	1	Data Breach
725	SonicWall SSLVPN misconfigurations	critical	10.0	1	ransomware
726	Malicious macros in a document titled 'Act.doc'	critical	10.0	1	Cyberattack
727	legacy software vulnerabilities	critical	10.0	1	cyber espionage
728	Security Oversight	critical	10.0	1	Data Breach
729	DLL sideloading	critical	10.0	1	Supply Chain Attack
730	Permanent URL Accessibility	critical	10.0	1	Data Leak
731	Human trust in perceived secure platforms	critical	10.0	1	Social Engineering
732	Poorly Secured ICS Components (PLCs, SCADA, HMIs, Industrial IoTs)	critical	10.0	1	Cyber-Physical Attack
733	CVE-2023-41345	critical	10.0	1	botnet
734	Unmanaged BYOD Devices	critical	10.0	1	Social Engineering
735	Social Engineering, Excessive Permissions	critical	10.0	1	Data Breach, Extortion, Harassment
736	Use-After-Free (UAF)	critical	10.0	1	Memory Corruption Vulnerability
737	Data Sharing with Third-Party	critical	10.0	1	Data Breach
738	Legacy Protocols (NTLM Enabled for Backward Compatibility)	critical	10.0	1	Data Breach
739	CVE-2025-0921, CVE-2024-7587	critical	10.0	1	Denial-of-Service (DoS)
740	enterprise software vulnerabilities	critical	10.0	1	ransomware
741	Over-reliance on single-source supply chain (China)	critical	10.0	1	Geopolitical Risk
742	Misconfigured MongoDB databases (lack of authentication, outdated versions)	critical	10.0	1	Ransomware
743	CVE-2025-52562	critical	10.0	1	Remote Code Execution (RCE)
744	CVE-2026-27684 (SQL injection in SAP NetWeaver Feedback Notification)	critical	10.0	1	Remote Code Execution (RCE)
745	Vulnerabilities in SonicWall, Veeam, and Cisco products	critical	10.0	1	Ransomware
746	Internal Login	critical	10.0	1	Data Breach
747	Recently discovered vulnerability	critical	10.0	1	Ransomware Attack
748	End-of-life and end-of-service network devices, outdated infrastructure	critical	10.0	1	Ransomware
749	Weak Password Security (hypothetical, based on context)	critical	10.0	1	Ransomware Attack
750	Weak or Compromised RDP Credentials	critical	10.0	1	Malware
751	Unpatched IoMT devices	critical	10.0	1	Data Breach
752	CNVD-2020-26585	critical	10.0	1	Remote Code Execution (RCE)
753	exploitation of maritime regulatory gaps	critical	10.0	1	AIS spoofing
754	AES-CMAC algorithm flaw	critical	10.0	1	Vulnerability Exploitation
755	external-facing RDP/VPN misconfigurations	critical	10.0	1	ransomware
756	Human operational error	critical	10.0	1	GPS spoofing (disputed)
757	CVE-2025-52691	critical	10.0	1	Remote Code Execution (RCE)
758	Credential leaks (reused passwords)	critical	10.0	1	Extortion
759	NPM package integrity weakness	critical	10.0	1	supply chain attack
760	CVE-2026-20127 (CVSS 10.0)	critical	10.0	1	Zero-Day Exploitation
761	lack of centralized patching for consulting deliverables	critical	10.0	1	supply chain attack
762	Weak Authentication for Third-Party Access	critical	10.0	1	Cyberattack
763	Misconfigured OAuth integrations (historical, via Salesloft's Drift)	critical	10.0	1	Extortion
764	Compromised Okta SSO account	critical	10.0	1	Data Breach
765	CVE-2025-49844 (RediShell - Use-after-free in Lua sandbox)	critical	10.0	1	Vulnerability
766	NtQuerySystemInformation abuse (SystemCodeFlowTransition parameter)	critical	10.0	1	Supply Chain Attack
767	Vulnerable IoT hardware (digital video recorders, web cameras, home Wi-Fi routers)	critical	10.0	1	DDoS Attack
768	Excessive Access Privileges	critical	10.0	1	Insider Threat
769	CVE-2025-15576	critical	10.0	1	Vulnerability Exploitation
770	Stack overflow (CVE-2026-3608)	critical	10.0	1	Denial-of-Service (DoS)
771	Low Digital Literacy in Business Software	critical	10.0	1	Ransomware Attack
772	CVE-2026-20965	critical	10.0	1	Unauthorized Access
773	outdated IT infrastructure	critical	10.0	1	data breach
774	CVE-2017-11882 (Microsoft Office)	critical	10.0	1	APT (Advanced Persistent Threat)
775	End-to-End Encryption	critical	10.0	1	Government Order
776	Overwhelmed network infrastructure, misconfigurations, unused ports	critical	10.0	1	DDoS
777	Newly disclosed global software vulnerabilities	critical	10.0	1	Ransomware
778	Cloud management tools	critical	10.0	1	Ransomware
779	Progress Software MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362)	critical	10.0	1	Data Breach
780	Weakness in mobile payment verification system (KT)	critical	10.0	1	Data Breach
781	Publicly accessible links to call recordings/transcripts	critical	10.0	1	Data Breach
782	CitrixBleed2 (CVE unknown, related to Citrix Netscaler)	critical	10.0	1	ransomware
783	Previously unknown vulnerability in data transfer software	critical	10.0	1	Data Breach
784	Login bypass vulnerability, improper access controls	critical	10.0	1	Data Leak, Unauthorized Access, Remote Exploitation
785	Weak Authentication in Third-Party Platforms	critical	10.0	1	Data Breach
786	CVE-2025-20362 (Memory corruption in Cisco ASA Software)	critical	10.0	1	Zero-day exploitation
787	unencrypted data transmission	critical	10.0	1	ransomware
788	Social engineering, ClickFix-style prompts, PowerShell exploitation, Windows Defender exclusion manipulation	critical	10.0	1	Malware Deployment, Social Engineering, Data Exfiltration
789	Fragmented Cybersecurity Governance (no common procedures)	critical	10.0	1	Ransomware
790	Publicly shared GPS data from fitness app	critical	10.0	1	Data Exposure
791	Cleo file sharing tool	critical	10.0	1	Data Breach
792	CVE-2025-2502	critical	10.0	1	Outage and Vulnerability
793	Human Weakness	critical	10.0	1	Data Breach
794	User Trust in Browser Prompts (Copy-Paste Commands, Fake Error Messages)	critical	10.0	1	Browser-Based Attack
795	CVE-2024-21893	critical	10.0	1	Ransomware
796	Long-standing vulnerabilities in SonicWall firewall systems, unmanaged exceptions, temporary rules, unprotected backups, administrative credentials	critical	10.0	1	Ransomware, Data Breach
797	SCADA-IT Data Convergence	critical	10.0	1	Cyber Espionage
798	Microsoft Office Vulnerabilities	critical	10.0	1	Cyber Espionage
799	Type confusion vulnerabilities in Java Card	critical	10.0	1	Vulnerability Exploitation
800	SharePoint Permissions Issue	critical	10.0	1	Data Breach
801	Inadequately tested code in Token Bridge smart contracts, lack of secure coding practices, and absence of automated fraud monitoring	critical	10.0	1	Data Breach, Cryptocurrency Theft
802	Inadequate Access Controls for PowerSource Portal	critical	10.0	1	Data Breach
803	Budget Constraints	critical	10.0	1	Operational Risk
804	vulnerable computer systems	critical	10.0	1	data breach
805	lack of multi-factor authentication for downloads	critical	10.0	1	ransomware
806	Overwhelming a server or website with excessive fake traffic	critical	10.0	1	DDoS Attack
807	Unknown vulnerability in file transfer software	critical	10.0	1	Ransomware
808	Third-Party Customer Service Provider (Discord)	critical	10.0	1	Data Breach
809	JetBrains TeamCity	critical	10.0	1	Ransomware
810	Exposed management ports, weak authentication	critical	10.0	1	Cyber Attack
811	DeFi infrastructure weaknesses (historical)	critical	10.0	1	cyber theft
812	Malicious Word documents	critical	10.0	1	Security Breach
813	Delegated Administrative Privileges (DAP) in Microsoft cloud solutions	critical	10.0	1	cyberespionage
814	package registries	critical	10.0	1	ransomware
815	Publicly Accessible Industrial Control Systems	critical	10.0	1	Ransomware
816	Impersonation of trusted contact (reporter)	critical	10.0	1	Cyber Espionage
817	CVE-2023-46805 (Ivanti Connect Secure)	critical	10.0	1	ransomware
818	Lack of Fragment Inspection in Security Tools	critical	10.0	1	Prompt Injection
819	Trojanized update	critical	10.0	1	Supply Chain Attack
820	Inadequate Redaction	critical	10.0	1	Data Breach
821	Lack of AI Agent Safeguards	critical	10.0	1	Espionage
822	Potential CVE-2023-29357 (SharePoint RCE, linked to summer 2023 exploits)	critical	10.0	1	Data Breach
823	Improper authorization/callback handling in V2 vaults	critical	10.0	1	Exploit
824	CAN bus vulnerabilities in Tesla Model S	critical	10.0	1	Remote Code Execution
825	Lack of Zero-Trust Architecture	critical	10.0	1	Cyber Espionage
826	Kickidler employee monitoring tool	critical	10.0	1	Ransomware
827	Poor Credential Hygiene (GitHub Repository)	critical	10.0	1	Data Breach
828	Zero-day vulnerabilities (42% weaponized before public disclosure)	critical	10.0	1	AI-driven cyber threats
829	weak Wi-Fi security	critical	10.0	1	cyber-espionage
830	Software flaw in Tesla's systems	critical	10.0	1	Hacking
831	CVE-2026-5757 (Out-of-bounds memory vulnerability in model quantization engine)	critical	10.0	1	Vulnerability Exploitation
832	External call to 'transfer' function using a fake hash	critical	10.0	1	Cryptocurrency Theft
833	Citrix VPN vulnerabilities	critical	10.0	1	Cybercrime Forum Seizure
834	Cybersecurity Staffing Shortages	critical	10.0	1	Collaborative Initiative
835	mismanaged certificates	critical	10.0	1	third-party breach
836	Unmaintained Software (e.g., FreeImage in Audi Vehicles)	critical	10.0	1	Cybersecurity Vulnerability Assessment
837	Unmonitored AI Data Flows	critical	10.0	1	Data Breach
838	Access to sensitive infrastructure data	critical	10.0	1	Insider Threat
839	Vulnerable signed drivers (exploited via BYOVD)	critical	10.0	1	Ransomware
840	overlooked software vulnerabilities	critical	10.0	1	ransomware
841	Third-party library bug in Google Chrome	critical	10.0	1	Zero-Day Exploit
842	Oracle E-Business Suite vulnerability (patched post-incident)	critical	10.0	1	Ransomware
843	unknown (zero-day)	critical	10.0	1	cyberattack
844	CVE-2025-1316	critical	10.0	1	Vulnerability Exploitation
845	Over-Reliance on Email-Based Security Controls	critical	10.0	1	Social Engineering
846	Poor Vendor Security Practices	critical	10.0	1	Third-Party Breach
847	Excessive user permissions	critical	10.0	1	Ransomware
848	Single-character coding error	critical	10.0	1	Cryptocurrency Theft
849	Absence of Automated Data Loss Prevention (DLP) Tools	critical	10.0	1	Data Breach
850	Unpatched Microsoft SharePoint Vulnerabilities	critical	10.0	1	Cyber Espionage
851	GenAI data exfiltration	critical	10.0	1	Session Hijacking
852	Faulty access control mechanisms in Balancer's DeFi protocol	critical	10.0	1	Cryptocurrency Theft
853	API Key Exposure	critical	10.0	1	Supply Chain Attack
854	Interconnexion non sécurisée entre IT et OT	critical	10.0	1	Cyberattaque ciblée
855	CVE-2025-0282 (Ivanti Pulse Connect VPN)	critical	10.0	1	cyberespionage
856	Velociraptor CVE-2025-6264 (privilege escalation to arbitrary command execution)	critical	10.0	1	Ransomware
857	Publicly accessible management interfaces	critical	10.0	1	Cloud Exploitation Campaign
858	Poor detection of abnormal system activity	critical	10.0	1	Data Breach
859	Legacy Authentication Protocols	critical	10.0	1	Social Engineering
860	reliance on IT generalists without specialized security training	critical	10.0	1	ransomware
861	Unpatched Teams Clients	critical	10.0	1	Social Engineering
862	CVE-2025-20333 (Cisco ASA VPN)	critical	10.0	1	Ransomware
863	Unguarded Museum	critical	10.0	1	Theft
864	Weak Enforcement of ISO SAE 21434 (Pre-Release Security)	critical	10.0	1	Cybersecurity Vulnerability Assessment
865	Authentication key theft	critical	10.0	1	Data Breach
866	SaaS platforms	critical	10.0	1	Ransomware
867	Exposed Presence/Status Data	critical	10.0	1	Social Engineering
868	Vulnerability in Cleo's file transfer products	critical	10.0	1	Ransomware
869	Potential Salesforce Misconfigurations	critical	10.0	1	Data Breach
870	CVE-2026-33032	critical	10.0	1	Authentication Bypass
871	Microsoft Defender Race Condition	critical	10.0	1	AI Cybersecurity Risk
872	Data encryption software vulnerability	critical	10.0	1	Data Breach
873	No AI-Enabled Identity Threat Detection	critical	10.0	1	Identity Security Crisis
874	Undocumented Warbird framework	critical	10.0	1	Supply Chain Attack
875	Windows OS vulnerability (unspecified programming bug)	critical	10.0	1	malware
876	CVE-2026-21509 (RTF parsing flaw)	critical	10.0	1	Cyber Espionage
877	Steganography	critical	10.0	1	Malware Infection
878	Lack of MFA on Personal/Social Media Accounts	critical	10.0	1	Phishing (Non-Email)
879	Lack of Centralized Logging/Monitoring	critical	10.0	1	Cyber Espionage
880	CVE-2025-59287 (Windows Server Update Services - WSUS)	critical	10.0	1	Remote Code Execution (RCE)
881	Zero-day vulnerability in Oracle E-Business Suite (EBS) financial application	critical	10.0	1	Data Breach
882	Previously unknown vulnerability in firewall software	critical	10.0	1	Ransomware Attack
883	BootROM keys extraction	critical	10.0	1	Data Breach / Unauthorized Access
884	CVE-2025-8943	critical	10.0	1	Remote Code Execution (RCE)
885	Malicious PowerPoint Add-Ins	critical	10.0	1	Cyber Espionage
886	20 security vulnerabilities identified by Claude LLM	critical	10.0	1	Data Breach, Cyber Espionage
887	authentication_bypass_flaw	critical	10.0	1	ransomware
888	ADRecon for Active Directory mapping	critical	10.0	1	ransomware
889	developer mistyped dependency installation	critical	10.0	1	supply chain attack
890	CVE-2025-27520	critical	10.0	1	Vulnerability Exploitation
891	Critical vulnerabilities within the ESXi platform	critical	10.0	1	Ransomware
892	CEA-852 Standard Weaknesses	critical	10.0	1	Vulnerability Disclosure
893	unrestricted RDP/remote tool access	critical	10.0	1	ransomware
894	CVE-2025-49156	critical	10.0	1	Vulnerability Exploitation
895	Unpatched vulnerability in TP-Link Archer routers	critical	10.0	1	Botnet
896	Human Error (Phishing Susceptibility) & Weak Remote Access Controls	critical	10.0	1	Data Breach (Phishing & Unauthorized Access)
897	CVE-2026-2256 (Inadequate input sanitization in MS-Agent's 'Shell tool')	critical	10.0	1	Remote Code Execution (RCE)
898	Database Injection	critical	10.0	1	Website Defacement
899	CVE-2025-44179	critical	10.0	1	Vulnerability Exploitation
900	third-party compromises (35.5% of breaches in 2024)	critical	10.0	1	ransomware
901	Stack Buffer Overflow	critical	10.0	1	Vulnerability Exploitation
902	Cisco IOS vulnerabilities	critical	10.0	1	Data Breach
903	Potential zero-day in F5 products	critical	10.0	1	Data Breach
904	CVE-2026-24061	critical	10.0	1	Remote Code Execution (RCE)
905	CV_2025_03_1	critical	10.0	1	Vulnerability Exploitation
906	Jira	critical	10.0	1	Data Leak
907	SQL Injection in Main Application	critical	10.0	1	Data Breach
908	publicly exposed personal data (e.g., YouTube videos)	critical	10.0	1	cyber espionage
909	CVE-2024-37085 (Cisco)	critical	10.0	1	ransomware
910	Insecure External Storage Device	critical	10.0	1	Data Breach
911	Insecure data storage and handling	critical	10.0	1	Data Breach
912	Known vulnerabilities dating back to 2018	critical	10.0	1	Espionage
913	critical and zero-day vulnerabilities in internet-facing network equipment	critical	10.0	1	ransomware
914	CVE-2024-7694	critical	10.0	1	Supply Chain Attack
915	Weak password (no MFA) on internet-facing system	critical	10.0	1	Ransomware Attack
916	CVE-2025-34067 (Hikvision - remote code execution)	critical	10.0	1	Cyber Espionage, Reconnaissance
917	Exposed Database	critical	10.0	1	Ransomware Attack
918	CVE-2026-1358 (Unrestricted File Upload)	critical	10.0	1	Vulnerability Disclosure
919	Unsecured Data Storage	critical	10.0	1	Data Breach
920	NPM package dependency trust model	critical	10.0	1	supply chain attack
921	Improper input sanitization in telnetd authentication mechanism (CWE-20)	critical	10.0	1	Authentication Bypass
922	Potential Weak MFA Implementation (2FA Prompt Bombing)	critical	10.0	1	Insider Threat (Attempted)
923	Implicit trust in supply chains	critical	10.0	1	Supply Chain Attack, Extortion Campaign
924	Malicious TestFlight app	critical	10.0	1	Financial Theft
925	visibility gap in EDR/SIEM logs	critical	10.0	1	ransomware
926	User Information Exposure	critical	10.0	1	Data Breach
927	SonicWall SSL VPN Misconfiguration	critical	10.0	1	Unauthorized Access
928	Web server vulnerability	critical	10.0	1	Data Breach
929	Unsecured Health Declaration Portal	critical	10.0	1	Data Breach
930	Weak/Reused Passwords	critical	10.0	1	Account Compromise
931	Lack of Endpoint Detection and Response (EDR) in Some Systems	critical	10.0	1	Malware Infection
932	GPS signal susceptibility to jamming	critical	10.0	1	GPS jamming
933	Citrix NetScaler Gateway Appliance (unspecified CVE)	critical	10.0	1	Cyber Espionage
934	Known flaws in outdated software	critical	10.0	1	Ransomware
935	Precision rounding error in swap calculations	critical	10.0	1	Exploit
936	Lack of multi-factor authentication (MFA) on a critical server	critical	10.0	1	ransomware
937	default weak password policies (privileged accounts <14 characters)	critical	10.0	1	ransomware
938	Unsalted Password Hashes (pre-remediation)	critical	10.0	1	Data Breach
939	Ghost Logins (Unmonitored Active Sessions)	critical	10.0	1	Phishing (Non-Email)
940	CVE-2026-35616 (CWE-284: Improper Access Control)	critical	10.0	1	Zero-Day Exploitation
941	CNAME DNS record	critical	10.0	1	Data Breach
942	WhatsApp Artifact Exfiltration	critical	10.0	1	APT (Advanced Persistent Threat)
943	Stolen credentials from 2023 Salesloft Drift breach, weak credential management, lack of MFA enforcement	critical	10.0	1	Data Breach
944	insufficient physical security for network devices	critical	10.0	1	cyber-espionage
945	Human Error (Support Staff Tricked via Impersonation)	critical	10.0	1	Data Breach
946	Infection via official website	critical	10.0	1	Ransomware
947	Unauthorized physical access to sensitive data	critical	10.0	1	Data Theft
948	Unknown vulnerability in the Safe Smart Port (PIS) platform	critical	10.0	1	Data Breach
949	CVE-2025-55182 (React2Shell, CVSS 10.0)	critical	10.0	1	Web Application Exploitation
950	CVE-2026-1995 (Improper file permission handling in id_service.exe)	critical	10.0	1	Privilege Escalation
951	Insufficient Physical Security for Fiber-Optic Cables	critical	10.0	1	Cyber Espionage
952	Unknown vulnerabilities in routers and VPN appliances	critical	10.0	1	Botnet
953	Cached Administrative Credentials in Workstation Memory	critical	10.0	1	Data Breach
954	inadequate monitoring of employee activity	critical	10.0	1	data breach
955	CVE-2025-5777 (Citrix Bleed 2)	critical	10.0	1	Ransomware
956	Supply chain compromise of open-source security tool	critical	10.0	1	Supply Chain Attack
957	Poorly configured firewalls	critical	10.0	1	Ransomware
958	Unmanaged OAuth App Permissions (Salesforce, Other SaaS)	critical	10.0	1	Browser-Based Attack
959	Stale Accounts (Former Employees with Retained Access)	critical	10.0	1	Data Breach
960	Over-reliance on remote desktop tools without geofencing	critical	10.0	1	Espionage
961	CVE-2022-26134 (Atlassian OGNL Injection)	critical	10.0	1	cyberespionage
962	AI-Enabled Attacks (industrial scale)	critical	10.0	1	Cyberattack
963	Inadequate privileged access management	critical	10.0	1	Ransomware
964	Mismanagement of sensitive data, lack of secure cloud storage	critical	10.0	1	Data Breach
965	Trust in .gov/.police Domain Emails (Bypassing Technical Filters)	critical	10.0	1	Account Compromise
966	human error (employee downloading malware-laced tool)	critical	10.0	1	ransomware
967	CVE-2025-59689 (Command injection in Libraesva ESG)	critical	10.0	1	Zero-day exploitation
968	lack of 2FA for publisher accounts	critical	10.0	1	supply chain attack
969	PackageGate Vulnerabilities	critical	10.0	1	Supply Chain Attack
970	Unauthorized Access by Ex-Employee	critical	10.0	1	Data Breach
971	Lack of Network Segmentation in Targeted Systems	critical	10.0	1	Distributed Denial of Service (DDoS)
972	CVE-2024-12297 (Frontend Authorization Logic Disclosure)	critical	10.0	1	Authentication Bypass
973	CVE-2026-27966	critical	10.0	1	Zero-Day Vulnerability
974	CVE-2025-64111	critical	10.0	1	Remote Code Execution (RCE)
975	Unauthorized Access by Employee	critical	10.0	1	Data Breach
976	Incorrect host/guest network separation (allowed privilege escalation from guest to host)	critical	10.0	1	Ransomware
977	CVE-2025-5086 (Deserialization of Untrusted Data)	critical	10.0	1	Vulnerability Exploitation
978	CVE-2022-37055	critical	10.0	1	Vulnerability Exploitation
979	lack of physical security for copper wiring	critical	10.0	1	physical security breach
980	Overprivileged identities	critical	10.0	1	Cloud Infrastructure Compromise
981	Abuse of Legitimate Tools (BITSAdmin)	critical	10.0	1	Targeted Attack
982	Phishing, Malicious Software Deployment	critical	10.0	1	Data Breach, Ransomware
983	Browser session tokens	critical	10.0	1	Ransomware
984	npm supply chain compromise (Nx platform)	critical	10.0	1	Supply Chain Attack
985	Lack of contractual compliance and oversight, unauthorized offshore access	critical	10.0	1	Data Breach
986	CVE-2026-XXXXX (PolyShell - unauthenticated arbitrary file upload via REST API)	critical	10.0	1	Payment Skimmer Attack
987	Outdated Junos OS routers	critical	10.0	1	Espionage
988	Lack of Content Security Policy (CSP) enforcement	critical	10.0	1	Data Breach
989	CVE-2025-8875 (Insecure Deserialization Leading to Command Execution)	critical	10.0	1	Vulnerability Exposure
990	CVE-2026-20079	critical	10.0	1	Vulnerability Exploitation
991	CVE-2024-54085	critical	10.0	1	Vulnerability Exploitation
992	poor network segmentation (IT/OT convergence)	critical	10.0	1	ransomware
993	Caching Error	critical	10.0	1	Data Breach
994	Unpatched vulnerability in the email system	critical	10.0	1	Ransomware
995	Legitimate Administrative Tools (ScreenConnect, AnyDesk, RMM Platforms)	critical	10.0	1	Social Engineering
996	Six vulnerabilities	critical	10.0	1	Exploit Kit / Cyber Espionage
997	CVE-2022-41082	critical	10.0	1	Ransomware
998	Legacy System Risks	critical	10.0	1	Data Breach
999	Lack of MFA on FortiGate VPN firewalls	critical	10.0	1	Cyberattack (Wiper Malware, Firmware Tampering)
1000	Unicode Private Use Area characters (0xFE00–0xFE0F, 0xE0100–0xE01EF)	critical	10.0	1	Supply Chain Attack
1001	CVE-2025-31324 (SAP NetWeaver)	critical	10.0	1	Ransomware
1002	Orion Software Vulnerability	critical	10.0	1	Software Exploitation
1003	Over-Privileged Accounts	critical	10.0	1	Data Breach
1004	insecure credential storage in CI/CD environments	critical	10.0	1	supply chain attack
1005	Lack of adequate security measures for USIM data (SK Telecom)	critical	10.0	1	Data Breach
1006	Security Incident During Server Setup	critical	10.0	1	Ransomware
1007	Student cybersecurity illiteracy	critical	10.0	1	Data Breach
1008	CVE-2024-1182	critical	10.0	1	Vulnerabilities in SCADA Systems
1009	GDPR compliance leverage (ransom coercion)	critical	10.0	1	ransomware
1010	unencrypted storage of sensitive data in an internet-accessible environment	critical	10.0	1	ransomware
1011	gaps in patching	critical	10.0	1	Ransomware
1012	Compromised Software Development Tools	critical	10.0	1	Malware
1013	Lack of Vendor Oversight	critical	10.0	1	Data Breach
1014	Supply-chain vulnerabilities	critical	10.0	1	Ransomware
1015	Security flaw in SonicWall’s systems	critical	10.0	1	Ransomware
1016	Manipulation of AmountWithBonus variable	critical	10.0	1	Cryptocurrency Theft
1017	Uncontrolled AI Tool Integration	critical	10.0	1	Data Breach Risk
1018	CVE-2023-50224	critical	10.0	1	Credential Harvesting
1019	CVE-2025-23334	critical	10.0	1	Vulnerability Exploitation
1020	poor cyber defenses in supplier systems	critical	10.0	1	supply chain attack
1021	CVE-2020-3580 (Cisco)	critical	10.0	1	ransomware
1022	User Registration & Membership WordPress plugin vulnerability	critical	10.0	1	Authentication Bypass
1023	Roundcube and SquirrelMail webmail vulnerabilities	critical	10.0	1	Cyber Espionage
1024	End-of-life (EOL) and end-of-support (EOS) Microsoft IIS servers	critical	10.0	1	Vulnerability Exposure
1025	Oracle E-Business Suite	critical	10.0	1	Ransomware
1026	Authentication Mechanisms	critical	10.0	1	Data Breach
1027	lack of MFA on critical systems	critical	10.0	1	ransomware
1028	CVE-2025-14894	critical	10.0	1	Remote Code Execution (RCE)
1029	Inadequate Data Redaction in Spreadsheets	critical	10.0	1	Data Breach
1030	Kernel compromise	critical	10.0	1	Espionage
1031	Default Authentication Bypasses	critical	10.0	1	Vulnerability Exploitation
1032	BeyondTrust	critical	10.0	1	Ransomware
1033	QR Code Vulnerability	critical	10.0	1	Espionage
1034	CVE-2025-22226	critical	10.0	1	Ransomware
1035	Weak Detection/Response Capabilities (SMEs)	critical	10.0	1	Ransomware
1036	Improper access controls in Capital One's cloud-based firewall (AWS S3 bucket misconfiguration)	critical	10.0	1	Data Breach
1037	Unpatched Self-Managed GitLab Community Edition	critical	10.0	1	Data Breach
1038	CVE-2025-21590	critical	10.0	1	Advanced Persistent Threat (APT)
1039	Lack of Real-Time Identity Data Sync	critical	10.0	1	Identity Security Crisis
1040	Open academic networks	critical	10.0	1	Data Breach
1041	Software Issue	critical	10.0	1	Data Breach
1042	Confluence Server Webwork OGNL injection	critical	10.0	1	Vulnerability Exploitation
1043	Over-Reliance on Reactive Detection (EDR/XDR)	critical	10.0	1	EDR/XDR Evasion
1044	EternalBlue (WannaCry, 2017)	critical	10.0	1	ransomware
1045	Insecure RDP configurations	critical	10.0	1	Ransomware
1046	Stale Identity Tokens	critical	10.0	1	Data Breach
1047	Previously undetected vulnerability	critical	10.0	1	Ransomware Attack
1048	Open Redirect	critical	10.0	1	Redirect Attack
1049	AI supply chain threats (e.g., LangFlow RCE)	critical	10.0	1	Malware Framework
1050	CVE-2025-32975	critical	10.0	1	Authentication Bypass
1051	Unmonitored third-party script dependencies	critical	10.0	1	Data Breach
1052	Palo Alto vulnerabilities	critical	10.0	1	Ransomware
1053	CVE-2026-33017 (Langflow AI)	critical	10.0	1	ransomware
1054	Plaintext access to JSON payloads in AI agent tool calls, lack of cryptographic verification for tool-call integrity	critical	10.0	1	Supply Chain Attack
1055	Expiration of State and Local Cybersecurity Grant Program	critical	10.0	1	Policy/Regulatory Failure
1056	Publicly Accessible Executive Profiles (for AI Phishing)	critical	10.0	1	Supply Chain Attack
1057	lack of actionable alerting	critical	10.0	1	ransomware
1058	Infostealer logs	critical	10.0	1	Extortion / Data Leak Threat
1059	Stolen Employee Tokens	critical	10.0	1	Data Breach
1060	maritime domain awareness gaps	critical	10.0	1	espionage
1061	Internet-exposed systems	critical	10.0	1	Cyber Threat Alert
1062	Weak Caller Verification Processes	critical	10.0	1	Social Engineering
1063	poor_network_segmentation	critical	10.0	1	ransomware
1064	Insufficient multi-factor authentication (MFA) protections	critical	10.0	1	Ransomware
1065	Previously unknown vulnerability in the payment processing system	critical	10.0	1	Data Breach
1066	CVE-2024-38178	critical	10.0	1	Cyber Espionage
1067	Malicious code injection	critical	10.0	1	Data Breach
1068	CVE-2026-32746 (Buffer Overflow - CWE-120)	critical	10.0	1	Remote Code Execution (RCE)
1069	Unauthorized data transfer to private cloud storage	critical	10.0	1	Data Breach
1070	public-facing application vulnerabilities	critical	10.0	1	ransomware
1071	Insider access to classified systems, Lack of real-time monitoring for data exfiltration	critical	10.0	1	Insider Threat, Espionage
1072	Microsoft SharePoint ToolShell vulnerabilities (zero-day, patched post-exploitation)	critical	10.0	1	Ransomware
1073	CitrixBleed2 (CVE not explicitly mentioned but inferred as Citrix NetScaler vulnerability)	critical	10.0	1	data breach
1074	Overlooked Access Rights	critical	10.0	1	Data Breach
1075	improper access controls on cloud storage (public bucket setting)	critical	10.0	1	data breach
1076	Weak password policy (single compromised password)	critical	10.0	1	Ransomware
1077	Progress Software's MOVEit Transfer vulnerability	critical	10.0	1	ransomware
1078	Inadequate Reporting Processes	critical	10.0	1	Data Breach
1079	Human Vulnerability (Social Engineering via Impersonation)	critical	10.0	1	Cyber Attack
1080	unmonitored vendor access to sensitive data	critical	10.0	1	supply chain attack
1081	CVE-2025-26399	critical	10.0	1	Ransomware
1082	misuse of scientific research cover	critical	10.0	1	espionage
1083	VMware virtual machines	critical	10.0	1	Cyberespionage
1084	human error (e.g., clicking malicious links)	critical	10.0	1	phishing
1085	Spear-phishing campaigns	critical	10.0	1	Data Breach
1086	Compromised Deloitte employee credentials	critical	10.0	1	data breach
1087	Windows minifilter drivers	critical	10.0	1	Ransomware
1088	Hardware Vulnerabilities	critical	10.0	1	Hardware Vulnerability Exploitation
1089	Lack of Multi-Factor Authentication (Assumed)	critical	10.0	1	Ransomware
1090	Lack of a business associate agreement	critical	10.0	1	Ransomware Attack
1091	Alert Fatigue and False Positives	critical	10.0	1	EDR/XDR Evasion
1092	CVE-2025-7026	critical	10.0	1	Firmware Vulnerability
1093	Unspecified SQL Server Vulnerabilities	critical	10.0	1	Cyber Espionage
1094	AI voice cloning limitations	critical	10.0	1	social engineering
1095	Publicly exposed servers and computers	critical	10.0	1	Cyberattack
1096	Systemic vulnerabilities in critical infrastructure	critical	10.0	1	Data Breach
1097	Misconfigured Email Security Solutions (Mimecast, Proofpoint, Barracuda)	critical	10.0	1	Data Breach
1098	CVE-2025-68947 (NsecSoft NSecKrnl driver)	critical	10.0	1	Ransomware
1099	Lack of security monitoring	critical	10.0	1	Cyberattack
1100	outsourcing risks	critical	10.0	1	data breach
1101	Stolen Private Key	critical	10.0	1	Cryptocurrency Theft
1102	Known vulnerability in IT infrastructure	critical	10.0	1	Data Breach
1103	CVE-2024-11859	critical	10.0	1	Malware Delivery
1104	Human vulnerabilities (compromised adviser accounts)	critical	10.0	1	Data Breach
1105	Software Development and Distribution Processes	critical	10.0	1	Supply Chain Attack
1106	CVE-2025-27915 (Stored XSS in Zimbra Classic Web Client via ICS files)	critical	10.0	1	Cyber Espionage
1107	Poor Endpoint Security	critical	10.0	1	Data Breach (General Discussion)
1108	CVE-2025-61882 (CVSS 9.8) - Oracle E-Business Suite Concurrent Processing Component	critical	10.0	1	Data Breach
1109	CVE-2020-35730	critical	10.0	1	Cyberespionage
1110	arbitrary code execution in CI/CD pipeline	critical	10.0	1	supply chain attack
1111	Remote Code Execution (RCE)	critical	10.0	1	Security Vulnerabilities
1112	Exposed NAS devices	critical	10.0	1	Ransomware
1113	CVE-2024-48248	critical	10.0	1	Vulnerability Exploitation
1114	Check Point gateway devices	critical	10.0	1	Supply Chain Attack
1115	Social Media Account Compromise	critical	10.0	1	Phishing, Social Engineering
1116	AI Browser Design Flaw (Fragment Inclusion in Context)	critical	10.0	1	Prompt Injection
1117	Compliance Blind Spots in Cross-Border AI Data Flows	critical	10.0	1	Data Breach (AI Models/Applications)
1118	SAP software vulnerability	critical	10.0	1	Cyberattack
1119	CVE-2024-XXXX	critical	10.0	1	Vulnerability Exploitation
1120	Unpatched Firmware/Software in Network Perimeter Devices	critical	10.0	1	Cyber Espionage
1121	CVE-2024-12856	critical	10.0	1	DDoS
1122	Log4Shell vulnerability in an unpatched VMware Horizon server	critical	10.0	1	Hacking
1123	Insufficient Disaster Recovery Plans	critical	10.0	1	Supply Chain Attack
1124	network vulnerabilities (unspecified)	critical	10.0	1	ransomware
1125	Human behavior	critical	10.0	1	Illegal intrusion
1126	CVE-2025-47953 (Microsoft Office Heap-Based Buffer Overflow)	critical	10.0	1	Patch Release
1127	Inadequate identity verification processes	critical	10.0	1	Espionage
1128	outdated property assessment funding	critical	10.0	1	physical security breach
1129	Unauthorized disclosure of SL2000 and SL3000 certificates	critical	10.0	1	Data Breach
1130	Zero-day	critical	10.0	1	Ransomware
1131	CVE-2026-25611	critical	10.0	1	Denial of Service (DoS)
1132	CVE-2026-24423	critical	10.0	1	Ransomware
1133	Persistent IT/OT silos	critical	10.0	1	Cyber Espionage
1134	Log4j (CVE-2021-44228)	critical	10.0	1	ransomware
1135	AIS protocol lack of authentication	critical	10.0	1	spoofing
1136	CVE-2026-24747	critical	10.0	1	Vulnerability Exploitation
1137	CVE-2025-10035 (Critical deserialization flaw in GoAnywhere MFT)	critical	10.0	1	Zero-day exploitation
1138	Trust in open-source maintainers, Fake meeting infrastructure	critical	10.0	1	Supply Chain Attack
1139	Third-party software (Famly) used by Kido nursery chain	critical	10.0	1	ransomware
1140	Vulnerability in the virtual private network	critical	10.0	1	Ransomware
1141	Failure to Implement Security Recommendations	critical	10.0	1	Data Breach
1142	Compromised private key controlling minting approvals	critical	10.0	1	Stablecoin Exploit
1143	Network segmentation flaws or disabled/unmonitored logs	critical	10.0	1	Data Breach
1144	Improper Handling of Sensitive Material	critical	10.0	1	Data Breach
1145	Missing Alerts	critical	10.0	1	Data Exposure
1146	Vehicle Tracking Systems (VTS), Immobilizer systems, Security systems	critical	10.0	1	Cyber Attack, Satellite Interference, Vehicle Immobilization
1147	CVE-2026-33784	critical	10.0	1	Vulnerability Exploitation
1148	weak SCADA system security	critical	10.0	1	cyber-physical attack
1149	Adobe Flash Vulnerability	critical	10.0	1	Vulnerability Exploitation
1150	CVE-2021-22681 (Rockwell Automation ICS)	critical	10.0	1	ransomware
1151	Direct Internet Exposure	critical	10.0	1	Cyber-Physical Attack
1152	Dangling DNS records	critical	10.0	1	Subdomain Hijacking
1153	Remote Code Execution (RCE) zero-day in Oracle E-Business Suite (versions 12.2.3-12.2.14)	critical	10.0	1	ransomware
1154	Manual Recovery Reliance	critical	10.0	1	Supply Chain Attack
1155	Legacy systems, architectural weaknesses in industrial security, IT-OT convergence	critical	10.0	1	Cyberattack on Operational Technology (OT)
1156	Lack of Real-Time Threat Detection	critical	10.0	1	Third-Party Breach
1157	weaknesses in AIS (Automatic Identification System) authentication	critical	10.0	1	AIS spoofing
1158	API misconfiguration	critical	10.0	1	Data Breach
1159	Misconfigured OIDC trust relationships	critical	10.0	1	Supply-Chain Attack
1160	Misconfigured Cloud Identity and Access Management (IAM)	critical	10.0	1	Data Breach
1161	weak account/access controls (reactivation of default accounts, new privileged users)	critical	10.0	1	ransomware
1162	Privilege Escalation	critical	10.0	1	Vulnerability Exploitation
1163	Network	critical	10.0	1	Data Breach
1164	Lack of Zero-Trust for Non-Human Identities (AI agents)	critical	10.0	1	Predictive Analysis
1165	Unspecified Salesforce vulnerability (likely API or authentication flaw)	critical	10.0	1	Data Breach
1166	Telnyx SDK	critical	10.0	1	Ransomware
1167	Unaddressed software vulnerabilities in CM/ECF system (identified in 2019 after a prior 2020 breach)	critical	10.0	1	Data Breach
1168	third-party ecosystem dependencies	critical	10.0	1	ransomware
1169	CVE-2024-21887 (Ivanti Connect Secure/Policy Secure)	critical	10.0	1	Ransomware
1170	Poorly secured networks, MFA vulnerabilities	critical	10.0	1	Cyberattack, Initial Access Brokerage, Ransomware
1171	Public-facing file-sharing folder	critical	10.0	1	Ransomware
1172	CVE-2025-10035 (Critical, CVSS 10.0) in Fortra GoAnywhere MFT	critical	10.0	1	Vulnerability Exploitation
1173	abuse of Velociraptor tool	critical	10.0	1	ransomware
1174	Email Spoofing, Unsecured Computer System	critical	10.0	1	Hacking
1175	SonicWall SSL VPN Vulnerability (Credentials in Backup Files)	critical	10.0	1	Unauthorized Access
1176	Disguised Malicious Commands as Benign Requests	critical	10.0	1	Espionage
1177	Compromised third-party vendor credentials	critical	10.0	1	Data Breach
1178	CVEs in Cisco's routers	critical	10.0	1	Data Breach
1179	CVE-2025-23320	critical	10.0	1	Vulnerability Exploitation
1180	OAuth vulnerability	critical	10.0	1	Exploit
1181	Compromised OAuth token for a Heroku machine account	critical	10.0	1	Security Breach
1182	Old vulnerabilities	critical	10.0	1	Spyware
1183	Insecure SOHO routers with default or weak configurations	critical	10.0	1	Espionage
1184	CVE-2022-29499	critical	10.0	1	Ransomware
1185	Insufficient Vetting of Remote IT Workers	critical	10.0	1	Cyber Theft
1186	Security gap in MOVEit Transfer	critical	10.0	1	Data Breach
1187	API code change flaw, predictable device serial numbers, unencrypted MFA scratch codes	critical	10.0	1	Ransomware
1188	lack of system isolation capabilities	critical	10.0	1	cyberattack
1189	Manque de sauvegardes régulières	critical	10.0	1	Cyberattaque ciblée
1190	OAuth Application Abuse	critical	10.0	1	Data Breach
1191	Log4Shell (CVE-2021-44228)	critical	10.0	1	Ransomware Attack
1192	Wide Attack Surfaces (Retail: staff, suppliers, IT systems)	critical	10.0	1	Ransomware
1193	Human Error (Compliance with Fraudulent Requests)	critical	10.0	1	Data Breach
1194	Ivanti Policy Secure	critical	10.0	1	Vulnerability Exploitation
1195	User Trust in Popular Repositories	critical	10.0	1	Malware Distribution and Phishing
1196	Potential vulnerability in screen monitoring software	critical	10.0	1	Ransomware
1197	Poor IAM practices	critical	10.0	1	Ransomware
1198	inadequate least-privilege access controls	critical	10.0	1	cyberespionage
1199	Weak vendor compliance enforcement	critical	10.0	1	Ransomware
1200	Lack of basic security features such as two-factor authentication	critical	10.0	1	Data Breach
1201	Zero-Day Vulnerability in Fortra's GoAnywhere MFT	critical	10.0	1	Data Breach
1202	Container escape vulnerabilities (e.g., CVE-2025-23266)	critical	10.0	1	Malware Framework
1203	Unsecured internet-facing devices (used by China-affiliated actors)	critical	10.0	1	Extortion
1204	CVE-2022-41328	critical	10.0	1	Advanced Persistent Threat (APT)
1205	Lack of Rate-Limiting	critical	10.0	1	Data Breach
1206	Inadequate input validation and output encoding in Jira’s custom priority settings	critical	10.0	1	Stored Cross-Site Scripting (XSS)
1207	Flaw in CI/CD pipeline	critical	10.0	1	Supply-Chain Attack
1208	CVE-2025-27821 (Out-of-bounds write in HDFS native client)	critical	10.0	1	Vulnerability
1209	Remote Terminal Units (RTUs)	critical	10.0	1	Cyber Sabotage
1210	Data blind spots	critical	10.0	1	Ransomware Prediction
1211	CVE-2025-34300	critical	10.0	1	Remote Code Execution
1212	Insufficient Identity Security Policies for AI Agents	critical	10.0	1	Identity Security Crisis
1213	Zero-day vulnerability in GoAnywhere MFT (Managed File Transfer) software	critical	10.0	1	Data Breach
1214	Over-Permissive Tool Access (e.g., Password Crackers, Network Scanners)	critical	10.0	1	Espionage
1215	Cloud Security Gaps	critical	10.0	1	Cyberattack Surge
1216	VPN vulnerabilities	critical	10.0	1	ransomware
1217	urgency/authority manipulation	critical	10.0	1	social engineering
1218	CVE-2025-32432 (CWE-94: Improper Control of Code Generation)	critical	10.0	1	Code Injection
1219	Unpatched flaw in a popular enterprise software platform	critical	10.0	1	Cyberattack
1220	Systemic design flaw in Anthropic’s Model Context Protocol (MCP)	critical	10.0	1	Remote Command Execution (RCE)
1221	Informant Malfeasance	critical	10.0	1	Dissemination of Propaganda and Child Abuse Material
1222	Weak Third-Party Security Controls	critical	10.0	1	Data Breach
1223	CVE-2025-33064 (Windows SMB Improper Access Control)	critical	10.0	1	Patch Release
1224	Outdated IT infrastructure, obsolete software (Lotus Notes), aging hardware	critical	10.0	1	Infrastructure Vulnerability
1225	Reduced Workforce Capacity	critical	10.0	1	Operational Risk
1226	Weak Employee Credentials	critical	10.0	1	Cyberattack Surge
1227	CVE-2024-1709 (ScreenConnect)	critical	10.0	1	Ransomware
1228	Understaffed Security Operations Center (SOC)	critical	10.0	1	Data Breach
1229	Insecure Third-Party Integration Controls	critical	10.0	1	Data Breach
1230	IT-OT Boundary Erosion	critical	10.0	1	Cyber Espionage
1231	Previously unknown software vulnerability in network infrastructure	critical	10.0	1	Data Breach
1232	Four zero-days	critical	10.0	1	Exploit Kit / Cyber Espionage
1233	Weak or Outdated Cryptographic Standards	critical	10.0	1	Emerging Threat
1234	Spring4Shell	critical	10.0	1	Vulnerability Exploitation
1235	CVE-2025-47962 (Windows SDK EoP)	critical	10.0	1	Patch Release
1236	CVE-2026-34976 (Missing authorization check in restoreTenant command)	critical	10.0	1	Zero-Day Vulnerability
1237	Default/Weak Admin Credentials	critical	10.0	1	Data Breach
1238	lack of package verification in CI/CD pipelines	critical	10.0	1	supply chain attack
1239	no password protection on critical servers	critical	10.0	1	data breach
1240	SQL Injection vulnerabilities in WordPress-powered website	critical	10.0	1	Data Breach
1241	Legitimate Windows driver truesight.sys (Adlice Software’s RogueKiller) with IOCTL command abuse	critical	10.0	1	ransomware
1242	Unsecured Kibana Dashboard	critical	10.0	1	Data Leak
1243	Lack of User Awareness for Non-Email Threats	critical	10.0	1	Social Engineering
1244	SmarterMail	critical	10.0	1	Ransomware
1245	Unspecified vulnerability in MOVEit file transfer platform (known to CL0P)	critical	10.0	1	Data Breach
1246	unmanaged devices	critical	10.0	1	ransomware
1247	Unpatched Systems (Software/Hardware)	critical	10.0	1	Data Breach
1248	Single-point-of-failure in 1/1 validation setup, lack of redundant verifiers	critical	10.0	1	Exploit
1249	Insecure Protocols (e.g., Telnet)	critical	10.0	1	Cyber Espionage
1250	Typosquatting	critical	10.0	1	Cyber Theft
1251	Lack of Syslog Forwarding to External Systems	critical	10.0	1	Ransomware Prevention Guide
1252	Absence of Multifactor Authentication	critical	10.0	1	Ransomware
1253	CVE-2025-64175	critical	10.0	1	Remote Code Execution (RCE)
1254	Oracle software vulnerability (identified in September 2023 by NCSC)	critical	10.0	1	Data Breach, Ransomware
1255	Progress MOVEit transfer systems	critical	10.0	1	Data Breach
1256	CVE-2021-Log4j (Remote Code Execution)	critical	10.0	1	Ransomware
1257	Human Trust in Help-Desk Processes	critical	10.0	1	Cyberattack
1258	CVE-2025-29927 (React2Shell)	critical	10.0	1	Cloud Misconfiguration Exploitation
1259	XAML deserialization	critical	10.0	1	Cyber Espionage
1260	Unauthenticated SQL injection in Lilli’s API, publicly exposed endpoints	critical	10.0	1	AI-driven cyberattack
1261	Shared-Service Model Vulnerabilities	critical	10.0	1	Cyberattack
1262	Trust in technical support specialists	critical	10.0	1	Data Breach
1263	Oracle WebLogic (unidentified flaw)	critical	10.0	1	Ransomware Attack
1264	Static Authentication Methods (vulnerable to deepfakes)	critical	10.0	1	Predictive Analysis
1265	Auto-update mechanisms	critical	10.0	1	Session Hijacking
1266	SQL Injection Vulnerability	critical	10.0	1	Data Breach
1267	Undisclosed Zero-Day in Oracle E-Business Suite	critical	10.0	1	Data Breach
1268	Improper handling of configuration objects in the `mergeConfig` function (CVE-2026-25639)	critical	10.0	1	Denial-of-Service (DoS)
1269	weak intranet security	critical	10.0	1	data breach
1270	CVE-2026-27685 (Insecure deserialization in SAP NetWeaver Enterprise Portal Administration)	critical	10.0	1	Remote Code Execution (RCE)
1271	Lack of Data Review Process / Gross Negligence	critical	10.0	1	Data Breach
1272	CVE-2026-20160	critical	10.0	1	Remote Code Execution (RCE)
1273	CVE-2023-3596	critical	10.0	1	Cyber Espionage
1274	Vulnerabilities in AI development platforms	critical	10.0	1	AI-driven cyber threats
1275	Misconfigured MongoDB instances lacking authentication, typically listening on port 27017	critical	10.0	1	Ransomware
1276	CVE-2025-20281	critical	10.0	1	Remote Code Execution
1277	Microsoft Hyper-V virtualization	critical	10.0	1	Cyber Espionage
1278	CVE-2025-20352 (Cisco IOS SNMP Flaw)	critical	10.0	1	Ransomware
1279	CVE-2025-61882 (Oracle E-Business Suite - Unauthenticated RCE)	critical	10.0	1	Data Breach
1280	Poor Oversight of Third-Party Vendor (PowerSchool)	critical	10.0	1	Data Breach
1281	privileged credential abuse	critical	10.0	1	ransomware
1282	insufficient cloud-native security controls	critical	10.0	1	ransomware
1283	Reduced CISA staffing (from ~2,500 to <900)	critical	10.0	1	Policy/Regulatory Failure
1284	Tool sprawl and visibility gaps	critical	10.0	1	Data Breach
1285	Misconfigured or unmonitored edge devices	critical	10.0	1	Ransomware
1286	Lack of strict removable media controls, insufficient monitoring of privileged users	critical	10.0	1	Insider Threat, Data Exfiltration
1287	Custom IoT malware, IOCONTROL	critical	10.0	1	Cyberattack
1288	Lack of proactive threat detection and centralized incident response	critical	10.0	1	Cyber Espionage
1289	automated package update mechanisms	critical	10.0	1	supply chain attack
1290	MOVEit Software Vulnerabilities	critical	10.0	1	Cyber Attack
1291	High-risk extension permissions	critical	10.0	1	Session Hijacking
1292	Azure Automation Service Vulnerability	critical	10.0	1	Vulnerability Exploitation
1293	Plaintext Credential Storage	critical	10.0	1	Vulnerability Exploitation
1294	Fortinet VPN vulnerabilities	critical	10.0	1	Cybercrime Forum Seizure
1295	Firewall rule exposing RDP on a management server	critical	10.0	1	Ransomware
1296	Fortinet Fortigate	critical	10.0	1	Supply Chain Attack
1297	React2Shell (CVE-2025-29927)	critical	10.0	1	Cloud Exploitation Campaign
1298	FortiOS (unspecified CVEs)	critical	10.0	1	ransomware
1299	Coding error in liquidity pools	critical	10.0	1	Cryptocurrency Heist
1300	Trust in open-source packages	critical	10.0	1	Supply Chain Attack
1301	CitrixBleed (CVE-2023-4966) - CVSS 9.3 in Netscaler ADC and Gateway (Session Token Theft, MFA Bypass)	critical	10.0	1	Data Breach
1302	Human error (help desk staff tricked into resetting credentials)	critical	10.0	1	Cyberattack
1303	CVE-2019-17571 (Apache Log4j 1.2 deserialization issue)	critical	10.0	1	Remote Code Execution (RCE)
1304	Cleo software vulnerabilities	critical	10.0	1	ransomware
1305	Insufficient permission checks	critical	10.0	1	DeFi Exploit
1306	SonicWall SSL VPN endpoints	critical	10.0	1	Ransomware
1307	CVE-2026-24423 (Missing Authentication for Critical Function - CWE-306)	critical	10.0	1	Ransomware
1308	Unauthenticated File Read	critical	10.0	1	Vulnerability Exploitation
1309	Lack of real-time detection for initial intrusion (May 14 to August 24)	critical	10.0	1	Ransomware Attack
1310	Unauthenticated Reboot Commands	critical	10.0	1	Vulnerability Disclosure
1311	Oracle zero-day (Clop gang)	critical	10.0	1	ransomware
1312	Social Engineering (Disguised as Legitimate npm Package)	critical	10.0	1	Malware Campaign
1313	CVE-2022-41040	critical	10.0	1	Ransomware
1314	CVE-2024-20359 (Privilege Escalation: Admin → Root)	critical	10.0	1	Cyberattack
1315	CVE-2026-0489 (DOM-based XSS in SAP Business One Job Service)	critical	10.0	1	Remote Code Execution (RCE)
1316	lack of real-time cross-verification of vessel identities	critical	10.0	1	AIS spoofing
1317	Understaffed security operations	critical	10.0	1	Data Breach
1318	Incorrect access permissions and configuration settings	critical	10.0	1	Data Breach
1319	Human Trust in Browser Update Prompts	critical	10.0	1	Malware Infection
1320	GPS reliance	critical	10.0	1	GPS spoofing (disputed)
1321	Outdated Android versions	critical	10.0	1	Malware
1322	CVE-2024-37079	critical	10.0	1	Remote Code Execution (RCE)
1323	Abuse of Native Windows Utilities (curl, certutil)	critical	10.0	1	APT (Advanced Persistent Threat)
1324	Inadequate cybersecurity training for non-IT staff	critical	10.0	1	Ransomware
1325	inadequate endpoint protection (Symantec Endpoint Protection failed to fully remediate backdoor)	critical	10.0	1	ransomware
1326	Actively exploited CVEs	critical	10.0	1	Ransomware
1327	Remote Disabling Capability	critical	10.0	1	Repurposing of Commercial Technology for Military Use
1328	Trust in Professional Networking Platforms	critical	10.0	1	Phishing (Non-Email)
1329	improper cloud storage configuration	critical	10.0	1	ransomware
1330	CVE-2017-17562 (GoAhead RCE)	critical	10.0	1	cyberespionage
1331	Weak Subcontractor Security Postures	critical	10.0	1	Supply Chain Attack
1332	Salesloft’s Drift AI Chat Integration (OAuth Token Theft)	critical	10.0	1	Data Breach
1333	Compromised Mailing List	critical	10.0	1	Phishing
1334	lack of asset visibility	critical	10.0	1	unauthorized access
1335	Influence of Radical Literature	critical	10.0	1	Domestic Terrorism
1336	Previously unidentified vulnerability	critical	10.0	1	Ransomware Attack
1337	vendor distribution pipelines	critical	10.0	1	ransomware
1338	Lack of IP Restrictions on Tokens	critical	10.0	1	Supply Chain Attack
1339	CVE-2025-49144	critical	10.0	1	Privilege Escalation
1340	Log4Shell vulnerability	critical	10.0	1	Cyber Attack
1341	Bun runtime environment detection	critical	10.0	1	supply chain attack
1342	Poor access controls and credential management for third-party code repositories	critical	10.0	1	Data Breach
1343	Default Teams App Permissions	critical	10.0	1	Social Engineering
1344	lack of threat detection tuning	critical	10.0	1	ransomware
1345	Kaseya VSA platform	critical	10.0	1	Ransomware Attack
1346	AnyDesk Remote Access Application	critical	10.0	1	Data Exfiltration
1347	Passive Storage Component Treatment (Missing Threat Signals)	critical	10.0	1	Data Breach (AI Models/Applications)
1348	CVE-2016-10033	critical	10.0	1	Vulnerability Exploitation
1349	Gaps in Endpoint Detection and Response (EDR)	critical	10.0	1	Domain Hijacking
1350	Memory Injection (persistent threat mechanism)	critical	10.0	1	Vulnerability Exploitation
1351	NVIDIA NeMo Framework Vulnerabilities	critical	10.0	1	Vulnerability Exploitation
1352	CVE-2024-0132, Docker DoS flaw on Linux	critical	10.0	1	Vulnerability Exploitation, DoS Attack
1353	Lack of Data Processing Agreements (DPAs/DSAs)	critical	10.0	1	Data Privacy Violation
1354	Weak Insider Controls	critical	10.0	1	Data Breach
1355	Outdated accounting infrastructure	critical	10.0	1	Ransomware
1356	Inadequate Data Redaction Procedures	critical	10.0	1	Data Breach
1357	Cyber-Illiterate Student Population	critical	10.0	1	Data Breach
1358	CVE-2024-12297	critical	10.0	1	Vulnerability Exploit
1359	CVE-2026-1492	critical	10.0	1	Privilege Escalation
1360	Stored Credentials in Veeam Backup Infrastructure	critical	10.0	1	Social Engineering
1361	Windows Defender Disabling	critical	10.0	1	Ransomware
1362	Misaligned agent workflows	critical	10.0	1	AI-driven breach
1363	Lack of Regular Penetration Testing	critical	10.0	1	Data Breach
1364	Weak Entra ID Configurations (e.g., external access policies)	critical	10.0	1	Social Engineering
1365	missing security patches	critical	10.0	1	data breach
1366	third-party tokens	critical	10.0	1	ransomware
1367	Unsupported Firmware/OS (EOL Systems)	critical	10.0	1	Cybersecurity Vulnerability Exposure
1368	Stolen username and password of a UN employee purchased off the dark web	critical	10.0	1	Data Breach
1369	Legacy system vulnerabilities (some dating back to 2013)	critical	10.0	1	Ransomware
1370	Weak administrator access controls	critical	10.0	1	Data Breach
1371	Critical SharePoint Vulnerabilities (July 2025)	critical	10.0	1	Ransomware Attack
1372	Follina	critical	10.0	1	Zero-Day Vulnerability
1373	Weak/Reused Passwords (88% of breaches per Verizon DBIR)	critical	10.0	1	Data Breach
1374	Alta Payment Portal	critical	10.0	1	Data Breach
1375	RenderShock 0-Click Vulnerability	critical	10.0	1	Zero-Click Attack
1376	Unsecured RDP access, absence of MFA	critical	10.0	1	Ransomware
1377	Weaknesses in SolarWinds' Orion platform	critical	10.0	1	Supply Chain Attack
1378	Lack of Security Layers	critical	10.0	1	Ransomware
1379	GHSA-7xvx-8pf2-pv5g (CVSS 9.1)	critical	10.0	1	Sandbox Escape Vulnerability
1380	Opportunistic TLS	critical	10.0	1	Cross-protocol Application Layer Desynchronization
1381	Zero-Day Vulnerabilities (1 new CVE every 17 minutes)	critical	10.0	1	Ransomware
1382	Compromised Apple ID logins and LinkedIn data	critical	10.0	1	Data Breach
1383	Blind SQL Vulnerability	critical	10.0	1	Data Breach
1384	weak security in satellite communication systems	critical	10.0	1	cyberattack
1385	lack of tamper-proof audit trails	critical	10.0	1	ransomware
1386	Technical Debt in Legacy OT Systems (15-20 year lifecycles)	critical	10.0	1	Cyber-Physical Attack
1387	Physical accessibility of undersea infrastructure	critical	10.0	1	Physical sabotage (cyber-physical attack)
1388	Unauthorized access via compromised civil servant credentials	critical	10.0	1	Data Breach
1389	CVE-2023-48788 (Fortinet EMS SQL injection)	critical	10.0	1	Ransomware
1390	Windows Safe Mode vulnerabilities	critical	10.0	1	Ransomware
1391	Weak Authentication (compromised social media accounts)	critical	10.0	1	Cyber Theft
1392	CVE-2026-33017	critical	10.0	1	Code Injection
1393	Cryptographic Protocols	critical	10.0	1	Cryptographic Risk
1394	Delayed Patch Management	critical	10.0	1	Data Breach
1395	Gaps in GDPR Data Protection for Vehicle-Generated Data	critical	10.0	1	Cybersecurity Vulnerability Assessment
1396	TerraMaster NAS Vulnerability	critical	10.0	1	Vulnerability Exploitation
1397	Human factor (credentials theft)	critical	10.0	1	Phishing
1398	Gaps in anomaly detection for behavioral baselines	critical	10.0	1	Ransomware
1399	Lack of anti-jamming measures in ferry's GPS system	critical	10.0	1	GPS jamming
1400	Lack of continuous vendor monitoring	critical	10.0	1	Ransomware
1401	Shadow AI, IdentityMesh, Infostealers	critical	10.0	1	Data Breach
1402	Unpatched zero-day vulnerability in Oracle E-Business Suite (arbitrary code execution)	critical	10.0	1	ransomware
1403	Hidden dependency with postinstall script execution	critical	10.0	1	Supply Chain Attack
1404	outdated configurations	critical	10.0	1	ransomware
1405	CVE-2026-32746 (Buffer Overflow in GNU InetUtils telnetd)	critical	10.0	1	Vulnerability Exploitation
1406	Architectural flaw in Model Context Protocol (MCP)	critical	10.0	1	Remote Code Execution (RCE)
1407	CVE-2021-39935 (CWE-918)	critical	10.0	1	Server-Side Request Forgery (SSRF)
1408	CrushFTP servers	critical	10.0	1	Supply Chain Attack
1409	CVE-2024-36401 (Critical RCE in GeoServer)	critical	10.0	1	Cyber Espionage
1410	Ungoverned AI Systems	critical	10.0	1	Data Breach
1411	BACnet/Modbus Protocol Flaws (No Encryption/Authentication)	critical	10.0	1	Cybersecurity Vulnerability Exposure
1412	Lack of Multi-Factor Authentication (MFA) for Vendor Logins	critical	10.0	1	Cyberattack
1413	Flaws in Tesla’s Mothership server	critical	10.0	1	Remote Code Execution
1414	Embedded credentials/API keys in source code	critical	10.0	1	Supply Chain Compromise
1415	Legacy Infrastructure	critical	10.0	1	AI-Powered Cyberattack
1416	BlueHammer	critical	10.0	1	Zero-Day Exploitation
1417	CVE-2025-26319	critical	10.0	1	Remote Code Execution (RCE)
1418	Insecure webcam	critical	10.0	1	Ransomware
1419	Unencrypted Satellite Backhaul	critical	10.0	1	Data Interception
1420	LOLDrivers (Living Off The Land Drivers) - 'truesight.sys' from RogueKiller AntiRootkit	critical	10.0	1	ransomware
1421	CVE-2025-49157	critical	10.0	1	Vulnerability Exploitation
1422	Unpatched legacy systems	critical	10.0	1	Ransomware
1423	Browser Sandbox Exploitation (Clipboard Access)	critical	10.0	1	Social Engineering
1424	Unintentional Misconfiguration	critical	10.0	1	Data Exposure
1425	Valid Login Information	critical	10.0	1	Data Breach
1426	Supply chain compromise (Trivy), credential theft	critical	10.0	1	Supply Chain Attack, Data Breach
1427	Unknown vulnerability in online platforms	critical	10.0	1	Data Breach
1428	PCI DSS 4.0.1 compliance gaps in client-side data protection	critical	10.0	1	Data Breach
1429	CVE-2025-10035 (GoAnywhere MFT, CVSS 10.0)	critical	10.0	1	data breach
1430	Employee credentials via spoofed websites	critical	10.0	1	Cryptocurrency Theft, Phishing, Identity Theft
1431	Unsecured IoT/Peripheral Devices	critical	10.0	1	Ransomware
1432	Human Vulnerability (Phishing/Social Engineering Susceptibility)	critical	10.0	1	Account Compromise
1433	Security issue with Haltdos	critical	10.0	1	Data Breach
1434	Citrix device vulnerabilities (specific CVE not disclosed)	critical	10.0	1	Cyberattack
1435	Inconsistent authentication	critical	10.0	1	Data Breach
1436	Heap Metadata Corruption	critical	10.0	1	Memory Corruption Vulnerability
1437	Partial Logging of Data Access	critical	10.0	1	Insider Threat
1438	AI Model Jailbreak (Disguised Malicious Tasks as Benign)	critical	10.0	1	Espionage
1439	Legitimate drivers	critical	10.0	1	Ransomware
1440	Hardcoded cryptographic keys in Unitree’s G1 humanoid	critical	10.0	1	Privacy Breach
1441	CVE-2024-20399	critical	10.0	1	Advanced Persistent Threat (APT)
1442	Default public location sharing settings in fitness app	critical	10.0	1	Data Exposure
1443	WordPress vulnerabilities	critical	10.0	1	Botnet
1444	Compromised Microsoft 365 Account	critical	10.0	1	Data Breach
1445	Infected Barcode Scanners	critical	10.0	1	Data Breach
1446	Lack of Access Controls During Layoffs	critical	10.0	1	Data Breach
1447	Unsalted MD5	critical	10.0	1	Data Breach
1448	CVE-2025-47171 (Windows Netlogon Use of Uninitialized Resources)	critical	10.0	1	Patch Release
1449	Geopolitical protections for cybercriminals	critical	10.0	1	Ransomware
1450	CVE-2025-3835	critical	10.0	1	Remote Code Execution (RCE)
1451	CVE-2024-9852	critical	10.0	1	Vulnerabilities in SCADA Systems
1452	CVE-2024-12686	critical	10.0	1	Breach
1453	Known vulnerability in cloud storage services	critical	10.0	1	Data Breach
1454	Network infiltration	critical	10.0	1	Security Concerns
1455	Unknown network vulnerability	critical	10.0	1	Ransomware Attack
1456	Default passwords	critical	10.0	1	Exposure of Critical Infrastructure
1457	Manual SOC inefficiencies	critical	10.0	1	Data Breach
1458	CVE-2025-2171	critical	10.0	1	Vulnerability Exploitation
1459	Windows Driver Signature Enforcement bypass via signed driver abuse	critical	10.0	1	Ransomware
1460	Misconfigured Security Controls	critical	10.0	1	Malware
1461	CVE-2024-32114	critical	10.0	1	Remote Code Execution (RCE)
1462	inadequate administrative/physical/technical safeguards (HIPAA)	critical	10.0	1	data breach
1463	Compromised contractor credentials (specific vulnerability undisclosed)	critical	10.0	1	Data Breach
1464	SonicWall SSLVPN (Weak MFA/Access Controls)	critical	10.0	1	Ransomware
1465	unique implementation flaws	critical	10.0	1	supply chain attack
1466	Legacy Authentication Protocols (e.g., SAMLjacking)	critical	10.0	1	Phishing (Non-Email)
1467	Outdated RTU firmware	critical	10.0	1	Cyberattack (Wiper Malware, Firmware Tampering)
1468	Improper GitHub Access Controls	critical	10.0	1	Supply Chain Attack
1469	Oracle zero-day vulnerability	critical	10.0	1	Ransomware
1470	Obfuscation Techniques	critical	10.0	1	Malware Infection
1471	CVE-2025-36535 (Missing Authentication in MB-Gateway Devices)	critical	10.0	1	Vulnerability Exploitation
1472	Insufficient access controls, lack of root account protection	critical	10.0	1	Data Destruction
1473	Lack of Access Controls for Sensitive Data Aggregation	critical	10.0	1	Data Breach
1474	insecure communication protocols	critical	10.0	1	unauthorized access
1475	Poor password hygiene, lack of multi-factor authentication, unsecured third-party services	critical	10.0	1	Credential Compromise
1476	Opportunistic targeting	critical	10.0	1	Data Breach
1477	Social Engineering / Phishing	critical	10.0	1	Spear Phishing
1478	Stolen personal data (Social Security numbers, birthdates, account credentials)	critical	10.0	1	Data Breach, Identity Fraud, Account Takeover
1479	Vulnerability allowing linkage of email addresses and phone numbers to Twitter accounts	critical	10.0	1	Data Breach
1480	Lateral Movement via Salesforce OAuth	critical	10.0	1	Supply Chain Attack
1481	Lack of identity controls	critical	10.0	1	AI-driven breach
1482	CVE-2025-48057	critical	10.0	1	Vulnerability Exploitation
1483	MongoBleed	critical	10.0	1	Data Breach
1484	Unauthorized transaction approvals	critical	10.0	1	Security Breach
1485	Default passwords, Outdated software, Lack of manual updates	critical	10.0	1	Data Breach, Voyeurism, Illegal Content Distribution
1486	SimpleHelp	critical	10.0	1	Ransomware
1487	preventable software vulnerabilities	critical	10.0	1	ransomware
1488	Unspecified Cisco ASA Vulnerabilities (ArcaneDoor Campaign)	critical	10.0	1	Espionage
1489	Palo Alto PAN-OS	critical	10.0	1	Ransomware
1490	Human vulnerability (tricking employees into divulging credentials)	critical	10.0	1	Data Breach / Ransomware Attack
1491	Lack of MFA Enforcement	critical	10.0	1	Social Engineering
1492	Website Software	critical	10.0	1	Data Breach
1493	CVE-2025-2857	critical	10.0	1	Zero-day Vulnerability
1494	Vulnerabilities present during high-risk phases like satellite deployment, where telemetry, software loadouts, and encryption keys are most exposed.	critical	10.0	1	Cyber Espionage
1495	CVE-2025-61882 (Oracle E-Business Suite BI Publisher Integration Component)	critical	10.0	1	Data Theft
1496	Accellion File Transfer Appliance (FTA) vulnerabilities	critical	10.0	1	Data Breach
1497	Dependence on GPS/GNSS signals for navigation; lack of spoofing-resistant safeguards	critical	10.0	1	GNSS spoofing
1498	Output Messenger	critical	10.0	1	Cyberespionage
1499	Complacency in High-Turnover Workforces	critical	10.0	1	Data Breach
1500	potential prior SharePoint vulnerabilities (historical context for Storm-2603)	critical	10.0	1	ransomware
1501	CVE-2026-22719 (CWE-77 - Command Injection)	critical	10.0	1	Vulnerability Exploitation
1502	Mobile device and app security weaknesses	critical	10.0	1	Cyber Espionage
1503	CVE-2024-53676	critical	10.0	1	Vulnerability Exploitation
1504	Lack of domestic rare earth processing capacity	critical	10.0	1	Geopolitical Risk
1505	Abuse of legitimate software (BitDefender, VLC Media Player, Sangfor)	critical	10.0	1	Cyber Espionage
1506	Videoconference Invitation	critical	10.0	1	Data Breach
1507	CVE-2021-36260 (Hikvision - command injection)	critical	10.0	1	Cyber Espionage, Reconnaissance
1508	CVE-2026-0740	critical	10.0	1	Vulnerability Exploitation
1509	poor staff training	critical	10.0	1	data breach
1510	Internal System Compromise (mechanism unspecified)	critical	10.0	1	Data Breach
1511	Insecure Build Process	critical	10.0	1	Supply Chain Attack
1512	Improper Use of Collaboration Tools (WhatsApp, Microsoft Forms)	critical	10.0	1	Data Breach
1513	SCADA system vulnerabilities	critical	10.0	1	DDoS
1514	CVE-2024-40766 (SonicWall improper access control, CVSS 9.8)	critical	10.0	1	ransomware
1515	Lack of Multi-Factor Authentication (2FA) for OAuth Apps	critical	10.0	1	Data Breach
1516	AI Training Data Exposure	critical	10.0	1	Cyber Espionage
1517	interconnected manufacturing systems	critical	10.0	1	cyberattack
1518	Critical vulnerability in SAP NetWeaver Visual Composer development server	critical	10.0	1	Zero-day attack
1519	Unpatched Web Applications	critical	10.0	1	AI-Powered Cyberattack
1520	CVE-2025-3935	critical	10.0	1	Cyberattack
1521	CVE-2024-42057	critical	10.0	1	Ransomware Attack
1522	Weak private key generation algorithm	critical	10.0	1	Cryptocurrency Theft
1523	Exposed network devices and vulnerabilities in OT systems	critical	10.0	1	Cyberattack on Critical Infrastructure
1524	Stolen Passwords	critical	10.0	1	Data Breach
1525	Bypassed consent protocols, vulnerabilities in offshored data-management tools	critical	10.0	1	Data Breach
1526	Remote-file-transfer vulnerabilities	critical	10.0	1	Ransomware
1527	Poor Data Residency Enforcement	critical	10.0	1	Data Breach Risk
1528	Unpatched software, firmware, and operating systems	critical	10.0	1	Ransomware
1529	Unsecured communication channels (WhatsApp)	critical	10.0	1	Data Breach
1530	CVE-2024-56325	critical	10.0	1	Vulnerability Exploit
1531	Entra ID application registration secrets	critical	10.0	1	cyberespionage
1532	CVE-2025-30232	critical	10.0	1	Vulnerability Exploitation
1533	CVE-2025-14733 (Out-of-bounds write in iked process)	critical	10.0	1	Remote Code Execution (RCE)
1534	dependency trust model	critical	10.0	1	supply chain attack
1535	Lack of Segmentation	critical	10.0	1	Data Exposure
1536	lack of email security by design	critical	10.0	1	phishing
1537	aging IT systems	critical	10.0	1	data breach
1538	User Trust in Fake App	critical	10.0	1	Malware Attack
1539	Vimar smart home devices	critical	10.0	1	DDoS Attack
1540	CVE-2023-3519 (Citrix NetScaler)	critical	10.0	1	cyberespionage
1541	operational lapses in rule propagation	critical	10.0	1	data breach
1542	Poor Kubernetes configurations	critical	10.0	1	Cloud Infrastructure Compromise
1543	Weak IoT Device Security (e.g., default credentials, unpatched firmware)	critical	10.0	1	Distributed Denial of Service (DDoS)
1544	Abstract Threat Perception	critical	10.0	1	Data Breach
1545	CVE-2025-68615 (Buffer Overflow in snmptrapd)	critical	10.0	1	Vulnerability Exploitation
1546	systemic weaknesses in data protection	critical	10.0	1	data breach
1547	Implicit TLS	critical	10.0	1	Cross-protocol Application Layer Desynchronization
1548	SolarWinds Orion Software	critical	10.0	1	Supply Chain Attack
1549	CVE-2025-40551 (CWE-502: Unsafe Deserialization)	critical	10.0	1	Remote Code Execution (RCE)
1550	Absence de formation des employés en cybersécurité	critical	10.0	1	Cyberattaque ciblée
1551	Outdated or unpatched consumer and small office devices	critical	10.0	1	Cyber Espionage
1552	Lack of Compliance Oversight	critical	10.0	1	Data Breach
1553	Undisclosed Vulnerabilities in BIG-IP (details not public)	critical	10.0	1	Data Breach
1554	Programming Issue	critical	10.0	1	Data Exposure
1555	human error (clicking suspicious links)	critical	10.0	1	general cybersecurity awareness
1556	Insufficient anti-jam technology	critical	10.0	1	GPS spoofing
1557	CWE-22: Path Traversal in Docker build context configuration (smithery.yaml)	critical	10.0	1	Supply Chain Attack
1558	CVE-2026-21643	critical	10.0	1	SQL Injection
1559	Lack of encryption and authentication in Modbus protocol	critical	10.0	1	Vulnerability Exploitation
1560	Provider Edge (PE) routers	critical	10.0	1	Cyber Espionage
1561	Absence of AI Governance Frameworks	critical	10.0	1	Unauthorized AI Deployment
1562	Authentication tokens harvested from Anodot, bypassing multi-factor authentication	critical	10.0	1	Data Breach
1563	CVE-2023-20867	critical	10.0	1	Advanced Persistent Threat (APT)
1564	Lack of Password or Encryption	critical	10.0	1	Data Exposure
1565	delayed maintenance response	critical	10.0	1	physical security breach
1566	Non-public information disclosure	critical	10.0	1	Bribery and Fraud
1567	Data integrity	critical	10.0	1	Security Concerns
1568	Unknown flaw in Oracle E-Business Suite (EBS)	critical	10.0	1	Data Breach
1569	Third-Party Supply Chain Weaknesses	critical	10.0	1	Data Breach
1570	Human Error (Phishing/Vishing)	critical	10.0	1	Data Breach
1571	Vulnerabilities in the email system	critical	10.0	1	Data Breach
1572	unsecured copper infrastructure	critical	10.0	1	infrastructure vulnerability
1573	token-based publishing model	critical	10.0	1	supply chain attack
1574	Lack of Out-of-Band Authentication	critical	10.0	1	Social Engineering
1575	CVE-2025-27507	critical	10.0	1	Vulnerability Exploitation
1576	Human Trust (Fake CAPTCHA Social Engineering)	critical	10.0	1	Social Engineering
1577	zero-day vulnerability in Oracle EBusiness Suite	critical	10.0	1	data breach
1578	Lack of two-factor authentication (2FA), persistent access to Aeroflot’s infrastructure	critical	10.0	1	Supply-Chain Attack
1579	delayed AV detection due to obfuscation	critical	10.0	1	ransomware
1580	Static Zero Trust Policies (Lack of Dynamic Guardrails)	critical	10.0	1	Data Breach (AI Models/Applications)
1581	CVE-2024-37079 (CWE-787 - Out-of-bounds Write)	critical	10.0	1	Remote Code Execution (RCE)
1582	Known vulnerabilities in backbone routers	critical	10.0	1	Cyber Espionage
1583	identity governance gaps	critical	10.0	1	ransomware
1584	Weak Cybersecurity Safeguards in Government Systems	critical	10.0	1	Data Privacy Violation
1585	Unprotected 'Recent Links' feature with predictable URL format, enabling unauthorized data scraping via crawlers	critical	10.0	1	Data Exposure
1586	Unpatched or zero-day flaws in technology platforms	critical	10.0	1	Ransomware
1587	metadata retention in files	critical	10.0	1	data breach
1588	legitimate platform abuse (e.g., Google Calendar, Azure domains)	critical	10.0	1	ransomware
1589	CVE-2026-33660 (Improper input validation, CWE-94: Code Injection)	critical	10.0	1	Remote Code Execution (RCE)
1590	Lack of Visibility into Privileged Account Usage	critical	10.0	1	Data Breach
1591	Stolen Credentials/API Tokens	critical	10.0	1	Data Breach
1592	Insecure Backups	critical	10.0	1	Compliance Failure
1593	SonicWall vulnerabilities	critical	10.0	1	Ransomware
1594	CVE-2026-20963 (Microsoft SharePoint Server)	critical	10.0	1	ransomware
1595	Previously unknown software flaw (zero-day)	critical	10.0	1	Cyber Espionage
1596	Limited Supply Chain Visibility (beyond first-tier vendors)	critical	10.0	1	Ransomware
1597	Insufficient cybersecurity training	critical	10.0	1	Data Breach
1598	help-desk protocol vulnerabilities	critical	10.0	1	ransomware
1599	CVE-2021-33044 (Dahua - authentication bypass)	critical	10.0	1	Cyber Espionage, Reconnaissance
1600	CVE-2025-42957 (ABAP Code Injection in SAP S/4HANA)	critical	10.0	1	Vulnerability Exploitation
1601	Weak Authentication (68% of breaches involve credentials)	critical	10.0	1	Ransomware
1602	Improperly exposed backend function (Convex framework's `downloads: increment` configured as public mutation)	critical	10.0	1	Supply-Chain Attack
1603	Web application stack	critical	10.0	1	Data Breach
1604	Stale service accounts	critical	10.0	1	Ransomware
1605	CVE-2025-10035 (GoAnywhere MFT)	critical	10.0	1	ransomware
1606	Legacy network	critical	10.0	1	Data Breach
1607	Insufficient Code Review for Open-Source Dependencies	critical	10.0	1	Supply Chain Attack
1608	over_permissive_cloud_settings	critical	10.0	1	ransomware
1609	CVE-2025-43200	critical	10.0	1	Spyware
1610	Poor Email Security Practices	critical	10.0	1	Data Breach
1611	Fortinet software	critical	10.0	1	Cyber Attack
1612	weak credential management (golden ticket risk)	critical	10.0	1	ransomware
1613	Undisclosed (stolen vulnerability data)	critical	10.0	1	Data Breach
1614	CVE-2026-4368	critical	10.0	1	Vulnerability Disclosure
1615	CVE-2025-4427	critical	10.0	1	Cyber Espionage
1616	Unsupervised automation	critical	10.0	1	AI-driven breach
1617	overlooked vulnerabilities	critical	10.0	1	ransomware
1618	CVE-2025-12556 (Improper input validation in ICM Viewer’s WebSocket communication)	critical	10.0	1	Remote Code Execution (RCE)
1619	Abuse of Device Admin and Accessibility Services permissions	critical	10.0	1	Ransomware
1620	Security protocol bypass, weak access controls, anti-virus circumvention, secret key exposure in source code	critical	10.0	1	Insider Threat / AI Exploitation
1621	SaaS supply chain blind spots	critical	10.0	1	Ransomware
1622	Weak vendor credentials	critical	10.0	1	Data Breach
1623	AI guardrail bypass	critical	10.0	1	AI-powered cyberattack
1624	Third-party breaches	critical	10.0	1	Supply Chain Attack, Extortion Campaign
1625	CVE-2025-61882 (Oracle E-Business Suite Zero-Day)	critical	10.0	1	Data Breach
1626	CVE-2023-41348	critical	10.0	1	botnet
1627	Potential vulnerability in Citrix NetScaler	critical	10.0	1	Cyberattack
1628	CVE-2025-64155 (CWE-78: Improper Neutralization of Special Elements used in an OS Command)	critical	10.0	1	Vulnerability Exploitation
1629	CVE-2025-20337	critical	10.0	1	Remote Code Execution
1630	compromised backup configurations (SonicWall cloud breach)	critical	10.0	1	ransomware
1631	CVE-2025-4428	critical	10.0	1	Cyber Espionage
1632	CVE-2025-31324 (unspecified CRM/DBMS/SaaS target)	critical	10.0	1	Cybercriminal Alliance Formation
1633	Email reply-chain exploitation	critical	10.0	1	Phishing
1634	CVE-2025-3052	critical	10.0	1	Secure Boot Bypass
1635	IMSI-capturing	critical	10.0	1	Surveillance
1636	SonicWall VPN RCE	critical	10.0	1	Cybercrime Forum Seizure
1637	Improper Data Handling Practices	critical	10.0	1	Data Breach
1638	Government mismanagement, lack of security protocols	critical	10.0	1	Data Breach
1639	Delayed Response to Security Alerts	critical	10.0	1	Data Breach
1640	Legitimate Cybersecurity Testing Impersonation	critical	10.0	1	Espionage
1641	Unrestricted Access Controls	critical	10.0	1	Ransomware
1642	CVE-2024-11120	critical	10.0	1	Cyberattack
1643	CVE-2025-7742	critical	10.0	1	Vulnerability Exploitation
1644	Optional MFA (to be phased out)	critical	10.0	1	Predictive Analysis
1645	CVE-2025-60021 (Inadequate input validation in Apache bRPC heap profiler endpoint)	critical	10.0	1	Remote Command Injection
1646	Insufficient insider threat controls	critical	10.0	1	Data Breach
1647	Outdated Fortinet VPNs	critical	10.0	1	Ransomware
1648	Security holes in Verizon's systems	critical	10.0	1	Data Breach
1649	Remote desktop gateway vulnerability	critical	10.0	1	Ransomware
1650	Unpatched Third-Party Integrations (Salesloft Drift)	critical	10.0	1	Data Breach
1651	CVE-2024-56336	critical	10.0	1	Vulnerability
1652	Inadequate access controls for sensitive spreadsheets	critical	10.0	1	Data Breach
1653	CVE-2025-20362 (Cisco ASA/Firepower - Privilege Escalation)	critical	10.0	1	Vulnerability Exploitation
1654	Improper input validation in USER environment variable handling	critical	10.0	1	Authentication Bypass
1655	AI integrations with applications (e.g., Google Calendar, Zoom)	critical	10.0	1	AI Exploitation
1656	GitLab Server Misconfiguration (Red Hat)	critical	10.0	1	Data Breach
1657	CVE-2024-40766 (SonicWall SSLVPN improper access control)	critical	10.0	1	ransomware
1658	Incorrect configuration	critical	10.0	1	Data Breach
1659	Lack of OIDC verification, unmatched GitHub commits	critical	10.0	1	Supply Chain Attack
1660	Malicious form injection	critical	10.0	1	Data Breach
1661	Lack of Behavioral Analytics for Insider Threat Detection	critical	10.0	1	Insider Threat (Attempted)
1662	Over-Permissive API/OAuth Token Access	critical	10.0	1	Data Breach
1663	Technical vulnerabilities	critical	10.0	1	Illegal intrusion
1664	Outsourced Business Process Provider Vulnerabilities	critical	10.0	1	Data Breach
1665	Unknown Third-Party Relationships	critical	10.0	1	Data Breach
1666	Public-facing nodes and databases with inadequate security controls	critical	10.0	1	Research Study
1667	CVE-2026-5194	critical	10.0	1	Vulnerability Exploitation
1668	Lack of Business Continuity Plans	critical	10.0	1	Ransomware
1669	default LDAP group configurations	critical	10.0	1	ransomware
1670	insufficient incident response plans	critical	10.0	1	phishing
1671	Third-Party Supplier Weakness	critical	10.0	1	Ransomware
1672	Insufficient MFA Enforcement (Ghost Logins, SSO Gaps)	critical	10.0	1	Browser-Based Attack
1673	Unsecured Database Accessible Without Authentication	critical	10.0	1	Data Breach
1674	Browser-Based Credential Storage (Syncing Across Devices)	critical	10.0	1	Phishing (Non-Email)
1675	CVE-2025-22224	critical	10.0	1	Ransomware
1676	Single Point of Failure in Critical Workflows	critical	10.0	1	Supply Chain Attack
1677	20+ Vulnerabilities	critical	10.0	1	AI-Powered Cyberattack
1678	Lack of Email Filtering	critical	10.0	1	Targeted Cyberattack
1679	Code block display bug (hiding malicious instructions)	critical	10.0	1	Vulnerability Exploitation
1680	CVE-2025-52691 (SmarterMail)	critical	10.0	1	ransomware
1681	Exposed Firewall Configuration Backups (Encrypted but Sensitive)	critical	10.0	1	Unauthorized Access
1682	Broad systemic vulnerabilities including reliance on foreign manufacturing for supply chains, dependency on cyber-vulnerable space systems (GPS, satellite communications), and weaknesses in infrastructure resilience against climate events.	critical	10.0	1	Ransomware Attack
1683	Vulnerabilities in decentralized energy infrastructure and OT/ICS systems	critical	10.0	1	Cyberattack on Critical Infrastructure
1684	Previously unknown vulnerability in file transfer software	critical	10.0	1	Data Breach
1685	AppArmor vulnerabilities (no CVE assigned yet)	critical	10.0	1	Vulnerability Exploitation
1686	Undisclosed BIG-IP Vulnerabilities (under investigation)	critical	10.0	1	Supply Chain Attack
1687	Poor Patch Management	critical	10.0	1	Compliance Failure
1688	Pulse Secure CVE-2019-11510	critical	10.0	1	Cybercrime Forum Seizure
1689	Default-enabled remote user account, unprotected superuser accounts, user enumeration, and lack of password protection	critical	10.0	1	Misconfiguration
1690	Unpatched vulnerabilities in internet-facing applications	critical	10.0	1	Data Breach
1691	weak token security	critical	10.0	1	third-party breach
1692	Rewards system manipulation	critical	10.0	1	Cryptocurrency Heist
1693	unauthorized remote access	critical	10.0	1	cyber-physical attack
1694	CVE-2026-21858	critical	10.0	1	Vulnerability Exploitation
1695	known vulnerabilities	critical	10.0	1	ransomware
1696	weak encryption key management practices	critical	10.0	1	ransomware
1697	CVE-2026-0542	critical	10.0	1	Remote Code Execution (RCE)
1698	Lack of Anomaly Detection	critical	10.0	1	Data Breach Risk
1699	Schneider Electric safety equipment	critical	10.0	1	Cyberattack
1700	CVE-2023-46604 (Apache ActiveMQ)	critical	10.0	1	Ransomware
1701	Unauthorized Disclosure of Sensitive Information	critical	10.0	1	Security Vulnerabilities
1702	CVE-2025-47950	critical	10.0	1	Vulnerability
1703	CVE-2024-40766 (SonicWall)	critical	10.0	1	ransomware
1704	Insecure ICS Protocols (Plaintext Traffic)	critical	10.0	1	Exposure of Vulnerable Systems
1705	Human trust exploitation	critical	10.0	1	Data Breach
1706	unsecured_API	critical	10.0	1	ransomware
1707	CVE-2026-2329 (Stack-based buffer overflow in /cgi-bin/api.values.Get endpoint)	critical	10.0	1	Zero-Day Vulnerability
1708	Misconfigured permissions, weak access controls, over-privileged identities	critical	10.0	1	Misconfiguration, Privilege Escalation, Data Exfiltration, AI Security
1709	Lack of Code Integrity Checks	critical	10.0	1	Supply Chain Attack
1710	Technical know-how gap in solvent extraction	critical	10.0	1	Geopolitical Risk
1711	Unsecured devices and networks	critical	10.0	1	Ransomware
1712	Exposure management adoption	critical	10.0	1	Ransomware Prediction
1713	Poor Training on Data Protection Protocols	critical	10.0	1	Data Breach
1714	CVE-2023-41347	critical	10.0	1	botnet
1715	Legitimate account compromise	critical	10.0	1	Ransomware
1716	Limited Budget/Resources	critical	10.0	1	Collaborative Initiative
1717	Absence of two-factor authentication	critical	10.0	1	Ransomware
1718	Insufficient ESXi Logging Configurations	critical	10.0	1	Ransomware Prevention Guide
1719	CVE-2025-49158	critical	10.0	1	Vulnerability Exploitation
1720	failures in basic cyber hygiene	critical	10.0	1	ransomware
1721	CVE-2026-3055	critical	10.0	1	Vulnerability Disclosure
1722	Outdated Software (e.g., Iranian oil tankers)	critical	10.0	1	Ransomware
1723	unpatched software (suspected)	critical	10.0	1	data breach
1724	Delayed access revocation for terminated employees	critical	10.0	1	Data Breach, Unauthorized Access, Data Deletion
1725	CVE-2025-37164	critical	10.0	1	Botnet Campaign
1726	Unhashed Passwords	critical	10.0	1	Data Breach
1727	Unsecured Elasticsearch Server	critical	10.0	1	Data Breach
1728	Known vulnerabilities in DNN platform	critical	10.0	1	Data Breach
1729	Poorly maintained systems	critical	10.0	1	Ransomware
1730	Zero-day vulnerability in Oracle E-Business Suite	critical	10.0	1	Ransomware
1731	Inadequate Data Encryption	critical	10.0	1	Ransomware
1732	Poor IoT device oversight/management	critical	10.0	1	Ransomware
1733	CVE-2026-25177	critical	10.0	1	Privilege Escalation
1734	CVE-2024-8299	critical	10.0	1	Vulnerabilities in SCADA Systems
1735	OS auto-enumeration of mice on Windows 11 and macOS Sonoma, lack of HID trust models	critical	10.0	1	Hardware-based Attack
1736	Zero-Day in Network Appliances (e.g., VMware vCenter, ESXi)	critical	10.0	1	Espionage
1737	LNK file execution	critical	10.0	1	spear-phishing
1738	Lack of Centralized Log Management	critical	10.0	1	Data Breach
1739	SAP Solution Manager	critical	10.0	1	Cyber Espionage
1740	CVE-2026-34197 (13-year-old flaw in Apache ActiveMQ Classic) and CVE-2024-32114 (authentication bypass)	critical	10.0	1	Remote Code Execution (RCE)
1741	Insufficient Access Controls (Assumed)	critical	10.0	1	Ransomware
1742	Insufficient IT resources	critical	10.0	1	Cyberattack
1743	Zero-day vulnerability in a third-party application (unspecified)	critical	10.0	1	Ransomware Attack
1744	Vulnerable drivers (BYOVD), misused legitimate software, obfuscation techniques (VX Crypt, VMProtect, control-flow flattening)	critical	10.0	1	Ransomware
1745	CVE-2025-7027	critical	10.0	1	Firmware Vulnerability
1746	CVE-2023-MoveIt (Critical File Transfer Vulnerability)	critical	10.0	1	Ransomware
1747	Mutable version tags	critical	10.0	1	Supply Chain Attack, Extortion Campaign
1748	CVE-2024-55591 (FortiOS/FortiProxy Race Condition Authentication Bypass)	critical	10.0	1	Unauthorized Access
1749	Trust in Employee	critical	10.0	1	Insider Threat
1750	Tool disparities	critical	10.0	1	Ransomware Prediction
1751	Policy Non-Compliance	critical	10.0	1	Data Breach (Alleged)
1752	Vulnerabilities in Change Healthcare’s IT infrastructure	critical	10.0	1	Ransomware
1753	Insecure Remote Work Tools	critical	10.0	1	Data Breach (General Discussion)
1754	Reused Apple ID logins	critical	10.0	1	Data Breach, Phishing
1755	Critical RCE flaw in Apache Tomcat	critical	10.0	1	Remote Code Execution (RCE)
1756	Improper Access Controls (Shared Credentials)	critical	10.0	1	Cybersecurity Vulnerability Exposure
1757	unsecured AWS memory dump	critical	10.0	1	ransomware
1758	Content-Type confusion flaw in n8n's webhook and file handling mechanism (CVE-2026-21858)	critical	10.0	1	Remote Code Execution (RCE)
1759	Immutable Log Gaps in AI Pipelines	critical	10.0	1	Data Breach (AI Models/Applications)
1760	Unrestricted Remote Access ('Always-On' Feature)	critical	10.0	1	Data Breach
1761	CVE-2025-0289 in BioNTdrv.sys driver	critical	10.0	1	Ransomware
1762	Legacy system integration vulnerabilities during platform consolidation	critical	10.0	1	Ransomware Attack
1763	Inadequate cybersecurity frameworks for space-based infrastructure	critical	10.0	1	Cyber-Physical Threat
1764	SHA-1	critical	10.0	1	Data Breach
1765	Inadequate Risk Management Exercises	critical	10.0	1	Data Breach
1766	Software Infrastructure Vulnerability	critical	10.0	1	Ransomware Attack
1767	OpenClaw WebSocket-based AI agent framework vulnerability	critical	10.0	1	Zero-Click Exploit
1768	Zero-day flaw in Oracle E-Business Suite	critical	10.0	1	Data Breach
1769	Lack of IT Oversight	critical	10.0	1	Unauthorized AI Deployment
1770	CVE-2025-1727	critical	10.0	1	Vulnerability Exploitation
1771	CVE-2025-21042 (Samsung Android image processing library)	critical	10.0	1	spyware
1772	CVE-2025-55125	critical	10.0	1	Vulnerability Exploitation
1773	Exposed Secrets in GitHub Repository	critical	10.0	1	Data Breach
1774	Insufficient Employee Training on Vishing	critical	10.0	1	Data Breach
1775	CVE-2026-25084	critical	10.0	1	Vulnerability Exploitation
1776	Unsecured BIM/cloud platforms	critical	10.0	1	Ransomware
1777	CVE-2026-22898 (Missing authentication check in QVR Pro)	critical	10.0	1	Vulnerability Exploitation
1778	inadequate data loss prevention controls	critical	10.0	1	ransomware
1779	Weak Security Controls at Third-Party Contractor	critical	10.0	1	Data Breach
1780	human vulnerabilities (vishing, native-language social engineering)	critical	10.0	1	ransomware
1781	161 distinct CVEs in H1 2025 (up from 136 in H1 2024)	critical	10.0	1	Vulnerability Exploitation
1782	Weaknesses in satellite-ground station security	critical	10.0	1	Cyber-Physical Threat
1783	CVE-2017-9805 (Apache Struts)	critical	10.0	1	cyberespionage
1784	Well-known attack vector (unspecified)	critical	10.0	1	Data Breach
1785	Previously Patched Vulnerabilities (Exploited Post-Patch)	critical	10.0	1	Data Breach
1786	Lack of Cybersecurity Protocols	critical	10.0	1	Cybercrime
1787	unpatched Veeam backup servers	critical	10.0	1	ransomware
1788	Weaknesses in maritime navigation security protocols	critical	10.0	1	GPS spoofing
1789	remote access security	critical	10.0	1	Ransomware
1790	Insufficient Contractual Safeguards	critical	10.0	1	Third-Party Breach
1791	Microsoft products (17% of exploitations)	critical	10.0	1	Vulnerability Exploitation
1792	Outdated EnCase driver (EnPortv.sys) with revoked certificate, Windows signature validation loophole for pre-2015 certificates	critical	10.0	1	BYOVD (Bring Your Own Vulnerable Driver)
1793	Data susceptible to interception or misuse during cloud processing	critical	10.0	1	Privacy Breach
1794	CVE-2022-42475	critical	10.0	1	Advanced Persistent Threat (APT)
1795	Fragmented Security Posture (On-Premises vs. Cloud Visibility Gaps)	critical	10.0	1	Data Breach
1796	Lack of End-to-End Email Encryption	critical	10.0	1	Data Breach
1797	Unlimited token allowances	critical	10.0	1	Security Breach
1798	Weak perimeter defenses, inadequate network segmentation	critical	10.0	1	Ransomware
1799	Lack of BCC usage in group emails	critical	10.0	1	Data Breach
1800	Lack of adequate detection and response capabilities for drone threats	critical	10.0	1	Physical Security Threat
1801	Adversarial AI Tactics Against Defensive Models (ENISA 2025)	critical	10.0	1	Cyber-Physical Attack
1802	Undocumented WordPress Installation	critical	10.0	1	Data Breach
1803	accidental exposure of regional blacklist data	critical	10.0	1	data breach
1804	CVE-2025-14847	critical	10.0	1	Vulnerability Disclosure
1805	Weakened power grid infrastructure	critical	10.0	1	Cyberattack
1806	lack of continuous verification	critical	10.0	1	phishing
1807	Human Trust Vulnerability	critical	10.0	1	Data Breach
1808	Outdated versions of Windows	critical	10.0	1	Data Breach, Ransomware
1809	Unauthorized access to cloud servers	critical	10.0	1	Data Breach
1810	Poor OAuth Protections	critical	10.0	1	Data Breach
1811	CVE-2025-20393	critical	10.0	1	Cyberattack
1812	Default password in Unitronics programmable logic controllers (PLCs)	critical	10.0	1	Cyberattack
1813	REST API endpoints	critical	10.0	1	Data Breach
1814	hijacked_maintainer_account	critical	10.0	1	ransomware
1815	Remote Code Execution (RCE) in AhsayCBS backup system	critical	10.0	1	Remote Code Execution
1816	insufficient user education on phishing/social engineering	critical	10.0	1	cyber espionage
1817	Unrotated Factory-Default Logins	critical	10.0	1	Cyber Espionage
1818	Server Crash	critical	10.0	1	Vulnerability Exploitation
1819	CVE-2025-27816	critical	10.0	1	Vulnerability Exploitation
1820	Improper escaping of LangChain’s internal marker key during serialization	critical	10.0	1	Serialization/Deserialization Injection
1821	Employee downloaded malware from untrusted source	critical	10.0	1	Ransomware Attack
1822	Poor Access Controls for Sensitive Data	critical	10.0	1	Data Breach
1823	Human Trust, Lack of Investment Verification	critical	10.0	1	Investment Scam, Money Laundering, Cryptocurrency Fraud
1824	Roundcube webmail XSS vulnerability, twofactorgauthenticator plugin misconfiguration	critical	10.0	1	Cyberespionage
1825	CVE-2024-12356	critical	10.0	1	Breach
1826	Lack of Timely Detection (6-month delay)	critical	10.0	1	Supply Chain Attack
1827	Overprivileged service accounts	critical	10.0	1	Ransomware
1828	custom network architectures in CERs	critical	10.0	1	supply chain attack
1829	CVE-2017-7921 (Hikvision - authentication bypass)	critical	10.0	1	Cyber Espionage, Reconnaissance
1830	Driver Vulnerability (eskle.sys for Anti-AV Bypass)	critical	10.0	1	Social Engineering
1831	CVE-2026-27689 (DoS in SAP Supply Chain Management)	critical	10.0	1	Remote Code Execution (RCE)
1832	Fragmented accountability among OEMs, MNOs, and satellite operators	critical	10.0	1	Cyber-Physical Threat
1833	CVE-2023-28252 (Cisco)	critical	10.0	1	ransomware
1834	Manual Redaction Errors	critical	10.0	1	Data Leak
1835	Inadequate security controls in femtocell management system, disabled end-to-end encryption	critical	10.0	1	Malware
1836	cloud security misconfigurations	critical	10.0	1	cyber espionage
1837	Compromised digital certificate, trusted update infrastructure	critical	10.0	1	Supply Chain Attack
1838	Employee Theft	critical	10.0	1	Data Breach
1839	Exposed long-term IAM user credentials, Lambda function code injection	critical	10.0	1	Cloud Breach
1840	Absence of MFA on Congruity’s virtual machines	critical	10.0	1	Ransomware
1841	CVE-2024-50603	critical	10.0	1	Cryptojacking and Backdoor Exploitation
1842	CVE-2025-9491 (Windows Shortcut (LNK) file user interface misinterpretation)	critical	10.0	1	Remote Code Execution
1843	Saved Credentials in Browsers/Email Clients	critical	10.0	1	Account Compromise
1844	Impersonation of a colleague	critical	10.0	1	Cyberattack
1845	CVE-2026-25108 (OS command injection)	critical	10.0	1	Vulnerability Exploitation
1846	Weak Authentication (e.g., VPN Passwords)	critical	10.0	1	Cyber Espionage
1847	Poor Access Management	critical	10.0	1	Data Breach
1848	Lack of HIPAA-compliant risk analysis	critical	10.0	1	Ransomware
1849	At least 20 exploited vulnerabilities	critical	10.0	1	Data Breach, Cyberattack, AI-Enabled Attack
1850	Lack of backup systems	critical	10.0	1	Ransomware
1851	Known vulnerability in database software	critical	10.0	1	Data Breach
1852	Mobile carrier verification processes, SMS-based authentication	critical	10.0	1	SIM Swap Attack
1853	Unprotected Fax Server	critical	10.0	1	Data Breach
1854	Kernel driver update	critical	10.0	1	Software Malfunction
1855	Fortinet FortiGate appliances	critical	10.0	1	AI-driven cyberattack tool
1856	CVE-2025-25012	critical	10.0	1	Vulnerability Exploit
1857	Open Amazon S3 bucket	critical	10.0	1	Data Breach
1858	Lapse of CISA 2015 liability protections	critical	10.0	1	Policy/Regulatory Failure
1859	Slow Detection Capabilities	critical	10.0	1	Data Breach
1860	Poorly Secured OT Systems (e.g., MV Dali electrical blackout)	critical	10.0	1	Ransomware
1861	Authenticated Reflected XSS	critical	10.0	1	Vulnerability Exploitation
1862	Publicly exposed Ollama AI servers without authentication or monitoring	critical	10.0	1	Remote Code Execution (RCE)
1863	Weakness in `url_safe` feature (Bing.com tracking link evasion)	critical	10.0	1	Vulnerability Exploitation
1864	CVE-2019-5786 (Google Chrome FileReader)	critical	10.0	1	Memory Corruption Vulnerability
1865	Disconnected IAM Systems	critical	10.0	1	Predictive Analysis
1866	Juniper Networks routers	critical	10.0	1	Cyberespionage
1867	CVE-2025-2492	critical	10.0	1	botnet
1868	zero-day vulnerabilities in PDF readers	critical	10.0	1	ransomware
1869	CVE-2025-46811	critical	10.0	1	Vulnerability Exploitation
1870	VIB Acceptance Level Tampering	critical	10.0	1	Ransomware Prevention Guide
1871	weak insider threat detection	critical	10.0	1	data breach
1872	Technical error (premature website publication)	critical	10.0	1	Data Leak / Unauthorized Disclosure
1873	Full Disk Access Exploitation	critical	10.0	1	AI Cybersecurity Risk
1874	Weak governance mechanisms	critical	10.0	1	DeFi Exploit
1875	Lack of 'Two Pairs of Eyes' Review (Pre-November 2021)	critical	10.0	1	Data Breach
1876	CVE-2025-47167 (Windows KDC Proxy Service Use-After-Free)	critical	10.0	1	Patch Release
1877	Enabled dangerous features (xp_cmdshell, CLR, OLE Automation)	critical	10.0	1	Ransomware
1878	CVE-2026-34197	critical	10.0	1	Remote Code Execution (RCE)
1879	WinRAR RCE	critical	10.0	1	Cybercrime Forum Seizure
1880	Shared Responsibility Model Gaps in Cloud Security	critical	10.0	1	Predictive Analysis
1881	CVE-2026-27944	critical	10.0	1	Vulnerability Exploitation
1882	Visual Redaction Without Data Removal	critical	10.0	1	Data Leak
1883	Inadequate safeguards for sensitive data	critical	10.0	1	Data Breach
1884	Trivy	critical	10.0	1	Ransomware
1885	CVE-2024-3721	critical	10.0	1	Malware
1886	Accessibility Services Permission, Device Admin Permission	critical	10.0	1	Malware (Ransomware-like)
1887	CVE-2026-20127	critical	10.0	1	Authentication Bypass
1888	Critical vulnerabilities, unpatched systems, dark web credentials	critical	10.0	1	Supply Chain Attack
1889	Weak Supplier Security Controls	critical	10.0	1	Ransomware
1890	Design Flaw in 'SAVE' Feature	critical	10.0	1	Data Leak
1891	Apache Log4j vulnerability	critical	10.0	1	Cyberattack (Reconnaissance Campaign)
1892	Poor visibility in cloud/hybrid environments	critical	10.0	1	Ransomware
1893	insecure use of pull_request_target in GitHub Actions	critical	10.0	1	supply chain attack
1894	CVE-2017-12637	critical	10.0	1	Vulnerability Exploitation
1895	Google Play Store Security	critical	10.0	1	Malware
1896	Publicly Indexed 'Recent Links' Pages	critical	10.0	1	Data Leak
1897	Misconfigured AWS Bucket	critical	10.0	1	Data Exposure
1898	CVE-2021-36380	critical	10.0	1	Cyber Attack
1899	Lack of cybersecurity investment	critical	10.0	1	Cyberattack
1900	lack of managed GenAI tools	critical	10.0	1	ransomware
1901	CVE-2023-41346	critical	10.0	1	botnet
1902	Shallow Depth of Baltic Sea (Ease of Anchor Damage)	critical	10.0	1	Physical Sabotage
1903	blind spots in network visibility	critical	10.0	1	ransomware
1904	Fragmented security in third-party hardware	critical	10.0	1	Privacy Breach
1905	CVE-2026-29000	critical	10.0	1	Authentication Bypass
1906	Delayed Breach Detection (avg. 276 days per IBM 2025 report)	critical	10.0	1	Supply Chain Attack
1907	Unsecured MSSQL Database	critical	10.0	1	Data Breach
1908	No Backup Strategy	critical	10.0	1	Ransomware
1909	CVE-2019-7192	critical	10.0	1	Cyber Intrusion
1910	ManageSieve misconfigurations	critical	10.0	1	Cyber Espionage
1911	Weak Password in Remote-Control System	critical	10.0	1	Cyberattack
1912	CVE-2021-44228 (Log4j)	critical	10.0	1	cyberespionage
1913	Insider Threat, Social Engineering	critical	10.0	1	Espionage, Data Breach
1914	Unauthorized Cloud Storage	critical	10.0	1	Data Breach (Alleged)
1915	OpenSSL flaws	critical	10.0	1	Ransomware
1916	Misconfigurations in operational technology (OT) systems	critical	10.0	1	Exposure of Critical Infrastructure
1917	CVE-2026-1490 (Authorization Bypass via Reverse DNS Spoofing)	critical	10.0	1	Vulnerability Exploitation
1918	Insufficient Backup Protocols	critical	10.0	1	Ransomware
1919	Information Disclosure Vulnerability	critical	10.0	1	Information Disclosure
1920	Lack of modern defenses	critical	10.0	1	GPS spoofing
1921	understaffed municipal services	critical	10.0	1	physical security breach
1922	Protection relays	critical	10.0	1	Cyber Sabotage
1923	Unmanaged machine identities	critical	10.0	1	Ransomware
1924	outdated web forms	critical	10.0	1	ransomware
1925	Unauthorized system access via help desk	critical	10.0	1	Ransomware
1926	Zero-day vulnerability in Oracle E-Business Suite (advisory issued 2025-10-04)	critical	10.0	1	Data Breach
1927	Lack of Secure Boot/Trust Anchor in ASA 5500-X Series	critical	10.0	1	Zero-day exploitation
1928	Unspecified vulnerability in third-party call center platform (linked to Salesforce customer management instances)	critical	10.0	1	Data Breach
1929	IoT Device Vulnerabilities	critical	10.0	1	Cybercrime
1930	Improper Public Access Configuration	critical	10.0	1	Data Exposure
1931	CVE-2025-10035 (Critical vulnerability in Fortra's GoAnywhere MFT)	critical	10.0	1	Ransomware
1932	Unpatched bugs in internet-connected cameras	critical	10.0	1	Espionage
1933	CVE-2024-20353	critical	10.0	1	Zero-Day Exploit
1934	Microsoft Entra ID Enterprise Applications (mail.read, full_access_as_app scopes)	critical	10.0	1	Espionage
1935	Stolen Credentials (Infostealer Malware)	critical	10.0	1	Supply Chain Attack
1936	CVE-2025-23319	critical	10.0	1	Vulnerability Exploitation
1937	Cisco VPN vulnerabilities	critical	10.0	1	Cybercrime Forum Seizure
1938	Previously unknown RCE vulnerability in Max Messenger’s media processing engine, existing since the beta phase in early 2025	critical	10.0	1	Data Breach
1939	Absence of Multi-Factor Authentication (MFA)	critical	10.0	1	Ransomware
1940	Insufficient endpoint detection and response (EDR)	critical	10.0	1	Ransomware
1941	CVE-2020-12812	critical	10.0	1	Ransomware
1942	Non-password-protected database	critical	10.0	1	Data Breach
1943	Improper Pointer Nullification	critical	10.0	1	Memory Corruption Vulnerability
1944	Over-the-Air Broadcast Without Protection	critical	10.0	1	Data Interception
1945	Improper Whitelisting of Microsoft CDB	critical	10.0	1	APT (Advanced Persistent Threat)
1946	CVE-2023-22527	critical	10.0	1	Cryptomining Campaign
1947	Unpatched Software Vulnerabilities	critical	10.0	1	Malware
1948	Internet-facing edge devices (40% targeted by China-nexus actors)	critical	10.0	1	AI-driven cyber threats
1949	Lack of IP restrictions	critical	10.0	1	Data Breach
1950	Exposed VPN concentrators	critical	10.0	1	Destructive Cyberattack
1951	Third-Party Repository Access	critical	10.0	1	AI Cybersecurity Risk
1952	Systemic weaknesses in government cybersecurity	critical	10.0	1	Unauthorized Access
1953	Lack of Browser-Specific Security Controls	critical	10.0	1	Browser-Based Attack
1954	Lack of real-time threat-sharing incentives	critical	10.0	1	Policy/Regulatory Failure
1955	OAuth Token Theft	critical	10.0	1	Data Breach
1956	human error (weakness in operational security)	critical	10.0	1	cyber theft
1957	Fragmented security standards across subcontractors	critical	10.0	1	Ransomware
1958	Internet-facing OT devices, project files in PLCs	critical	10.0	1	Cyberattack
1959	Unencrypted AI Training Datasets/Model Checkpoints	critical	10.0	1	Data Breach (AI Models/Applications)
1960	CVE-2025-49154	critical	10.0	1	Vulnerability Exploitation
1961	CVE-2025-25181	critical	10.0	1	Security Breach
1962	Insufficient regex anchoring in AWS CodeBuild webhook filters	critical	10.0	1	Supply Chain Attack
1963	CVE-2026-22844 (Command Injection)	critical	10.0	1	Vulnerability Exploitation
1964	CVE-2023-46805 (Ivanti Connect Secure/Policy Secure)	critical	10.0	1	Ransomware
1965	Weaknesses and biases in AI models	critical	10.0	1	Red-Teaming Event
1966	Zero-Day in Oracle E-Business Suite	critical	10.0	1	Data Breach
1967	Misconfiguration of the project’s main smart contract	critical	10.0	1	Cryptocurrency Heist
1968	Outdated IT Systems	critical	10.0	1	Cybercrime
1969	Arbitrary Code Execution	critical	10.0	1	Vulnerability Exploitation
1970	Google Docs	critical	10.0	1	Data Leak
1971	network security issues	critical	10.0	1	third-party breach
1972	CVE-2025-30333	critical	10.0	1	Data Breach, Persistent Malware, Unauthorized Access
1973	Azure Data Factory service certificate vulnerability	critical	10.0	1	Security Flaw
1974	SonicWall	critical	10.0	1	Supply Chain Attack
1975	CVE-2021-26828	critical	10.0	1	Remote Code Execution (RCE)
1976	Excessive agent authority	critical	10.0	1	AI-driven breach
1977	Security flaw in MOVEit software	critical	10.0	1	Data Breach
1978	Unsecured Infrastructure Controls	critical	10.0	1	Cyber Attack
1979	Lack of IT/OT Security Maturity (65% misalignment with NIST CSF 2.0)	critical	10.0	1	Cyber-Physical Attack
1980	inconsistent security standards across geographies	critical	10.0	1	supply chain attack
1981	CVE-2025-27363	critical	10.0	1	Vulnerability Exploitation
1982	poor segmentation of payment systems	critical	10.0	1	ransomware
1983	Lack of physical security for sensitive data display	critical	10.0	1	Data Breach
1984	CVE-2025-64446	critical	10.0	1	Ransomware
1985	PROMISQROUTE (Prompt-based Router Open-Mode Manipulation Induced via SSRF-like Queries, Reconfiguring Operations Using Trust Evasion)	critical	10.0	1	AI System Vulnerability
1986	CVE-2026-33825 (CVSS 7.8, High)	critical	10.0	1	Zero-Day Vulnerability
1987	23 exploits across five attack chains (iOS 13-17.2.1)	critical	10.0	1	Espionage
1988	Weak or default credentials ('Password123', 'Austal123') purchased on the dark web	critical	10.0	1	ransomware
1989	CVE-2025-68613	critical	10.0	1	Botnet Campaign
1990	CVE-2025-10035	critical	10.0	1	Ransomware Attack
1991	Potential vulnerabilities in NSCC’s infrastructure, outdated 2020 admin manual for HPC3 supercomputer cluster	critical	10.0	1	Data Breach
1992	Volume Shadow Copy Service	critical	10.0	1	Ransomware
1993	AI's inability to recognize malicious intent in fragmented tasks	critical	10.0	1	cyberespionage
1994	React2Shell (CVE-2025-55182)	critical	10.0	1	Remote Code Execution (RCE)
1995	Stale IAM Accounts in AI Environments	critical	10.0	1	Data Breach (AI Models/Applications)
1996	Alleged zero-day vulnerability in MyBB or misconfiguration	critical	10.0	1	Data Breach
1997	Improper data classification procedures	critical	10.0	1	Data Breach
1998	CVE-2025-53770 (ToolShell SharePoint Flaw)	critical	10.0	1	Cyber Espionage
1999	prolonged lapses in security oversight	critical	10.0	1	data breach
2000	Unpatched Software in Data Centers	critical	10.0	1	Cyber Espionage
2001	CVE-2026-3502 (Download of Code Without Integrity Check - CWE-494)	critical	10.0	1	Vulnerability Exploitation
2002	Funding Pressures in State Schools	critical	10.0	1	Data Breach
2003	Compromised LiteLLM library	critical	10.0	1	Supply Chain Attack
2004	Insecure Default Settings	critical	10.0	1	Vulnerability Exploitation
2005	CVE-2025-27920 (directory traversal in Output Messenger)	critical	10.0	1	cyberespionage
2006	Excessive Privileges (God-level access)	critical	10.0	1	Data Breach
2007	Decentralized App Ecosystem (Shadow IT, Unmanaged SaaS)	critical	10.0	1	Browser-Based Attack
2008	Lack of multifactor authentication (MFA) on administrator accounts	critical	10.0	1	Data Breach
2009	abuse of legitimate code-signing certificates	critical	10.0	1	ransomware
2010	Authentication keys	critical	10.0	1	Cyberattack
2011	Weak DNS Security Extensions (DNSSEC) Implementation	critical	10.0	1	Domain Hijacking
2012	Geopolitical Tensions (NATO Expansion, Ukraine War)	critical	10.0	1	Physical Sabotage
2013	Ivanti Endpoint Manager Mobile	critical	10.0	1	Vulnerability Exploitation
2014	limited financial resources for cybersecurity investments	critical	10.0	1	ransomware
2015	excessive email/mailbox permissions (shared read access)	critical	10.0	1	cyberespionage
2016	Improper Credential Management	critical	10.0	1	Supply Chain Attack
2017	Poor Access Controls (Lack of Tiered Admin Account Model)	critical	10.0	1	Data Breach
2018	CVE-2025-7028	critical	10.0	1	Firmware Vulnerability
2019	Excessive Privileges in Connected Applications	critical	10.0	1	Data Breach
2020	Lack of Multi-Factor Authentication (2FA) Enforcement	critical	10.0	1	Data Breach
2021	Insecure systems	critical	10.0	1	Ransomware Attack
2022	End-of-Life (EoL) Hardware with No Security Updates	critical	10.0	1	Cyber Espionage
2023	Weak data protections	critical	10.0	1	Data Breach
2024	Zero-day vulnerabilities in cloud infrastructure/SaaS platforms	critical	10.0	1	Cybercriminal Alliance Formation
2025	Misconfigured or stolen OAuth tokens, insufficient monitoring of API access logs	critical	10.0	1	Supply Chain Attack
2026	Insufficient Workforce Training (phishing/social engineering)	critical	10.0	1	Ransomware
2027	Outdated encryption, weak cryptographic practices, poor key management	critical	10.0	1	Cyber Threat Warning
2028	CVE-2025-55182 (CVSS 9.8)	critical	10.0	1	Vulnerability Exploitation
2029	Lack of Robust Backup Systems	critical	10.0	1	Supply Chain Attack
2030	Unclear Accountability Frameworks	critical	10.0	1	Data Privacy Violation
2031	CVE-2020-12641	critical	10.0	1	Cyberespionage
2032	Race Conditions in Object Destruction	critical	10.0	1	Memory Corruption Vulnerability
2033	CVE-2024-57968	critical	10.0	1	Security Breach
2034	Unlocked AWS S3 bucket	critical	10.0	1	Data Breach
2035	Vulnerability in data exchange platform	critical	10.0	1	Data Breach
2036	Inadequate Sandboxing for AI/ML Environments	critical	10.0	1	Supply Chain Attack
2037	Compromised Polyfill.io service	critical	10.0	1	Supply Chain Attack
2038	Lack of MFA on FortiGate VPN devices	critical	10.0	1	Destructive Cyberattack
2039	Internal mechanism for helping password-forgetting users reclaim their accounts	critical	10.0	1	Data Privacy Breach
2040	GPS signal weakness	critical	10.0	1	spoofing
2041	Oracle E-Business Suite (EBS) exploit (unspecified)	critical	10.0	1	potential data breach
2042	emotional manipulation	critical	10.0	1	phishing
2043	CVE-2026-20093	critical	10.0	1	Authentication Bypass
2044	SAP Netweaver (specific details undisclosed)	critical	10.0	1	Cyberattack
2045	Improper input validation in Gogs codebase	critical	10.0	1	Zero-Day Exploitation
2046	ProxyLogon (Microsoft Exchange)	critical	10.0	1	cyberespionage
2047	CVE-2025-55182 (CVSS 10.0)	critical	10.0	1	worm-driven campaign
2048	Interception and editing of RF signals	critical	10.0	1	Vulnerability
2049	Unknown vulnerability in the company's network	critical	10.0	1	Data Breach
2050	CVE-2025-10035 (Critical, CVSS 10.0) - Deserialization in License Servlet of GoAnywhere MFT	critical	10.0	1	Vulnerability Exploitation
2051	RedSun	critical	10.0	1	Zero-Day Exploitation
2052	Overly permissive IAM policies	critical	10.0	1	Supply-Chain Attack
2053	lack_of_verified_security_controls	critical	10.0	1	data_at_risk
2054	Improper oversight and mismanagement of data protection protocols	critical	10.0	1	Data Breach
2055	Loose Sharing Permissions	critical	10.0	1	Data Breach Risk
2056	CVE-2025-53771 (Path Traversal)	critical	10.0	1	Cyber Espionage
2057	Malfunction at AWS data center (likely a configuration error)	critical	10.0	1	Service Disruption
2058	Microsoft Outlook vulnerability	critical	10.0	1	Data Breach
2059	Weak Access Controls (e.g., AWS Misconfigurations)	critical	10.0	1	Unauthorized AI Deployment
2060	Flaw in smart contract calls	critical	10.0	1	DeFi Exploit
2061	Outdated Operating Systems/Applications	critical	10.0	1	Malware
2062	Oracle’s E-Business Suite flaw	critical	10.0	1	Ransomware Attack
2063	Unburied or Lightly Buried Cables in Steep Terrain	critical	10.0	1	Physical Sabotage
2064	Misconfigured cloud infrastructure	critical	10.0	1	Cloud Exploitation Campaign
2065	Unpatched Domain Controllers (Privilege Escalation Flaw, April 2025)	critical	10.0	1	Data Breach
2066	Unauthorized access to video lessons	critical	10.0	1	Data Breach
2067	Confluence Server Zero-Day Vulnerability	critical	10.0	1	Zero-Day Exploit
2068	Remote Work Security Blind Spots	critical	10.0	1	Cybercrime
2069	Dual-use technology misuse	critical	10.0	1	Policy Violation and Dual-Use Technology Misuse
2070	Insufficient Real-Time Monitoring	critical	10.0	1	Insider Threat
2071	Router vulnerabilities	critical	10.0	1	Cyber Espionage
2072	Cultural Gap Between IT/OT Teams	critical	10.0	1	Cyber-Physical Attack
2073	CrushFTP	critical	10.0	1	Ransomware
2074	unchanged default passwords in VSAT terminals	critical	10.0	1	cyberattack
2075	Windows kernel vulnerabilities	critical	10.0	1	Data Exfiltration, Ransomware, Extortion
2076	CVE-2026-21902	critical	10.0	1	Vulnerability Exploitation
2077	Lack of Third-Party Supplier Accountability	critical	10.0	1	Cybersecurity Vulnerability Assessment
2078	Unpatched vulnerability in appointment system software	critical	10.0	1	Data Breach
2079	Compromised Vendor Credentials	critical	10.0	1	Phishing, Malware Distribution
2080	Type Confusion via Memory Reuse	critical	10.0	1	Memory Corruption Vulnerability
2081	Absence of Subresource Integrity (SRI) checks	critical	10.0	1	Data Breach
2082	Compromised Passwords	critical	10.0	1	Data Breach
2083	Weak Data Integrity Checks	critical	10.0	1	Supply Chain Attack
2084	Third-Party Integration Vulnerabilities (Salesforce-connected apps)	critical	10.0	1	Data Breach
2085	Unpatched IoT/OT Systems	critical	10.0	1	EDR/XDR Evasion
2086	Exposed API endpoints returning call metadata/recordings without authentication	critical	10.0	1	Data Breach
2087	Poor Spam Filtering	critical	10.0	1	Ransomware
2088	CVE-2023-6895 (Hikvision - OS command injection)	critical	10.0	1	Cyber Espionage, Reconnaissance
2089	Lateral Movement from Contractor to MoD Systems	critical	10.0	1	Data Breach
2090	Classified information mishandling	critical	10.0	1	Cyber Attack, Data Leak
2091	Unencrypted Linux Partition in Dual-Boot Configuration	critical	10.0	1	Vulnerability Exploitation
2092	CVE-2023-20269 (Cisco)	critical	10.0	1	ransomware
2093	Malware in plug-ins	critical	10.0	1	Data Privacy and Cybersecurity Advisory
2094	Trello	critical	10.0	1	Data Leak
2095	OWASSRF	critical	10.0	1	Ransomware Attack
2096	Embedded Credentials in BIG-IP	critical	10.0	1	Supply Chain Attack
2097	Memory Leak	critical	10.0	1	Vulnerability Exploitation
2098	Endpoint Detection Gaps (EDR Limitations)	critical	10.0	1	Social Engineering
2099	Inadequate validation of `gatewayUrl` parameter in ClawDBot Control UI (GHSA-g8p2-7wf7-98mq)	critical	10.0	1	Authentication Bypass, Remote Code Execution (RCE)
2100	Unpatched Software (50% of CVEs in last 5 years)	critical	10.0	1	Ransomware
2101	Legacy Firewall Deployments (single point of failure for ecosystems)	critical	10.0	1	Predictive Analysis
2102	Insufficient Privileged Access Controls (e.g., standing admin roles)	critical	10.0	1	Social Engineering
2103	MFA bypass techniques	critical	10.0	1	phishing
2104	Cloud storage platform	critical	10.0	1	Data Breach
2105	supply chain trust abuse	critical	10.0	1	supply chain attack
2106	Supply Chain Weakness	critical	10.0	1	Supply Chain Attack
2107	Outdated Security Software	critical	10.0	1	Awareness Campaign
2108	End-of-support (EoS) devices (ASA 5500-X Series)	critical	10.0	1	Zero-day exploitation
2109	Delayed Incident Notification	critical	10.0	1	Cybersecurity Incident
2110	Lack of Cybersecurity Preparedness	critical	10.0	1	Ransomware Attack
2111	Virtual Office portal public access	critical	10.0	1	ransomware
2112	Minimal/No Authentication	critical	10.0	1	Exposure of Vulnerable Systems
2113	Unmonitored ESXCLI Command Usage	critical	10.0	1	Ransomware Prevention Guide
2114	Aging hardware	critical	10.0	1	Hardware Malfunction
2115	CVE-2026-0755 (ZDI-26-021, ZDI-CAN-27783)	critical	10.0	1	Zero-Day Vulnerability
2116	third-party ecosystem vulnerabilities	critical	10.0	1	ransomware
2117	CVE-2025-47164 (Microsoft Office Use-After-Free)	critical	10.0	1	Patch Release
2118	CVE-2026-29058 (CWE-78: Improper Neutralization of Special Elements)	critical	10.0	1	Remote Code Execution (RCE)
2119	unpatched or misconfigured endpoints	critical	10.0	1	ransomware
2120	Undisclosed vulnerabilities in F5 BIG-IP (actively patched but stolen pre-disclosure)	critical	10.0	1	Supply Chain Compromise
2121	CVE-2025-32713 (Windows Common Log File System Driver EoP)	critical	10.0	1	Patch Release
2122	CVE-2024-43468	critical	10.0	1	SQL Injection
2123	CVE-2025-20333	critical	10.0	1	Vulnerability Exploitation
2124	Lack of OT Asset Management	critical	10.0	1	Ransomware
2125	lack of cyber-physical resilience in maritime navigation systems	critical	10.0	1	cyber deception
2126	CVE-2025-61882 (Critical, CVSS 9.8)	critical	10.0	1	Ransomware
2127	Inadequate backup testing policy	critical	10.0	1	Policy Deficiency
2128	Weak VPN authentication	critical	10.0	1	Data Breach
2129	LogoFAIL flaws (CVE-2023-40238)	critical	10.0	1	UEFI Bootkit
2130	Disabled HMAC Authentication	critical	10.0	1	Vulnerability Disclosure
2131	CVE-2025-47577	critical	10.0	1	Software Vulnerability
2132	CVE-2024-3721 (TBK DVRs)	critical	10.0	1	Botnet / DDoS Campaign
2133	OAuth Token Misconfiguration	critical	10.0	1	Data Breach
2134	Lack of validation check in ReceiverAxelar contract	critical	10.0	1	Smart Contract Exploit
2135	Unspecified Adobe ColdFusion Vulnerabilities	critical	10.0	1	Cyber Espionage
2136	Lack of Granular Network Segmentation	critical	10.0	1	EDR/XDR Evasion
2137	Unpatched Adobe Reader zero-day vulnerability	critical	10.0	1	Zero-Day Exploit
2138	DNS infrastructure	critical	10.0	1	Cyberattack
2139	EternalBlue	critical	10.0	1	Ransomware
2140	Identity and Access Control Weaknesses	critical	10.0	1	Data Breach
2141	Unpatched linked servers	critical	10.0	1	Ransomware
2142	CVE-2025-26512	critical	10.0	1	Privilege Escalation
2143	inadequate security of payment systems	critical	10.0	1	data breach
2144	Funding constraints	critical	10.0	1	Data Breach
2145	Unspecified CVEs identified via Shodan/Censys scans	critical	10.0	1	Research Study
2146	Inadequate Backup Protection	critical	10.0	1	Ransomware Attack
2147	Employee Use of Unvetted AI Tools	critical	10.0	1	Unauthorized AI Deployment
2148	Shor's Algorithm (theoretical)	critical	10.0	1	Emerging Threat
2149	Software Bug in MCP Server	critical	10.0	1	Data Exposure
2150	CVE-2025-10725 (CVSS 9.9)	critical	10.0	1	Privilege Escalation / Vulnerability Exploitation
2151	Cybersecurity vulnerabilities in Hikvision products	critical	10.0	1	Ransomware
2152	Lack of Automated PII Detection	critical	10.0	1	Data Leak
2153	CVE-2024-8300	critical	10.0	1	Vulnerabilities in SCADA Systems
2154	Disabled Logging	critical	10.0	1	Data Exposure
2155	CVE-2023-38831	critical	10.0	1	Cyberespionage
2156	CVE-2026-1492 (Privilege Management Flaw in User Registration & Membership Plugin)	critical	10.0	1	Privilege Escalation
2157	Unpatched Systems (Historical)	critical	10.0	1	Data Breach
2158	MOVEit software	critical	10.0	1	Data Breach
2159	Improper access control in WDS (CVE-2026-0386)	critical	10.0	1	Remote Code Execution (RCE)
2160	third-party services and integrations	critical	10.0	1	ransomware
2161	third-party cybersecurity dependencies	critical	10.0	1	cyberattack
2162	Default Pre-Shared Keys	critical	10.0	1	Vulnerability Disclosure
2163	Inadequate Training	critical	10.0	1	Data Breach
2164	Architectural weakness in LLM input processing and trust boundaries	critical	10.0	1	Zero-Click Remote Code Execution (RCE)
2165	Human Error (Credential Sharing/System Access Granted via Deception)	critical	10.0	1	Data Breach
2166	CVE-2025-8110 (Path traversal in PutContents API via symbolic links)	critical	10.0	1	Remote Code Execution (RCE)
2167	Unsecured Network Servers	critical	10.0	1	Cybersecurity Incident
2168	Insufficient Network Segmentation (implied)	critical	10.0	1	Ransomware Attack
2169	Security Vulnerabilities in Verizon’s Web site	critical	10.0	1	Data Breach
2170	Remote code execution vulnerability in SharePoint’s authentication mechanism	critical	10.0	1	Cyberattack
2171	Neterbit routers	critical	10.0	1	DDoS Attack
2172	Undetected network vulnerability	critical	10.0	1	Data Breach
2173	Oracle Cloud Infrastructure Flaw (from March 2025 breach)	critical	10.0	1	Data Breach
2174	Technical Security Configuration Issue	critical	10.0	1	Data Breach
2175	CVE-2025-5777 (CitrixBleed2)	critical	10.0	1	ransomware
2176	zero-day vulnerabilities in SaaS provider cloud environments	critical	10.0	1	cyberespionage
2177	Data Sharing with Third-Party AI Services	critical	10.0	1	Unauthorized AI Deployment
2178	CVE-2025-52163	critical	10.0	1	Vulnerability Disclosure
2179	CVE-2025-22225	critical	10.0	1	Ransomware
2180	CVE-2025-32434	critical	10.0	1	Vulnerability Exploitation
2181	unpatched VPN appliances	critical	10.0	1	ransomware
2182	undersea cable physical exposure	critical	10.0	1	sabotage
2183	Lax network security	critical	10.0	1	Data Breach
2184	CVE-2025-61882 (Critical Authentication Bypass in Oracle E-Business Suite)	critical	10.0	1	Data Breach
2185	AI system weaknesses	critical	10.0	1	ransomware
2186	CVE-2023-23397	critical	10.0	1	Cyberespionage
2187	CVE-2026-40175	critical	10.0	1	Remote Code Execution (RCE)
2188	Weak vendor security controls	critical	10.0	1	Ransomware
2189	weaknesses in distributed enforcement synchronization	critical	10.0	1	data breach
2190	CVE-2025-64328	critical	10.0	1	Webshell Deployment
2191	Unpatched Web Browser/Plugin Vulnerabilities	critical	10.0	1	Cyber Espionage
2192	weak/recycled passwords	critical	10.0	1	general cybersecurity awareness
2193	Unmonitored Devices	critical	10.0	1	Domain Hijacking
2194	Digitized supply chains	critical	10.0	1	Cyberattack
2195	CVE-2024-13804	critical	10.0	1	Vulnerability Exploit
2196	Ineffective DMARC Protection	critical	10.0	1	Data Breach
2197	Insufficient sanitization in serialize and compileMDX functions (CVE-2026-0969)	critical	10.0	1	Remote Code Execution (RCE)
2198	CVE-2024-7014	critical	10.0	1	Vulnerability Exploit
2199	Exploitation of Android’s Accessibility Service, Google Play Protect bypass techniques	critical	10.0	1	Malware (Remote Access Trojan - RAT)
2200	SynologyPhotos application on BeeStation and DiskStation systems	critical	10.0	1	Zero-Click Vulnerability
2201	Lack of regular security reviews	critical	10.0	1	Data Breach
2202	Exposed Database Credentials	critical	10.0	1	Data Exposure
2203	limited transparency in global supply chains	critical	10.0	1	supply chain attack
2204	Improper security configurations in Windows Named Pipe implementation within the Acer Control Center Service (ACCSvc.exe)	critical	10.0	1	Vulnerability Exploitation
2205	Legacy Authentication Methods (Password-Only Logins)	critical	10.0	1	Browser-Based Attack
2206	Claude Code Model Safeguard Bypass	critical	10.0	1	Espionage
2207	Mismanagement of data storage	critical	10.0	1	Data Breach
2208	over-reliance on vendors	critical	10.0	1	data breach
2209	Limited staffing	critical	10.0	1	Cyberattack
2210	CVE-2026-33634 (CWE-506)	critical	10.0	1	Supply Chain Attack
2211	Unsecured ElasticSearch Database	critical	10.0	1	Data Exposure
2212	Lack of Data Handling Training	critical	10.0	1	Data Breach
2213	Poor Vendor/Third-Party Risk Management	critical	10.0	1	Ransomware
2214	Irregular software patching	critical	10.0	1	Ransomware
2215	Human Vulnerability (Insider Threat)	critical	10.0	1	Insider Threat (Attempted)
2216	Unauthorized access to sensitive databases, insecure data handling	critical	10.0	1	Data Breach
2217	Absence of Memoranda of Agreement (MOAs) with LGUs	critical	10.0	1	Data Privacy Violation
2218	compromised laptop (physical or logical access)	critical	10.0	1	data breach
2219	Unvetted Browser Extensions (Cyberhaven Hack, 35+ Extensions in 2024)	critical	10.0	1	Browser-Based Attack
2220	CVE-2025-29927	critical	10.0	1	worm-driven campaign
2221	CVE-2026-1579 (Missing Authentication for Critical Function)	critical	10.0	1	Vulnerability Exploitation
2222	CVE-2026-21509 (Microsoft Office OLE flaw)	critical	10.0	1	Cyberespionage
2223	CVE-2025-2172	critical	10.0	1	Vulnerability Exploitation
2224	Insecure Data Storage Practices	critical	10.0	1	Vulnerability Exploitation
2225	CVE-2025-69263 (CVSS 7.5)	critical	10.0	1	Supply Chain Attack
2226	Inadequate Data Anonymization in AI Features (e.g., Grok AI)	critical	10.0	1	Data Breach
2227	CVE-2025-8876 (Command Injection via Improper Input Sanitization)	critical	10.0	1	Vulnerability Exposure
2228	Trusted third-party SDK distribution (websdk.appsflyer.com)	critical	10.0	1	Supply-Chain Attack
2229	Critical CVSS-rated vulnerabilities in legacy and new ICS devices	critical	10.0	1	Exposure of Critical Infrastructure
2230	Delayed Threat Response	critical	10.0	1	Operational Risk
2231	Microsoft SharePoint Server Vulnerabilities (On-Premises)	critical	10.0	1	Data Breach
2232	Flaw in SentinelOne's agent upgrade process	critical	10.0	1	Ransomware
2233	Pool initialization bypass	critical	10.0	1	Exploit
2234	Unsecured Self-Service Password Reset	critical	10.0	1	Cyber Espionage
2235	Outsourced IT support vendor	critical	10.0	1	Social Engineering
2236	publicly available personal data (e.g., photos, job titles)	critical	10.0	1	social engineering
2237	CVE-2017-7921 (CWE-287: Improper Authentication)	critical	10.0	1	Vulnerability Exploitation
2238	CVE-2026-25108	critical	10.0	1	OS Command Injection
2239	Service Accounts with Non-Expiring Passwords & Excessive Permissions	critical	10.0	1	Data Breach
2240	Trojanized Software Supply Chain	critical	10.0	1	Targeted Attack
2241	CVE-2023-34048	critical	10.0	1	Advanced Persistent Threat (APT)
2242	AI System Autonomy (unsupervised decision-making)	critical	10.0	1	Predictive Analysis
2243	Exposure of GitHub token	critical	10.0	1	Vulnerability
2244	CVE-2024-21410	critical	10.0	1	Zero-Day Exploit
2245	Cloud Misconfigurations (23% of cloud incidents)	critical	10.0	1	Ransomware
2246	Misconfigured Cloud Storage (S3, MongoDB)	critical	10.0	1	Data Breach
2247	Insufficient Log Retention/Preservation	critical	10.0	1	APT (Advanced Persistent Threat)
2248	firewall vulnerabilities	critical	10.0	1	ransomware
2249	Exposed credentials through configuration API calls	critical	10.0	1	Vulnerability Exploitation
2250	CVE-2025-69258 (LoadLibraryEX vulnerability in MsgReceiver.exe)	critical	10.0	1	Remote Code Execution (RCE)
2251	Interconnexion entre datacenter et réseau internet	critical	10.0	1	DDoS
2252	Unpatched Cisco ASA device (last patched in 2024)	critical	10.0	1	Cyberwarfare
2253	Invalid cast vulnerability in .NET Framework serialization processes	critical	10.0	1	Vulnerability Exploitation
2254	Customer misconfigurations (not AWS vulnerabilities)	critical	10.0	1	Cyber Espionage, Lateral Movement, Credential Harvesting
2255	Lack of In-House Cybersecurity Expertise (17% of shipyards)	critical	10.0	1	Ransomware
2256	Shadow AI (unauthorized generative AI tools)	critical	10.0	1	Ransomware
2257	Active Directory vulnerabilities	critical	10.0	1	Ransomware
2258	Predictable defense patterns	critical	10.0	1	AI-driven cyberattack
2259	Privacy Regulation Non-Compliance	critical	10.0	1	Ransomware
2260	CVE-2024-20353 (Infinite Loop DoS)	critical	10.0	1	Cyberattack
2261	CVE-2024-27199 (JetBrains TeamCity)	critical	10.0	1	ransomware
2262	AI Chatbot Feature	critical	10.0	1	Copyright Infringement
2263	Lack of Standardized Controls	critical	10.0	1	Collaborative Initiative
2264	CVE-2024-21410 (Privilege Escalation), CVE-2024-21413	critical	10.0	1	Zero-Day Exploit
2265	over-reliance on technological defenses	critical	10.0	1	phishing
2266	unmanaged systems (for data theft and ransomware deployment)	critical	10.0	1	ransomware
2267	VMware ESXi infrastructure (Linux ransomware)	critical	10.0	1	ransomware
2268	Lack of Monitoring for Insider Threats	critical	10.0	1	SCADA Tampering / Insider Threat
2269	unpatched Windows SMB flaw (WannaCry)	critical	10.0	1	ransomware
2270	Poor Data Management	critical	10.0	1	Data Breach
2271	Sinkclose vulnerability	critical	10.0	1	Vulnerability Exploitation
2272	exposed SMB services	critical	10.0	1	ransomware
2273	Blind Spots in Monitoring	critical	10.0	1	Ransomware
2274	Unsupported hardware	critical	10.0	1	Cyberattack
2275	CVE-2025-1449	critical	10.0	1	Vulnerability Exploit
2276	RC4 encryption (obsolete since 1980s)	critical	10.0	1	ransomware
2277	exposed remote services	critical	10.0	1	Ransomware
2278	Maintenance errors	critical	10.0	1	Physical Incident
2279	uneven cybersecurity maturity	critical	10.0	1	data breach
2280	Kerberoasting in Active Directory	critical	10.0	1	ransomware
2281	CVE-2024-12912	critical	10.0	1	botnet
2282	Public Internet Exposure	critical	10.0	1	Exposure of Vulnerable Systems
2283	CVE-2015-2291	critical	10.0	1	Cyberattack
2284	Accellion sharing software	critical	10.0	1	Ransomware
2285	Third-party Salesforce CRM integration	critical	10.0	1	Data Breach
2286	abuse of elevated privileges post-compromise (e.g., Trend Vision One uninstaller)	critical	10.0	1	ransomware
2287	Design Flaws	critical	10.0	1	Data Breach
2288	CVE-2025-20363 (Cisco ASA VPN)	critical	10.0	1	Ransomware
2289	Known vulnerability in data storage systems	critical	10.0	1	Ransomware Attack
2290	weak MFA implementations (Evilginx tool)	critical	10.0	1	ransomware
2291	Operational Security	critical	10.0	1	Operational Security Breach
2292	Previously exposed data breach (Gmail account)	critical	10.0	1	Cyber Espionage
2293	CVE-2025-55241 (Token Validation Failure in Microsoft Entra ID / Azure AD Graph API)	critical	10.0	1	Privilege Escalation
2294	CVE-2026-22755	critical	10.0	1	Remote Code Execution (RCE)
2295	CVE-2025-59468	critical	10.0	1	Vulnerability Exploitation
2296	underwater sensor network vulnerabilities	critical	10.0	1	espionage
2297	Lack of monitoring for east-west traffic in cloud environments	critical	10.0	1	Ransomware
2298	CVE-2023-4966	critical	10.0	1	Vulnerability Exploitation
2299	unrestricted access to GitHub Actions environment variables	critical	10.0	1	supply chain attack
2300	misconfigured AWS S3 bucket permissions	critical	10.0	1	ransomware
2301	lack of backups	critical	10.0	1	data breach
2302	Satellite Communication Systems	critical	10.0	1	Cyber Attack
2303	Outdated software in critical sectors (hospitals, governments)	critical	10.0	1	Extortion
2304	Unknown vulnerability in Microsoft SharePoint servers	critical	10.0	1	Cyber Espionage
2305	Exposed Web-Accessible Operational Technology (OT) System	critical	10.0	1	Cyberattack
2306	Compromised administrative accounts (26 user accounts, including admin-level)	critical	10.0	1	Ransomware Attack
2307	Missing Function-Level Access Control (CWE-639)	critical	10.0	1	Unauthorized Access
2308	Insufficient Vendor Oversight	critical	10.0	1	Supply Chain Attack
2309	lack of network segmentation (allowed lateral movement)	critical	10.0	1	ransomware
2310	Unmonitored API Traffic	critical	10.0	1	Data Breach
2311	Security gaps in industrial networks	critical	10.0	1	Cyber Espionage
2312	User Data Misuse	critical	10.0	1	Data Breach
2313	Shadow AI	critical	10.0	1	Data Breach
2314	Mobile Device Management (MDM) system	critical	10.0	1	Espionage, Data Breach
2315	Hardcoded Credentials in Binaries	critical	10.0	1	Supply Chain Attack
2316	Stolen credentials, malicious links in trusted email chains, phishing campaigns	critical	10.0	1	Supply Chain Attack, Cargo Theft
2317	Unpatched VPN services	critical	10.0	1	Ransomware
2318	CVE-2026-20131 (Insecure Deserialization - CWE-502)	critical	10.0	1	Vulnerability Exploitation
2319	Lack of Employee Cybersecurity Training	critical	10.0	1	Ransomware
2320	kernel-level access via vulnerable driver	critical	10.0	1	ransomware
2321	Open Academic Networks in Universities	critical	10.0	1	Data Breach
2322	Vulnerability in Ivanti's security products	critical	10.0	1	Malware
2323	Undocumented backdoors in the Go1 quadruped	critical	10.0	1	Privacy Breach
2324	Human psychology	critical	10.0	1	AI-driven cyberattack
2325	CVE-2025-20333 (Authentication bypass in Cisco ASA Software)	critical	10.0	1	Zero-day exploitation
2326	Exploit Kit	critical	10.0	1	Malvertising
2327	Unpatched Software (e.g., Equifax)	critical	10.0	1	Data Breach
2328	CVE-2025-53521 (F5 BIG-IP APM)	critical	10.0	1	ransomware
2329	Weak or Missing End-to-End Encryption	critical	10.0	1	Data Breach
2330	Cross-Site Scripting (XSS) flaws	critical	10.0	1	Cyber Espionage
2331	CVE-2026-21571	critical	10.0	1	OS Command Injection
2332	Trustwave’s miscategorization of breach alert as 'moderate' (delayed response)	critical	10.0	1	Ransomware
2333	Dependence on unencrypted GPS signals for navigation and communication	critical	10.0	1	GPS jamming
2334	Compromised IoT devices and routers, primarily Android TVs	critical	10.0	1	DDoS
2335	public cloud	critical	10.0	1	ransomware
2336	Backdoor in M.E.Doc software updates (Intellect Service)	critical	10.0	1	Cyber Attack
2337	CVE-2025-53690 (ViewState Deserialization in Sitecore XM/XP/XC/Managed Cloud)	critical	10.0	1	Vulnerability Exploitation
2338	CVE-2026-24512 (Improper handling of `rules.http.paths.path` field in Ingress resources)	critical	10.0	1	Code Execution Vulnerability
2339	UNECE R155 Non-Compliance (Insecure Deployed Software)	critical	10.0	1	Cybersecurity Vulnerability Assessment
2340	Ageing infrastructure, shared IT systems, lack of network segmentation	critical	10.0	1	Data Breach
2341	Poorly Secured ICS	critical	10.0	1	Cyberattack
2342	Weak supply-chain security	critical	10.0	1	Data Breach
2343	CVE-2025-20333 (Cisco ASA/Firepower - RCE)	critical	10.0	1	Vulnerability Exploitation
2344	Inadequate penetration testing	critical	10.0	1	Data Breach
2345	Inadequate HR and Compliance Monitoring	critical	10.0	1	Data Breach
2346	On Device Fraud (ODF) techniques	critical	10.0	1	Malware
2347	Past Data Breach	critical	9.0	1	Phishing Campaign
2348	File Transfer Service Provider	critical	9.0	1	Data Breach
2349	Multiple vulnerabilities in Cisco Small Business RV Series routers	critical	9.0	1	Vulnerability Exploitation
2350	Accellion FTA server vulnerability	critical	9.0	1	Data Breach
2351	Customer Accounts	critical	9.0	1	Credential Stuffing
2352	Unauthorized Access by Terminated Employee	critical	9.0	1	Data Breach
2353	Weak or Stolen Login Credentials	critical	9.0	1	Data Breach
2354	Lack of authentication controls	critical	9.0	1	Data Exposure
2355	Sophos Firewall versions 18.5 MR3 (18.5.3)	critical	9.0	1	Vulnerability Exploitation
2356	Misplaced Portable Flash Drive	critical	9.0	1	Data Breach
2357	Charting software	critical	9.0	1	Ransomware
2358	WebKit remote code execution (RCE)	critical	8.5	1	Exploit Kit
2359	CVE-2023-28771	critical	8.5	1	Remote Code Execution
2360	Login Page Bug	critical	8.5	1	Data Breach
2361	Lack of Input Validation	critical	8.5	1	Data Breach
2362	Unspecified zero-day in FreePBX (versions 16 and 17 with endpoint module installed)	critical	8.5	1	Zero-day exploitation
2363	Context Poisoning in AI Conversation History	critical	8.5	1	Data Breach
2364	Insufficient Monitoring	critical	8.5	1	Data Breach
2365	Lack of organizational safeguards for AI chatbot usage	critical	8.5	1	Data Breach
2366	AI-Generated Convincing Impersonations	critical	8.5	1	Data Breach
2367	Compromised employees	critical	8.5	1	Extortion
2368	Leaked Passwords	critical	8.5	1	Data Breach
2369	CVE-2025-55177 (WhatsApp Zero-Click)	critical	8.5	1	Vulnerability Exploitation
2370	CVE-2025-8088	critical	8.5	1	Zero-day exploitation, Phishing, Malware installation
2371	lack of multi-factor authentication (MFA) enforcement on phishing sites	critical	8.5	1	phishing
2372	Lack of account management (inactive accounts not decommissioned)	critical	8.5	1	Data Breach
2373	CVE-2024-3210	critical	8.5	1	Data Breach
2374	Progress MOVEit Transfer tool	critical	8.5	1	Data Breach
2375	CVE-2025-43529	critical	8.5	1	Exploit Kit
2376	CVE-2025-0520 (CVSS 9.4)	critical	8.5	1	Remote Code Execution (RCE)
2377	Insufficient Agent Permission Controls	critical	8.5	1	AI Security Vulnerabilities
2378	Amazon S3 Storage Account	critical	8.5	1	Data Breach
2379	Prolonged Email Retention (6+ years)	critical	8.5	1	Data Breach
2380	Excessive OAuth permissions (Mail.Read, offline_access, profile/openid)	critical	8.5	1	OAuth Abuse
2381	CVE-2025-10547 (Uninitialized Stack Value Leading to Arbitrary Free)	critical	8.5	1	Vulnerability
2382	Improper Disposal of Sensitive Data	critical	8.5	1	Data Breach
2383	CVE-2023-33538	critical	8.5	1	Botnet Deployment
2384	SMS phishing (smishing) attack	critical	8.5	1	Data Breach
2385	Internal system flaw exposing plain text passwords	critical	8.5	1	Data Breach
2386	inadequate cloud security measures	critical	8.5	1	data breach
2387	Misuse of legitimate access credentials post-employment	critical	8.5	1	Data Breach
2388	Biometric authentication exploitation	critical	8.5	1	Data Breach
2389	CVE-2025-52436 (Improper Neutralization of Input During Web Page Generation - CWE-79)	critical	8.5	1	Cross-Site Scripting (XSS)
2390	Tracking code sharing data with third-party advertisers	critical	8.5	1	Data Breach
2391	Improper key management, lack of automated key rotation	critical	8.5	1	Data Leak
2392	Progress Software MOVEit file transfer application vulnerability	critical	8.5	1	Data Breach
2393	CWE-200: Exposure of Sensitive Information	critical	8.5	1	Data Exposure
2394	Unsecured LLM infrastructure	critical	8.5	1	Security Vulnerability
2395	Weak authentication in verification APIs	critical	8.5	1	Data Breach Risk
2396	Lack of multi-factor authentication, Human error (victims sharing access codes)	critical	8.5	1	Phishing, Social Engineering, Identity Theft, Data Theft
2397	Lack of AI Governance Policies	critical	8.5	1	Data Leakage
2398	Memory address mapping manipulation via DDR4 interposer	critical	8.5	1	Supply Chain Attack
2399	Zero-Click Prompt Injection in ChatGPT's Deep Research Tool	critical	8.5	1	Data Breach
2400	CVE-2026-29191	critical	8.5	1	Cross-Site Scripting (XSS)
2401	CVE-2026-21570	critical	8.5	1	Remote Code Execution (RCE)
2402	CVE-2026-2285	critical	8.5	1	Remote Code Execution
2403	Third-Party CRM Security Weaknesses	critical	8.5	1	Data Breach
2404	CVE-2025-47813 (CWE-209)	critical	8.5	1	Information Disclosure
2405	Progress Software’s MOVEit Transfer solution	critical	8.5	1	Data Breach
2406	MOVEit Transfer application vulnerabilities	critical	8.5	1	Data Breach
2407	CVE-2017-7921	critical	8.5	1	Espionage
2408	Unauthorized access to business email account	critical	8.5	1	Data Breach
2409	Data security lapse	critical	8.5	1	Data Breach
2410	Temporary unsecured storage of user data and PGP keys	critical	8.5	1	Data Breach
2411	user susceptibility to phishing	critical	8.5	1	phishing
2412	Human error, Social engineering, Internal leaks	critical	8.5	1	Data Breach
2413	CVE-2025-0033 (Race Condition in AMD SEV-SNP RMP Initialization)	critical	8.5	1	Vulnerability
2414	OpenClaw WebSocket API Authentication Bypass	critical	8.5	1	Supply Chain Attack
2415	Policy/Procedural Failure	critical	8.5	1	Data Breach
2416	Social Engineering (Fake App Update)	critical	8.5	1	Cyberespionage
2417	Previously unknown security vulnerability in Oracle E-Business Suite	critical	8.5	1	Data Breach
2418	Social Engineering (Urgent KYC/Billing Alerts)	critical	8.5	1	Phishing Scam
2419	CVE-2026-3517	critical	8.5	1	vulnerability
2420	Insufficient user identification and authentication (UIA) controls	critical	8.5	1	Data Security Audit
2421	Soliton Systems K.K FileZen	critical	8.5	1	APT Activity
2422	URL fetcher failing to block internal domains	critical	8.5	1	Autonomous AI-driven cyber attack
2423	missing server-side encryption	critical	8.5	1	data breach
2424	Claude Code flaws	critical	8.5	1	APT Activity
2425	Impersonation of legitimate Go module (golang.org/x/crypto)	critical	8.5	1	Supply-Chain Attack
2426	Website Setup Error	critical	8.5	1	Credential Leak
2427	CVE-2025-53770 (Microsoft SharePoint 'ToolShell')	critical	8.5	1	Ransomware
2428	CVE-2025-3648	critical	8.5	1	Vulnerability Exploitation
2429	E-commerce web platform	critical	8.5	1	Data Breach
2430	Weak encryption (unsalted MD5 password hashes)	critical	8.5	1	Data Breach
2431	Lack of Privacy Controls	critical	8.5	1	Surveillance
2432	Weak/Reused Passwords (from third-party sources)	critical	8.5	1	Account Takeover
2433	Compromised GitHub Tokens	critical	8.5	1	Identity Compromise
2434	Path traversal in Microsoft NLWeb (reading `/etc/passwd`, `.env`)	critical	8.5	1	Arbitrary Code Execution
2435	Inconsistent Compliance Practices	critical	8.5	1	Data Privacy Fragmentation
2436	Accellion FTA (specific CVE not mentioned)	critical	8.5	1	Data Breach
2437	misconfigured Azure Blob storage permissions	critical	8.5	1	data exposure
2438	Software vulnerabilities in AI tools (e.g., backdoors, bugs)	critical	8.5	1	Data Leakage
2439	CVE (3 high-severity with publicly available exploit code)	critical	8.5	1	Misconfiguration
2440	Insufficient URL Security	critical	8.5	1	Data Breach
2441	Over-Permissive Third-Party Access	critical	8.5	1	Data Breach
2442	Unpatched VPN endpoint	critical	8.5	1	Ransomware Attack
2443	Stolen Usernames and Passwords	critical	8.5	1	Data Breach
2444	Account Compromise	critical	8.5	1	Data Breach
2445	third-party vendor (Salesforce) security flaw	critical	8.5	1	data breach
2446	lack of secret scanning	critical	8.5	1	data exposure
2447	CVE-2024-3177	critical	8.5	1	Vulnerability Exploitation
2448	Unauthorized access via subcontractor credentials	critical	8.5	1	Data Breach
2449	Weaknesses in university authentication processes	critical	8.5	1	Data Breach
2450	CVE-2025-61882 (CVSS 9.8 - Remote Code Execution in BI Publisher Integration/Concurrent Processing)	critical	8.5	1	Vulnerability Exploitation
2451	Windows’ Restart Manager (RstrtMgr.dll) exploitation for disabling security processes	critical	8.5	1	Potentially Unwanted Application (PUA)
2452	Partner system compromise leading to unauthorized API access	critical	8.5	1	Data Exposure
2453	Exploitation of accessibility permissions, fake overlays	critical	8.5	1	Trojan
2454	CVE-2025-61882 (Zero-day in Oracle E-Business Suite)	critical	8.5	1	Data Breach
2455	Social Engineering, Impersonation of Legitimate Services	critical	8.5	1	Phishing
2456	Inadequate security awareness training	critical	8.5	1	Phishing
2457	SureTriggers Vulnerability	critical	8.5	1	Vulnerability Exploitation
2458	Identity and Access Management (IAM) Failures	critical	8.5	1	Data Breach
2459	Mistake that exposed personal and financial information	critical	8.5	1	Data Breach
2460	Intent redirection vulnerability in EngageLab SDK (version 4.5.4)	critical	8.5	1	Supply Chain Vulnerability
2461	CVE-2026-1234	critical	8.5	1	Cross-Site Scripting (XSS)
2462	Session token hijacking	critical	8.5	1	Phishing-as-a-Service (PhaaS)
2463	Critical security flaw allowing unauthorized 'super admin' account creation	critical	8.5	1	Data Breach
2464	Remote Code Execution Vulnerability in DS-2105 Pro DVRs	critical	8.5	1	Botnet
2465	Oracle PeopleSoft vulnerability	critical	8.5	1	Ransomware
2466	Inadequate physical access controls	critical	8.5	1	Data Breach
2467	PHP Backdoor in WordPress Plugins	critical	8.5	1	Data Breach
2468	CVE-2025-8424	critical	8.5	1	Vulnerability Exploitation
2469	Default Data Retention Policies in LLMs (e.g., OpenAI’s 30-day deletion lag)	critical	8.5	1	Data Leakage
2470	Lack of Monitoring for Existing Threats	critical	8.5	1	Data Breach
2471	Unusual access to GitHub repositories	critical	8.5	1	Hacking/Unauthorized Access
2472	App cloning, Reverse engineering, Bypassing App Store security (iOS), JavaScript bundle interception, RSA-encrypted payload exfiltration	critical	8.5	1	Backdoor Attack, Cryptocurrency Wallet Hack
2473	CVE-2025-68664	critical	8.5	1	Data Exfiltration
2474	Lack of DNS query monitoring in ChatGPT's execution environment	critical	8.5	1	Data Exfiltration
2475	CVE-2025-14847 (Improper handling of length parameter inconsistency, CWE-130)	critical	8.5	1	Memory-Read Vulnerability
2476	Lack of access controls and encryption	critical	8.5	1	Data Breach
2477	Perimeter security measures	critical	8.5	1	Data Breach
2478	Inadequate security on WordPress-hosted infrastructure	critical	8.5	1	Data Breach
2479	hardcoded credentials in source code	critical	8.5	1	data breach
2480	Misunderstandings over Data Ownership	critical	8.5	1	Insider Threat
2481	Potential unauthorized access to LDLC's customer database (timing suggests link to LDLC's server breach)	critical	8.5	1	phishing
2482	Human Error (Inadvertent Publication of Sensitive Data)	critical	8.5	1	Data Breach (Inadvertent Disclosure)
2483	Progress Software’s MOVEit Transfer application	critical	8.5	1	Data Breach
2484	Misconfigured Storage Buckets	critical	8.5	1	Data Leak
2485	Improper packaging oversight	critical	8.5	1	Source Code Leak
2486	CVE-2026-0234 (Improper Verification of Cryptographic Signature - CWE-347)	critical	8.5	1	Vulnerability Exploitation
2487	Absence of phishing-resistant MFA	critical	8.5	1	Data Breach
2488	eCompli application vulnerability	critical	8.5	1	Data Breach
2489	Lack of Command-Line Execution Awareness	critical	8.5	1	APT (Advanced Persistent Threat)
2490	Fractured auditability across communication channels	critical	8.5	1	Data Governance Blind Spot
2491	Inadequate Data Handling Controls	critical	8.5	1	Data Breach
2492	Human vulnerability (bribery of overseas support agents)	critical	8.5	1	Data Breach
2493	Failure to implement and maintain reasonable security measures	critical	8.5	1	Data Breach
2494	vBulletin security hole	critical	8.5	1	Data Breach
2495	CVE-2025-0994	critical	8.5	1	Cyber Attack
2496	Adobe Reader	critical	8.5	1	Cyber Attack
2497	Ineffective Security Configurations	critical	8.5	1	Data Breach
2498	Software Flaw	critical	8.5	1	Ransomware
2499	Publicly accessible profile information	critical	8.5	1	Data Scraping
2500	Human Vulnerability (Insider Recruitment)	critical	8.5	1	Insider Threat, Extortion
2501	Weak Third-party Security	critical	8.5	1	Data Breach
2502	CVE-2025-59489 (Unity Editor Command-Line Argument Injection)	critical	8.5	1	Vulnerability
2503	MOVEit® Transfer application	critical	8.5	1	Data Breach
2504	Human Error (Failure to Redact Sensitive Data)	critical	8.5	1	Data Breach (Unintentional Disclosure)
2505	Improper use of private email account	critical	8.5	1	Data Breach
2506	CVE-2025-54820 (Stack-based buffer overflow in fgtupdates service)	critical	8.5	1	Vulnerability
2507	Citrix Software Vulnerability (specific CVE unidentified)	critical	8.5	1	Data Breach
2508	Missing Reporting Mechanisms for Objectionable Content	critical	8.5	1	Data Breach
2509	Internal Glitch	critical	8.5	1	Data Exposure
2510	Insufficient identity verification in hiring processes, reliance on social media badges	critical	8.5	1	Identity Fraud, Insider Threat, Cyber Espionage
2511	Insecure APIs	critical	8.5	1	Data Breach
2512	Insufficient VPN authentication, ineffective abnormal behavior detection	critical	8.5	1	Data Breach
2513	Software Misconfiguration in Online Grant System	critical	8.5	1	Data Breach
2514	Unrotated Service Account Token	critical	8.5	1	Data Breach (OAuth Token Compromise)
2515	Test mode left enabled allowing OTP login via email keyword	critical	8.5	1	Autonomous AI-driven cyber attack
2516	Exposed Elasticsearch Database	critical	8.5	1	Data Leak
2517	Vertex AI Agent Engine Service Agent Hijacking	critical	8.5	1	Privilege Escalation
2518	CWE-284: Improper Access Control	critical	8.5	1	Data Exposure
2519	CVE-2026-23597	critical	8.5	1	Privilege Escalation
2520	Improper Handling of Sensitive Data	critical	8.5	1	Data Breach
2521	Cross-border data storage without GDPR-equivalent protections	critical	8.5	1	Data Breach Risk
2522	AI-generated_deepfakes	critical	8.5	1	data_breach
2523	Inadequate internal controls and monitoring mechanisms	critical	8.5	1	Unauthorized Data Access
2524	Bypassing Google’s App-Bound Encryption and endpoint security tools via remote decryption	critical	8.5	1	Infostealer Malware
2525	Centralized Points of Failure in Hybrid Platforms	critical	8.5	1	Privacy Violation
2526	GoAnywhere MFT SaaS	critical	8.5	1	Data Breach
2527	Phone signal interception	critical	8.5	1	Surveillance
2528	Design flaw in metadata handling for public pages	critical	8.5	1	Privacy Leak
2529	Exposed Magicbell API Keys and Secrets	critical	8.5	1	Data Exposure
2530	Inadequate User Data Protection	critical	8.5	1	Data Breach
2531	Design bug in the FOIA request search feature	critical	8.5	1	Data Exposure
2532	Lack of Multi-Factor Authentication (MFA) for Call-In Access	critical	8.5	1	Cyberattack
2533	CVE-2026-3298	critical	8.5	1	Memory Corruption
2534	Abandoned software in trusted repository	critical	8.5	1	Phishing
2535	Broken Access Control (OWASP Top 10)	critical	8.5	1	Data Exposure
2536	Authentication vulnerabilities in Coupang's servers	critical	8.5	1	Data Breach
2537	Operational security lapse (SSH authentication key reuse across servers)	critical	8.5	1	phishing
2538	Online customer service system vulnerability	critical	8.5	1	Data Breach
2539	Unauthorized Software Installation	critical	8.5	1	Data Breach
2540	Human Error / Social Engineering	critical	8.5	1	Phishing Attack
2541	MOVEit Transfer environment vulnerability	critical	8.5	1	Data Breach
2542	Fragmented Token Extraction via Optical/Transcription Methods	critical	8.5	1	Prompt Extraction
2543	Data Exposure	critical	8.5	1	Data Leak
2544	internal API vulnerability (details undisclosed)	critical	8.5	1	data breach
2545	Web application vulnerability (Click2Gov online payment system)	critical	8.5	1	Data Breach
2546	CVE-2026-22219 (CVSS 8.3)	critical	8.5	1	Data Breach
2547	Broken object-level authorization (BOLA) (40%)	critical	8.5	1	API Security Breach
2548	Clerical Error	critical	8.5	1	Data Breach
2549	Insider Threat / Unauthorized Access	critical	8.5	1	Data Breach
2550	CVE-2026-25172	critical	8.5	1	Remote Code Execution (RCE)
2551	Human error, lack of phishing awareness	critical	8.5	1	Data Breach
2552	Hardcoded API Keys in Public Repositories and Websites	critical	8.5	1	Data Exposure
2553	CVE-2026-3102	critical	8.5	1	Vulnerability Exploitation
2554	CVE-2025-32896	critical	8.5	1	Remote Code Execution (RCE)
2555	Lack of Data Minimization in Blockchain Transactions	critical	8.5	1	Privacy Violation
2556	Over-collection of sensitive PII (e.g., full ID scans vs. minimal verification)	critical	8.5	1	Data Breach Risk
2557	Sequentially numbered and guessable URLs	critical	8.5	1	Data Exposure
2558	Inconsistent DLP Policy Application	critical	8.5	1	Data Breach
2559	Programming Errors	critical	8.5	1	Data Breach
2560	CVE-2014-0160 (Heartbleed - Out-of-Bounds Read in OpenSSL)	critical	8.5	1	Memory Corruption
2561	trust in open-source dependencies	critical	8.5	1	supply-chain attack
2562	Logic error in NextAuth JWT callback (GHSA-7hg4-x4pr-3hrg)	critical	8.5	1	Authentication Bypass
2563	Lack of Security Reviews	critical	8.5	1	Security Oversight
2564	CVE-2026-1236	critical	8.5	1	Cross-Site Scripting (XSS)
2565	Legitimate Telegram API authentication mechanisms	critical	8.5	1	Phishing
2566	Instagram API (alleged)	critical	8.5	1	Data Scrape / Alleged Breach
2567	Prompt Injection Vulnerabilities	critical	8.5	1	AI Security Vulnerabilities
2568	Lack of monitoring for suspicious activity	critical	8.5	1	Data Breach
2569	Shared Inbox Access	critical	8.5	1	Data Breach
2570	Inherited permissions from privileged users	critical	8.5	1	Data Breach
2571	CVE-2026-3337	critical	8.5	1	Cryptographic Vulnerability
2572	Vulnerabilities in a property information-sharing system used exclusively by real estate companies	critical	8.5	1	Data Breach
2573	Use of Unlicensed Software	critical	8.5	1	Malware
2574	CVE-2025-5777 (CitrixBleed 2)	critical	8.5	1	Reconnaissance
2575	Improper data storage practices	critical	8.5	1	Data Breach
2576	CVE-2023-50224 (TP-Link WR841N routers)	critical	8.5	1	Cyberespionage
2577	Human error (tricked employees into handing over login credentials for internal Salesforce software)	critical	8.5	1	Data Breach
2578	Ease of onboarding and business-grade tools in fintech platforms, hybrid account functionality	critical	8.5	1	Financial Fraud, Money Laundering, Phishing
2579	previously_compromised_data	critical	8.5	1	data_breach
2580	User account compromise	critical	8.5	1	Data Breach
2581	Zero-day vulnerability in MOVEit Transfer application	critical	8.5	1	Data Breach
2582	Insufficient Monitoring of EHR Access	critical	8.5	1	Data Breach
2583	Insufficient Mass Email Controls	critical	8.5	1	Data Breach
2584	Improper permission handling in Windows Error Reporting Service (wersvc.dll)	critical	8.5	1	Privilege Escalation
2585	Improper handling of ACME HTTP-01 challenge paths in Cloudflare WAF	critical	8.5	1	Zero-Day Vulnerability
2586	Lack of Physical Security for Development Device	critical	8.5	1	Trade Secret Theft
2587	Remote-viewing software	critical	8.5	1	Data Breach
2588	Lack of Secure Document Destruction Procedures	critical	8.5	1	Data Breach (Improper Disposal / Physical Security Failure)
2589	Abuse of Microsoft 365 mailbox rules and Outlook features	critical	8.5	1	Business Email Compromise (BEC)
2590	Outdated security protocols	critical	8.5	1	Data Breach
2591	Third-party Salesforce tenant misconfiguration/access controls	critical	8.5	1	Data Breach
2592	Inadequate cybersecurity protocols, weak security controls	critical	8.5	1	Data Breach
2593	Inadequate internal monitoring and access controls	critical	8.5	1	Data Breach
2594	CVE-2026-1235	critical	8.5	1	Cross-Site Scripting (XSS)
2595	Mishandled private keys in AI-generated JavaScript	critical	8.5	1	Data Breach
2596	Default Password on Code Repository	critical	8.5	1	Data Exposure
2597	Authentication Bypass	critical	8.5	1	Authentication Bypass
2598	Resource Constraints in DHS	critical	8.5	1	Security Oversight
2599	Vulnerability in Progress Software Corporation's MOVEit Transfer product	critical	8.5	1	Data Breach
2600	CVE-2025-22231	critical	8.5	1	Vulnerability
2601	Cryptographic Flaw in Infineon Microcontroller	critical	8.5	1	Cryptographic Vulnerability
2602	Stolen Login Information	critical	8.5	1	Data Breach
2603	Stolen Personal Data from External Sources	critical	8.5	1	Data Breach
2604	CVE-2025-0520 (ShowDoc)	critical	8.5	1	Vulnerability Exploitation
2605	CVE-2025-27920 (Directory Traversal), CVE-2025-27921 (Reflected XSS - unused)	critical	8.5	1	Cyber Espionage
2606	Human Error (Telecommunications Employee Deception)	critical	8.5	1	Data Breach
2607	Lack of Monitoring for Unauthorized Data Exfiltration	critical	8.5	1	Data Breach
2608	Security flaw	critical	8.5	1	Data Breach
2609	Weak cybersecurity defenses, lack of dedicated cybersecurity staff, reliance on ed-tech tools	critical	8.5	1	Ransomware
2610	Unsanitized parameters in database queries leading to SQL injection	critical	8.5	1	SQL Injection
2611	Unsecured MongoDB Database	critical	8.5	1	Data Breach
2612	Personal devices infected with malware	critical	8.5	1	Credential Leak
2613	CVE-2026-25750 (Insecure `baseUrl` parameter in LangSmith Studio)	critical	8.5	1	API Misconfiguration
2614	PTC Windchill and FlexPLM flaw	critical	8.5	1	data_breach
2615	Insufficient Bot Detection/Prevention	critical	8.5	1	Cyberattack
2616	Silverlight	critical	8.5	1	Cyber Attack
2617	CVE-2017-3881 (Cluster Management Protocol RCE in Cisco IOS/IOS XE)	critical	8.5	1	unauthorized access
2618	ConnectWise software vulnerability	critical	8.5	1	Data Breach
2619	Unconstrained CI/CD Service Accounts	critical	8.5	1	Identity Compromise
2620	Unauthorized access to third-party system storing customer data	critical	8.5	1	Data Breach
2621	SonicWall SSL VPN vulnerabilities	critical	8.5	1	ransomware
2622	Lack of Physical Security for Devices Containing Sensitive Data	critical	8.5	1	Data Breach (Physical Theft)
2623	Net-NTLMv1 Authentication Protocol	critical	8.5	1	Vulnerability Disclosure
2624	Cardinality-Based Rate Limiting Bypass	critical	8.5	1	Privacy Violation
2625	Weak Authentication Mechanisms (e.g., no 2FA)	critical	8.5	1	Privacy Violation
2626	CVE-2026-27913 (Improper Input Validation - CWE-20)	critical	8.5	1	Vulnerability Exploitation
2627	Shared contractor accounts, API key exposure, URL convention deduction	critical	8.5	1	Unauthorized Access
2628	Over-Permissive Third-Party App Access (Gmail, Google Drive, Dropbox)	critical	8.5	1	Data Breach
2629	Misconfiguration in Salesforce environment, lack of least privilege principle, absence of Zero Trust architecture, inadequate behavioral monitoring	critical	8.5	1	Data Breach
2630	lack of access controls and encryption for cloud-hosted databases	critical	8.5	1	data breach
2631	Unknown vulnerability in warehouse management system	critical	8.5	1	Data Breach
2632	Stolen credentials (PIN and government-issued ID)	critical	8.5	1	Fraud Scheme
2633	Lack of multi-factor authentication (MFA), Third-party vendor compromise	critical	8.5	1	Data Breach
2634	Lack of Encryption on Portable Device	critical	8.5	1	Data Breach (Physical Theft)
2635	CVE-2024-13496	critical	8.5	1	SQL Injection
2636	Reused passwords across multiple accounts	critical	8.5	1	Credential Stuffing
2637	Lack of Data Minimization	critical	8.5	1	Data Breach
2638	Reused passwords from data leaks	critical	8.5	1	Fraud/Scam
2639	E-commerce System	critical	8.5	1	Data Breach
2640	Overly permissive guest user configurations in Salesforce Experience Cloud	critical	8.5	1	Data Theft
2641	Mali GPU Data Compression	critical	8.5	1	Data Theft
2642	Lack of Content Verification Mechanisms	critical	8.5	1	Content Theft and Fraud
2643	SQL Injection vulnerability in MOVEit Transfer	critical	8.5	1	Ransomware
2644	CVE-2026-26123	critical	8.5	1	Vulnerability Exploitation
2645	Third-party Cloud Service	critical	8.5	1	Data Breach
2646	improper access controls (configuration gap in S3 bucket permissions)	critical	8.5	1	data breach
2647	human trust in AI-generated content	critical	8.5	1	fraud
2648	CVE-2024-23222 (WebKit RCE - cassowary)	critical	8.5	1	Exploit Kit / Malware Campaign
2649	CVE-2025-59448 (Session Token Lifetimes)	critical	8.5	1	Denial-of-Service
2650	Node.js workflows	critical	8.5	1	Supply Chain Attack
2651	Abuse of Bubble’s no-code platform infrastructure, complex JavaScript bundles, Shadow DOM structures	critical	8.5	1	Phishing
2652	Governance gap in data access controls	critical	8.5	1	Third-party data exploitation
2653	Excessive Discord SDK logging writing private data to local log files in plaintext	critical	8.5	1	Data Exposure
2654	Insufficient de-identification	critical	8.5	1	Data Breach
2655	User trust and lack of awareness	critical	8.5	1	Phishing
2656	Improper handling of sensitive credentials in web assets	critical	8.5	1	Data Exposure
2657	CWE-352: Cross-Site Request Forgery (CSRF) (via API manipulation)	critical	8.5	1	Data Breach
2658	Lack of encryption in radio communications used by public health systems	critical	8.5	1	Data Breach
2659	CVE-2025-54254 (Improper Restriction of XML External Entity Reference)	critical	8.5	1	Vulnerability Exploitation
2660	DLL Sideloading via YY platform's updat.exe	critical	8.5	1	Malware Campaign
2661	Inadequate security measures, potential internal mismanagement	critical	8.5	1	Data Breach
2662	Legacy email protections	critical	8.5	1	Phishing
2663	CVE-2025-7659	critical	8.5	1	Vulnerability Exploitation
2664	Misconfiguration in Electron framework	critical	8.5	1	Security Vulnerability
2665	Exposed SSH services	critical	8.5	1	Malware
2666	CVE-2025-54309 (CrushFTP)	critical	8.5	1	Ransomware
2667	Trust in the platform's review system and verification processes	critical	8.5	1	Disinformation and Scams
2668	Weak Access Controls (Absent MFA, Insufficient Lockout Policies) in SonicWall SSLVPN	critical	8.5	1	Ransomware
2669	DockerDash	critical	8.5	1	Vulnerability Exploitation
2670	Account verification procedure	critical	8.5	1	Data Breach
2671	Social engineering, exploitation of legitimate communication channels	critical	8.5	1	Phishing Scam
2672	CVE-2026-21513 (Security Feature Bypass - CWE-693)	critical	8.5	1	Zero-Day Exploit
2673	Remote Dynamic Dependencies (RDD)	critical	8.5	1	Supply Chain Attack
2674	Recently patched vulnerability in Oracle E-Business Suite (for Cl0p ransomware incident)	critical	8.5	1	Data Breach
2675	Inadequate Third-Party Vetting	critical	8.5	1	Data Breach
2676	CVE-2026-21509 (Microsoft Office Security Feature Bypass)	critical	8.5	1	Cyber-Espionage
2677	lack of sandboxing for physical GPU-equipped machines	critical	8.5	1	malware
2678	human trust in search engine ads	critical	8.5	1	phishing
2679	Absence of vendor security assessments for AI tools	critical	8.5	1	Data Leakage
2680	Prior data exposures	critical	8.5	1	Data Breach
2681	Unauthorized code in third-party vendor's application	critical	8.5	1	Data Breach
2682	Phishing-susceptible MFA methods	critical	8.5	1	Data Breach
2683	Branch Predictor Race Conditions (BPRC) in Intel Processors (Speculative Execution Side Channel)	critical	8.5	1	Hardware Vulnerability
2684	MOVEit file transfer platform	critical	8.5	1	Data Breach
2685	Progress Software's MOVEit File Transfer solution	critical	8.5	1	Data Breach
2686	Customer Contract Search Tool	critical	8.5	1	Data Breach
2687	Network Segmentation Protocols	critical	8.5	1	Data Breach
2688	CVE-2024-55591 (FortiOS/FortiProxy)	critical	8.5	1	ransomware
2689	Absence of Visibility/Monitoring Tools	critical	8.5	1	Data Leakage
2690	Insufficient data filtering in AI screenshot feature	critical	8.5	1	Data Breach
2691	delayed breach notifications	critical	8.5	1	ransomware
2692	Authentication bypass via insecure API	critical	8.5	1	Data Breach
2693	CVE-2026-3061 (Out-of-bounds read in Media component)	critical	8.5	1	Vulnerability Patch
2694	Inadequate employee training on cybersecurity risks	critical	8.5	1	Data Breach
2695	Zero-day vulnerability in third-party software (patched post-incident)	critical	8.5	1	Data Breach
2696	CVE-2023-32409 (WebKit Sandbox Escape - IronLoader)	critical	8.5	1	Exploit Kit / Malware Campaign
2697	Lack of sandboxing in AI-generated test cases (Claude Code)	critical	8.5	1	Arbitrary Code Execution
2698	lack of phishing-resistant authentication	critical	8.5	1	phishing
2699	CVE-2025-7776	critical	8.5	1	Vulnerability Exploitation
2700	Customer inadvertent disclosure of credentials	critical	8.5	1	Data Breach
2701	Irreversible Identity Linking in NFT Ownership	critical	8.5	1	Privacy Violation
2702	VPN appliances	critical	8.5	1	Credential Theft
2703	Lack of organization-wide two-factor authentication	critical	8.5	1	Data Breach
2704	CVE-2026-21514 (CWE-807 - Improper security decision-making based on untrusted inputs)	critical	8.5	1	Zero-Day Vulnerability Exploitation
2705	Legacy email protocols (IMAP/POP3)	critical	8.5	1	Data Breach
2706	CVE-2025-41115 (Improper Mapping of SCIM 'externalId' to Internal 'user.uid')	critical	8.5	1	Vulnerability
2707	Social Engineering, Lack of Multi-Factor Authentication (MFA) awareness	critical	8.5	1	Phishing, Credential Harvesting
2708	CVE-2021-39935	critical	8.5	1	Server-Side Request Forgery (SSRF)
2709	Intermediate Data Leakage (Predictions, Losses)	critical	8.5	1	Privacy Breach
2710	Misconfigured Ollama endpoints (port 11434)	critical	8.5	1	LLMjacking
2711	persistent background execution via detached screen sessions	critical	8.5	1	malware
2712	Side API compromise	critical	8.5	1	Supply Chain Attack
2713	Trusted Hiring Pipelines	critical	8.5	1	Malware Deployment
2714	Access Control Weakness	critical	8.5	1	Data Exposure
2715	Unspecified vulnerability in Oracle EBS	critical	8.5	1	Data Breach
2716	CVE-2026-23598	critical	8.5	1	Privilege Escalation
2717	Unique Identification Number Guessing	critical	8.5	1	Data Breach
2718	CVE-2025-59452 (Cleartext Transmission)	critical	8.5	1	Denial-of-Service
2719	MOVEit Transfer Zero-Day (CVE-2023-34362)	critical	8.5	1	Data Breach
2720	Bias and Unverified Data Propagation	critical	8.5	1	Data Privacy Issue
2721	Stolen web cookies (session IDs, personal data)	critical	8.5	1	Data Exposure
2722	URL Vulnerability	critical	8.5	1	Data Breach
2723	CVE-2026-1602	critical	8.5	1	Authentication Bypass
2724	Weak DMARC/SPF policies, Missing MTA-STS, Unvalidated/Expired Server Certificates, Misconfigured Microsoft 365 Security Tools	critical	8.5	1	Data Breach
2725	insufficient workforce training	critical	8.5	1	ransomware
2726	Unauthorized data transmission via third-party trackers	critical	8.5	1	Data Breach
2727	Ray on Vertex AI Insecure Default Access	critical	8.5	1	Privilege Escalation
2728	CVE-2025-32711 (CVSS 9.3)	critical	8.5	1	AI Command Injection
2729	AirSnitch (exploits gaps in MAC address, encryption key, and IP address linking across network layers)	critical	8.5	1	Vulnerability Exploitation
2730	Incorrect System Settings	critical	8.5	1	Data Leak
2731	Click2Gov online payment system	critical	8.5	1	Data Breach
2732	Improperly secured file on public-facing website	critical	8.5	1	Data Breach
2733	Poor security practices for remote logins	critical	8.5	1	Data Breach
2734	ClawJacked (CVE not specified)	critical	8.5	1	Vulnerability Exploitation
2735	Human error (tricked customer support employees into granting access)	critical	8.5	1	Data Breach
2736	CVE-2025-33230	critical	8.5	1	Vulnerability
2737	Obfuscated Payloads	critical	8.5	1	Phishing
2738	Bias in AI algorithms (e.g., loan approvals, credit scoring)	critical	8.5	1	Cybersecurity Risk Assessment
2739	CVE-2025-54910 (Office RCE)	critical	8.5	1	Malware (Infostealer)
2740	SIM-swapping	critical	8.5	1	SIM-swapping
2741	GoAnywhere MFT (specific CVE not mentioned)	critical	8.5	1	Data Breach
2742	Third-party system vulnerability	critical	8.5	1	Data Breach
2743	CVE-2026-40372	critical	8.5	1	Privilege Escalation
2744	Click2Gov Payment System	critical	8.5	1	Data Breach
2745	AcroForms, FlateDecode (PDF features), abuse of legitimate cloud services (Vercel Blob storage)	critical	8.5	1	Phishing
2746	Weak User Authentication	critical	8.5	1	Data Breach
2747	Compromised package versions (2.6.0, 2.6.1, 2.6.2)	critical	8.5	1	Supply Chain Attack
2748	Misconfiguration in Trivy vulnerability scanner	critical	8.5	1	Supply Chain Attack
2749	CVE-2025-54136 (MCPoison) - Trust Model Flaw in MCP Configuration Handling	critical	8.5	1	Vulnerability
2750	Lack of segmentation between IT and operational systems	critical	8.5	1	Data Breach
2751	Compromised remote access credentials from third-party service providers	critical	8.5	1	Data Breach
2752	Bypassed multi-factor authentication (MFA)	critical	8.5	1	Data Breach
2753	CWE-319: Cleartext Transmission of Sensitive Information (weak AES encryption)	critical	8.5	1	Data Breach
2754	Microsoft Windows Vulnerabilities	critical	8.5	1	Vulnerability Exploitation
2755	CVE-2026-1220 (Race Condition in V8 JavaScript Engine)	critical	8.5	1	Vulnerability Exploitation
2756	Weak Password Reset Mechanisms	critical	8.5	1	Cyberattack
2757	Lack of encryption for sensitive data	critical	8.5	1	Data Breach
2758	third-party integrations (speculated)	critical	8.5	1	data breach
2759	Excessive Data Access Permissions	critical	8.5	1	Data Breach
2760	Multi-Factor Authentication (MFA) bypass, Session token hijacking, Credential theft via phishing kits	critical	8.5	1	Phishing/Vishing, Credential Theft, Data Breach, Session Hijacking
2761	Static default password in remote desktop software	critical	8.5	1	Data Breach
2762	Insecure Direct Object Reference (Sapphos API)	critical	8.5	1	Malware (Infostealer)
2763	Improper TLS Certificate Validation (CWE-295)	critical	8.5	1	Vulnerability
2764	Insufficient sanitization in the `serialize` function (CVE-2026-0969)	critical	8.5	1	Remote Code Execution (RCE)
2765	Improper scoping of OAuth permissions in Salesloft Drift (Salesforce-integrated tool)	critical	8.5	1	Data Breach
2766	User trust in online platforms	critical	8.5	1	Phishing
2767	social engineering targeting IT helpdesks	critical	8.5	1	data breach
2768	CVE-2025-4366	critical	8.5	1	HTTP Request Smuggling
2769	Unencrypted data on decommissioned equipment	critical	8.5	1	Data Breach
2770	inadequate staff training	critical	8.5	1	data breach
2771	Improper use of tracking technologies on authenticated pages (patient portals) without HIPAA-compliant authorizations or business associate agreements	critical	8.5	1	Data Breach
2772	Supply-chain risks	critical	8.5	1	Third-party data exploitation
2773	Website Migration	critical	8.5	1	Data Breach
2774	Unauthenticated Access	critical	8.5	1	Data Breach
2775	Weak Authentication Credentials / Use of Non-Corporate Devices	critical	8.5	1	Data Breach / Unauthorized Access
2776	Human error (social engineering of third-party employee)	critical	8.5	1	Data Breach
2777	Human Error (Employee Susceptibility to Phishing)	critical	8.5	1	Data Breach
2778	Cloud Vendor Compromise	critical	8.5	1	Data Breach
2779	no encryption	critical	8.5	1	data breach
2780	Weak verification processes for new user accounts on online gambling platforms	critical	8.5	1	Fraud Scheme
2781	Transaction Front-running	critical	8.5	1	Security Breach
2782	CVE-2026-21513	critical	8.5	1	Zero-Day Vulnerability
2783	Endpoint Detection and Response (EDR) Services	critical	8.5	1	Ransomware Attack
2784	Human Error (Compromised Employee Email Account)	critical	8.5	1	Data Breach
2785	Spree IDOR Flaws (CVE-2026-22588/22589)	critical	8.5	1	Supply Chain Attack
2786	Discord's API	critical	8.5	1	Phishing
2787	abuse of LaunchAgents for persistence	critical	8.5	1	malware
2788	Lack of Access Controls / Unencrypted Data Storage	critical	8.5	1	Data Exposure
2789	CVE-2026-20817 (CWE-280: Improper Handling of Insufficient Permissions)	critical	8.5	1	Privilege Escalation
2790	CVE-2026-21992	critical	8.5	1	Remote Code Execution (RCE)
2791	Social Engineering (ClickFix technique)	critical	8.5	1	Malware Campaign
2792	Lack of Second-Layer Security Checks in API Configurations	critical	8.5	1	Data Breach
2793	CVE-2026-5281 (Use-after-free in Dawn GPU abstraction layer)	critical	8.5	1	Zero-Day Exploitation
2794	CVE-2026-33826 (Improper Input Validation - CWE-20)	critical	8.5	1	Vulnerability Disclosure
2795	Authentication failures	critical	8.5	1	API Security Breach
2796	Server Security Issue	critical	8.5	1	Data Breach
2797	Human Error (Tricked Call Center Worker)	critical	8.5	1	Data Breach
2798	Insecure Age-Verification System	critical	8.5	1	Surveillance
2799	Publicly accessible production chatbots	critical	8.5	1	LLMjacking
2800	CVE-2025-61884 (CVSS 7.5 - Information Disclosure in Runtime UI)	critical	8.5	1	Vulnerability Exploitation
2801	CVE-2026-32647 (Out-of-bounds read in ngx_http_mp4_module)	critical	8.5	1	Vulnerability Exploitation
2802	CVE-2025-54236 (SessionReaper)	critical	8.5	1	Vulnerability Exploitation
2803	Weak identity verification	critical	8.5	1	Identity Theft
2804	CVE-2026-25173	critical	8.5	1	Remote Code Execution (RCE)
2805	Light-touch KYC, Instant SEPA transfers, Gaps in point-in-time checks	critical	8.5	1	Money Laundering, Fraud, Account Takeover
2806	Remote Access to Car Functions	critical	8.5	1	Vulnerability Exploit
2807	CVE-2026-34486	critical	8.5	1	Vulnerability Exploitation
2808	Unsecured Amazon Web Services (AWS) S3 bucket lacking proper access controls	critical	8.5	1	Data Breach
2809	Unsecured Public LLM Interactions	critical	8.5	1	Data Leakage
2810	Health Information Exchange (HIE) platform misconfiguration	critical	8.5	1	Data Breach
2811	Google Analytics and Google Ads misconfiguration	critical	8.5	1	Data Breach
2812	Unsecured AWS bucket	critical	8.5	1	Data Breach
2813	Inadequate monitoring of low-volume, time-distributed unauthorized access	critical	8.5	1	Data Breach
2814	Improper FOIA Redaction Procedures	critical	8.5	1	Data Breach
2815	Abuse of Android’s Accessibility Service	critical	8.5	1	Malware (Remote Access Trojan - RAT)
2816	CWE-269: Improper Privilege Management	critical	8.5	1	Data Exposure
2817	lack of credential rotation	critical	8.5	1	data breach
2818	CVE pending (related to 'node-forge' cryptographic signature verification flaw)	critical	8.5	1	Vulnerability
2819	Account Credentials	critical	8.5	1	Data Breach
2820	CVE-2026-23594	critical	8.5	1	Privilege Escalation
2821	Inadequately secured network (Salesloft)	critical	8.5	1	Data Breach (Third-Party Vendor Compromise)
2822	NPM Dependencies	critical	8.5	1	Malware Deployment
2823	lack of monitoring	critical	8.5	1	data breach
2824	IDOR	critical	8.5	1	Data Breach
2825	Postinstall hook abuse, self-dependency trick	critical	8.5	1	Supply Chain Attack
2826	weak password practices	critical	8.5	1	data breach
2827	CVE-2025-20333 & CVE-2025-20363 (Cisco ASA VPN)	critical	8.5	1	Ransomware
2828	CVE-2025-30248 (CWE-427: Uncontrolled Search Path Element)	critical	8.5	1	DLL Hijacking
2829	Poor security practices, shared credentials or third-party tool managing access	critical	8.5	1	Account Takeover
2830	Weak or Stolen OAuth Token Management (External App Connection to Salesforce)	critical	8.5	1	Data Breach
2831	Insufficient data encryption	critical	8.5	1	Data Breach
2832	Salesforce integration flaw (Drift-Salesloft)	critical	8.5	1	data breach
2833	Misconfigured Stravito Access (Internal Documents)	critical	8.5	1	Data Exposure
2834	Supply chain compromise in CI/CD dependencies	critical	8.5	1	Supply Chain Attack
2835	Outdated or poorly secured API interfaces	critical	8.5	1	Data Breach
2836	Stack-based buffer overflow (Libbiosig)	critical	8.5	1	Vulnerability Disclosure
2837	Poor Security Practices	critical	8.5	1	Data Breach
2838	Poor Staff Awareness of Insider Threats	critical	8.5	1	Unauthorized Access
2839	CVE-2026-22218 (Arbitrary File Read)	critical	8.5	1	Vulnerability Exploitation
2840	zero-day_vulnerabilities	critical	8.5	1	data_breach
2841	Inadequate data retention/deletion policies	critical	8.5	1	Data Breach Risk
2842	Weaknesses in vendor credential management	critical	8.5	1	Data Breach
2843	CVE-2026-24281	critical	8.5	1	Data Exposure
2844	Lack of Authentication on Cloud Storage	critical	8.5	1	Data Exposure
2845	CVE-2026-39987 (CVSS 9.3)	critical	8.5	1	Remote Code Execution (RCE)
2846	Unregulated AI Tool Integration	critical	8.5	1	Data Privacy Fragmentation
2847	Lack of Robust Guardrails for Non-Text Modalities	critical	8.5	1	Prompt Extraction
2848	Broken Object Level Authorization (BOLA)	critical	8.5	1	Data Breach
2849	CVE-2026-39808	critical	8.5	1	OS command injection
2850	Out-of-bounds read (Grassroot DICOM)	critical	8.5	1	Vulnerability Disclosure
2851	MOVEit Server	critical	8.5	1	Data Breach
2852	Unauthenticated file upload flaw in Magento Open Source, Magento Enterprise, Adobe Commerce, and Adobe Commerce with the B2B module	critical	8.5	1	Defacement, Unauthorized File Upload
2853	WebSocket auth bypass (CVE-2025-52882, CVSS: 8.8)	critical	8.5	1	Arbitrary Code Execution
2854	limited_cybersecurity_resources	critical	8.5	1	data_breach
2855	Oracle’s eBusiness Suite software vulnerability	critical	8.5	1	Data Breach
2856	CVE-2025-31334	critical	8.5	1	Vulnerability Exploitation
2857	Insufficient Behavioral Monitoring for Authorized Users	critical	8.5	1	Data Breach
2858	Compromise of private keys	critical	8.5	1	Security Breach
2859	Unauthenticated Access to TRT Tool (Employee Data)	critical	8.5	1	Data Exposure
2860	Weak security practices	critical	8.5	1	Fraud/Scam
2861	improper data retention by third-party vendor	critical	8.5	1	data breach
2862	Coding error in PayPal Working Capital (PPWC) loan application	critical	8.5	1	Data Breach
2863	Insufficient validation process for third-party API access	critical	8.5	1	Data Breach
2864	Salesforce environment access	critical	8.5	1	Data Breach
2865	Unauthorized access to cloud system	critical	8.5	1	Data Exposure
2866	Hardcoded file path in OpenSSL integration (CVE-2026-3991)	critical	8.5	1	Local Privilege Escalation (LPE)
2867	Outdated Security Protocols (vendor)	critical	8.5	1	Data Breach
2868	CVE-2025-54135	critical	8.5	1	Vulnerability Exploitation
2869	hardcoded secrets in code	critical	8.5	1	data exposure
2870	Critical CVEs	critical	8.5	1	Identity Compromise
2871	shadow_AI	critical	8.5	1	data_breach
2872	unsecured Azure Blob Storage	critical	8.5	1	data breach
2873	npm run dev execution	critical	8.5	1	Supply Chain Attack
2874	Vulnerability in Gladinet CentreStack	critical	8.5	1	Data Breach
2875	Insider Access Abuse	critical	8.5	1	Data Breach
2876	AI-Specific Attack Vectors (Prompt Injection, Model Poisoning)	critical	8.5	1	Supply Chain Attack
2877	Weak password storage (base64 hashes or unhashed passwords)	critical	8.5	1	Data Breach
2878	CVE-2026-26111	critical	8.5	1	Remote Code Execution (RCE)
2879	Weak third-party credential management	critical	8.5	1	Data Breach
2880	CVE-2025-43300 (Apple OS-level vulnerability)	critical	8.5	1	Zero-day vulnerability
2881	misconfigured data visualization tool	critical	8.5	1	data exposure
2882	CVE-2026-2275	critical	8.5	1	Remote Code Execution
2883	Malicious postinstall scripts	critical	8.5	1	Supply Chain Attack
2884	CVE-2025-31191	critical	8.5	1	Sandbox Escape Vulnerability
2885	Social Engineering, Trust Exploitation	critical	8.5	1	Phishing
2886	Access Control Mechanisms	critical	8.5	1	Data Breach
2887	CVE-2025-13328	critical	8.5	1	Information Leak
2888	Human Error (Misconfigured Email Distribution List)	critical	8.5	1	Data Breach (Unintentional Disclosure)
2889	lack of encryption for stored data	critical	8.5	1	data breach
2890	Inadequate acceptable use policies for AI	critical	8.5	1	Data Leakage
2891	Legitimate API traffic for command-and-control (C2) communications	critical	8.5	1	Cyber Espionage
2892	Juniper PTX router RCE flaw	critical	8.5	1	APT Activity
2893	Lack of least-privilege access controls	critical	8.5	1	Data Breach
2894	Inconsistent security measures	critical	8.5	1	Phishing
2895	CVE-2026-3098	critical	8.5	1	Vulnerability Exploitation
2896	CVE-2025-33206 (Improper Input Validation - CWE-78)	critical	8.5	1	Vulnerability Exploitation
2897	Lack of Authentication (No Password Protection)	critical	8.5	1	Data Exposure / Unsecured Database
2898	Citrix Software Vulnerability (unspecified)	critical	8.5	1	Data Breach
2899	Oracle EBS vulnerability	critical	8.5	1	Data Breach
2900	absence of suspicious login alerts	critical	8.5	1	data breach
2901	Human Error (Misaddressed Email)	critical	8.5	1	Data Breach (Phishing / Unauthorized Disclosure)
2902	CVE-2025-54236 (SessionReaper - Session Data Storage on File System)	critical	8.5	1	Vulnerability Disclosure
2903	CVE-2024-5806	critical	8.5	1	Supply Chain Attack, Data Breach, Ransomware
2904	Exposed API Keys	critical	8.5	1	Cloud Security Breach
2905	Flash Player	critical	8.5	1	Cyber Attack
2906	Unauthenticated Admin Functions (GRS Panel, HTML Injection)	critical	8.5	1	Data Exposure
2907	Unapplied security patches to its software	critical	8.5	1	Data Breach
2908	Abuse of Shared Access Signature (SAS) tokens and trusted cloud tools	critical	8.5	1	Ransomware
2909	CVE-2026-20184 (CWE-295)	critical	8.5	1	Vulnerability Exploitation
2910	Morris Worm (1988 - Buffer Overflow in `fingerd`/`sendmail`)	critical	8.5	1	Memory Corruption
2911	Overbroad OAuth Token Permissions	critical	8.5	1	Data Breach
2912	Model Context Protocol (MCP) flaws	critical	8.5	1	Vulnerability Exploitation
2913	Unpatched flaw (addressed in July 2023 update, additional vulnerabilities patched in October 2023)	critical	8.5	1	Data Breach
2914	MOVEit Transfer programme zero-day vulnerability	critical	8.5	1	Data Breach
2915	Automatic Opt-Ins	critical	8.5	1	Data Privacy Issue
2916	Weak authentication measures in Fast Pair protocol	critical	8.5	1	Vulnerability Exploitation
2917	Unpatched vulnerabilities, Unintentional installation of malware by IT personnel with admin privileges	critical	8.5	1	Supply Chain Attack, Data Breach
2918	MOVEit file transfer tool (global exploit)	critical	8.5	1	Data Breach
2919	System misconfiguration reactivating disabled feature	critical	8.5	1	Data Breach
2920	Clickjacking (CWE-1021)	critical	8.5	1	Vulnerability Disclosure
2921	High-severity flaws	critical	8.5	1	Zero-day exploitation
2922	CVE-2026-3518	critical	8.5	1	vulnerability
2923	Unknown vulnerability in the spam quarantine server software	critical	8.5	1	Data Breach
2924	Improper data handling and lack of safeguards	critical	8.5	1	Data Breach
2925	Human access points, Infected endpoints	critical	8.5	1	Data Breach, Financial Theft, Ransomware (Suspected)
2926	Insider Knowledge (Ethan Lipnik's Willingness to Share)	critical	8.5	1	Trade Secret Theft
2927	Default remote user account, no-password accounts, unsecured 'superuser' account	critical	8.5	1	Misconfiguration
2928	SOHO devices	critical	8.5	1	Credential Theft
2929	Lack of disclosure and user consent for data collection	critical	8.5	1	Data Exfiltration
2930	Vulnerability with technology vendor	critical	8.5	1	Data Breach
2931	Improper handling of inter-app data access in EngageLab SDK	critical	8.5	1	Vulnerability Exploitation
2932	CVE-2025-23121	critical	8.5	1	Vulnerability
2933	Application misconfiguration	critical	8.5	1	Data Breach
2934	CVE-2026-27728	critical	8.5	1	Command Injection
2935	Weak KYC processes, Fast account opening, SEPA transfer infrastructure	critical	8.5	1	Fraud, Money Laundering
2936	Insecure defaults in Google Cloud Platform (GCP) API key architecture	critical	8.5	1	Data Exposure
2937	Compromised third-party OAuth integration	critical	8.5	1	Data Breach
2938	Improper Input/Output Sanitization in AI Chatbot (XSS)	critical	8.5	1	Vulnerability Exploitation
2939	Unsecured digital identities for AI agents	critical	8.5	1	Data Leakage
2940	Parking Permit System Flaw (since 2017)	critical	8.5	1	Data Breach
2941	Employee Bypass of Sanctioned Tools	critical	8.5	1	Data Leakage
2942	Poor credential hygiene (hard-coded/exposed credentials)	critical	8.5	1	Data Breach
2943	CVE-2026-25903	critical	8.5	1	Authorization Bypass
2944	Weaknesses in IVR System Authentication	critical	8.5	1	Cyberattack
2945	Semantic Drift in Multimodal AI	critical	8.5	1	Prompt Extraction
2946	CVE-2025-51683 (Blind SQL Injection)	critical	8.5	1	SQL Injection
2947	CVE-2026-27739	critical	8.5	1	SSRF (Server-Side Request Forgery)
2948	Inadequate encryption, insufficient vendor security vetting	critical	8.5	1	Data Breach
2949	Publicly Exposed API Token	critical	8.5	1	Data Breach (OAuth Token Compromise)
2950	Public web server misconfiguration	critical	8.5	1	Data Breach
2951	CVE-2026-24512	critical	8.5	1	Supply Chain Attack
2952	Potential Configuration Flaws in Shared Platforms (e.g., Salesforce-like systems)	critical	8.5	1	Data Breach
2953	Lack of user verification for extension authenticity and over-permissioned access	critical	8.5	1	Malware (Malicious Browser Extension)
2954	Plug-in on e-commerce platform	critical	8.5	1	Data Breach
2955	Unprotected Elasticsearch instance	critical	8.5	1	Data Exposure
2956	Unprotected 'unlink()' call enabling unauthenticated file deletion	critical	8.5	1	SQL Injection
2957	Social engineering (PIN disclosure)	critical	8.5	1	Phishing
2958	Social Engineering, Fake Authentication Screens	critical	8.5	1	Phishing
2959	CVE-2026-1591	critical	8.5	1	Supply Chain Attack
2960	Improper handling of technical identifiers	critical	8.5	1	Data Exposure
2961	Microsoft Entra SSO Code	critical	8.5	1	Data Breach
2962	E-commerce Website	critical	8.5	1	Data Breach
2963	Unsecured admin panel, IDOR vulnerability	critical	8.5	1	Data Exposure
2964	gaps in business associate oversight	critical	8.5	1	ransomware
2965	Auto-execution of URL parameters in Microsoft Copilot Personal sessions	critical	8.5	1	Prompt Injection Attack
2966	CVE-2026-41651 (PackageKit authorization bypass)	critical	8.5	1	Privilege Escalation
2967	BeyondTrust (CVE-2026-1731)	critical	8.5	1	APT Activity
2968	CVE-2026-4048	critical	8.5	1	vulnerability
2969	CVE-2025-59449 (Incorrect Authorization)	critical	8.5	1	Denial-of-Service
2970	WebKit memory-related errors	critical	8.5	1	Vulnerability Exploitation
2971	Critical vulnerability in VIGI camera series	critical	8.5	1	Vulnerability Exploitation
2972	MOVEit application by IBM	critical	8.5	1	Data Breach
2973	Malicious npm packages impersonating legitimate libraries	critical	8.5	1	Supply Chain Attack
2974	Stolen credentials from 2025 Salesloft breach	critical	8.5	1	Data Breach
2975	CVE-2025-48561	critical	8.5	1	Data Theft
2976	CVE-2026-20435 (MediaTek chipset boot chain weakness)	critical	8.5	1	Vulnerability Exploitation
2977	CVE-2026-23596	critical	8.5	1	Privilege Escalation
2978	Inadequate Data Security Measures	critical	8.5	1	Data Breach
2979	Lack of robust identity verification during hiring process	critical	8.5	1	Data Breach (Insider Threat / Identity Misuse)
2980	Unsecured legacy server	critical	8.5	1	Data Exposure
2981	Limited IT Infrastructure	critical	8.5	1	Data Privacy Fragmentation
2982	CVE-2026-21519	critical	8.5	1	Privilege Escalation
2983	Lack of proper access controls or oversight during training	critical	8.5	1	Data Breach / Espionage
2984	Inadequate AI governance and security oversight	critical	8.5	1	Data Breach
2985	Malicious code in online store	critical	8.5	1	Data Breach
2986	active former employee credentials	critical	8.5	1	data breach
2987	Unauthenticated AI services	critical	8.5	1	LLMjacking
2988	Lack of Access Controls / Insider Threat	critical	8.5	1	Data Breach
2989	CVE-2026-3519	critical	8.5	1	vulnerability
2990	Confidential Virtual Machine (CVM) exploitation	critical	8.5	1	Zero-day vulnerability
2991	CVE-2026-21533	critical	8.5	1	Elevation of Privilege
2992	Unpatched Security Gaps	critical	8.5	1	Security Oversight
2993	Absence of web application firewall (WAF)	critical	8.5	1	Data Security Audit
2994	Backup Database Access	critical	8.5	1	Data Breach
2995	CWE-601: URL Redirection to Untrusted Site (Open Redirect) (via token manipulation)	critical	8.5	1	Data Breach
2996	Improper Authentication (MongoDB instance left unsecured)	critical	8.5	1	Data Leak
2997	Use of Pirated Corporate Software	critical	8.5	1	Info-Stealing
2998	Unencrypted data storage in an internet-accessible environment	critical	8.5	1	Data Breach
2999	Insecure data transmission by browser extensions	critical	8.5	1	Data Leakage
3000	CVE-2025-7775	critical	8.5	1	Vulnerability Exploitation
3001	CVE-2025-13915 (CWE-305: Authentication Bypass by Primary Weakness)	critical	8.5	1	Authentication Bypass
3002	Improper data handling via third-party tracking tools (e.g., Google Analytics, Meta Pixel)	critical	8.5	1	Data Privacy Breach
3003	human error (employee tricked into clicking malicious link)	critical	8.5	1	phishing
3004	Lack of Robust Security Controls on Third-Party Platforms	critical	8.5	1	Data Breach
3005	Improper handling of branch names during task execution	critical	8.5	1	Command Injection
3006	malicious CI/CD pipeline injection	critical	8.5	1	supply-chain attack
3007	Two-Factor Authentication (2FA) Bypass	critical	8.5	1	Phishing-as-a-Service (PhaaS)
3008	Notepad++ WinGUp Update Verification Flaw	critical	8.5	1	Supply Chain Attack
3009	No Rate Limiting	critical	8.5	1	Data Breach
3010	CVE-pending (Overly Permissive Origin Allowlist, DOM-Based XSS in Arkose Labs CAPTCHA component)	critical	8.5	1	Zero-Click Vulnerability, Prompt-Injection Attack
3011	Failure to Follow Standard Operating Procedures	critical	8.5	1	Data Breach
3012	weak cybersecurity safeguards in third-party vendor (Salesforce)	critical	8.5	1	data breach
3013	Excessive permissions, hidden app functionality, cloud service abuse (Firebase, Google Apps Script, Telegram, Google Drive)	critical	8.5	1	Malware (Remote Access Trojan - RAT)
3014	TrueConf Client Flaw	critical	8.5	1	Vulnerability Exploitation
3015	Six low-severity flaws	critical	8.5	1	Data Leak
3016	Insufficient DLP and behavioral analytics	critical	8.5	1	Data Breach
3017	AutoConsent JS bridge in DuckDuckGo Android browser (UXSS)	critical	8.5	1	Vulnerability Exploitation
3018	Lack of input validation controls	critical	8.5	1	Data Security Audit
3019	MOVEit Transfer Vulnerability (CVE-2023-34362)	critical	8.5	1	Data Breach
3020	Fingerprinting	critical	8.5	1	Phishing
3021	CVE-2025-14560	critical	8.5	1	Vulnerability Exploitation
3022	Unauthorized data sharing via embedded trackers	critical	8.5	1	Data Privacy Violation
3023	Leak of User Emails	critical	8.5	1	Data Breach
3024	Weak or Compromised Employee Credentials	critical	8.5	1	Data Breach
3025	Poor credential management	critical	8.5	1	Unauthorized Access
3026	Unpatched React frontend application	critical	8.5	1	Data Breach
3027	Over-Permissive Access to CRM/Donor Data	critical	8.5	1	Data Breach
3028	Lack of input validation in web configuration interfaces	critical	8.5	1	DNS Hijacking
3029	Lack of access controls / improper employee oversight	critical	8.5	1	Unauthorized Access / Insider Threat
3030	Kademlia-based P2P Network	critical	8.5	1	Zero-day Exploitation
3031	unpatched vulnerabilities in enterprise software	critical	8.5	1	ransomware
3032	AWS Bedrock’s AgentCore Code Interpreter Sandbox Bypass	critical	8.5	1	Data Exfiltration
3033	Social Engineering, macOS TCC Bypass (SQL Injection into Privacy Database)	critical	8.5	1	Phishing, Malware
3034	Failure to remediate known vulnerabilities	critical	8.5	1	Data Breach
3035	Trivial vulnerability	critical	8.5	1	Data Breach
3036	Third-Party Platform Security (Salesforce)	critical	8.5	1	Data Breach
3037	Zero-day vulnerability in third-party software platform	critical	8.5	1	Data Breach
3038	Weak BYOD Policies	critical	8.5	1	Insider Threat
3039	third-party_file_transfer_solutions	critical	8.5	1	data_breach
3040	legitimate credentials misuse	critical	8.5	1	phishing
3041	AWS Trusted Advisor Bypass via S3 Bucket Policy Misconfiguration (Deny Rules for `s3:GetBucketPolicyStatus`, `s3:GetBucketPublicAccessBlock`, `s3:GetBucketAcl`)	critical	8.5	1	Misconfiguration
3042	Inadequate cloud storage security	critical	8.5	1	Data Breach
3043	DNS Infrastructure Weakness (Box Domains)	critical	8.5	1	DNS Hijacking
3044	inadequate data retention policies	critical	8.5	1	data breach
3045	Insecure Amazon S3 databases	critical	8.5	1	Data Exposure
3046	Delayed breach detection	critical	8.5	1	Data Breach
3047	Redis code execution	critical	8.5	1	Supply Chain Attack
3048	Weak security measures in credit card terminals	critical	8.5	1	Cyber Crime
3049	CVE-2026-20700	critical	8.5	1	Exploit Kit
3050	F5 BIG-IP AMP vulnerability	critical	8.5	1	data_breach
3051	CVE-2023-6895	critical	8.5	1	Espionage
3052	FG-IR-26-060 (CWE-288: Authentication Bypass Using an Alternate Path or Channel)	critical	8.5	1	Authentication Bypass
3053	Weakness in OAuth token security for Salesloft Drift integrations	critical	8.5	1	Data Breach
3054	OpenAI-compatible APIs (port 8000)	critical	8.5	1	LLMjacking
3055	Unauthorized access due to exposed credentials	critical	8.5	1	Data Breach
3056	Unverified JWT payload	critical	8.5	1	Vulnerability Exploit
3057	Quantum Model Memorization of Training Data	critical	8.5	1	Privacy Breach
3058	CVE-2025-10184 (Improper Permission Handling in OxygenOS Telephony Package)	critical	8.5	1	Vulnerability
3059	Reuse of leaked personal data, Lack of user awareness	critical	8.5	1	Phishing / Social Engineering
3060	Misconfigured access control, lack of IP whitelisting	critical	8.5	1	Data Leak
3061	CVE-2026-40050 (Path-Traversal)	critical	8.5	1	Vulnerability Exploitation
3062	Compromised Administrator Account	critical	8.5	1	Ransomware
3063	CVE-2026-20046	critical	8.5	1	Privilege Escalation
3064	Improper disposal of hardware containing sensitive data	critical	8.5	1	Data Breach (Physical/Improper Disposal)
3065	CVE-2025-53652	critical	8.5	1	Command Injection
3066	Legacy accounts	critical	8.5	1	Phishing
3067	improper data retention	critical	8.5	1	data breach
3068	Supply chain weakness in analytics data handling	critical	8.5	1	Data Breach
3069	Cloaking	critical	8.5	1	Phishing
3070	Error in server configuration change	critical	8.5	1	Data Breach
3071	Lack of AI Governance Frameworks	critical	8.5	1	Data Leakage
3072	Token Sprawl	critical	8.5	1	Data Breach
3073	lack of encryption and authentication (non-password-protected database)	critical	8.5	1	data exposure
3074	MOVEit secure file transfer solution vulnerability	critical	8.5	1	Data Breach
3075	Incorrectly configured database	critical	8.5	1	Data Leak
3076	Insecure 'super admin' APIs allowing unauthenticated high-privilege account creation	critical	8.5	1	Data Exposure
3077	Employee Access	critical	8.5	1	Data Breach
3078	Setting turned on by Patient Portal vendor	critical	8.5	1	Data Breach
3079	Inadequate audit logging	critical	8.5	1	Data Breach
3080	Notification data retention flaw in iOS	critical	8.5	1	Privacy Flaw / Data Retention Vulnerability
3081	Inadequate cybersecurity measures (alleged)	critical	8.5	1	Data Breach
3082	weak threat-detection system	critical	8.5	1	data breach
3083	Auto-execution of `runOptions.runOn: 'folderOpen'` in tasks	critical	8.5	1	Arbitrary Code Execution
3084	Several vulnerabilities in the Likud app	critical	8.5	1	Data Breach
3085	Stolen credentials (Okta SSO account of a support agent)	critical	8.5	1	Data Breach
3086	Security flaw in third-party software	critical	8.5	1	Data Breach
3087	Mobile Application Vulnerability	critical	8.5	1	Data Breach
3088	CVE-2025-XXXX (WebKit Zero-Day 2)	critical	8.5	1	Zero-Day Exploit
3089	Fail-open design in security scanning system (CWE-636: Not Failing Securely)	critical	8.5	1	Supply Chain Attack
3090	CVE-2026-3338	critical	8.5	1	Cryptographic Vulnerability
3091	weak validator key security	critical	8.5	1	blockchain exploit
3092	MOVEit Transfer zero-day vulnerability (CVE-2023-34362)	critical	8.5	1	Data Breach
3093	Network Access Feature in Claude (Sandbox Environment)	critical	8.5	1	Data Exfiltration
3094	Poor Internal Access Controls	critical	8.5	1	Data Breach
3095	Potential Weak Email Security Controls	critical	8.5	1	Phishing
3096	CVE-2025-54253 (Misconfiguration in AEM Forms - Apache Struts 'devMode' enabled + Authentication Bypass)	critical	8.5	1	Vulnerability Exploitation
3097	Improper Access Controls (Publicly Accessible Folder)	critical	8.5	1	Data Breach
3098	Misconfigured AWS Storage Bucket	critical	8.5	1	Data Exposure
3099	CVE-2025-55227 (SQL Server Privilege Escalation)	critical	8.5	1	Malware (Infostealer)
3100	MOVEit secure file transfer tool vulnerability	critical	8.5	1	Data Breach
3101	Incorrect access settings	critical	8.5	1	Data Breach
3102	Excessive guest user permissions, misconfigured guest access to public APIs	critical	8.5	1	Data Theft
3103	Weak Authentication in AI Hiring System (Password '123456')	critical	8.5	1	Data Exposure
3104	CVE-2025-33229	critical	8.5	1	Vulnerability
3105	CVE (not specified)	critical	8.5	1	Vulnerability Exploitation
3106	Unauthorized access to Microsoft Office 365 email account	critical	8.5	1	Data Breach
3107	CVE-2025-54820 (Stack-based buffer overflow, CWE-121)	critical	8.5	1	Remote Code Execution (RCE)
3108	Full takeover of Tesla’s infotainment system	critical	8.5	1	Zero-Day Vulnerabilities
3109	Unsecured third-party server	critical	8.5	1	Data Breach
3110	Improperly secured database	critical	8.5	1	Data Exposure
3111	Undisclosed zero-day vulnerability in WhatsApp calling feature	critical	8.5	1	Zero-Day Exploit
3112	Lack of access controls and monitoring	critical	8.5	1	Unauthorized Data Access
3113	CVE-2026-21519 (Type Confusion - CWE-843)	critical	8.5	1	Elevation of Privilege
3114	CWE-798: Use of Hard-coded Credentials	critical	8.5	1	Data Breach
3115	MOVEit file transfer service vulnerability	critical	8.5	1	Data Breach
3116	Lack of authentication controls, Aftermarket modifications, Unrestricted AI-driven data collection, Subcontractor access to sensitive data	critical	8.5	1	Data Breach, Compliance Violation, Privacy Violation
3117	CVE-2025-43300 (Image I/O framework - out-of-bounds write)	critical	8.5	1	Zero-day vulnerability
3118	Lack of Multi-Layered Authentication for Integrations	critical	8.5	1	Data Breach
3119	CVE-2026-34621 (Prototype pollution vulnerability)	critical	8.5	1	Zero-day Exploitation
3120	Hardcoded secrets in AI-generated code, MCP configurations, overprivileged access	critical	8.5	1	Data Leak
3121	MOVEit file transfer tool	critical	8.5	1	Data Breach
3122	Exposed Elasticsearch Database without Password	critical	8.5	1	Data Breach
3123	Vulnerability in SonicWall firewall	critical	8.5	1	Data Breach
3124	Insider access to patient records	critical	8.5	1	Data Breach
3125	Remote Work Vulnerabilities (COVID-19 Exploitation)	critical	8.5	1	Data Breach
3126	Human error, lack of centralized IT control, decentralized IT departments	critical	8.5	1	Data Breach
3127	CVE-2026-31790	critical	8.5	1	Data Leak
3128	No Technical Vulnerability (Human Factor)	critical	8.5	1	Trade Secret Theft
3129	Unrestricted internet access to real-time surveillance data without authentication	critical	8.5	1	Data Breach
3130	MongoDB database vulnerability	critical	8.5	1	Data Breach
3131	CVE-2016-5817 (Critical SQL injection in Navis WebAccess)	critical	8.5	1	cyberattack
3132	Overprivileged OAuth Tokens	critical	8.5	1	Data Breach (OAuth Token Compromise)
3133	manque de protection des terminaux personnels	critical	8.5	1	cyberattaque
3134	Automated link preview generation in AI agents	critical	8.5	1	Data Exfiltration
3135	lack of code signing verification for replaced applications	critical	8.5	1	malware
3136	Unspecified coding error in SchoolMessenger application	critical	8.5	1	Data Breach
3137	Human error (phishing attack on staff)	critical	8.5	1	Data Breach
3138	inadequate validation of third-party services (Cloudflare Pages)	critical	8.5	1	phishing
3139	Data Corruption	critical	8.5	1	Data Leak
3140	Compromised LiteLLM AI API tool versions	critical	8.5	1	Data Breach
3141	unpatched vulnerabilities in network devices	critical	8.5	1	ransomware
3142	Unpatched Smart Contract Bugs	critical	8.5	1	Privacy Violation
3143	WebOTP API, Clipboard Access, Notification Control, PWA Installation Permissions, Android Permissions Abuse	critical	8.5	1	Phishing
3144	CVE-2026-23818 (Open Redirect in GUI Login Workflow)	critical	8.5	1	Phishing-Style Exploit
3145	CVE-2026-39987 (Marimo RCE)	critical	8.5	1	Vulnerability Exploitation
3146	CVE-2026-24308	critical	8.5	1	Data Exposure
3147	Long-Term Data Retention	critical	8.5	1	Data Breach
3148	Coruna (23 distinct security flaws)	critical	8.5	1	Vulnerability Exploitation
3149	Unauthorized data sharing via embedded tracking tools	critical	8.5	1	Data Breach
3150	Human vulnerability (bribery of customer support agents)	critical	8.5	1	Data Breach
3151	Unauthorized data transmission via third-party integrations	critical	8.5	1	Data Breach
3152	Software vulnerabilities (AI-accelerated identification)	critical	8.5	1	Cyber Espionage, Critical Infrastructure Attack, Data Breach
3153	Apple Notarization Bypass (ChillyHell)	critical	8.5	1	Malware (Infostealer)
3154	Unprotected Cloud Repository	critical	8.5	1	Data Leak
3155	Authentication bypass in Passwordstate Emergency Access (CVE pending)	critical	8.5	1	Authentication Bypass Vulnerability
3156	Progress MOVEit Transfer	critical	8.5	1	Data Breach
3157	Inadequate logging	critical	8.5	1	Data Breach
3158	Stolen authentication tokens	critical	8.5	1	Data Breach
3159	Over-Permissioned OAuth Applications, Exposed Credentials, Weak Monitoring of Environment Variables	critical	8.5	1	OAuth Abuse, Credential Theft, Lateral Movement
3160	Skimming	critical	8.5	1	Data Breach
3161	Server Vulnerabilities	critical	8.5	1	Smishing Scam
3162	Unsecured Data Transfer Methods	critical	8.5	1	Insider Threat
3163	CVE-2025-3155	critical	8.5	1	Vulnerability Exploit
3164	Plaintext Password Transmission (Design Hub)	critical	8.5	1	Data Exposure
3165	CVE-2025-67644	critical	8.5	1	Data Exfiltration
3166	Missing role checks during user onboarding	critical	8.5	1	Autonomous AI-driven cyber attack
3167	Unpatched RCE vulnerabilities	critical	8.5	1	Botnet
3168	Insufficient access controls and monitoring for employee data handling	critical	8.5	1	Unauthorized Data Transfer
3169	CVE-2025-3102	critical	8.5	1	Vulnerability Exploitation
3170	unprotected storage bucket	critical	8.5	1	data breach
3171	Improper Firebase security rules (publicly accessible database)	critical	8.5	1	Data Breach
3172	Vulnerability in Accellion FTA system	critical	8.5	1	Data Breach
3173	Expired domain takeover, lack of ongoing security validation for Office add-ins	critical	8.5	1	Phishing, Credential Theft, Data Exfiltration
3174	Outdated cryptographic practices	critical	8.5	1	Data Breach/Vulnerability Exposure
3175	CVE-2025-68428	critical	8.5	1	Local File Inclusion / Path Traversal
3176	Improper CSV processing allowing unauthenticated file reads	critical	8.5	1	SQL Injection
3177	Weak multi-factor authentication (MFA) enforcement, password reuse, exposed network edge devices (e.g., Fortinet FortiGate-60E with open ports)	critical	8.5	1	Credential Stuffing
3178	Improper Access Control (Publicly Exposed Sensitive Data)	critical	8.5	1	Data Breach
3179	CVE-Pending (CamoLeak: Copilot Chat's parsing of invisible markdown + Camo image-proxy exfiltration)	critical	8.5	1	Data Exfiltration
3180	Inactive user accounts not deactivated	critical	8.5	1	Data Breach
3181	Trust in community integrations, lack of sandboxing in n8n community nodes	critical	8.5	1	Supply Chain Attack
3182	Inadequate governance for AI systems	critical	8.5	1	Cybersecurity Risk Assessment
3183	Unencrypted student data	critical	8.5	1	Data Breach
3184	SQL injection (20.0%)	critical	8.5	1	API Security Breach
3185	Misconfigured database lacking proper authentication controls	critical	8.5	1	Data Breach
3186	weak access controls at third-party vendor	critical	8.5	1	data breach
3187	CVE-2026-26144	critical	8.5	1	Vulnerability
3188	User trust in AI-themed extensions, lack of stringent Chrome Web Store security checks	critical	8.5	1	Malicious Browser Extensions
3189	Insufficient Conditional Access Controls	critical	8.5	1	Cloud Security Breach
3190	Lack of Multi-Factor Authentication (implied)	critical	8.5	1	Data Breach
3191	Weak or default SSH credentials	critical	8.5	1	Botnet
3192	CVE-2026-2447 (Heap buffer overflow in libvpx video codec)	critical	8.5	1	Vulnerability Exploitation
3193	Progress Software's MOVEit secure file transfer tool	critical	8.5	1	Data Breach
3194	CVE-2026-3062 (Out-of-bounds read/write in Tint shader engine)	critical	8.5	1	Vulnerability Patch
3195	CVE-2025-27889	critical	8.5	1	Vulnerability Exploitation
3196	CVE-2025-9142 (JWT manipulation and directory traversal in Perimeter81 service component)	critical	8.5	1	Privilege Escalation
3197	Lack of API Key Ownership Validation	critical	8.5	1	Data Exfiltration
3198	Social Engineering (Tax-Season Lures), Spoofed Login Pages, Trusted RMM Tools Abuse	critical	8.5	1	Phishing, Credential Harvesting, Malware Deployment
3199	Meraki API keys, unsecured surveillance systems	critical	8.5	1	Data Breach
3200	Weak encryption in data-sharing mandates	critical	8.5	1	Cybersecurity Risk Assessment
3201	Human error (deception of individuals into disclosing confidential information)	critical	8.5	1	Data Breach
3202	CVE-2026-33829	critical	8.5	1	Information Disclosure
3203	CVE-2026-1357	critical	8.5	1	Remote Code Execution (RCE)
3204	CVE-2026-3888	critical	8.5	1	Local Privilege Escalation (LPE)
3205	Improper Token Management	critical	8.5	1	Data Breach
3206	Weaknesses in lock systems	critical	8.5	1	Hardware vulnerability
3207	Progress Software's MOVEit Transfer application	critical	8.5	1	Data Breach
3208	Social Engineering (Employee Compromise)	critical	8.5	1	Data Breach
3209	compromised user devices (suspected)	critical	8.5	1	data breach (unverified)
3210	Critical vulnerability	critical	8.5	1	Data Breach, Account Hijacking
3211	passkey storage in password managers	critical	8.5	1	phishing
3212	CWE-798: Hard-coded Credentials	critical	8.5	1	Data Exposure
3213	CVE-2026-20040	critical	8.5	1	Privilege Escalation
3214	Weak Password ('123456')	critical	8.5	1	Data Breach
3215	Disabled Workspace Trust (Cursor Editor)	critical	8.5	1	Malware (Infostealer)
3216	Windows automatic DLL loading	critical	8.5	1	Malware Campaign
3217	Unrestricted failed authentication attempts, weak encryption for passwords and resident registration numbers	critical	8.5	1	Data Breach
3218	CVE-2026-1603	critical	8.5	1	Authentication Bypass
3219	Unencrypted and non-password-protected database	critical	8.5	1	Data Leak
3220	Lack of authentication and access controls in Firebase instances	critical	8.5	1	Data Breach
3221	Unauthorized access to shared network drive	critical	8.5	1	Data Breach
3222	Outdated TEE image reuse	critical	8.5	1	Zero-day vulnerability
3223	Okta SSO Credentials	critical	8.5	1	Data Breach
3224	Third-party vendor vulnerabilities (historical reference: Target 2013 breach)	critical	8.5	1	Data Breach
3225	compromised personal data	critical	8.5	1	fraud
3226	Hardcoded login credentials in the source code	critical	8.5	1	Data Breach
3227	Prompt Injection (AI agent misinterprets embedded commands in untrusted data as legitimate instructions)	critical	8.5	1	Vulnerability Exploitation
3228	Log4Shell	critical	8.5	1	Ransomware
3229	Vulnerability in GoAnywhere file transfer platform	critical	8.5	1	Data Breach
3230	Software misconfiguration exposing files to the internet	critical	8.5	1	Data Breach
3231	CVE-2025-33228	critical	8.5	1	Vulnerability
3232	Lack of password encryption	critical	8.5	1	Unauthorized Access
3233	CVE-2025-14756	critical	8.5	1	Command Injection
3234	VMware Aria Operations	critical	8.5	1	APT Activity
3235	Unsecured database, malware infection via phishing emails/malicious websites/cracked software	critical	8.5	1	Data Exposure
3236	Reused credentials from older data breaches	critical	8.5	1	Data Breach
3237	Social engineering, lack of multi-factor authentication	critical	8.5	1	Phishing Campaign
3238	Unsecured Internet-Connected Database	critical	8.5	1	Data Exposure
3239	Secure file transfer software	critical	8.5	1	Data Breach
3240	CVE-2025-5775	critical	8.5	1	Reconnaissance
3241	SIM swapping	critical	8.5	1	wire fraud
3242	Weak or Stolen Employee Credentials	critical	8.5	1	Data Breach
3243	CVE-2026-0629	critical	8.5	1	Authentication Bypass
3244	publicly accessible repositories	critical	8.5	1	data exposure
3245	Unauthorized Access to Customer Account Information	critical	8.5	1	Data Exposure
3246	CVE-2025-12807 (SQL Injection)	critical	8.5	1	Denial-of-Service
3247	MOVEit® Secure File Transfer software	critical	8.5	1	Data Breach
3248	Time-of-Check to Time-of-Use vulnerability in Alpitronic HYC50 EV charger	critical	8.5	1	Zero-Day Vulnerabilities
3249	Security hole in MOVEit Transfer software	critical	8.5	1	Ransomware
3250	Inadequate security measures (unspecified)	critical	8.5	1	Data Breach
3251	Flaw in online portal allowing unauthorized access to personal annual benefit statements (ABS)	critical	8.5	1	Data Breach
3252	Fragmented Data Access Controls	critical	8.5	1	Data Privacy Fragmentation
3253	Technical error in user data retrieval/logic (likely session or caching misconfiguration)	critical	8.5	1	Data Exposure (Unintentional Disclosure)
3254	Publicly Available Code Repository	critical	8.5	1	Data Breach
3255	A setting within one of Petco's software applications that inadvertently allowed certain files to be accessible online	critical	8.5	1	Data Breach
3256	Oracle WebLogic Server vulnerability	critical	8.5	1	Data Breach
3257	CVE-2026-3055 (Citrix NetScaler)	critical	8.5	1	data_breach
3258	unauthorized data upload to external platform	critical	8.5	1	data breach
3259	unsecured APIs	critical	8.5	1	ransomware
3260	Unknown system flaws in retail/luxury brand infrastructure	critical	8.5	1	Data Breach
3261	Insufficient access controls and monitoring	critical	8.5	1	Insider Threat
3262	improper access controls / misconfigured portal	critical	8.5	1	data breach
3263	Deceptive chats impersonating Signal Support chatbot	critical	8.5	1	Cyber Espionage
3264	NULL Pointer Dereference	critical	8.5	1	Privilege Escalation
3265	Insufficient sanitization of user input in XML processing	critical	8.5	1	XML External Entity (XXE) Injection
3266	User Privacy	critical	8.5	1	Privacy Breach
3267	Unpatched vulnerabilities in third-party applications	critical	8.5	1	Third-party data exploitation
3268	Improper access controls on PDF-generating page	critical	8.5	1	Data Exposure
3269	Software Vulnerabilities	critical	8.5	1	Data Breach
3270	Human Manipulation (Social Engineering)	critical	8.5	1	Phishing (Vishing)
3271	automated CI/CD pipeline execution	critical	8.5	1	supply-chain attack
3272	CVE-2026-27970	critical	8.5	1	Cross-Site Scripting (XSS)
3273	Backend API endpoint lacking proper authentication checks	critical	8.5	1	Data Breach
3274	CVE-2025-43509, Plaintext Token Storage, Lack of Token Validation, Weak Keychain Access Controls	critical	8.5	1	Data Breach, Privilege Escalation, Denial-of-Service (DoS)
3275	Lack of Timely Incident Reporting	critical	8.5	1	Data Breach
3276	Human error (employee susceptibility to scams), lack of robust multi-factor authentication (MFA) enforcement	critical	8.5	1	Data Breach
3277	CVE-2026-3336	critical	8.5	1	Cryptographic Vulnerability
3278	Lack of security audits for employee-facing ecommerce platforms	critical	8.5	1	Keylogger Attack
3279	ShadowLeak (CVE pending)	critical	8.5	1	Data Exfiltration
3280	Improper Access by Employee	critical	8.5	1	Data Breach
3281	CVE-2026-21385	critical	8.5	1	Zero-Day Vulnerability
3282	Gemini Cloud Assist (Log Summarization Flaw)	critical	8.5	1	Vulnerability Exploitation
3283	Weak hiring verification, lack of device authenticity checks	critical	8.5	1	Insider Threat
3284	Incorrect authorization (Lovable, CVE-2025-48757)	critical	8.5	1	Arbitrary Code Execution
3285	Lack of Data Loss Prevention (DLP) Controls	critical	8.5	1	Data Breach
3286	Valid Log-in Credentials	critical	8.5	1	Data Breach
3287	No lockout after repeated failed login attempts, weak encryption algorithms, unlawful data collection and storage, retention of outdated records	critical	8.5	1	Data Breach
3288	Mishandling of sensitive data by workers	critical	8.5	1	Data Breach
3289	Human Error (Employee fell for phishing scam)	critical	8.5	1	Data Breach
3290	AVrecon Malware	critical	8.5	1	Zero-day Exploitation
3291	Social Engineering (Fake VPN Software), Lack of User Awareness	critical	8.5	1	Credential Theft
3292	Lack of Robust Encryption/Monitoring in Data Flows	critical	8.5	1	Data Breach
3293	CVE-2026-0958	critical	8.5	1	Vulnerability Exploitation
3294	CVE-2025-55232 (Microsoft HPC Pack RCE)	critical	8.5	1	Malware (Infostealer)
3295	Disabled Workspace Trust in Cursor (VS Code fork)	critical	8.5	1	Arbitrary Code Execution
3296	CVE-2025-54106 (Windows RRAS RCE)	critical	8.5	1	Malware (Infostealer)
3297	Sanctioned Platform Persistence	critical	8.5	1	Surveillance
3298	Server-side request forgery (SSRF) (14.5%)	critical	8.5	1	API Security Breach
3299	Improper data handling during system restoration	critical	8.5	1	Data Breach
3300	Overly permissive guest user settings in Salesforce Experience Cloud	critical	8.5	1	Data Harvesting
3301	Human Error (Improper Handling of Public Records Request)	critical	8.5	1	Data Breach (Unintentional Disclosure)
3302	CVE-2024-34102 (CosmicSting)	critical	8.5	1	Vulnerability Exploitation
3303	Inconsistent DLP controls	critical	8.5	1	Data Breach
3304	GraphQL API Misconfiguration	critical	8.5	1	Data Leak
3305	CWE-20: Improper Input Validation (lack of server-side checks)	critical	8.5	1	Data Breach
3306	Insecure Third-Party Integration (Drift-Salesforce/Google Workspace)	critical	8.5	1	Data Breach
3307	Improper deployment of third-party tracking technologies on public website leading to unauthorized data transfer	critical	8.5	1	Data Privacy Violation
3308	Architectural weakness in Google Gemini Enterprise and Vertex AI Search (RAG-based trust boundary exploitation)	critical	8.5	1	Zero-Click Vulnerability, Indirect Prompt Injection
3309	Incorrect privacy settings on public maps	critical	8.5	1	Data Exposure
3310	inadequate segmentation between Discord and vendor systems	critical	8.5	1	data breach
3311	CVE-2026-25921 (CWE-345: Insufficient Verification of Data Authenticity)	critical	8.5	1	Supply-Chain Attack
3312	Technical failure in recognizing court updates	critical	8.5	1	Data Leak
3313	Remote code execution vulnerability in Secure Mobile Access (SMA) appliances	critical	8.5	1	Remote Code Execution
3314	Third-Party Application Misconfiguration	critical	8.5	1	Data Breach
3315	Insufficient MFA	critical	8.5	1	Phishing
3316	Lack of multi-factor authentication (MFA) on file-transfer services (ShareFile, OwnCloud, Nextcloud)	critical	8.5	1	Data Breach
3317	Overprivileged Access	critical	8.5	1	Data Breach
3318	CVE-2026-21514 (CWE-807)	critical	8.5	1	Security Feature Bypass
3319	weak MFA implementations	critical	8.5	1	phishing
3320	Lack of clear user consent	critical	8.5	1	Privacy Violation
3321	API key and access token theft	critical	8.5	1	Vulnerability Exploitation
3322	Absence of defensible deletion policies	critical	8.5	1	Data Breach
3323	CVE-2025-14174	critical	8.5	1	Exploit Kit
3324	Google Tag Manager	critical	8.5	1	Data Breach
3325	Insufficient Authentication/Authorization Controls for Reimbursement Account Access	critical	8.5	1	Data Breach / Unauthorized Access
3326	Lack of visibility into employee AI tool usage	critical	8.5	1	Data Leakage
3327	Internal Collaboration Tool	critical	8.5	1	Data Breach
3328	Improper Database Security	critical	8.5	1	Data Leak
3329	Unmonitored mass data downloads/email exfiltration	critical	8.5	1	Data Breach
3330	CVE-2026-20700 (Memory-corruption in dyld component)	critical	8.5	1	Zero-Day Exploit
3331	improper access controls in the Texas Integrated Grant Reporting system	critical	8.5	1	data breach
3332	CVE-2026-22219 (SSRF)	critical	8.5	1	Vulnerability Exploitation
3333	CVE-2026-20643 (WebKit Navigation API improper input validation)	critical	8.5	1	Vulnerability Exploitation
3334	CVE-2025-67601	critical	8.5	1	Vulnerability Exploitation
3335	Autofill Functionality Abuse	critical	8.5	1	Vulnerability Disclosure
3336	SQLi in Postgres MCP (bypassing read-only restrictions)	critical	8.5	1	Arbitrary Code Execution
3337	Misconfigured Google Firebase database	critical	8.5	1	Data Breach
3338	Inadequate safeguards in government online portals	critical	8.5	1	Credential Stuffing
3339	improper access controls / lack of authentication for cloud storage	critical	8.5	1	data breach
3340	CVE-2025-8088 (WinRAR path traversal flaw in Windows versions < 7.13)	critical	8.5	1	Zero-day exploit
3341	One-click IP leak via MTProxy	critical	8.5	1	Data Leak
3342	Incomplete containment of earlier breach (hackerbot-claw), non-atomic token rotation, mutable version tags	critical	8.5	1	Supply Chain Attack
3343	Email Misdirection	critical	8.5	1	Data Breach
3344	Insufficient internal access controls	critical	8.5	1	Data Breach
3345	CVE-2025-XXXX (WebKit Zero-Day 1)	critical	8.5	1	Zero-Day Exploit
3346	Insufficient identity verification in remote hiring processes, reliance on AI-assisted deception	critical	8.5	1	Employment Fraud / Identity Theft / Cyber Espionage
3347	Unknown vulnerability in Oracle E-Business Suite (CVE not specified)	critical	8.5	1	Data Breach / Ransomware Attack
3348	CVE-2025-54136 (MCPoison - MCP Trust Bypass)	critical	8.5	1	Vulnerability Exploitation
3349	Previously unknown vulnerability in Oracle E-Business Suite	critical	8.5	1	Data Breach
3350	faiblesse des mots de passe utilisateurs	critical	8.5	1	cyberattaque
3351	Improper Privilege Management (CWE-269)	critical	8.5	1	Privilege Escalation
3352	CVE-2025-54897 (SharePoint RCE)	critical	8.5	1	Malware (Infostealer)
3353	Inadequate Audit Logs	critical	8.5	1	Data Breach
3354	CWE-287: Improper Authentication (Authentication Bypass)	critical	8.5	1	Data Breach
3355	Unverified third-party package installation	critical	8.5	1	Supply Chain Attack
3356	CVE-2026-1592	critical	8.5	1	Supply Chain Attack
3357	CVE-2026-0628 (declarativeNetRequest API misconfiguration in Gemini AI panel)	critical	8.5	1	Privilege Escalation
3358	Coding Transmission Error	critical	8.5	1	Data Breach
3359	Decentralized Security Coordination	critical	8.5	1	Data Breach
3360	Cloud Infrastructure Security	critical	8.5	1	Cyberattack
3361	Lack of Multi-Factor Authentication (MFA) (inferred)	critical	8.5	1	Data Breach
3362	Preventable authorization flaw, path manipulation in web address	critical	8.5	1	Data Breach
3363	VMware Vulnerabilities	critical	8.5	1	Ransomware
3364	Human Factor (Social Engineering)	critical	8.5	1	Data Breach
3365	CVE-2024-38200 (MSHTML/Trident engine RCE)	critical	8.5	1	Zero-Day Exploit
3366	Client-Side Reward Points Validation (Mobile App)	critical	8.5	1	Data Exposure
3367	Accellion File Transfer Appliance vulnerability	critical	8.5	1	Data Breach
3368	Inadequate protection of sensitive consumer data	critical	8.5	1	Data Breach
3369	Weak IT Help Desk Authentication Protocols	critical	8.5	1	Data Breach
3370	Hardcoded credentials in web code	critical	8.5	1	Data Breach
3371	CVE-2025-47934	critical	8.5	1	Vulnerability Exploitation
3372	CVE-2025-43300 (Apple Zero-Day)	critical	8.5	1	Vulnerability Exploitation
3373	Unlimited Coupon Redemptions (CosMc’s App)	critical	8.5	1	Data Exposure
3374	GitHub Account Security Weakness	critical	8.5	1	Data Breach
3375	Third-party secure file transfer tool vulnerability	critical	8.5	1	Data Breach
3376	Unverified Update Mechanism (Lack of Code Signing)	critical	8.5	1	Vulnerability
3377	Insufficient Identity Management	critical	8.5	1	Data Breach
3378	Third-party authentication (Okta SSO)	critical	8.5	1	Data Breach
3379	nx npm Package Compromise	critical	8.5	1	Zero-day Exploitation
3380	CVE-2025-20352 (SNMP RCE in Cisco IOS/IOS XE)	critical	8.5	1	unauthorized access
3381	Compromised OAuth tokens in Gainsight-published applications (no vulnerability in Salesforce platform itself)	critical	8.5	1	Data Breach
3382	unencrypted patient records	critical	8.5	1	ransomware
3383	Checkout page code issue	critical	8.5	1	Data Breach
3384	Authorization control bypass in Google Gemini	critical	8.5	1	Indirect Prompt Injection
3385	Unsecured Elasticsearch cluster	critical	8.5	1	Data Breach
3386	Lack of regulatory compliance and proper data handling procedures	critical	8.5	1	Data Breach
3387	unpatched_systems	critical	8.5	1	data_breach
3388	Pointer authentication (PAC) bypasses	critical	8.5	1	Exploit Kit
3389	Trusted domain chaining, search engine trust exploitation	critical	8.5	1	Phishing
3390	Undisclosed flaws (Smallstep step-ca)	critical	8.5	1	Vulnerability Disclosure
3391	Contact Discovery Mechanism Flaw	critical	8.5	1	Privacy Violation
3392	Oracle EBS zero-day flaw	critical	8.5	1	Data Breach
3393	CVE-2026-22218 (CVSS 7.1)	critical	8.5	1	Data Breach
3394	CVE-2026-20131	critical	8.5	1	Cyberespionage
3395	Hard-coded passwords in HTML/APIs	critical	8.5	1	Unauthorized Access
3396	Insufficient monitoring and control over non-human credentials	critical	8.5	1	Data Breach / Lateral Movement
3397	Vulnerabilities in online quote tools	critical	8.5	1	data breach
3398	CVE-2025-59451 (Predictable Identifiers)	critical	8.5	1	Denial-of-Service
3399	Unprotected personal data in financial/healthcare systems	critical	8.5	1	Identity Theft
3400	Publicly Accessible Files	critical	8.5	1	Data Leak
3401	Internal Authentication API bug	critical	8.5	1	Authentication Vulnerability
3402	CVE-2026-29146	critical	8.5	1	Vulnerability Exploitation
3403	OAuth 2.0 protocol behavior (RFC 6749/9700)	critical	8.5	1	Phishing
3404	System Setup Error	critical	8.5	1	Data Exposure
3405	improper decommissioning of legacy cloud storage	critical	8.5	1	data breach
3406	CW1226324 (Copilot DLP bypass)	critical	8.5	1	AI Integration Bug
3407	GitHub Actions pull_request_target trigger	critical	8.5	1	Supply Chain Attack
3408	Sleeping Beauty	critical	8.5	1	Vulnerability Exploitation
3409	Out-of-bounds write flaw in Alpitronic HYC50 EV charger	critical	8.5	1	Zero-Day Vulnerabilities
3410	CVE-2021-47961	critical	8.5	1	Vulnerability Exploitation
3411	Unpatched 'n-day' vulnerability in end-of-life software	critical	8.5	1	Data Breach
3412	Unspecified security flaw	critical	8.5	1	Data Leak
3413	System update flaw (October 2023)	critical	8.5	1	Data Exposure
3414	BlueHammer (Windows zero-day)	critical	8.5	1	Zero-Day Vulnerability Disclosure
3415	CVE-2025-14847 (MongoBleed) - unverified	critical	8.5	1	In-game abuse
3416	Unknown vulnerability (zero-day)	critical	8.5	1	Zero-Day Exploit
3417	CVE-2025-33231	critical	8.5	1	Vulnerability
3418	Shopping cart portions of the company's websites	critical	8.5	1	Data Breach
3419	CVE-2025-9242 (Out-of-bounds write in Fireware OS ‘iked’ process)	critical	8.5	1	Vulnerability Exposure
3420	Shared Access Protocols with Weak Authentication	critical	8.5	1	Data Breach
3421	Security access codes obtained through deception	critical	8.5	1	Hacking, Identity Theft, Data Breach, Cyberstalking
3422	Lack of Data Encryption in University Advancement Database	critical	8.5	1	Data Breach
3423	FortiGate Misconfiguration	critical	8.5	1	Zero-day Exploitation
3424	GrafanaGhost (flaw in URL validation for AI components)	critical	8.5	1	Data Exfiltration
3425	CVE-2026-2287	critical	8.5	1	Remote Code Execution
3426	failure to deactivate former employee accounts	critical	8.5	1	data breach
3427	Timing Attack via Rendering Pipeline	critical	8.5	1	Data Theft
3428	Unauthenticated vulnerabilities (56% of tracked vulnerabilities in 2025)	critical	8.5	1	Supply Chain Attack
3429	Blender’s 'Auto Run Python Scripts' feature	critical	8.5	1	malware
3430	CVE-2026-32635	critical	8.5	1	Cross-Site Scripting (XSS)
3431	Inadequate data security controls / unauthorized access by insider	critical	8.5	1	Data Breach
3432	Zero-click indirect prompt injection (PleaseFix)	critical	8.5	1	AI Prompt Injection
3433	Lack of software updates for gear shifters	critical	8.5	1	Vulnerability Exploitation
3434	CVE-2025-31277	critical	8.5	1	Exploit Kit
3435	Insufficient input sanitization and double-parsing bug in 'Dispatch Search' feature	critical	8.5	1	Data Breach
3436	Unknown (zero-day) vulnerability in Oracle E-Business Suite (EBS)	critical	8.5	1	Data Breach
3437	Docker container escape	critical	8.5	1	Supply Chain Attack
3438	Employee Impersonation	critical	8.5	1	Data Breach
3439	Decentralized data movement systems	critical	8.5	1	Data Governance Blind Spot
3440	compromised Booking.com accounts	critical	8.5	1	phishing
3441	Vulnerability in MOBO subscriber management tool	critical	8.5	1	Data Breach
3442	Lack of MFA resilience, Human susceptibility to social engineering	critical	8.5	1	Phishing/Social Engineering
3443	Unauthorized Access to API Key	critical	8.5	1	Data Breach
3444	RoguePilot (GitHub Codespaces/Copilot)	critical	8.5	1	Vulnerability Exploitation
3445	Third-party shopping cart software	critical	8.5	1	Data Breach
3446	Weak authentication (Dior Instagram)	critical	8.5	1	Data Breach
3447	Weak MFA	critical	8.5	1	Data Breach
3448	Weaknesses in Almaviva’s infrastructure	critical	8.5	1	Data Breach
3449	CVE-2026-1281	critical	8.5	1	Vulnerability Exploitation
3450	Employee deception, potential weak passwords or third-party vulnerabilities (Okta identity management service)	critical	8.5	1	Data Breach
3451	Improperly configured AWS S3 storage	critical	8.5	1	Data Breach
3452	Unsecured APIs, shared keys	critical	8.5	1	Data Breach
3453	API scraping via automated harvesting of user profiles	critical	8.5	1	Data Breach
3454	CVE-2026-21262 (Improper Access Control - CWE-284)	critical	8.5	1	Privilege Escalation
3455	Fake Kubernetes tools	critical	8.5	1	Supply Chain Attack
3456	Lateral Movement within Internal Systems	critical	8.5	1	Data Breach
3457	CVE-2025-49870 (Unauthenticated SQL Injection in PayPal IPN handling)	critical	8.5	1	Vulnerability
3458	Poor Cybersecurity Practices	critical	8.5	1	Data Breach
3459	CVE-2026-2286	critical	8.5	1	Remote Code Execution
3460	CVE-2026-2835	critical	8.5	1	HTTP Request Smuggling
3461	Oracle E-Business Suite (Zero-Day)	critical	8.5	1	Cyberattack (Data Breach)
3462	Lack of Cybersecurity Leadership	critical	8.5	1	Potential Data Breach
3463	Misconfigured Remote Access Systems	critical	8.5	1	Data Breach
3464	Unauthorized Plugin	critical	8.5	1	Data Breach
3465	Human Error (Improper Document Upload)	critical	8.5	1	Data Breach (Inadvertent Disclosure)
3466	Third-party platforms used for marketing and operations	critical	8.5	1	Data Breach
3467	Service Account Credential	critical	8.5	1	Data Breach
3468	WooCommerce website vulnerabilities, third-party script injection	critical	8.5	1	Magecart (Digital Skimming)
3469	inadequate contractor oversight	critical	8.5	1	data breach
3470	third-party security gaps	critical	8.5	1	data breach
3471	Unsecured server, weak account security	critical	8.5	1	Data Breach
3472	Unsecured VPN	critical	8.5	1	Data Breach
3473	CVE-2026-25108 (OS Command Injection - CWE-78)	critical	8.5	1	Command Injection
3474	user trust in legitimate cryptocurrency wallet applications	critical	8.5	1	malware
3475	CVE-2026-23550 (CVSS 10.0)	critical	8.5	1	Privilege Escalation
3476	AI Supply Chain Weaknesses	critical	8.5	1	Supply Chain Attack
3477	Major Security Flaw in Website	critical	8.5	1	Data Exposure
3478	Unauthorized Access to Personal Information	critical	8.5	1	Data Theft
3479	Known security flaw (back door) in License Express system	critical	8.5	1	Data Exposure
3480	Legacy encryption	critical	8.5	1	Data Breach/Vulnerability Exposure
3481	Unsecured Kafka Broker instance	critical	8.5	1	Data Exposure
3482	Opportunistic scanning for sensitive file extensions (e.g., `.openclaw`)	critical	8.5	1	Infostealer Attack
3483	Improper Access Controls, Undisclosed System Features	critical	8.5	1	Unauthorized Data Access
3484	Human error, limited cybersecurity resources	critical	8.5	1	Data Breach
3485	CSRF Protection Mechanism in Ruby on Rails	critical	8.5	1	Vulnerability
3486	MOVEit Transfer Critical Vulnerability (CVE-2023-34362)	critical	8.5	1	Data Breach
3487	Contact-importing features	critical	8.5	1	Data Leak
3488	Cisco SD-WAN flaws	critical	8.5	1	APT Activity
3489	Gateway between the airline and a payment processor	critical	8.5	1	Data Breach
3490	Ivanti Endpoint Manager Mobile flaw	critical	8.5	1	Data Breach
3491	CVE-2026-34500	critical	8.5	1	Vulnerability Exploitation
3492	CVE-2026-0709	critical	8.5	1	Supply Chain Attack
3493	MOVEit Secure File Transfer server	critical	8.5	1	Data Breach
3494	Java	critical	8.5	1	Cyber Attack
3495	Plain text storage of login details	critical	8.5	1	Data Breach
3496	CVE-2026-39813	critical	8.5	1	OS command injection
3497	Lack of Input Sanitization for Hidden Commands	critical	8.5	1	Data Breach
3498	Impersonation Feature in Employee Portals	critical	8.5	1	Data Exposure
3499	Outdated SCADA systems, integrated IT/OT environment	critical	8.5	1	Ransomware
3500	CVE-2025-1724	critical	8.5	1	Authentication Vulnerability
3501	Use-After-Free	critical	8.5	1	Privilege Escalation
3502	Verbose error messages exposing OAuth 2.0 bearer tokens	critical	8.5	1	Phishing, Data Theft, Persistent Access
3503	CVE-2026-25049	critical	8.5	1	Supply Chain Attack
3504	CVE-2026-22153 (FG-IR-25-1052), CWE-305 (Authentication Bypass by Primary Weakness)	critical	8.5	1	Authentication Bypass
3505	Abandoned domain takeover, lack of runtime URL validation in Microsoft add-ins	critical	8.5	1	Phishing
3506	Lack of Privacy-Preserving Mechanisms in QML	critical	8.5	1	Privacy Breach
3507	CVE-2026-20098	critical	8.5	1	Vulnerability Exploitation
3508	improper data retention practices (government IDs)	critical	8.5	1	data breach
3509	Privilege Escalation Flaw in FIA Driver Categorisation Website	critical	8.5	1	Data Breach
3510	Vulnerabilities in Salesforce-hosted databases	critical	8.5	1	Data Breach
3511	Oracle E-Business Suite vulnerabilities	critical	8.5	1	Cyberattack
3512	Publicly exposed RPC endpoint lacking authentication, rate limiting, or permission checks	critical	8.5	1	Supply Chain Attack
3513	Unencrypted Computers	critical	8.5	1	Data Breach
3514	open-source_software_vulnerabilities	critical	8.5	1	data_breach
3515	improper access controls / misconfigured storage	critical	8.5	1	data exposure
3516	Cloud Database Platform	critical	8.5	1	Data Breach
3517	Lack of reasonable cyber security measures	critical	8.5	1	Data Breach
3518	Computer Virus	critical	8.5	1	Data Breach
3519	Signal’s 'linked devices' feature	critical	8.5	1	Cyber Espionage
3520	Improper data retention (post-contract)	critical	8.5	1	Data Breach
3521	Improper third-party access to confidential records	critical	8.5	1	Data Breach
3522	Over-reliance on mutable version tags in CI/CD pipelines, stolen credentials	critical	8.5	1	Supply Chain Attack
3523	Unauthorized use of Stripe API key	critical	8.5	1	Data Breach
3524	Aeries Software	critical	8.5	1	Data Breach
3525	Sending sensitive data in unencrypted emails	critical	8.5	1	Data Breach
3526	Compromised OAuth app linked to Google Workspace	critical	8.5	1	Data Breach
3527	CVE-2025-54113 (Windows RRAS RCE)	critical	8.5	1	Malware (Infostealer)
3528	Sophisticated hacking attempts	critical	8.5	1	Data Breach
3529	Unspecified vulnerability in Salesloft Drift's OAuth token management	critical	8.5	1	Supply Chain Attack
3530	Storage and transmission of device-specific data (e.g., precise geolocation, browsing history, search queries)	critical	8.5	1	Data Exposure
3531	CVE-2026-34070	critical	8.5	1	Data Exfiltration
3532	Debug Log File	critical	8.5	1	Data Breach
3533	Public URLs for client-worker communications instead of secured, expiring links	critical	8.5	1	Data Exposure
3534	Lack of Policy Enforcement for AI Tool Usage	critical	8.5	1	Data Breach
3535	Human Trust and Error (Bypassed Security Awareness Training)	critical	8.5	1	Data Breach
3536	Insufficient Third-Party Vendor Security	critical	8.5	1	Data Breach
3537	Visual Studio Code tasks.json	critical	8.5	1	Supply Chain Attack
3538	unsecured backup databases co-located with active databases	critical	8.5	1	data breach
3539	Unauthorized administrative access	critical	8.5	1	Data Leak
3540	Human (Employee Susceptibility to Phishing)	critical	8.5	1	Data Breach
3541	Publicly Accessible Firebase Storage Bucket	critical	8.5	1	Data Breach
3542	Inadequate cybersecurity measures	critical	8.5	1	Data Breach
3543	Unauthorized access due to unverified data-sharing requests	critical	8.5	1	Data Breach
3544	Unauthenticated DNS modification	critical	8.5	1	DNS Hijacking
3545	Android Activity Layering	critical	8.5	1	Data Theft
3546	Website Vulnerabilities	critical	8.5	1	Data Leak
3547	Missile defense system vulnerability	critical	8.5	1	Data Breach
3548	unsecured teacher credentials	critical	8.5	1	unauthorized access
3549	misconfiguration in HR/finance team servers	critical	8.5	1	ransomware
3550	Publicly Accessible .env Files	critical	8.5	1	Data Exposure
3551	Excessive account permissions	critical	8.5	1	Data Breach
3552	lack of data access controls	critical	8.5	1	data breach
3553	Vendor Software	critical	8.5	1	Data Breach
3554	CVE-2026-20163 (Improper Neutralization of Special Elements used in a Command - CWE-77)	critical	8.5	1	Remote Command Execution (RCE)
3555	Failure to Enforce 'Minimum Necessary' HIPAA Requirements	critical	8.5	1	Data Breach
3556	CVE-2026-5281 (Use-After-Free in Google Dawn/WebGPU)	critical	8.5	1	Zero-Day Vulnerability Exploitation
3557	Inadequate security protections	critical	8.5	1	Data Breach / Cybersecurity Failure
3558	lack of enterprise-grade security for AI tools	critical	8.5	1	ransomware
3559	Blockchain immutability (append-only ledger), Lack of takedown mechanisms for decentralized infrastructure	critical	8.5	1	Info-Stealer / Malware
3560	Lack of Encryption on Laptop	critical	8.5	1	Data Breach (Physical Theft)
3561	Lack of Email Spoofing Protections	critical	8.5	1	Data Breach
3562	Download of malicious apps	critical	8.5	1	Malware
3563	Progress MOVEit platform	critical	8.5	1	Data Breach
3564	Weaknesses in third-party integrations with Salesforce-connected applications (not Salesforce itself)	critical	8.5	1	Data Breach
3565	Docker MCP Gateway RCE	critical	8.5	1	Supply Chain Attack
3566	CVE-2025-37899 (Use-After-Free in ksmbd SMB2 LOGOFF handler)	critical	8.5	1	Zero-Day Vulnerability
3567	Back-end system vulnerability	critical	8.5	1	Data Breach
3568	Weak Authentication in AI Platforms	critical	8.5	1	Data Leakage
3569	CVE-2025-7399 (Unauthenticated RCE in Samsung MagicINFO 9 Server)	critical	8.5	1	Vulnerability Exploitation
3570	fragmented infrastructure	critical	8.5	1	ransomware
3571	Unauthorized access to internal systems	critical	8.5	1	Data Breach, Extortion
3572	lack of multi-signature validation for critical operations	critical	8.5	1	blockchain exploit
3573	E-commerce Site Vulnerability	critical	8.5	1	Data Breach
3574	API vulnerabilities	critical	8.5	1	Quantum Computing Threat
3575	Fragmented policies for data in motion	critical	8.5	1	Data Governance Blind Spot
3576	CVE-2025-9368 (Resource Allocation Without Limits)	critical	8.5	1	Denial-of-Service
3577	Unauthorized access to Salesforce	critical	8.5	1	Data Breach
3578	CVE-2025-59145 (Invisible Markdown Comment Syntax Abuse)	critical	8.5	1	Data Exfiltration
3579	Gemini Search Personalization Model (Prompt Injection via Browsing History)	critical	8.5	1	Vulnerability Exploitation
3580	Improper Token Management (Unrotated API Tokens)	critical	8.5	1	Data Breach
3581	potential Oracle E-Business Suite vulnerability	critical	8.5	1	data breach
3582	Zero-day flaw in Oracle E-Business Suite (EBS)	critical	8.5	1	Data Breach
3583	Disabled security tools, outdated cyber hygiene practices	critical	8.5	1	Cyber Intrusion
3584	unpatched cloud tools (speculated)	critical	8.5	1	data breach
3585	Training gaps	critical	8.5	1	Data Breach
3586	Human Error (Employee Susceptibility to Social Engineering)	critical	8.5	1	Data Breach (Social Engineering)
3587	CVE-2025-23120	critical	8.5	1	Vulnerability
3588	Salesforce Environments	critical	8.5	1	Data Breach
3589	CVE-2025-30247 (OS Command Injection in My Cloud UI)	critical	8.5	1	Vulnerability
3590	CVE-2025-41244 (VMware Aria Operations and VMware Tools Privilege Escalation)	critical	8.5	1	Privilege Escalation
3591	CVE-2025-48927	critical	8.5	1	Vulnerability Exploitation
3592	Web vulnerabilities in Subaru's Starlink service	critical	8.5	1	Web Vulnerabilities
3593	CVE-2026-20204	critical	8.5	1	Remote Code Execution (RCE)
3594	identity weaknesses	critical	8.5	1	credential compromise
3595	MOVEit Transfer Server Vulnerability	critical	8.5	1	Data Breach
3596	FortiGate VPN vulnerabilities	critical	8.5	1	Ransomware
3597	Lack of AI-Specific Security Controls	critical	8.5	1	Supply Chain Attack
3598	Architectural flaw in GitHub MCP server allowing AI agents to access and exfiltrate data from private repositories	critical	8.5	1	Prompt Injection
3599	High-severity vulnerability in ADSelfService Plus software	critical	8.5	1	Vulnerability Exploit
3600	Abuse of High-Reputation Domains (sites.google.com, docs.google.com)	critical	8.5	1	Phishing
3601	Generic Out-of-Bounds Read/Write in C/C++ (e.g., unchecked array indexing, `strcpy` overflows)	critical	8.5	1	Memory Corruption
3602	Improper IAM Policies	critical	8.5	1	Cloud Security Breach
3603	Excessive data access privileges	critical	8.5	1	Data Breach
3604	Key Reuse Vulnerability (Android)	critical	8.5	1	Privacy Violation
3605	Vulnerabilities in Google’s Salesforce environment	critical	8.5	1	Data Breach
3606	CVE-2025-54236 (Improper Input Validation in Adobe Commerce/Magento)	critical	8.5	1	Vulnerability Exploitation
3607	Unsecured email API endpoints with improper input validation	critical	8.5	1	Phishing, Data Theft, Persistent Access
3608	Publicly Accessible Cloud Database	critical	8.5	1	Data Exposure
3609	Social engineering, in-memory execution, process hollowing, AMSI/ETW bypass	critical	8.5	1	Spear-Phishing, Malware (Keylogger), Credential Theft
3610	Info-stealing malware infections, lack of multi-factor authentication	critical	8.5	1	Credential Stuffing
3611	Human error in CMS settings (defaulted to public URLs unless manually restricted)	critical	8.5	1	Data Leak
3612	Lack of Authentication or Access Restrictions	critical	8.5	1	Data Leak
3613	CVE-2021-47960	critical	8.5	1	Vulnerability Exploitation
3614	CVE-2025-13834	critical	8.5	1	Information Leak
3615	Frontend Access Control	critical	8.5	1	DNS Hijacking
3616	Inability to Distinguish Content from Directives in Prompts	critical	8.5	1	Data Exfiltration
3617	CVE-2025-49596	critical	8.5	1	Remote Code Execution (RCE)
3618	CVE-2026-0709 (Insufficient Input Validation)	critical	8.5	1	Command Execution Vulnerability
3619	Arbitrary Order Data Injection (CosMc’s App)	critical	8.5	1	Data Exposure
3620	CVE-2026-1237	critical	8.5	1	Cross-Site Scripting (XSS)
3621	MFA bypass	critical	8.5	1	Phishing-as-a-Service (PhaaS)
3622	Obscured opt-out tools, 'no index' instructions, and dark patterns	critical	8.5	1	Data Breach
3623	DOM-Based UI Manipulation	critical	8.5	1	Vulnerability Disclosure
3624	Data Migration Error	critical	8.5	1	Data Breach
3625	eForms System Vulnerability	critical	8.5	1	Data Breach
3626	Human Weakness in Customer Service	critical	8.5	1	Data Breach
3627	Improper Access Control in SharePoint	critical	8.5	1	Data Exposure
3628	Unsecured storage of sensitive data	critical	8.5	1	Data Breach
3629	Unsecured cloud storage, inadequate access controls, insufficient monitoring	critical	8.5	1	Data Exposure
3630	Support Credentials	critical	8.5	1	Data Breach
3631	Technical Issue with Third-Party Service Provider	critical	8.5	1	Data Breach
3632	MOVEit file transfer platform vulnerability	critical	8.5	1	Data Breach
3633	Unpatched Cloud Services	critical	8.5	1	Cloud Security Breach
3634	Insufficient network monitoring for suspicious activity	critical	8.5	1	Data Breach
3635	CVE-2025-59367 (Authentication Bypass in DSL-series routers)	critical	8.5	1	Vulnerability
3636	Over-permissioned OAuth scopes	critical	8.5	1	Data Breach
3637	Incomplete cross-origin controls (Ollama Desktop)	critical	8.5	1	Arbitrary Code Execution
3638	Improper sanitization of authorization URLs in n8n	critical	8.5	1	Stored Cross-Site Scripting (XSS)
3639	Delayed Incident Reporting	critical	8.5	1	Data Breach
3640	CVE-2025-8099	critical	8.5	1	Vulnerability Exploitation
3641	Unsecured System	critical	8.5	1	Data Breach
3642	EngageLab SDK Vulnerability (Android)	critical	8.5	1	Data Breach
3643	CVE-2024-40766 (SonicWall Improper Access Control)	critical	8.5	1	Malware (Infostealer)
3644	CVE-2024-28989	critical	8.5	1	Vulnerability Exploit
3645	Integer Overflow	critical	8.5	1	Privilege Escalation
3646	CVE-2026-XXXXX (Local WebSocket Gateway Authentication Bypass)	critical	8.5	1	Vulnerability Exploitation
3647	Human Error (Social Engineering via Phone Calls)	critical	8.5	1	Data Breach
3648	Lack of end-to-end encryption for ID uploads	critical	8.5	1	Data Breach Risk
3649	Unsecured personal information handling	critical	8.5	1	Data Breach
3650	Hardcoded Google API keys with expanded authentication capabilities	critical	8.5	1	Data Exposure
3651	Lack of multi-factor authentication (MFA), Basic security lapses (MMH)	critical	8.5	1	Data Breach
3652	Phishing or Credential Compromise	critical	8.5	1	Data Breach
3653	misconfigured AWS S3 bucket (lack of access controls)	critical	8.5	1	data exposure
3654	Missing row-level security (RLS), role-based access controls, and logic flaws in authentication	critical	8.5	1	Data Breach
3655	Insecure processing of untrusted input by AI agents in GitHub Actions	critical	8.5	1	Prompt Injection Attack
3656	Path traversal (27.3%)	critical	8.5	1	API Security Breach
3657	Lack of default sandboxing, Ineffective filtering of untrusted content, Plaintext storage of API keys and session tokens, Reliance on language models for critical security decisions, Execution of tool calls without explicit user approval	critical	8.5	1	Malware Distribution, Data Exfiltration, Prompt Injection, Backdoor Installation
3658	CVE-2026-2836	critical	8.5	1	HTTP Request Smuggling
3659	Incremental features and customizations accumulating risk, lack of proper access controls	critical	8.5	1	Misconfiguration
3660	UAC bypass via COM auto-elevation (ICMLuaUtil through cmlua.dll)	critical	8.5	1	Trojan
3661	mDNS Misconfiguration	critical	8.5	1	Misconfiguration
3662	Three separate flaws in Automotive Grade Linux	critical	8.5	1	Zero-Day Vulnerabilities
3663	Poor M365 configurations	critical	8.5	1	Data Breach
3664	Third-party data breaches	critical	8.5	1	Identity Theft
3665	CVE-2025-43510	critical	8.5	1	Exploit Kit
3666	Incomplete redaction of sensitive documents	critical	8.5	1	Data Exposure
3667	CVE-2025-4123	critical	8.5	1	Vulnerability Exploitation
3668	Human Error (Employee Compromise)	critical	8.5	1	Data Breach
3669	Compromised company account on GitHub	critical	8.5	1	Data Breach
3670	human trust in legacy inheritance process	critical	8.5	1	phishing
3671	Broad permissions granted to browser extensions	critical	8.5	1	Data Theft
3672	Human Error (Credential Theft via Smishing)	critical	8.5	1	Data Breach / Unauthorized Access
3673	Illicit tactics to bypass digital rights management (DRM)	critical	8.5	1	Data Breach
3674	Undisclosed vulnerabilities	critical	8.5	1	Zero-day exploitation
3675	Unverified execution of README instructions by AI coding agents	critical	8.5	1	Semantic Injection
3676	ZombieAgent (prompt injection in ChatGPT Connectors/Apps feature)	critical	8.5	1	Prompt Injection
3677	Lack of domain verification during account creation	critical	8.5	1	Autonomous AI-driven cyber attack
3678	Inadequate IT security measures	critical	8.5	1	Data Breach
3679	Unverified Assessment Domains	critical	8.5	1	APT (Advanced Persistent Threat)
3680	Progress Software	critical	8.5	1	Data Breach
3681	CVE-2025-64496	critical	8.5	1	Code Injection
3682	Inadequate access controls, lack of data encryption	critical	8.5	1	Data Breach
3683	Weak Authentication (SSO)	critical	8.5	1	Data Breach
3684	CVE-2026-34040	critical	8.5	1	Vulnerability Exploitation
3685	Unspecified vulnerability in OT security solutions	critical	8.5	1	Data Breach
3686	CVE-2026-1340	critical	8.5	1	Vulnerability Exploitation
3687	outdated software (13 months without updates)	critical	8.5	1	data breach
3688	Single Sign-On (SSO) accounts (Okta and other identity platforms), MFA manipulation	critical	8.5	1	Phishing (Vishing), Data Breach, Credential Theft
3689	CVE-2023-43000 (WebKit RCE - terrorbird)	critical	8.5	1	Exploit Kit / Malware Campaign
3690	weaknesses in backend systems	critical	8.5	1	data breach
3691	account takeover (ATO)	critical	8.5	1	supply-chain attack
3692	Lack of separation between instructions and data in large language models	critical	8.5	1	AI Vulnerability Misunderstanding
3693	Oracle E-Business Suite (versions 12.2.3 to 12.2.14)	critical	8.5	1	Data Breach
3694	Lack of input sanitization in AI agents parsing GitHub content	critical	8.5	1	Indirect Prompt-Injection Vulnerability
3695	Human Trust (Job Seekers)	critical	8.5	1	APT (Advanced Persistent Threat)
3696	Website Bug	critical	8.5	1	Data Exposure
3697	Multi-factor Authentication (MFA) Bypass, Credential Theft	critical	8.5	1	Vishing (Voice Phishing)
3698	Known system vulnerability	critical	8.5	1	Data Breach
3699	Misuse of partner-managed repository credentials	critical	8.5	1	Data Breach
3700	configuration gap in Amazon S3 server	critical	8.5	1	data breach
3701	CVE-2025-4632 (Improper Pathname Limitation Leading to Arbitrary File Write)	critical	8.5	1	Vulnerability Exploitation
3702	Password recovery and sharing features	critical	8.5	1	Data Breach/Vulnerability Exposure
3703	Employee Access Abuse	critical	8.5	1	Data Leak
3704	Lack of Network Segmentation in Cloud	critical	8.5	1	Cloud Security Breach
3705	Insider access, malware backdoor	critical	8.5	1	Cyber-enabled drug trafficking
3706	Vendor's security shortcomings (unspecified)	critical	8.5	1	Data Breach (Third-Party Vendor)
3707	misconfigured cloud environments	critical	8.5	1	ransomware
3708	Malware deployment on third-party vendor employee device	critical	8.5	1	Data Breach
3709	Inadequate Technology and Agency Understaffing	critical	8.5	1	Data Exposure
3710	Misconfigured Cloud Storage	critical	8.5	1	Data Breach
3711	Gemini Browsing Tool (Web Page Summarization Data Exfiltration)	critical	8.5	1	Vulnerability Exploitation
3712	Private Code Repositories (GitLab, Visual Studio Code)	critical	8.5	1	Malware Deployment
3713	Lack of Physical Security / Unencrypted Device	critical	8.5	1	Data Breach (Physical Theft)
3714	inadequate vendor oversight	critical	8.5	1	data breach
3715	CVE-2025-43520	critical	8.5	1	Exploit Kit
3716	Systemic weaknesses in cybersecurity infrastructure	critical	8.5	1	Data Breach
3717	compromised signed access token	critical	8.5	1	data breach
3718	Credentials exploitation	critical	8.5	1	Data Breach
3719	CVE-2026-23595	critical	8.5	1	Privilege Escalation
3720	Inadequate safeguards for international data transfers	critical	8.5	1	Data Breach
3721	Unmonitored Data Exfiltration via AI Prompts	critical	8.5	1	Data Leakage
3722	Reused usernames, weak security questions, password reuse	critical	8.5	1	Data Breach
3723	Starlink network access control	critical	8.5	1	Data Breach
3724	Misconfigured Amazon Web Services S3 buckets	critical	8.5	1	Data Leak
3725	Improper access control in cloud storage	critical	8.5	1	Data Breach
3726	Client-side vulnerabilities	critical	8.5	1	Data Breach/Vulnerability Exposure
3727	CVE-2025-1080	critical	8.5	1	Remote Code Execution
3728	Lack of Visibility into AI Data Flows	critical	8.5	1	AI Security Vulnerabilities
3729	CVE-2026-26133	critical	8.5	1	Cross-Prompt Injection Attack (XPIA)
3730	Ability to self-apply for admin privileges on the FIA Driver Categorisation portal	critical	8.5	1	data breach
3731	Misconfigured Database Access Controls	critical	8.5	1	Data Exposure
3732	Compromised Salesforce integrations, Zendesk customer support system	critical	8.5	1	Data Breach
3733	Hardcoded Supabase API key in client-side JavaScript with no Row Level Security (RLS) policies	critical	8.5	1	Data Breach
3734	CVE-2025-5806	critical	8.5	1	Cross-Site Scripting (XSS)
3735	CVE-not-yet-assigned (as of description) – RCE via `new Function()` in `expr-eval` < 2.0.2	critical	8.5	1	Vulnerability
3736	CVE-2026-21876	critical	8.5	1	vulnerability
3737	CVE-2025-61984 (Inadequate filtering of control characters in usernames for ProxyCommand in OpenSSH)	critical	8.5	1	Vulnerability
3738	User Email Accounts	critical	8.5	1	Data Breach
3739	Unauthorized access by authorized user	critical	8.5	1	Data Breach
3740	user trust in legitimate-looking emails/websites	critical	8.5	1	spear-phishing
3741	Account recovery workflows (password resets, MFA re-enrollment, help-desk recovery requests)	critical	8.5	1	Identity Breach
3742	Default Network Access Settings (Pro/Max accounts)	critical	8.5	1	Data Exfiltration
3743	Vendor Error	critical	8.5	1	Data Breach
3744	User Trust in Signature Requests	critical	8.5	1	DNS Hijacking
3745	Theft of banking credentials and sensitive financial data	critical	8.5	1	Malware
3746	CVE-2025-40778 (Logic Flaw in BIND 9’s Resolver - Bailiwick Principle Violation)	critical	8.5	1	Vulnerability
3747	CVE-2026-3063 (Improper implementation in DevTools)	critical	8.5	1	Vulnerability Patch
3748	Lack of transparency in AI decision-making	critical	8.5	1	Cybersecurity Risk Assessment
3749	Weak point in the network	critical	8.5	1	Data Breach
3750	Listable Algolia Search Indexes (PII Exposure)	critical	8.5	1	Data Exposure
3751	Unmaintained VPN remote access server, inadequate network monitoring, ambiguous division of responsibilities, accumulation of unmanaged data on network drives	critical	8.5	1	Data Breach
3752	Credential harvesting via fake Zimbra login portal	critical	8.5	1	Phishing
3753	Open Registration Endpoint (Design Hub)	critical	8.5	1	Data Exposure
3754	Login and Sign-up Service	critical	8.5	1	Data Breach
3755	Accidental source code leak (Claude Code)	critical	8.5	1	Malware Distribution
3756	SharePoint and Defender Zero-Days (Microsoft)	critical	8.5	1	Data Breach
3757	Employee targeted via vishing	critical	8.5	1	Data Breach
3758	Publicly accessible database without proper security measures	critical	8.5	1	Data Exposure
3759	Human Resources Information Access	critical	8.0	1	Data Breach
3760	Authentication process for My Account login details	critical	8.0	1	Data Breach
3761	Sequential User ID Bug	critical	8.0	1	Data Breach
3762	Compromised Administrative Staff Account	critical	8.0	1	Data Breach
3763	Misconfigured Server	critical	8.0	1	Data Breach
3764	Misconfigured GitHub repository	critical	8.0	1	Data Leak
3765	Physical Loss of Device	critical	8.0	1	Data Breach
3766	Insufficient security protections in cloud-based storage container	critical	8.0	1	Data Breach
3767	Database Access	critical	8.0	1	Data Breach
3768	Software Update	critical	8.0	1	Data Breach
3769	RCE vulnerability in Dynamicweb software	critical	8.0	1	Remote Code Execution (RCE)
3770	Unauthorized Access by Insider	critical	8.0	1	Data Breach
3771	Application Vulnerability	critical	8.0	1	Data Breach
3772	Impersonation of law enforcement officials	critical	8.0	1	Data Leak
3773	Security flaw in the patient portal	critical	8.0	1	Data Breach
3774	Lack of security safeguards in the contract	critical	8.0	1	Data Breach
3775	Improper Data Redaction	critical	8.0	1	Data Breach
3776	Employee Sharing Sensitive Information	critical	8.0	1	Data Breach
3777	Third-party Vendor Access	critical	8.0	1	Data Breach
3778	Radio Communications Disruption	critical	8.0	1	Vulnerability Exploitation
3779	Accellion’s FTA	critical	8.0	1	Data Breach
3780	Keyboard Software Bug	critical	8.0	1	Software Vulnerability
3781	Unsecured Data Storage Device	critical	8.0	1	Data Breach
3782	Various vulnerabilities scanned by the Angler exploit kit	critical	8.0	1	Malvertising
3783	CWE Exposure of Resource to Wrong Sphere	critical	8.0	1	Vulnerability
3784	System Bug	critical	8.0	1	Data Disclosure
3785	Accellion file-sharing system	critical	8.0	1	Data Breach
3786	Misconfiguration in computer system	critical	8.0	1	Data Breach
3787	Points of Sale	critical	8.0	1	Data Breach
3788	outdated software, overworked staff, limited holiday response times	high	7.5	1	phishing
3789	Vulnerabilities in global digital infrastructure	high	7.5	1	Ransomware
3790	Fragmented security tools, insufficient email security coverage	high	7.5	1	Ransomware
3791	CVE-2025-61884 (potential, not yet confirmed as exploited)	high	7.5	1	ransomware
3792	security systems vulnerability	high	7.5	1	data breach
3793	POS Systems	high	7.5	1	Data Breach
3794	legacy perimeter firewall	high	7.5	1	Ransomware
3795	CVE-2025-61884	high	7.5	1	Cyberattack
3796	Improper handling of sensitive information	high	7.5	1	Data Breach
3797	Review Process Bypass	high	7.5	1	Ransomware
3798	Compromised Update Server	high	7.5	1	Malware Distribution
3799	Firewall Vulnerability	high	7.5	1	Ransomware Attack
3800	Obfuscated Code in Extensions	high	7.5	1	Malicious Software
3801	Zero-day vulnerability in third-party software (Oracle E-Business Suite)	high	7.5	1	Data Breach
3802	IT System Glitch	high	7.5	1	Data Breach
3803	Stack space exhaustion in user code with async_hooks enabled	high	7.5	1	Denial-of-Service (DoS)
3804	CVE-2023-34362 (MOVEit)	high	7.5	1	ransomware
3805	Oracle E-Business Suite Zero-Day (Unauthenticated, Low Complexity)	high	7.5	1	Cyberattack
3806	Internet-accessible flaws	high	7.5	1	Ransomware
3807	Lack of multi-factor authentication (MFA) on domain accounts	high	7.5	1	Ransomware Attempt
3808	Employee login credentials	high	7.5	1	Ransomware Attack
3809	Payment system vulnerability	high	7.5	1	Data Breach
3810	Weak Password Policy	high	6.5	1	Hacking Incident
3811	Unauthorized access to payment card data	high	6.0	1	Data Breach
3812	Lack of Automated Secrets Rotation	high	6.0	1	Credential Theft
3813	Overly Permissive Sandbox Attributes (allow-same-origin + allow-scripts)	high	6.0	1	Data Breach
3814	Accela Software Error	high	6.0	1	Data Breach
3815	Improper handling of sensitive documents	high	6.0	1	Data Breach
3816	Security Misconfiguration	high	6.0	1	Data Leak
3817	Stolen authentication cookie	high	6.0	1	Cyber Espionage
3818	Security Setting Error	high	6.0	1	Data Breach
3819	Browser and plugin vulnerabilities	high	6.0	1	Malvertising
3820	Rapid Response to Urgent Requests from Seniors	high	6.0	1	Social Engineering
3821	security risk analysis violations	high	6.0	1	regulatory_enforcement
3822	Unsecured PHI on Laptop	high	6.0	1	Data Breach (Theft of Physical Device)
3823	Unpatched firmware and default credentials in IoT devices	high	6.0	1	DDoS-for-hire
3824	ADT Pulse Software Vulnerabilities	high	6.0	1	Unauthorized Access
3825	Open Elastic Search Instances	high	6.0	1	Data Exposure
3826	Backdoor in the system	high	6.0	1	Fraud
3827	Employee Mistake	high	6.0	1	Data Breach
3828	Weakness in GPS Navigation System Authentication/Encryption	high	6.0	1	GPS Spoofing / Maritime Cyber Incident
3829	multilingual social engineering gaps	high	6.0	1	phishing
3830	Unknown Zero-Day Exploit (mentioned in Telegram chats)	high	6.0	1	Distributed Denial-of-Service (DDoS) Attack
3831	Weak DDoS mitigation (gaming platforms)	high	6.0	1	Distributed Denial of Service (DDoS)
3832	Surveillance software	high	6.0	1	Surveillance
3833	Unpatched/Outdated Systems (Windows Server 2003)	high	6.0	1	Physical Theft
3834	Default/Lack of Credentials	high	6.0	1	DDoS Attack
3835	Weak Password Hashing (MD5 without salt)	high	6.0	1	Data Breach
3836	Public exposure of environment configuration file	high	6.0	1	Data Breach
3837	Reused/Weak Passwords	high	6.0	1	Data Breach
3838	Unsupported OS (Windows 2000, XP, Server 2003)	high	6.0	1	Security Audit Findings
3839	unsecured QR code access	high	6.0	1	fraud
3840	Outdated Website	high	6.0	1	Data Breach
3841	Lack of authentication on Kubernetes console	high	6.0	1	Cloud Security Breach
3842	Fortra GoAnywhere secure file transfer platform	high	6.0	1	Data Breach
3843	Legacy X-Frame-Options Ineffectiveness	high	6.0	1	Data Breach
3844	Unauthorized access to Microsoft 365 account	high	6.0	1	Data Breach
3845	Online Store Vulnerability	high	6.0	1	Data Breach
3846	Hardcoded Secrets in Code Repositories	high	6.0	1	Credential Theft
3847	Outdated Technology Infrastructure	high	6.0	1	Data Leakage
3848	Lack of Physical Security Measures at ATM	high	6.0	1	Data Breach (Card Skimming)
3849	unsecured email systems	high	6.0	1	phishing
3850	Lack of Data Redaction/Validation in FOI Process	high	6.0	1	Data Breach (Unintentional Disclosure)
3851	Flaw in the online application	high	6.0	1	Data Breach
3852	Absence of Endpoint Monitoring	high	6.0	1	Data Breach Risk
3853	Human (Social Engineering)	high	6.0	1	Phishing
3854	CVE-2025-61882, Oracle E-Business Suite (EBS) security flaws	high	6.0	1	Data Breach
3855	CMS vulnerability	high	6.0	1	Data Breach
3856	Human Error/Employee Misconduct	high	6.0	1	Unauthorized Access and Data Breach
3857	Unprotected RSYNC Server	high	6.0	1	Data Leak
3858	Improper data storage	high	6.0	1	Data Breach
3859	Incorrectly Configured AWS Bucket	high	6.0	1	Data Exposure
3860	human error (lack of training)	high	6.0	1	phishing
3861	Improperly secured MongoDB database	high	6.0	1	Data Breach
3862	Unsecured Email Account	high	6.0	1	Data Breach
3863	CVE-2025-43300 (Apple OS-level zero-day)	high	6.0	1	Zero-day exploit
3864	Incorrect Address Usage	high	6.0	1	Data Breach
3865	Suspicious code on online payment portal	high	6.0	1	Data Breach
3866	Rapid development cycles outpacing security reviews	high	6.0	1	Distributed Denial of Service (DDoS)
3867	Unencrypted Device	high	6.0	1	Data Breach
3868	Internal Employee Access	high	6.0	1	Data Breach
3869	user typographical errors	high	6.0	1	phishing
3870	weakness in AIS tampering detection	high	6.0	1	physical cyber convergence
3871	improper use of email fields (To/CC instead of BCC)	high	6.0	1	data breach
3872	Alert System Failure	high	6.0	1	Data Breach
3873	GitHub Credentials	high	6.0	1	Data Breach
3874	Insufficient Monitoring of Third-Party Integrations	high	6.0	1	Unauthorized Access
3875	insufficient monitoring of collaboration platforms	high	6.0	1	data breach
3876	URL Parameter Manipulation (collection)	high	6.0	1	Prompt Injection
3877	Unauthorized access due to call center employee negligence	high	6.0	1	Data Breach
3878	Unsecured Remote Work Environments	high	6.0	1	Human Error
3879	Folio/IIN Integration Flaws	high	6.0	1	Data Breach
3880	Unencrypted and Unprotected Data Storage	high	6.0	1	Data Breach
3881	Exposure of Install Action Tokens	high	6.0	1	Data Breach
3882	Improper folder permissions on file servers	high	6.0	1	Data Breach
3883	E-Verify's inability to verify the authenticity of presented documents	high	6.0	1	Identity Theft
3884	JavaScript File Modification	high	6.0	1	Malware
3885	Lack of verification for payment changes (e.g., routing/banking number updates)	high	6.0	1	Fraud/Scam
3886	Unsecured Deleted Cloud Storage Buckets	high	6.0	1	Data Breach
3887	Improper Client Segregation	high	6.0	1	Data Breach
3888	Lack of Security Clearance Enforcement	high	6.0	1	Data Exposure
3889	Social engineering, user trust exploitation	high	6.0	1	Malware Campaign
3890	Basic Security Vulnerability	high	6.0	1	Data Breach
3891	Human Trust in IT Support Impersonation	high	6.0	1	Data Breach
3892	Generic Design of Legitimate Settlement Sites	high	6.0	1	Phishing
3893	inadequate contractor monitoring	high	6.0	1	insider threat
3894	Email Encryption	high	6.0	1	Data Breach
3895	Static Filtering in SEGs	high	6.0	1	Operational Risk
3896	Weak passwords (e.g., 'LOUVRE', 'THALES')	high	6.0	1	Security Audit Findings
3897	Human error leading to unauthorized access	high	6.0	1	Phishing
3898	Legacy Access Controls, Identity Vulnerabilities	high	6.0	1	Data Breach
3899	developer reliance on third-party dependencies	high	6.0	1	supply chain attack
3900	Weak credential security (IT vendor account compromise)	high	6.0	1	unauthorized access
3901	Changes introduced in the 2026 roadmap update, including sharding and execution environment enhancements	high	6.0	1	Security Breach
3902	Insufficient Email Security Protocols	high	6.0	1	Phishing
3903	Unauthorized Disclosure of Surveillance Footage	high	6.0	1	Physical Security Breach
3904	Shadow IT	high	6.0	1	Security Control Bypass
3905	Computer Infection	high	6.0	1	Financial Theft
3906	Insecure IoT devices	high	6.0	1	DDoS
3907	Cloud Storage System	high	6.0	1	Data Breach
3908	Weak Cloud Security (Nintendo)	high	6.0	1	DDoS Attack
3909	Public Visibility of Venmo Transactions and Contacts	high	6.0	1	Data Leak
3910	Insufficient Contextual Risk Awareness	high	6.0	1	Social Engineering
3911	Unmonitored DOM Changes (Lack of MutationObserver)	high	6.0	1	Data Breach
3912	Browser hijacking via malicious script	high	6.0	1	DDoS Attack, Content Tampering, Malicious JavaScript Injection
3913	Accellion's File Transfer Appliance software	high	6.0	1	Data Breach
3914	Non-secure data storage location	high	6.0	1	Data Breach
3915	User Trust in Legitimate Software Repositories	high	6.0	1	Malware Distribution
3916	Over-Permissive Ticket Transfer Features	high	6.0	1	Account Takeover (ATO)
3917	lapses in cybersecurity measures	high	6.0	1	cyber intrusion
3918	Security flaw in Progress' MOVEit data transfer programme	high	6.0	1	Data Breach
3919	Third-Party CRM Integration Vulnerabilities	high	6.0	1	Data Breach
3920	CVE-2025-32432 (Craft CMS)	high	6.0	1	cyberattack
3921	CVE-2024-36347	high	6.0	1	Vulnerability
3922	Internal SharePoint Site	high	6.0	1	Data Breach
3923	Point-of-sale terminals	high	6.0	1	Data Breach
3924	Exposure of Customer Data	high	6.0	1	Data Exposure
3925	potential weaknesses in email system security	high	6.0	1	phishing
3926	Weak/Leaked Credentials	high	6.0	1	Data Breach
3927	Lack of Public Awareness	high	6.0	1	Phishing
3928	Administrative Error	high	6.0	1	Data Breach
3929	Unvalidated PostMessage Origins	high	6.0	1	Data Breach
3930	Unattended Property	high	6.0	1	Data Theft
3931	Human error, Credential harvesting	high	6.0	1	Data Breach
3932	Improper Data Handling / Public-Facing Website Misconfiguration	high	6.0	1	Data Breach
3933	Excessive OAuth Token Scopes	high	6.0	1	Unauthorized Access
3934	Lack of multi-factor authentication (MFA) in some cases	high	6.0	1	Phishing (AI-enhanced)
3935	Fortinet VPN vulnerability	high	6.0	1	Data Breach
3936	Zero-Day Vulnerability in ESG Equipment	high	6.0	1	Data Theft
3937	insufficient security protections	high	6.0	1	cyber intrusion
3938	Data server configuration error	high	6.0	1	Data Breach
3939	Software vulnerability at vendor Infosys McCamish Systems LLC	high	6.0	1	Data Breach
3940	Employee Credentials and Laptop	high	6.0	1	Data Breach
3941	Potential SharePoint vulnerability (unconfirmed)	high	6.0	1	Cyberattack
3942	Potentially CVE-2025-53779 (Windows Kerberos)	high	6.0	1	Data Breach
3943	Loss of Physical Hard Drives	high	6.0	1	Data Breach
3944	Android system permissions bypass	high	6.0	1	Vulnerability
3945	Unpatched systems in video surveillance and access control	high	6.0	1	Security Audit Findings
3946	Lack of end-to-end encryption in standard email protocols, Absence of proper email authentication mechanisms	high	6.0	1	Business Email Compromise (BEC)
3947	Legacy IT systems and outdated infrastructure	high	6.0	1	Cybersecurity Awareness and Infrastructure Vulnerability
3948	Lack of Real-Time Verification for High-Risk Transactions	high	6.0	1	Social Engineering
3949	Inadequate Training Programs	high	6.0	1	Data Breach
3950	DVRs/NVRs	high	6.0	1	DDoS Attack
3951	Improper data management practices	high	6.0	1	Data Leak
3952	System Malfunction	high	6.0	1	Data Leak
3953	Inadequate Vetting Procedures	high	6.0	1	Data Exposure
3954	Phishing/Malware	high	6.0	1	Data Breach
3955	Default Weak Passwords	high	6.0	1	Unauthorized Access
3956	No Device Encryption	high	6.0	1	Data Breach Risk
3957	Compromise at a third party vendor's file servers	high	6.0	1	Data Breach
3958	lack of anomaly detection for screenshot activities	high	6.0	1	insider threat
3959	Lack of vetting for third-party game demos (Valve/Steam)	high	6.0	1	Distributed Denial of Service (DDoS)
3960	Exposed Private Data	high	6.0	1	Data Leak
3961	Lack of Geofencing for Transaction Validation	high	6.0	1	Financial Fraud
3962	MOVEit file transfer program	high	6.0	1	Data Breach
3963	Exploitation of GitHub's Discussions feature and perceived trustworthiness of security advisories	high	6.0	1	Phishing
3964	Same password for multiple accounts	high	6.0	1	Cyber Attack
3965	Location tracking vulnerabilities	high	6.0	1	Data Collection Incident
3966	Social Engineering of Mobile Carriers	high	6.0	1	Account Takeover
3967	AI-related blind spots	high	6.0	1	Data Breach
3968	lack of package registry enforcement	high	6.0	1	supply chain attack
3969	misconfigured public-facing storage/exposure of sensitive backup file	high	6.0	1	data exposure
3970	Employee Self Service system	high	6.0	1	Data Breach
3971	Third-party file sharing product	high	6.0	1	Data Breach
3972	Unencrypted Storage Devices	high	6.0	1	Data Breach
3973	Human Trust in Known Contacts	high	6.0	1	Phishing
3974	Click2Gov	high	6.0	1	Data Breach
3975	Reused/Weak Passwords (Phishing)	high	6.0	1	DDoS Attack
3976	Website platform configuration error (password-protected documents made publicly accessible via search)	high	6.0	1	data breach
3977	DNS misconfiguration	high	6.0	1	DNS Hijacking
3978	Human vulnerability through social engineering	high	6.0	1	Social Engineering Attack
3979	Unspecified vulnerability	high	6.0	1	Cyber Attack
3980	Misconfiguration in talent management software	high	6.0	1	Data Breach
3981	lack of multi-factor authentication (MFA) on crypto accounts	high	6.0	1	cyber theft
3982	Web-based payroll program	high	6.0	1	Data Breach
3983	Improper Access	high	6.0	1	Data Breach
3984	Weak ATM Security	high	6.0	1	Financial Fraud
3985	CVE-2025-24061	high	6.0	1	Vulnerability Disclosure
3986	Abuse of trusted cloud services (Firebase, Google Translate)	high	6.0	1	Phishing
3987	CVE-2024-38197 (CVSS 6.5: Medium)	high	6.0	1	Spoofing
3988	Unsecured Collaborative Tools	high	6.0	1	Data Breach Risk
3989	Poor password hygiene (weak, reused, or easily guessable passwords)	high	6.0	1	data breach
3990	NEXTEP self-service kiosks	high	6.0	1	Data Breach
3991	CVE-2026-21525 (NULL pointer dereference, CWE-476)	high	6.0	1	Zero-Day Vulnerability
3992	Compromised Office 365 Account	high	6.0	1	Data Breach
3993	Weak or compromised email account security	high	6.0	1	Data Breach
3994	WhatsApp screen-sharing feature (misuse)	high	6.0	1	social engineering
3995	MOVEit zero-day vulnerability	high	6.0	1	Data Breach
3996	On-board ports containing vehicle data	high	6.0	1	Vehicle Theft
3997	Unsecured Active Directory	high	6.0	1	Data Breach
3998	misconfigured database	high	6.0	1	data exposure
3999	Weak PIN reset security	high	6.0	1	Data Breach
4000	Over-reliance on email/text-based communication without secondary validation	high	6.0	1	Phishing (AI-enhanced)
4001	User trust in brand communications; exploitation of psychological urgency and fear tactics. No technical vulnerabilities in LastPass, Bitwarden, or 1Password systems were exploited.	high	6.0	1	Phishing
4002	Faiblesse dans les procédures de vérification d'identité	high	6.0	1	Cyberattaque
4003	Weak PIN reset security questions	high	6.0	1	Data Breach
4004	Data breach via third-party vendor	high	6.0	1	Phishing
4005	Unsecured Wi-Fi network	high	6.0	1	Malware
4006	Weak Authentication in Mobile Wallet Onboarding	high	6.0	1	Financial Fraud
4007	Abuse of Legitimate Services	high	6.0	1	Phishing
4008	Human Trust in Branded Communications / Lack of Multi-Channel Verification	high	6.0	1	Phishing / Social Engineering
4009	Human Error / Policy Violation (Email Mismanagement)	high	6.0	1	Data Breach / Unauthorized Disclosure
4010	Data mismatch error in system logic	high	6.0	1	Data Breach (Unauthorized Access/Disclosure)
4011	Poor Data Handling Protocols	high	6.0	1	Data Breach
4012	Human Error / Lack of Authentication Protocols	high	6.0	1	Data Breach
4013	Human Error (Incorrect Address Usage)	high	6.0	1	Data Breach
4014	Human Error (Falling for Spoofed Email)	high	6.0	1	Data Breach
4015	Human Trust in Email Communication	high	6.0	1	Phishing
4016	Google Business Profile verification loophole	high	6.0	1	defacement
4017	Automated Attack	high	6.0	1	Security Breach
4018	Inadvertent transfer of control of the account to a malicious actor	high	6.0	1	Hacking
4019	Software used by a third-party service provider	high	6.0	1	Data Breach
4020	Unrelated software bugs in vendor’s trading software	high	6.0	1	Hacking, Software Bug
4021	Improper access to email account	high	6.0	1	Data Breach
4022	Weak Multi-Factor Authentication (MFA) on Twitter Employee Accounts	high	6.0	1	Account Takeover
4023	Delayed Detection of Coordinated Trading Patterns	high	6.0	1	Financial Fraud
4024	Data processing error	high	6.0	1	Data Breach
4025	Unsecured Personal Laptop	high	6.0	1	Data Breach
4026	SSRF	high	6.0	1	SSRF Vulnerability
4027	Insider Tool Abuse	high	6.0	1	Account Takeover
4028	Gmail accounts	high	6.0	1	Data Breach
4029	Brokerage Platforms Allowing MFA via Text/Call	high	6.0	1	Financial Fraud
4030	Vendor Misconfiguration	high	6.0	1	Data Breach
4031	Lack of Device Encryption/Tracking	high	6.0	1	Data Security Incident
4032	Email Account and Tax Preparation Software	high	6.0	1	Data Breach
4033	Unauthorized access to an employee email account	high	6.0	1	Data Breach
4034	lack of real-time maritime tracking safeguards	high	6.0	1	physical cyber convergence
4035	Absence of Document Automation/Redaction Tools	high	6.0	1	Data Leakage
4036	CitrixBleed	high	6.0	1	Data Breach
4037	human error (successful phishing)	high	6.0	1	data breach
4038	Unencrypted device with sensitive data (despite password protection)	high	6.0	1	Data Breach (Physical Theft)
4039	Inadequate Coordination of Security Escort	high	6.0	1	Physical Security Breach
4040	Human Vulnerability (Blackmail)	high	6.0	1	Extortion, Insider Threat, Retail Theft
4041	Misconfigured third-party service	high	6.0	1	Data Exposure
4042	Legal Access via Emergency Order	high	6.0	1	Data Breach
4043	Poor Employee Training	high	6.0	1	Data Leak
4044	Lack of Cross-Border Data Transfer Compliance	high	6.0	1	Data Breach
4045	MOVEit Transfer platform vulnerability (likely CVE-2023-34362)	high	6.0	1	Data Breach
4046	Business Email Compromise	high	6.0	1	Data Breach
4047	Insufficient verification protocols for payment changes	high	6.0	1	Phishing (AI-enhanced)
4048	Public Access to Amazon S3 Bucket	high	6.0	1	Data Exposure
4049	Human trust in authentic-looking communications	high	6.0	1	Phishing (AI-enhanced)
4050	Neglected to fix vulnerabilities	high	6.0	1	Data Breach
4051	Unsecured Zoom Classroom	high	6.0	1	Cyber Attack
4052	Student Access to Staff Devices	high	6.0	1	Insider Threat
4053	Improper Access Controls on AWS EC2	high	6.0	1	DDoS Attack
4054	Browser-Stored Credentials	high	6.0	1	Credential Theft
4055	holiday distraction	high	6.0	1	phishing
4056	Weak Security Questions	high	6.0	1	Data Breach
4057	CVE-2025-12779	high	6.0	1	Vulnerability
4058	Weak Password/Credential Management	high	6.0	1	Data Breach
4059	Payment .php file vulnerability	high	6.0	1	Data Breach
4060	Server vulnerability of a former IT service provider	high	6.0	1	Data Breach
4061	Unsecured Physical Device (Password-protected laptop)	high	6.0	1	Data Breach (Physical Theft)
4062	Unpatched external web servers (Nintendo)	high	6.0	1	Distributed Denial of Service (DDoS)
4063	Lax privacy settings	high	6.0	1	Data Breach
4064	Unquoted Search Path Weakness in Plantronics Hub	high	6.0	1	Privilege Escalation
4065	Potential compromise of routers by Chinese state-sponsored hackers	high	6.0	1	Security Concerns and Investigations
4066	Apache HTTP server vulnerability	high	6.0	1	Cyber Espionage
4067	Human factor (phishing)	high	6.0	1	Phishing
4068	Sitting Ducks (DNS misconfiguration)	high	6.0	1	Scam / Fraudulent Push Notifications
4069	Email Access	high	6.0	1	Business Email Compromise
4070	Human Trust in Authority Figures	high	6.0	1	Social Engineering
4071	Compromised official Belgian Grand Prix email account	high	6.0	1	Multi-vector attack
4072	Lack of data-sharing protocols in pilot programs	high	6.0	1	Data Breach / Unauthorized Data Sharing
4073	Improper backup file storage	high	6.0	1	Data Breach
4074	CVE-2025-37735 (Improper Preservation of Permissions)	high	6.0	1	Vulnerability / Privilege Escalation
4075	CVE-2025-66168	high	6.0	1	Denial-of-Service (DoS)
4076	API security flaw in Kiln’s infrastructure (used for Solana staking operations)	high	6.0	1	cyberattack
4077	Unencrypted CouchDB installation	high	6.0	1	Data Leak
4078	Software Update Issue	high	6.0	1	Data Breach
4079	Error in resetting network settings	high	6.0	1	Data Breach
4080	Credential Stuffing	high	6.0	1	Authentication Security Improvement
4081	Employee Misconfiguration	high	6.0	1	Data Breach
4082	Weak Login Verification	high	6.0	1	Data Breach
4083	Trust in official app marketplaces, deceptive email outreach	high	6.0	1	Phishing
4084	TOCTOU Vulnerability	high	6.0	1	Vulnerability Exploitation
4085	Lack of Strict Marketplace Vetting	high	6.0	1	Malware Distribution
4086	Compromised Email Credentials	high	6.0	1	Data Breach
4087	Zero-Day Vulnerability in Fortran GoAnywhere MFT	high	6.0	1	Data Breach
4088	Lack of Email Gateway HTML Attachment Blocking	high	6.0	1	Phishing
4089	Psychological manipulation (urgency, authority impersonation)	high	6.0	1	Phishing (AI-enhanced)
4090	Human Trust in Legitimate Breach Alerts	high	6.0	1	Phishing / Social Engineering
4091	Lack of Token Rotation	high	6.0	1	Unauthorized Access
4092	Human Error (Inadvertent Disclosure in Public Documents)	high	6.0	1	Data Breach
4093	Skill Gaps in Workforce	high	6.0	1	Data Breach
4094	Use of Non-Official Communication Channels	high	6.0	1	Phishing
4095	shared/default credentials	high	6.0	1	election fraud
4096	Insufficient User Awareness Training	high	6.0	1	Phishing
4097	Malware installation via phishing	high	6.0	1	Data Breach
4098	psychological manipulation (e.g., fear of missing out on high returns)	high	6.0	1	fraud
4099	Lack of oversight/guidance for opioid settlement fund allocation; flexible spending rules	high	6.0	1	Financial Misappropriation / Regulatory Non-Compliance
4100	Vulnerable Laravel version or misconfiguration	high	6.0	1	Data Exposure
4101	Dangerous React Patterns (dangerouslySetInnerHTML near iframes)	high	6.0	1	Data Breach
4102	PCI DSS 4.0.1 Non-Compliance (Unmanaged Scripts on Payment Pages)	high	6.0	1	Data Breach
4103	Insufficient Staff Training	high	6.0	1	Data Breach
4104	lack of authentication for mobile device pairing	high	6.0	1	fraud
4105	Internal Access Controls	high	6.0	1	Data Breach
4106	Coding techniques to enter the Naviance student site	high	6.0	1	Data Breach
4107	Security weaknesses in NHS websites	high	6.0	1	Cyberattack
4108	Drift’s OAuth integration flow vulnerability	high	6.0	1	Data Breach
4109	CVE-2025-33206 (CWE-78: Improper Neutralization of Special Elements in OS Commands)	high	6.0	1	Vulnerability
4110	Misplaced Thumb Drive	high	6.0	1	Data Breach
4111	Employee System Credentials	high	6.0	1	Data Breach
4112	Human Trust in Official-Looking Communications	high	6.0	1	Phishing
4113	IT vendor vulnerability confirmed by the Ministry of Health	high	6.0	1	Data Breach
4114	CVE-2026-0231 (CWE-497)	high	6.0	1	Vulnerability
4115	Misconfigured AWS S3 storage	high	6.0	1	Data Leak
4116	Sabre Hospitality Solutions' system	high	6.0	1	Data Breach
4117	Weak Administrator Password	high	6.0	1	Data Breach
4118	Lack of Access Controls (No Password Protection)	high	6.0	1	Data Breach (Unintentional Exposure)
4119	Employee's Microsoft 365 Account	high	6.0	1	Data Breach
4120	Cached Credentials	high	6.0	1	Data Security Incident
4121	Third-party AI tools	high	6.0	1	DDoS
4122	privileged access controls	high	6.0	1	insider threat
4123	Weak Third-Party Compliance Standards	high	6.0	1	Data Leakage
4124	Unauthorized access to an employee's email account	high	6.0	1	Data Breach
4125	Email Account Security	high	6.0	1	Email Hijacking
4126	Malicious Software Installation	high	6.0	1	Data Breach
4127	User Trust in Discounted/Rare Item Offers	high	6.0	1	DDoS Attack
4128	Human (Insider Trust)	high	6.0	1	Unauthorized Disclosure
4129	Employee Portal Accounts	high	6.0	1	Data Breach
4130	publicly available personal data (for voice cloning)	high	6.0	1	phishing
4131	unprotected storage	high	6.0	1	data exposure
4132	Human Error (Misplaced Trust in Email Communication)	high	6.0	1	Business Email Compromise (BEC)
4133	Unguarded Physical Access Points	high	6.0	1	Physical Theft
4134	Fake pop-up window	high	6.0	1	Data Breach
4135	Gaps in cybersecurity	high	6.0	1	Cyberattack (Hacking)
4136	Human error (email misdelivery)	high	6.0	1	Data Breach (Human Error / Misdelivery)
4137	Weak Authentication for OAuth Tokens	high	6.0	1	Data Breach
4138	Weak Access Controls in Citrix Systems	high	6.0	1	Data Breach
4139	Four zero-day vulnerabilities in IBM Data Risk Manager	high	6.0	1	Zero-Day Exploit
4140	Payment card processing system	high	6.0	1	Data Breach
4141	Weak password hashing (SHA-256)	high	6.0	1	Data Breach
4142	weak identity verification for wallet transfers	high	6.0	1	cyber theft
4143	External System Breach (Hacking)	high	6.0	1	Data Breach
4144	Unauthorized Access due to Program Glitch	high	6.0	1	Data Breach
4145	CVE-2025-57714 (Unquoted Search Path in NetBak Replicator 4.5.x)	high	6.0	1	Vulnerability
4146	Lack of user awareness, trust in government services, and reusable phishing infrastructure	high	6.0	1	Phishing
4147	Test server misconfiguration	high	6.0	1	Data Breach
4148	Misconfigured database backup access	high	6.0	1	Data Breach
4149	Inadvertent Technical Error	high	6.0	1	Data Breach
4150	Lack of Physical Security / Unencrypted Laptops	high	6.0	1	Data Breach (Physical Theft)
4151	lack of bulk email security measures	high	6.0	1	data breach
4152	Lack of insider threat detection and prevention measures	high	6.0	1	Insider Threat
4153	Lack of Data Governance Policies	high	6.0	1	Data Leakage
4154	Installation management process in Mobile VPN with IPSec client for Windows	high	6.0	1	Privilege Escalation
4155	Compromised email account credentials	high	6.0	1	Phishing
4156	Compromised Emails	high	6.0	1	Cyber Fraud
4157	Human trust in fake USPS parcel delivery messages	high	6.0	1	Smishing Campaign
4158	Unencrypted USB Flash Drive	high	6.0	1	Data Breach
4159	Default password ('1234') on wireless crosswalk buttons	high	6.0	1	Hacking
4160	Critical Infrastructure Vulnerabilities (e.g., Power Grid Exploitation)	high	6.0	1	Cybercrime Network Dismantling
4161	Fault in the code of EOSBet's smart contracts	high	6.0	1	Cryptocurrency Theft
4162	Lack of API-Centric Threat Intelligence Sharing	high	6.0	1	Operational Risk
4163	Internal Employee Privileges	high	6.0	1	Data Breach
4164	Website Payment Page	high	6.0	1	Data Breach
4165	Public fear	high	6.0	1	Phishing
4166	Poor Data Protection Practices	high	6.0	1	Insider Threat
4167	Weak authentication mechanism (Phone Number/PIN model)	high	6.0	1	Unauthorized Access
4168	Bug in open-source library	high	6.0	1	Data Leak
4169	Fragmented Security Tool Integration	high	6.0	1	Operational Risk
4170	Phishing/Email Compromise	high	6.0	1	Cyber Attack
4171	Credential theft, Stolen payment tokens	high	6.0	1	Fraud
4172	Absence of Passkey Support	high	6.0	1	Phishing
4173	unrestricted access to student email accounts	high	6.0	1	election fraud
4174	File Decompression in Kernel	high	6.0	1	Vulnerability Exploit
4175	Compromised user credentials	high	6.0	1	Data Breach
4176	Human error (successful phishing attack)	high	6.0	1	Data Breach
4177	Lack of Visibility in Rapid Development Cycles	high	6.0	1	DDoS Attack
4178	Lack of Oversight/Enforcement of Access Controls	high	6.0	1	Data Breach
4179	URL Spoofing	high	6.0	1	Phishing
4180	Exposed Data on Website	high	6.0	1	Data Leak
4181	Delay introduction via VPN	high	6.0	1	Cheating via VPN
4182	Automated attack tools	high	6.0	1	DDoS
4183	Inadequate Remote Work Policies	high	6.0	1	Data Leak
4184	Unauthorized access from outside of Europe	high	6.0	1	DDoS Attack
4185	Lack of rate-limiting or size restrictions on contact list uploads, enabling mass verification of phone numbers associated with WhatsApp accounts.	high	6.0	1	Privacy Vulnerability
4186	DNS misconfiguration (abandoned domains with improper nameserver delegation)	high	6.0	1	DNS Misconfiguration Exploitation
4187	weaknesses in social media platform moderation	high	6.0	1	fraud
4188	Accidental Exposure	high	6.0	1	Data Breach
4189	Lack of Continuous Credential Monitoring	high	6.0	1	Credential Theft
4190	Abuse of trusted .arpa domain for reverse DNS lookups	high	6.0	1	Phishing
4191	Retired Internet Application	high	6.0	1	Data Breach
4192	Human (Email Compromise)	high	6.0	1	Data Breach
4193	Vulnerable version of Trust Wallet browser extension (v2.68)	high	6.0	1	Supply Chain Attack
4194	Failure to Protect Sensitive Location Data	high	6.0	1	Physical Security Breach
4195	Third-party application vulnerability	high	6.0	1	Data Breach
4196	AI Platform Misconfiguration	high	6.0	1	Data Breach
4197	Backup Payment Card Readers	high	6.0	1	Data Breach
4198	ARC processor flaws	high	6.0	1	DDoS Attack
4199	MIME type and filename extension mismatches	high	6.0	1	Vulnerability Exploit
4200	Lack of U2F/Physical Security Key Enforcement	high	6.0	1	Financial Fraud
4201	Data Collection Practices	high	6.0	1	Data Privacy Issue
4202	Unauthorized access to Workday payroll accounts	high	6.0	1	Data Breach
4203	Lack of Secure Document Disposal Procedures	high	6.0	1	Data Breach (Physical)
4204	Weak Internal Controls (Prior Embezzlement)	high	6.0	1	Fraud
4205	Insertion of malicious script	high	6.0	1	Data Breach
4206	External Access to Validator Keys	high	6.0	1	Blockchain Security Breach
4207	Post-termination access to company passwords	high	6.0	1	Unauthorized Access
4208	Compromised Employee Mailbox	high	6.0	1	Data Breach
4209	Lack of Device Encryption	high	6.0	1	Data Breach (Physical Theft)
4210	Employee Malpractice	high	6.0	1	Data Breach
4211	Stolen Laptop	high	6.0	1	Data Breach
4212	Three additional undisclosed vulnerabilities (details not specified)	high	6.0	1	Spoofing
4213	Flaw in Ivanti Endpoint Manager Mobile (EPMM)	high	6.0	1	Data Breach
4214	Unsecured MongoDB Server	high	6.0	1	Data Exposure
4215	Insufficient oversight of contractor personnel with privileged access	high	6.0	1	Insider Threat
4216	Insufficiently Secure Settings	high	6.0	1	Data Breach
4217	Backup Device Misconfiguration	high	6.0	1	Data Breach
4218	Unauthorized Change to Website	high	6.0	1	Data Breach
4219	Unsecured Endpoints	high	6.0	1	Data Security Incident
4220	Human vulnerability (phishing)	high	6.0	1	Phishing
4221	lack of verification for online investments	high	6.0	1	fraud
4222	Insecure use of pull_request_target in GitHub Actions workflows	high	6.0	1	Supply Chain Attack
4223	Lack of Email Encryption / Employee Negligence	high	6.0	1	Data Breach
4224	Weak URL validation in RecursiveUrlLoader (String.startsWith() check) and lack of private IP range validation	high	6.0	1	Server-Side Request Forgery (SSRF)
4225	Same-Origin Policy Gaps (postMessage Wildcards, CORS Misconfigurations)	high	6.0	1	Data Breach
4226	Human Carelessness	high	6.0	1	Human Error
4227	Unauthorized access to WiFi management system	high	6.0	1	Cyber Attack
4228	Inadequate User Consent Mechanisms	high	6.0	1	Data Breach
4229	Medium and high severity vulnerabilities in Ivanti EPMM software	high	6.0	1	Cyber Attack
4230	lack of verification by job seekers	high	6.0	1	social engineering
4231	Outdated Antivirus/Anti-Malware Tools	high	6.0	1	Data Breach Risk
4232	CVE-2026-26127 (Out-of-bounds read, CWE-125)	high	6.0	1	Denial-of-Service (DoS)
4233	Over-reliance on Limited Public Nodes (Centralization Risk)	high	6.0	1	Blockchain Security Breach
4234	Authentication protocol vulnerabilities	high	6.0	1	Cyberattack
4235	Weak password ('solarwinds123')	high	6.0	1	Cyberattack
4236	Discord’s expired vanity URL reuse policy	high	6.0	1	Distributed Denial of Service (DDoS)
4237	improper authentication	high	6.0	1	unauthorized access
4238	Unmanaged Secrets in CI/CD Pipelines	high	6.0	1	Credential Theft
4239	Unspecified software vulnerability in 2Keys MFA system	high	6.0	1	Data Breach
4240	human trust/urgency bias	high	6.0	1	social engineering
4241	TotoLink router firmware update server	high	6.0	1	DDoS Attack
4242	Human Error (Fatigue/Jetlag)	high	6.0	1	Phishing
4243	CVE-2025-0128	high	6.0	1	Denial of Service (DoS)
4244	Unspecified vulnerability in a development server	high	6.0	1	Data Breach
4245	trust in automated AI-driven code analysis	high	6.0	1	supply chain attack
4246	Inadvertent Permissions	high	6.0	1	Cyber Attack
4247	Accès non autorisé aux données clients	high	6.0	1	Cyberattaque
4248	Paycor's MOVEit Transfer software	high	6.0	1	Data Breach
4249	Misconfiguration of AWS Application Load Balancer Authentication	high	6.0	1	Misconfiguration
4250	Physical ATM Security	high	6.0	1	Data Breach
4251	CSP frame-src Bypass (Compromised Allowed Domains)	high	6.0	1	Data Breach
4252	Mistaken Disclosure	high	6.0	1	Data Breach
4253	Password Reset Token Leak	high	6.0	1	Account Hijacking
4254	Website Configuration Error	high	6.0	1	Data Breach
4255	Standard employee account credentials	high	6.0	1	Cyberattack
4256	Microsoft Exchange email servers	high	6.0	1	Data Breach
4257	alleged exploitation of parking permit system to gain unauthorized access	high	6.0	1	phishing
4258	Employee Mailboxes	high	6.0	1	Data Breach
4259	Unsecured Audio Files	high	6.0	1	Data Exposure
4260	GoAnywhere MFT zero-day vulnerability	high	6.0	1	Data Breach
4261	Human error (opening malicious attachment)	high	6.0	1	Phishing
4262	CVE-2025-2848	high	6.0	1	Vulnerability Exploitation
4263	Inadequate Multi-Factor Authentication (MFA)	high	6.0	1	Human Error
4264	Weak password encryption (unsalted MD5 and SHA-1)	high	6.0	1	Data Breach
4265	Improper storage of personal information	high	6.0	1	Data Breach
4266	Human (phishing)	high	6.0	1	Phishing
4267	Human Error (Improper Data Handling)	high	6.0	1	Data Breach (Accidental Disclosure)
4268	Backend Update Bug	high	6.0	1	Bug/Exploit
4269	Unspecified vulnerability in 2Keys MFA system (Interac-owned)	high	6.0	1	Data Breach
4270	Security vulnerabilities in IP cameras	high	6.0	1	DDoS Attack
4271	NFC Protocol Abuse (Legitimate Traffic Relay)	high	6.0	1	Financial Fraud
4272	Weak Authentication (SMS-based 2FA)	high	6.0	1	Social Engineering
4273	Donation Page	high	6.0	1	Data Breach
4274	CVE-2025-53770 (Microsoft SharePoint, CVSS 9.8)	high	6.0	1	Data Breach
4275	System Vulnerability	high	6.0	1	Data Breach
4276	Lack of robust security measures	high	6.0	1	Hacking
4277	misconfigured slot machine software	high	6.0	1	fraud
4278	Human factor - employees providing login credentials	high	6.0	1	Data Breach
4279	Business Email Accounts	high	6.0	1	Data Breach
4280	Email login credentials	high	6.0	1	Data Breach
4281	Developer oversight leading to token exposure in public repositories	high	6.0	1	credential compromise
4282	System-generated error	high	6.0	1	Data Breach
4283	CVE-2025-53770 (SharePoint Server, 'ToolShell')	high	6.0	1	Data Breach
4284	Setup Configuration	high	6.0	1	Data Leak
4285	Privacy Controls	high	6.0	1	Data Breach
4286	Fortra's GoAnywhere MFT platform's zero-day vulnerability	high	6.0	1	Data Breach
4287	Exposed Google API key	high	6.0	1	Data Exposure
4288	Lack of Real-Time Email Authentication	high	6.0	1	Phishing
4289	Inadequate credential monitoring and reliance on unmanaged devices for SaaS access	high	6.0	1	Credential Theft
4290	Employee email account credentials	high	6.0	1	Data Breach
4291	Misconfigured Docker Daemon (Exposed to Internet)	high	6.0	1	DDoS Attack
4292	lack of multi-factor verification	high	6.0	1	phishing
4293	Business Continuity Dependencies	high	6.0	1	Third-Party Risk
4294	Player trust in unofficial marketplaces	high	6.0	1	Distributed Denial of Service (DDoS)
4295	Hardcoded Credentials in Internal Portals	high	6.0	1	Data Breach
4296	CVE-2025-59789 (Uncontrolled Recursion / Stack Overflow in json2pb component)	high	6.0	1	Denial-of-Service (DoS)
4297	Citrix Remote Desktop Software Vulnerability	high	6.0	1	Unauthorized Access
4298	Loss of Physical Control (Stolen Laptop)	high	6.0	1	Data Breach (Theft of Device)
4299	Weak Authentication (Slack Cookies)	high	6.0	1	Data Breach
4300	lack of domain registration oversight	high	6.0	1	phishing
4301	Permission Misconfiguration	high	6.0	1	Data Exposure
4302	CVE-2025-27610	high	6.0	1	Vulnerability Exploitation
4303	Complexity in visibility and control	high	6.0	1	Data Breach
4304	Human Error (IT Support Tricked)	high	6.0	1	Data Breach
4305	Compromised software via phishing	high	6.0	1	Phishing Attack
4306	Lack of proactive domain monitoring and registration of brand variations	high	6.0	1	Cybersquatting, Phishing, Malware Distribution, Fraud
4307	Public Venmo Account	high	6.0	1	Data Exposure
4308	Lack of Data Wiping and Encryption	high	6.0	1	Data Breach
4309	Disconnected Security Tools	high	6.0	1	DDoS Attack
4310	Password Manager Bypass	high	6.0	1	Phishing
4311	Human Trust in Branded Communications	high	6.0	1	Phishing
4312	Bypass of Time-Limited MFA Windows	high	6.0	1	Financial Fraud
4313	Absence of Technical Safeguards (Encryption/De-identification)	high	6.0	1	Data Breach
4314	Reused passwords across multiple services	high	6.0	1	Credential Stuffing
4315	Exploitable Gaps in Contactless Payment Tokenization	high	6.0	1	Financial Fraud
4316	Family Member Trust Exploitation	high	6.0	1	Fraud
4317	Lack of endpoint security for attendee devices	high	6.0	1	Malware
4318	CVE-2025-24071	high	6.0	1	Vulnerability Disclosure
4319	Weak Cybersecurity Standards in Financial and E-Commerce Sectors	high	6.0	1	Cybercrime Network Dismantling
4320	Third-Party Integration (Drift Email/Salesloft)	high	6.0	1	Data Breach
4321	Package look-up capabilities	high	6.0	1	Data Breach
4322	Publicly accessible Elasticsearch instance	high	6.0	1	Data Breach
4323	Unpatched Public-Facing Servers	high	6.0	1	DDoS Attack
4324	Base64 Obfuscation Bypass	high	6.0	1	Prompt Injection
4325	Unpatched Endpoints	high	6.0	1	Credential Theft
4326	Unsecured IoT Devices (DVRs, WiFi Routers)	high	6.0	1	DDoS Attack
4327	Compromised e-mail account	high	6.0	1	Data Breach
4328	Email Privacy Misconfigurations	high	6.0	1	Data Breach
4329	Browsealoud Plugin	high	6.0	1	Cryptojacking
4330	Realtek chips	high	6.0	1	DDoS Attack
4331	Unknown Oracle E-Business System Vulnerability	high	6.0	1	Cyber Attack
4332	human trust in authoritative messages (e.g., toll agencies)	high	6.0	1	phishing
4333	human trust in FIFA branding	high	6.0	1	phishing
4334	exploitation of job application platforms	high	6.0	1	social engineering
4335	Use of Personal Device for Corporate Access	high	6.0	1	Data Breach
4336	Unencrypted Email	high	6.0	1	Data Breach
4337	AI-generated content	high	6.0	1	Phishing
4338	Database vulnerability	high	6.0	1	Data Breach
4339	Employee Account	high	6.0	1	Data Breach
4340	Insufficient network segmentation between office and operational systems	high	6.0	1	Cyber Intrusion
4341	Exploitation of Apple’s account creation process (excessive character acceptance in name fields) and security alert email system	high	6.0	1	Phishing (Callback Phishing)
4342	Publicly Available Environment Files	high	6.0	1	Data Exposure
4343	Unpatched flaw in a commercial MDM system	high	6.0	1	Data Breach
4344	Human Error (Unauthorized Information Disclosure)	high	6.0	1	Data Breach
4345	Configuration Mistake	high	6.0	1	Data Leak
4346	Programming Update Error	high	6.0	1	Data Breach
4347	Insecure Direct Object Reference (IDOR) in media access endpoints (/media/{ID})	high	6.0	1	Data Breach
4348	Unsecured Employee Roster	high	6.0	1	Data Breach
4349	Weak SMS-based Multi-Factor Authentication (MFA)	high	6.0	1	Financial Fraud
4350	Mandatory login gate on social media platform	high	6.0	1	Notification System Failure
4351	unauthorized data access/exfiltration by terminated employee	high	6.0	1	data breach
4352	Routers from T-Mobile, Zyxel, D-Link, Linksys	high	6.0	1	DDoS Attack
4353	AI Agent Memory Access	high	6.0	1	Prompt Injection
4354	Payment Card Network	high	6.0	1	Data Breach
4355	Suspicious WordPress plugin	high	6.0	1	Cyberattack
4356	Weak Password Policy (Password: 'Louvre', 'Thales')	high	6.0	1	Physical Theft
4357	Phishable OTP Tokens for Mobile Wallet Provisioning	high	6.0	1	Financial Fraud
4358	Weak Data Access Controls	high	6.0	1	Data Exposure
4359	Insufficient Access Controls for High-Risk Secrets	high	6.0	1	Credential Theft
4360	Default Configurations in Security Tools	high	6.0	1	Operational Risk
4361	Data Privacy Policy	high	6.0	1	Data Disclosure
4362	Lack of Regulatory Oversight in Cryptocurrency Operations	high	6.0	1	Cybercrime Network Dismantling
4363	Session Cookie Theft	medium	5.0	1	Security Breach
4364	Insufficient Data Protection Measures	medium	5.0	1	Data Breach
4365	Lack of Output Encoding in Email Templates	medium	5.0	1	Email Spoofing
4366	Progress Software's MOVEit Transfer	medium	5.0	1	Data Breach
4367	Improper truncation of payment card information on receipts	medium	5.0	1	Data Exposure
4368	Technical Setting in Tracking Technology	medium	5.0	1	Data Breach
4369	initramfs debug shell access during boot failures	medium	5.0	1	Vulnerability Exploitation
4370	CVE-2025-61882 (critical zero-day in Oracle E-Business Suite allowing remote system control without authentication)	medium	5.0	1	ransomware
4371	Bug	medium	5.0	1	Data Leak
4372	GiveWP WordPress Plugin Flaw	medium	5.0	1	Data Breach
4373	OAuth Tokens	medium	5.0	1	Data Breach
4374	Internal Logging Mechanism	medium	5.0	1	Data Exposure
4375	CVE-2024-41710	medium	5.0	1	DDoS Botnet
4376	Poor physical installation of hardware	medium	5.0	1	Hardware Security Oversight
4377	Metadata Harvesting in Salesforce	medium	5.0	1	Data Breach
4378	Data Mishandling	medium	5.0	1	Data Breach
4379	CVE-2026-5709	medium	5.0	1	Policy & Defense Initiatives
4380	Remote Access through Third-Party POS Vendor	medium	5.0	1	Payment Card Breach
4381	Online appointment functionality failure	medium	5.0	1	Data Leak
4382	Web Page Configuration	medium	5.0	1	Data Breach
4383	Human error (misconfigured download link)	medium	5.0	1	Extortion
4384	Browser Cache Storage	medium	5.0	1	Data Breach
4385	Sorting Error	medium	5.0	1	Data Breach
4386	Weak IAM credential security, lack of multifactor authentication (MFA)	medium	5.0	1	Cryptocurrency Mining
4387	CVE-2025-13223 (V8 JavaScript engine flaw)	medium	5.0	1	Zero-day vulnerability
4388	Inappropriate email handling	medium	5.0	1	Data Breach
4389	Unsecured Public Trello Boards	medium	5.0	1	Data Leak
4390	Database Misconfiguration	medium	5.0	1	Data Breach
4391	Accidental Sharing of Data	medium	5.0	1	Data Breach
4392	Insufficient input validation	medium	5.0	1	Cross-Site Scripting (XSS)
4393	Indirect prompt injection (IPI)	medium	5.0	1	Vulnerability Exploit
4394	Credentials left on GitHub	medium	5.0	1	Data Breach
4395	Data Handling Error	medium	5.0	1	Data Breach
4396	Unprotected Excel Spreadsheet	medium	5.0	1	Data Breach
4397	Failure to redact information properly	medium	5.0	1	Data Breach
4398	Home internet connection access via VPN	medium	5.0	1	Security Breach
4399	Samsung.com	medium	5.0	1	Data Breach
4400	Patient Billing System	medium	5.0	1	Data Breach
4401	Insecure transmission of payment card data	medium	5.0	1	Payment Card Breach
4402	Archived website hosted by a now-former third-party vendor	medium	5.0	1	Data Breach
4403	Misconfigured security protocols or automated password reset systems	medium	5.0	1	Potential Data Exposure
4404	CVE-2024-6914	medium	5.0	1	Vulnerability Exploitation
4405	Policy Violation	medium	5.0	1	Data Breach
4406	Out-of-Bounds Write (CWE-787)	medium	5.0	1	Denial-of-Service (DoS)
4407	Incorrect fax number	medium	5.0	1	Data Breach
4408	Weak administrator password, lack of Multi-Factor Authentication, exposed remote access	medium	5.0	1	Ransomware
4409	Inadequate data erasure protocols	medium	5.0	1	Data Handling Incident
4410	Physical Loss of Storage Device	medium	5.0	1	Data Breach
4411	Computer Programming Error	medium	5.0	1	Data Breach
4412	Human Error (Mistaken Disclosure)	medium	5.0	1	Data Breach (Unauthorized Disclosure)
4413	Improper output encoding	medium	5.0	1	Cross-Site Scripting (XSS)
4414	CVE-2025-22244: Stored XSS in Gateway Firewall Response Pages	medium	5.0	1	Vulnerability
4415	Weak SaaS Integration Controls	medium	5.0	1	Data Breach
4416	CVE-2025-46176	medium	5.0	1	Vulnerability Exploitation
4417	Computer Error	medium	5.0	1	Data Breach
4418	Poor access controls	medium	5.0	1	Data Breach
4419	Poor governance, lack of controls in records management, and inadequate note-taking practices	medium	5.0	1	Data Breach (Unauthorized Disclosure)
4420	Click2Gov System	medium	5.0	1	Data Breach, Fraud
4421	CVE-2025-27915	medium	5.0	1	Vulnerability Exploitation
4422	Improper disposal of electronic devices	medium	5.0	1	Data Breach
4423	CVE-2025-11001	medium	5.0	1	Vulnerability Exploitation
4424	Email Indexing and Unsubscribe Vulnerability	medium	5.0	1	Data Exposure
4425	Trust in Urgent Requests	medium	5.0	1	Awareness Campaign
4426	CVE-2025-9242 (Out-of-bounds Write in 'iked' process)	medium	5.0	1	Vulnerability
4427	Stored HTML Injection via Budget Name Input Field	medium	5.0	1	Email Spoofing
4428	Open database without authentication	medium	5.0	1	Data Breach
4429	Improper OAuth Token Security	medium	5.0	1	Data Breach
4430	Inadequate data security program	medium	5.0	1	Data Breach
4431	CVE-2025-48384	medium	5.0	1	Vulnerability Exploitation
4432	Unauthorized Biometric Data Collection	medium	5.0	1	Privacy Breach
4433	Unsecured Paper Files	medium	5.0	1	Data Breach
4434	Lack of Awareness	medium	5.0	1	Awareness Campaign
4435	Weakness in Drift-Salesforce integration security	medium	5.0	1	data breach
4436	Data Entry Error	medium	5.0	1	Data Breach
4437	AI Algorithm Inefficiency	medium	5.0	1	System Malfunction
4438	CVE-2025-59489 (Unity Engine Arbitrary Code Execution)	medium	5.0	1	Vulnerability Disclosure
4439	Insecure Transport	medium	5.0	1	Data Leak
4440	Compromised Python SDK versions (4.87.1, 4.87.2)	medium	5.0	1	Supply Chain Attack
4441	Open Server	medium	5.0	1	Data Exposure
4442	User Credentials from an Unrelated Site	medium	5.0	1	Data Breach
4443	Firewall bypass	medium	5.0	1	Penetration Test Exceeding Scope
4444	Open Database Platform	medium	5.0	1	Data Exposure
4445	URL Redirection	medium	5.0	1	Vulnerability Exploit
4446	Information Sharing Program	medium	5.0	1	Data Breach
4447	Byte Pair Encoding (BPE) or WordPiece tokenization weaknesses in LLMs	medium	5.0	1	AI/ML Vulnerability Exploitation
4448	Printing Error	medium	5.0	1	Data Breach
4449	Denial of Service (DoS)	medium	5.0	1	Data Breach, Denial of Service (DoS)
4450	Insufficient access controls and monitoring in office suites	medium	5.0	1	Physical Security Breach, Theft
4451	Vbulletin CMS Flaw	medium	5.0	1	Data Breach
4452	Improper Access Restrictions	medium	5.0	1	Data Breach
4453	CVE-2025-48989 (HTTP/2 'Made You Reset' Memory Exhaustion)	medium	5.0	1	Vulnerability
4454	MOVEit file transfer tool vulnerability	medium	5.0	1	Data Breach
4455	CVE-2025-0520	medium	5.0	1	Policy & Defense Initiatives
4456	Reused Usernames and Passwords	medium	5.0	1	Account Compromise
4457	Shared infrastructure flaw	medium	5.0	1	Data Breach
4458	Public Exposure of Sensitive Information	medium	5.0	1	Data Breach
4459	Unsecured Vehicle	medium	5.0	1	Physical Theft
4460	Improper Account Use	medium	5.0	1	Data Breach
4461	Unknown Third Party Credential Leak	medium	5.0	1	Credential Stuffing
4462	Mistakenly attached sensitive information to email	medium	5.0	1	Data Breach
4463	Flaw in proxy link handling	medium	5.0	1	Information Disclosure
4464	Public-facing website	medium	5.0	1	Data Breach
4465	CVE-2025-45080	medium	5.0	1	Vulnerability
4466	Older servers	medium	5.0	1	Data Breach
4467	Instant Quote Platform	medium	5.0	1	Data Breach
4468	Human Factor (Insider Access Abuse)	medium	5.0	1	Insider Threat
4469	Exposed credentials from earlier data breaches	medium	5.0	1	Credential Stuffing
4470	Malicious JavaScript injection through API call	medium	5.0	1	Supply Chain Attack
4471	Outdated Routers with Remote Administration Enabled	medium	5.0	1	Cyber Attack
4472	Third-Party Vendor Security Gaps	medium	5.0	1	Data Breach
4473	Snowflake data warehouse misconfiguration/weakness	medium	5.0	1	Data Breach
4474	Compromised npm maintainer account	medium	5.0	1	Supply Chain Attack
4475	Exposed backup firewall preference files in MySonicWall cloud service	medium	5.0	1	Data Exposure
4476	Unsecured Browser-Stored Passwords/Cookies	medium	5.0	1	Data Breach
4477	Insufficient Email Client-Side Sanitization	medium	5.0	1	Email Spoofing
4478	Bug in the GMX platform	medium	5.0	1	Cryptocurrency Theft
4479	CVE-2026-24489	medium	5.0	1	Vulnerability Exploitation
4480	User Account	medium	5.0	1	Data Breach
4481	Improper Handling of Physical Records	medium	5.0	1	Data Breach
4482	Third-party contractor’s laptop	medium	5.0	1	Data Breach
4483	Email Security	medium	5.0	1	Data Breach
4484	Human Error (Inadvertent Disclosure)	medium	5.0	1	Data Breach
4485	Improper Disclosure of Research Funding	medium	5.0	1	Data Privacy Incident
4486	Improper website data handling	medium	5.0	1	Data Breach (Accidental Disclosure)
4487	Progress Software's MOVEit software vulnerability	medium	5.0	1	Data Breach
4488	Microsoft 365 Email Account	medium	5.0	1	Data Breach
4489	Microsoft Power Apps portal configuration error	medium	5.0	1	Data Breach
4490	CVE-2019-9621	medium	5.0	1	Vulnerability Exploitation
4491	CVE-2026-6296	medium	5.0	1	Policy & Defense Initiatives
4492	Incorrect Privacy Settings	medium	5.0	1	Data Breach
4493	Third-party software library vulnerability	medium	5.0	1	Data Breach
4494	CVE-2025-61884 (potential, patched later)	medium	5.0	1	Data Breach
4495	Typosquatting (Visual Deception)	medium	5.0	1	Phishing
4496	CVE-2026-5708	medium	5.0	1	Policy & Defense Initiatives
4497	CVE-2023-2533	medium	5.0	1	Vulnerability Exploitation
4498	Typeform Vulnerability	medium	5.0	1	Data Breach
4499	Supply-chain attack via npm ecosystem	medium	5.0	1	Infostealer
4500	Improper Access Control (Publicly Accessible File)	medium	5.0	1	Data Exposure / Unauthorized Access
4501	Bug in Vine	medium	5.0	1	Data Breach
4502	Slack's link-rendering logic flaw (misinterpreting text as domains when missing spaces after punctuation)	medium	5.0	1	Vulnerability Exploitation
4503	Privileged credentials	medium	5.0	1	Data Breach
4504	Progress Software's MOVEit file transfer software	medium	5.0	1	Data Breach
4505	Weak cybersecurity measures	medium	5.0	1	Data Breach
4506	Third-party vendor misconfiguration	medium	5.0	1	Data Breach
4507	Lack of verification of driver credentials and shipping paperwork	medium	5.0	1	Cyber Cargo Theft (Fictitious Pickup)
4508	Accellion file sharing platform	medium	5.0	1	Data Breach
4509	Lack of access controls, Unauthorized third-party server usage	medium	5.0	1	Data Misuse, Election Interference, Unauthorized Data Access
4510	Improper Data Disposal	medium	5.0	1	Data Breach
4511	Security hole in the in-house web application	medium	5.0	1	Data Breach
4512	Point-of-Sale (POS) Systems	medium	5.0	1	Data Breach
4513	CVE-2025-22245: Stored XSS in Router Port Configurations	medium	5.0	1	Vulnerability
4514	Compromised email login credentials	medium	5.0	1	Data Breach
4515	Online quote system	medium	5.0	1	Data Breach
4516	Weak Username and Password Combinations	medium	5.0	1	Data Breach
4517	CVE-2025-22243: Stored XSS Vulnerability in NSX Manager UI	medium	5.0	1	Vulnerability
4518	Ignoring Robots Exclusion Protocol	medium	5.0	1	Data Scraping
4519	CVE-2025-11002	medium	5.0	1	Vulnerability Exploitation
4520	CVE-2026-5707	medium	5.0	1	Policy & Defense Initiatives
4521	Improper third-party data sharing	medium	5.0	1	Data Breach
4522	Website Programming Change	medium	5.0	1	Data Breach
4523	Unauthorized access to secrets during pull request process	medium	5.0	1	Unauthorized Access
4524	Improper configuration of the website	medium	5.0	1	Data Breach
4525	CVE-2025-52891	medium	5.0	1	Denial-of-Service
4526	Microsoft Exchange vulnerability	medium	5.0	1	Ransomware
4527	Outdated Windows software (including video surveillance systems)	medium	5.0	1	Physical Burglary
4528	Lateral Movement via Stolen Credentials	medium	5.0	1	Supply Chain Attack
4529	Trust in AI-assisted development tools	medium	5.0	1	Supply Chain Attack
4530	Software Glitch	medium	5.0	1	Data Breach
4531	Customer service software misconfiguration	medium	5.0	1	Data Breach
4532	Service request lookup tool flaw allowing unauthorized access via bot	medium	5.0	1	Data Breach
4533	Vulnerability in Drift application’s Salesforce integration	medium	5.0	1	third-party breach
4534	Unchecked third-party access, improper configurations, over-permissioned tools	medium	5.0	1	Data Exposure
4535	Vendor's Software Flaw	low	2.5	1	Data Breach
4536	Counterfeit Hardware	low	2.5	1	Supply Chain Attack
4537	CVE-2024-45431	low	2.5	1	Vulnerability Exploitation
4538	Stack-based buffer overflow	low	2.5	1	Vulnerability Exploitation
4539	Printing Software Vulnerability	low	2.5	1	Data Breach
4540	Hiring Process	low	2.5	1	State-Sponsored Hacker Infiltration
4541	CVE-2025-13878	low	2.5	1	Denial-of-Service (DoS)
4542	Lack of authentication on C2 panel, weak SSH credentials, exposed services (RDP, SMB, WinRM)	low	2.5	1	Credential Stuffing
4543	Missing portable data storage device	low	2.5	1	Data Breach
4544	Mobile app API	low	2.5	1	Data Breach
4545	CVE-2025-37103	low	2.5	1	Vulnerability Exploitation
4546	CVE-2025-7723	low	2.5	1	Vulnerability Exploitation
4547	Improperly secured GitHub secrets (long-lived PyPI tokens stored in workflows)	low	2.5	1	supply chain attack
4548	CVE-2025-34141	low	2.5	1	Vulnerability Exploitation
4549	Misprinting of personal information	low	2.5	1	Data Breach
4550	CVE-2025-9101	low	2.5	1	DDoS
4551	Known loopholes in SonicWall VPN	low	2.5	1	Exploitation of Vulnerability
4552	Flaw in HTML sanitizer (rcube_washtml) failing to block <feImage> SVG element	low	2.5	1	Privacy Bypass
4553	Lack of Backup Procedure	low	2.5	1	Data Loss
4554	Remote access to car's specialized computers	low	2.5	1	Cyberattack
4555	Exposed phone numbers from data breaches or leaked marketing databases	low	2.5	1	Phishing (SMS-based)
4556	Rowhammer	low	2.5	1	Vulnerability Exploitation
4557	CVE-2026-20805	low	2.5	1	Information Disclosure
4558	Mailing Processes	low	2.5	1	Data Breach
4559	Compromised IoT devices (routers, IP cameras, digital video recorders)	low	2.5	1	DDoS Attack
4560	Exposed RDP server	low	2.5	1	Ransomware
4561	Debug code in production builds causing routing failure	low	2.5	1	Vulnerability
4562	CVE-2025-48651	low	2.5	1	Vulnerability
4563	CVE-2025-6029	low	2.5	1	Vulnerability Exploitation
4564	CVE-2025-53506	low	2.5	1	Denial of Service (DoS)
4565	CVE-2026-33825 (Insufficient access-control granularity - CWE-1220)	low	2.5	1	Privilege Escalation
4566	Improper conversation/message ID verification	low	2.5	1	Vulnerability Exploitation
4567	Temporary API code misconfiguration	low	2.5	1	Data Breach
4568	CVE-2024-45432	low	2.5	1	Vulnerability Exploitation
4569	Arbitrary File Upload (CVE-2025-64374)	low	2.5	1	Vulnerability Exploitation
4570	MOVEit secure file transfer application	low	2.5	1	Data Breach
4571	Critical Issues	low	2.5	1	Vulnerability Exploitation
4572	CVE-2025-13348	low	2.5	1	Vulnerability
4573	Publicly Accessible S3 Bucket	low	2.5	1	Data Breach
4574	Social Engineering (Legitimate Appearance), Dynamic Payload Updates, Stolen AI Infrastructure	low	2.5	1	Malicious Package / Data Exfiltration
4575	MOVEit Transfer tool vulnerability	low	2.5	1	Data Breach
4576	ConnectWise ScreenConnect (CVE-2024-1709)	low	2.5	1	Ransomware
4577	Malicious QR Code	low	2.5	1	Supply Chain Attack
4578	Vulnerability in the outage app	low	2.5	1	Data Breach
4579	CVE-2025-7724	low	2.5	1	Vulnerability Exploitation
4580	Unprotected IoT Devices	low	2.5	1	IoT Device Hack
4581	Exploit in Trinity wallet app	low	2.5	1	Cryptocurrency Wallet Exploit
4582	Data Transfer Error	low	2.5	1	Data Breach
4583	Flaw in ASUS DriverHub	low	2.5	1	Vulnerability Exploit
4584	CVE-2025-54957	low	2.5	1	Vulnerability Exploitation
4585	Unpatched firmware in home routers/cameras	low	2.5	1	Distributed Denial of Service (DDoS)
4586	Social engineering, malware-laced coding assignments	low	2.5	1	Cryptocurrency Theft
4587	DNS misconfiguration (lame delegation), browser notification permissions	low	2.5	1	Push-Notification Scam
4588	CVE-2025-1087	low	2.5	1	Template Injection
4589	Improper Storage of Sensitive Information	low	2.5	1	Data Breach
4590	CVE-2025-24016 (Unsafe Deserialization)	low	2.5	1	Botnet Exploitation
4591	CVE-2025-46789	low	2.5	1	Vulnerability Exploitation
4592	Unauthorized access to source code repository	low	2.5	1	Data Breach
4593	Reflected cross site scripting (XSS)	low	2.5	1	Vulnerability Exploitation
4594	Unencrypted Hard Drive	low	2.5	1	Data Breach
4595	CVE-2025-59719	low	2.5	1	Authentication Bypass
4596	CVE-2025-27387	low	2.5	1	Vulnerability Exploitation
4597	Improper error handling	low	2.5	1	Misconfiguration
4598	CVE-2024-45433	low	2.5	1	Vulnerability Exploitation
4599	USBAnywhere	low	2.5	1	Remote Attack Vector
4600	Improper fax transmission	low	2.5	1	Data Breach
4601	Insufficient intrusion detection	low	2.5	1	Ransomware
4602	Writable MFGSTAT.zip file with incorrect permissions	low	2.5	1	Vulnerability Exploitation
4603	SSH password capture	low	2.5	1	Data Breach
4604	Imperfect Process	low	2.5	1	Data Breach
4605	CVE-2025-22234	low	2.5	1	Vulnerability Exploitation
4606	Public-facing website misconfiguration	low	2.5	1	Data Breach
4607	MOVEit server vulnerability	low	2.5	1	Data Breach
4608	CVE-2025-36537	low	2.5	1	Vulnerability
4609	Web Server	low	2.5	1	Data Breach
4610	Secure Email Account	low	2.5	1	Data Breach
4611	Improper link resolution in Windows Update Stack (CVE-2025-21204)	low	2.5	1	Privilege Escalation
4612	Zero-day vulnerability in Oracle’s eBusiness Suite	low	2.5	1	Data Breach
4613	X11 clipboard functionality	low	2.5	1	Malware
4614	Third-party risks	low	2.5	1	Data Breach
4615	PHP Exploit in MyBB Codebase	low	2.5	1	Infrastructure Disruption
4616	CVE-2026-20029	low	2.5	1	Information Disclosure
4617	Vulnerabilities in Cleo's platform	low	2.5	1	Data Breach
4618	Unspecified	low	2.5	1	Phishing
4619	Easily Exploitable Vulnerabilities	low	2.5	1	Vulnerability Exploitation
4620	Human psychology (trust in job applications), abuse of trusted cloud infrastructure (AWS EC2/S3)	low	2.5	1	Phishing/Social Engineering, Malware Delivery
4621	Unauthorized physical access	low	2.5	1	Physical and Logical Security Breach
4622	Insufficient file authentication in the updater mechanism	low	2.5	1	Software Vulnerability
4623	CVE-2025-7206	low	2.5	1	Vulnerability
4624	Critical Telnet vulnerability allowing unauthorized access	low	2.5	1	Vulnerability Exploitation
4625	CVE-2026-40176	low	2.5	1	Vulnerability Exploitation
4626	Hard-coded secret values	low	2.5	1	Vulnerability Exploitation
4627	Website Search Function	low	2.5	1	Data Breach
4628	Vulnerability on older game websites	low	2.5	1	Data Breach
4629	Third-party file transfer software	low	2.5	1	Data Breach
4630	Lack of Awareness (pre-training)	low	2.5	1	Security Awareness
4631	Shared File Location	low	2.5	1	Data Breach
4632	Unsecured Computer Server	low	2.5	1	Data Breach
4633	unpatched_software	low	2.5	1	data_breach
4634	Unauthorized network access	low	2.5	1	Physical and Logical Security Breach
4635	Identical authentication certificates, prolonged certificate validity (10 years), inadequate network access controls	low	2.5	1	Data Breach, Unauthorised Transactions, Malware Infection
4636	Database Configuration Error	low	2.5	1	Data Breach
4637	Damaged mailing	low	2.5	1	Data Breach
4638	CVE-2025-34140	low	2.5	1	Vulnerability Exploitation
4639	CVE-2025-12420	low	2.5	1	Privilege Escalation
4640	CVE-2025-2760	low	2.5	1	Software Vulnerability
4641	CVE-2026-0227	low	2.5	1	Denial-of-Service (DoS)
4642	Vulnerability in data storage system	low	2.5	1	Data Breach
4643	MOVEit Transfer tool vulnerabilities	low	2.5	1	Data Breach
4644	Third-party software vendor (MOVEit)	low	2.5	1	Data Breach
4645	CVE-2025-50054	low	2.5	1	Vulnerability Exploitation
4646	CVE-2025-4230	low	2.5	1	Command Injection
4647	CVE-2025-2761	low	2.5	1	Software Vulnerability
4648	CVE-2025-24813	low	2.5	1	Vulnerability Exploitation
4649	Misconfigured permissions	low	2.5	1	Cyber Breach
4650	Server setup error	low	2.5	1	Data Breach
4651	CVE-2026-20803	low	2.5	1	Elevation of Privilege
4652	CWE-400	low	2.5	1	Uncontrolled Resource Consumption
4653	Insecure remote administration access	low	2.5	1	Security Breach
4654	Serial number extraction	low	2.5	1	Authentication Bypass
4655	CVE-2025-32756	low	2.5	1	Vulnerability Exploitation
4656	Trust in employment process	low	2.5	1	Insider Threat
4657	CVE-2026-20824	low	2.5	1	Security Feature Bypass
4658	Unauthorized access to historical emails	low	2.5	1	Data Breach
4659	Phishing Susceptibility	low	2.5	1	Security Awareness
4660	Data Security Vulnerabilities	low	2.5	1	Data Security Vulnerability
4661	Device Tracking Vulnerabilities	low	2.5	1	Surveillance Investigation
4662	CVE-2024-22774 (Uncontrolled search path element)	low	2.5	1	Privilege Escalation
4663	Obsolete servers exposed to the internet	low	2.5	1	Cyberattack
4664	Credentials obtained from another website	low	2.5	1	Data Breach
4665	CVE-Unassigned (ASLR Bypass via NSKeyedArchiver Serialization Pointer Leak)	low	2.5	1	Vulnerability Disclosure
4666	Shared authentication systems, privileged access management gaps	low	2.5	1	Credential Exposure
4667	CVE-2026-3483 (CWE-749 - Exposed Dangerous Method)	low	2.5	1	Privilege Escalation
4668	DMARC authentication bypass, trusted infrastructure abuse	low	2.5	1	Phishing
4669	Bug introduced during an update of the email system	low	2.5	1	Data Leak
4670	Realtek routers via port 52869	low	2.5	1	DDoS-for-Hire Botnet
4671	CVE-2025-49825	low	2.5	1	Vulnerability Exploit
4672	MOVEit file transfer program vulnerability	low	2.5	1	Data Breach
4673	12 new exploits targeting D-Link, Huawei, NETGEAR, TP-Link, and other devices	low	2.5	1	DDoS-for-Hire Botnet
4674	Android APK vulnerabilities	low	2.5	1	DDoS Attack
4675	Unmonitored networks	low	2.5	1	Ransomware
4676	Logic error in handling Authorization objects in ACME service, allowing improper reuse of domain validation data	low	2.5	1	Certificate Misissuance
4677	Vulnerability in third-party firewall software	low	2.5	1	Data Breach
4678	Unsecured attic access, potential food attractants	low	2.5	1	Physical Intrusion (Non-Cyber)
4679	Barracuda Networks email application vulnerability	low	2.5	1	Data Breach
4680	CVE-2026-20841 (CWE-77: Command Injection)	low	2.5	1	Remote Code Execution (RCE)
4681	Unsecured Storage of Usernames and Passwords	low	2.5	1	Data Breach
4682	CVE-2026-23600	low	2.5	1	Authentication Bypass
4683	CVE-2025-34028	low	2.5	1	Path Traversal Vulnerability
4684	Fake Firmware	low	2.5	1	Supply Chain Attack
4685	Weak message validation	low	2.5	1	Vulnerability Exploitation
4686	Lack of contextual awareness in AI systems	low	2.5	1	AI-related data exposure
4687	Lack of proper access controls and oversight in AI systems	low	2.5	1	Data Breach
4688	CVE-2025-5601	low	2.5	1	Vulnerability Exploitation
4689	CVE-2026-26127 (Out-of-bounds read weakness, CWE-125)	low	2.5	1	Denial-of-Service (DoS)
4690	Lack of phishing controls, Unrestricted RMM tool usage, Insufficient EDR monitoring	low	2.5	1	Phishing, Social Engineering, RMM Abuse
4691	GeminiJack	low	2.5	1	Zero-Click Exploit
4692	CVE-2025-4563	low	2.5	1	Vulnerability
4693	CVE-2025-55188	low	2.5	1	Vulnerability Exploitation
4694	Fortinet EMS (CVE-2023-48788)	low	2.5	1	Ransomware
4695	CVE-2025-34142	low	2.5	1	Vulnerability Exploitation
4696	Memory leak in embedded JavaScript engine	low	2.5	1	Resource Exhaustion
4697	Faulty fuel injector	low	2.5	1	Product Recall
4698	CVE-2024-11857	low	2.5	1	Vulnerability
4699	CVE-2025-3699	low	2.5	1	Vulnerability
4700	Cloned Phishing Site	low	2.5	1	Supply Chain Attack
4701	Admin password bypass	low	2.5	1	Authentication Bypass
4702	CVE-2025-59718	low	2.5	1	Authentication Bypass
4703	vBulletin’s reliance on PHP’s Reflection API for its custom Model-View-Controller (MVC) framework and API system	low	2.5	1	Remote Code Execution (RCE)
4704	Poor password practices	low	2.5	1	Ransomware
4705	CVE-2025-1234	low	2.5	1	DDoS
4706	human_error	low	2.5	1	data_breach
4707	CVE-2024-45434	low	2.5	1	Vulnerability Exploitation
4708	Accidental Disclosure	low	2.5	1	Data Breach
4709	Exposed .env file with database credentials	low	2.5	1	Data Exposure, Potential DoS Attack
4710	Vendor Service (Accellion)	low	2.5	1	Data Breach
4711	Mailing Label Printing Error	low	2.5	1	Data Breach
4712	Unsecured FTP Server	low	2.5	1	Data Breach
4713	CVE-2026-2441 (use-after-free in CSS component)	low	2.5	1	Zero-Day Vulnerability
4714	Improper Access Control in fepblue Mobile App	low	2.5	1	Data Breach (Unauthorized Access)
4715	CVE-2026-2636 (Improper flag validation in CLFS.sys)	low	2.5	1	Denial-of-Service (DoS)
4716	CVE-2025-50165 (Uninitialized function pointer dereference in WindowsCodecs.dll)	low	2.5	1	Remote Code Execution (RCE)
4717	Low entropy in database metadata retrieval	low	2.5	1	Privacy Vulnerability
4718	Weaknesses in cloud security, insufficient encryption, inadequate identity management, lack of network segmentation	low	2.5	1	AI System Targeting, Cloud Infrastructure Exploitation
4719	Programming Code Error	low	2.5	1	Data Breach
4720	CVE-2026-23869 (Deserialization of untrusted data - CWE-502, Uncontrolled resource consumption - CWE-400)	low	2.5	1	Denial of Service (DoS)
4721	Malformed ZIP archives evading security tools, native Windows unarchiving utility exploitation	low	2.5	1	Malware Campaign
4722	CVE-2026-40261	low	2.5	1	Vulnerability Exploitation
4723	CVE-2025-34143	low	2.5	1	Vulnerability Exploitation
4724	CVE-2025-49464	low	2.5	1	Vulnerability Exploitation
4725	Insufficient policy enforcement in the WebView tag	low	2.5	1	Security Bypass
4726	Unattended Vehicle	low	2.5	1	Data Breach
4727	CVE-2025-5138	low	2.5	1	Vulnerability Exploitation
4728	XSS in Software Acquisition Guide: Supplier Response Web Tool	low	2.5	1	Vulnerability
4729	Weak credentials/default passwords in IoT devices	low	2.5	1	Distributed Denial of Service (DDoS)
4730	Psychological manipulation (urgency, stress, perceived authority)	low	2.5	1	Phishing/Scam
4731	CVE-2025-24091	low	2.5	1	Denial of Service (DoS)
4732	Unmonitored lateral movement	low	2.5	1	Cyber Breach
4733	CVE-2025-65606	low	2.5	1	Vulnerability Exploitation
4734	CVE-2025-5678	low	2.5	1	DDoS
4735	Unpatched IoT/ARC processor vulnerabilities	low	2.5	1	DDoS Attack
4736	CVE-2025-26147	low	2.5	1	Vulnerability Exploitation
4737	Software Error	low	2.5	1	Data Breach