在野利用漏洞分析(CISA KEV 与 Exploit-DB)
按 EPSS 分数阈值的 CVE 统计
| 指标 (近 7 天) |
CVE 数 |
| EPSS ≥ 1% |
3,232 |
| EPSS ≥ 10% |
828 |
| EPSS ≥ 30% |
369 |
近 7 日 EPSS 分数变化
| Δ EPSS(7 日) |
CVE 数 |
| EPSS 分数 +1% |
182 |
| EPSS 分数 +10% |
6 |
| EPSS 分数 +30% |
0 |
| Δ EPSS(7 日) |
CVE 数 |
| EPSS 分数 -1% |
167 |
| EPSS 分数 -10% |
6 |
| EPSS 分数 -30% |
2 |
| 业务分面 |
CVSS 规则(底座分) |
CVE 数 |
|
| 日常监测与扩展覆盖 |
CVSS 底座分 ≥ 4.0 |
261354 |
→ |
| 高信号筛选与重点研判 |
CVSS 底座分 ≥ 7.0 |
136757 |
→ |
| 极端暴露与优先处置 |
CVSS 底座分 ≥ 9.0 |
32447 |
→ |
| 战术 |
技术 |
CVE 数 |
| Initial Access |
Stored/Reflected XSS |
46,074 |
| SQL Injection |
19,864 |
| Generic Input/Entry Manipulation |
5,801 |
| Execution |
RCE / Command Execution |
20,178 |
| Out-of-Bounds Write |
14,335 |
| Memory Corruption |
14,037 |
| Privilege Escalation |
CSRF Session Abuse |
9,408 |
| Missing Authorization |
8,609 |
| Authorization/Privilege Bypass |
8,050 |
| Lateral Movement |
SSRF Pivoting |
2,896 |
| Open Redirect Pivoting |
1,567 |
| Spoofing to Internal Trust Pivoting |
621 |
| Defense Evasion |
Path Traversal |
9,992 |
| Malicious File Upload Entry |
4,187 |
| File Inclusion |
1,267 |
| Credential Access |
Cryptographic Weakness |
6,319 |
| Hard-coded Credentials |
1,738 |
| Insufficiently Protected Credentials |
1,392 |
cvelogic
Threat Intelligence