Total CVEs
2769
last 14 days
Avg Priority
33.1
of max 220
KEV
3
actively exploited
POC
375
public exploits
Unpatched
716
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 27 |
CVE-2026-5240
A security vulnerability has been detected in code-projects BloodBank Managing S
|
| 27 |
CVE-2026-5315
A vulnerability was determined in Nothings stb up to 1.26. The affected element
|
| 27 |
CVE-2026-5205
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulner
|
| 27 |
CVE-2026-5623
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affe
|
| 27 |
CVE-2026-5530
A flaw has been found in Ollama up to 18.1. This issue affects some unknown proc
|
| 27 |
CVE-2026-5380
An issue that could allow an authorized user to view the clear-text secrets for
|
| 27 |
CVE-2026-5313
A vulnerability has been found in Nothings stb up to 2.30. This issue affects th
|
| 27 |
CVE-2026-33866
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used
|
| 27 |
CVE-2026-35592
pyLoad is a free and open-source download manager written in Python. Prior to 0.
|
| 27 |
CVE-2026-25742
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is
|
| 27 |
CVE-2026-34715
### Summary
The `encode_headers` function in `src/ewe/internal/encoder.gleam` d
|
| 27 |
CVE-2026-34786
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a
|
| 27 |
CVE-2026-33617
An unauthenticated remote attacker can access a configuration file containing da
|
| 27 |
CVE-2026-39712
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
|
| 27 |
CVE-2026-1797
The Appointment Booking and Scheduler Plugin - Truebooker plugin for WordPress i
|
| 27 |
CVE-2026-39629
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
|
| 27 |
CVE-2026-39412
### Summary
The `sort_natural` filter bypasses the `ownPropertyOnly` security o
|
| 27 |
CVE-2026-39625
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
|
| 27 |
CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a
|
| 27 |
CVE-2026-34899
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes - W
|
| 27 |
CVE-2026-5823
A weakness has been identified in itsourcecode Construction Management System 1.
|
| 27 |
CVE-2026-35449
## Summary
The `install/test.php` diagnostic script has its CLI-only access gua
|
| 27 |
CVE-2026-29136
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject
|
| 27 |
CVE-2026-5467
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is som
|
| 27 |
CVE-2026-22662
prompts.chat prior to commit 1464475 contains a blind server-side request forger
|
| 27 |
CVE-2026-3477
The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorizat
|
| 27 |
CVE-2026-2696
The Export All URLs WordPress plugin before 5.1 generates CSV filenames containi
|
| 27 |
CVE-2026-34373
### Impact
The GraphQL API endpoint does not respect the `allowOrigin` server o
|
| 27 |
CVE-2026-39664
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Expl
|
| 27 |
CVE-2026-39704
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automate
|
| 27 |
CVE-2026-39652
Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-book
|
| 27 |
CVE-2026-39716
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploit
|
| 27 |
CVE-2026-39657
Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-fo
|
| 27 |
CVE-2026-39650
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiemen
|
| 27 |
CVE-2026-5624
A security flaw has been discovered in ProjectSend r2002. This vulnerability aff
|
| 27 |
CVE-2026-39563
Missing Authorization vulnerability in ILLID Share This Image share-this-image a
|
| 27 |
CVE-2026-39605
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-l
|
| 27 |
CVE-2026-39644
Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-rev
|
| 27 |
CVE-2026-39637
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Inco
|
| 27 |
CVE-2026-39698
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt
|
| 27 |
CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-en
|
| 27 |
CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl genera
|
| 27 |
CVE-2026-30280
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED
|
| 27 |
CVE-2026-39505
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting
|
| 27 |
CVE-2026-39668
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce bo
|
| 27 |
CVE-2026-39672
Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Ra
|
| 27 |
CVE-2026-39561
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Explo
|
| 27 |
CVE-2026-39694
Missing Authorization vulnerability in NSquared Simply Schedule Appointments sim
|
| 27 |
CVE-2026-39662
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for
|
| 27 |
CVE-2026-39714
Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows
|
| 27 |
CVE-2026-39682
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-m
|
| 27 |
CVE-2026-39680
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator d
|
| 27 |
CVE-2026-39690
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block aut
|
| 27 |
CVE-2026-39676
Missing Authorization vulnerability in Shahjada Download Manager download-manage
|
| 27 |
CVE-2026-39501
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switc
|
| 27 |
CVE-2026-39528
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recip
|
| 27 |
CVE-2026-39678
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System bookin
|
| 27 |
CVE-2026-39648
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Ex
|
| 27 |
CVE-2026-39609
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows
|
| 27 |
CVE-2026-39700
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting In
|
| 27 |
CVE-2026-39706
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy all
|
| 27 |
CVE-2026-39543
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploitin
|
| 27 |
CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates insecure session ids.
T
|
| 27 |
CVE-2026-39659
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-
|
| 27 |
CVE-2026-5344
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected
|
| 27 |
CVE-2026-39882
overview:
this report shows that the otlp HTTP exporters (traces/metrics/logs) r
|
| 27 |
CVE-2026-5474
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE
|
| 27 |
CVE-2026-21714
A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE
|
| 27 |
CVE-2026-34776
### Impact
On macOS and Linux, apps that call `app.requestSingleInstanceLock()`
|
| 27 |
CVE-2026-24030
An attacker might be able to trick DNSdist into allocating too much memory while
|
| 27 |
CVE-2026-24028
An attacker might be able to trigger an out-of-bounds read by sending a crafted
|
| 27 |
CVE-2026-5606
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
|
| 27 |
CVE-2026-5705
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affect
|
| 27 |
CVE-2026-5579
A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue aff
|
| 27 |
CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted
|
| 27 |
CVE-2026-33578
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the G
|
| 27 |
CVE-2026-3177
The Charitable - Donation Plugin for WordPress - Fundraising with Recurring Dona
|
| 27 |
CVE-2026-21711
A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket
|
| 27 |
CVE-2026-5572
A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03
|
| 26 |
CVE-2026-39851
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.
|
| 26 |
CVE-2026-6141
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up t
|
| 26 |
CVE-2026-34837
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
|
| 26 |
CVE-2026-35452
## Summary
The `plugin/CloneSite/client.log.php` endpoint serves the clone oper
|
| 26 |
CVE-2026-5808
A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae31
|
| 26 |
CVE-2025-14243
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an
|
| 26 |
CVE-2026-35179
## Summary
The SocialMediaPublisher plugin exposes a `publishInstagram.json.php
|
| 26 |
CVE-2026-35629
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability i
|
| 26 |
CVE-2026-34782
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
|
| 26 |
CVE-2026-39415
Frappe Learning Management System (LMS) is a learning system that helps users st
|
| 26 |
CVE-2026-34718
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |