Security Dashboard

7d 14d 30d 90d
Total CVEs
2774
last 14 days
Avg Priority
33.0
of max 220
KEV
3
actively exploited
POC
376
public exploits
Unpatched
717
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
HIGH
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
HIGH

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
26 CVE-2026-34782
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-39921
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side req
26 CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, mu
26 CVE-2026-5675
A vulnerability was found in itsourcecode Construction Management System 1.0. Th
26 CVE-2026-40086
Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal v
26 CVE-2026-35179
## Summary The SocialMediaPublisher plugin exposes a `publishInstagram.json.php
26 CVE-2026-40152
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files()
26 CVE-2026-39362
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
26 CVE-2026-35629
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability i
26 CVE-2026-2519
The Online Scheduling and Appointment Booking System - Bookly plugin for WordPre
26 CVE-2026-40252
FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Cont
26 CVE-2026-39922
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side req
26 CVE-2026-39406
## Summary A path handling inconsistency in `serveStatic` allows protected stat
26 CVE-2026-40151
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deploymen
26 CVE-2026-39851
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.
26 CVE-2026-35619
OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the
26 CVE-2026-33705
Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template fil
26 CVE-2026-35450
## Summary The `plugin/API/check.ffmpeg.json.php` endpoint probes the FFmpeg re
26 CVE-2026-35662
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send
26 CVE-2026-35651
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence in
26 CVE-2026-39407
## Summary A path handling inconsistency in `serveStatic` allows protected stat
26 CVE-2026-35208
lichess.org is the forever free, adless and open source chess server. Any approv
26 CVE-2026-40087
LangChain's f-string prompt-template validation was incomplete in two respects.
26 CVE-2026-34718
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-35040
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, usin
26 CVE-2026-40100
FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/
26 CVE-2026-5808
A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae31
26 CVE-2026-5338
A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected e
26 CVE-2026-24153
NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted appl
26 CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible
26 CVE-2026-32591
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an or
26 CVE-2026-21003
Improper input validation in data related to network restrictions prior to SMR A
26 CVE-2026-4420
Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating f
26 CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scr
26 CVE-2026-33865
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsi
26 CVE-2025-41357
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104.
26 CVE-2026-34951
Workbench is a suite of tools for administrators and developers to interact with
26 CVE-2025-41355
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104.
26 CVE-2026-39840
Improper neutralization of input during web page generation ('cross-site scripti
26 CVE-2026-34821
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2025-41356
Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104.
26 CVE-2026-35398
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-35474
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirec
26 CVE-2026-35396
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-33709
JupyterHub is software that allows one to create a multi-user server for Jupyter
26 CVE-2026-35472
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-35473
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-35475
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect
26 CVE-2026-32113
Discourse is an open-source discussion platform. From versions 2026.1.0-latest t
26 CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.
26 CVE-2026-33273
Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2
26 CVE-2026-33415
Discourse is an open-source discussion platform. From versions 2026.1.0-latest t
26 CVE-2026-39347
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to
26 CVE-2026-6107
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some u
26 CVE-2026-5469
A weakness has been identified in Casdoor 2.356.0. This vulnerability affects un
26 CVE-2026-27787
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If th
26 CVE-2026-34804
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34807
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-27508
Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-sit
26 CVE-2026-35055
XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XS
26 CVE-2026-34809
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-26352
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site s
26 CVE-2026-34801
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34817
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-35057
XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scrip
26 CVE-2026-34816
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34814
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34813
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34820
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34811
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34815
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34805
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34806
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-35054
XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related
26 CVE-2026-34818
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34798
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34799
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34800
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34802
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34823
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34808
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34803
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34812
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-34810
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-26927
Szafir SDK Web is a browser plug-in that can run SzafirHost application which do
26 CVE-2026-5468
A security flaw has been discovered in Casdoor 2.356.0. This affects the functio
26 CVE-2026-5148
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnera
26 CVE-2026-5475
A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the functio
26 CVE-2026-34822
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)
26 CVE-2026-35613
coursevault-preview is a utility for previewing course material files from a con

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 731d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1197d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 12 / 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy