Total CVEs
2780
last 14 days
Avg Priority
33.0
of max 220
KEV
3
actively exploited
POC
378
public exploits
Unpatched
716
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 23 |
CVE-2026-31063
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer ove
|
| 23 |
CVE-2026-31061
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove
|
| 23 |
CVE-2026-34384
Admidio is an open-source user management solution. Prior to version 5.0.8, the
|
| 22 |
CVE-2026-5383
An issue that could allow access to Explorer groups from outside of the authoriz
|
| 22 |
CVE-2026-5169
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored
|
| 22 |
CVE-2026-3574
The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stor
|
| 22 |
CVE-2026-2838
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Sto
|
| 22 |
CVE-2026-34726
### Summary
Copier's `_subdirectory` setting is documented as the subdirectory
|
| 22 |
CVE-2026-28265
PowerStore, contains a Path Traversal vulnerability in the Service user. A low p
|
| 22 |
CVE-2026-24511
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 t
|
| 22 |
CVE-2026-21007
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 R
|
| 22 |
CVE-2026-39864
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.
|
| 22 |
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause
|
| 22 |
CVE-2026-4330
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vuln
|
| 22 |
CVE-2026-33227
Improper validation and restriction of a classpath path name vulnerability in Ap
|
| 22 |
CVE-2026-5918
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.
|
| 22 |
CVE-2026-5906
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727
|
| 22 |
CVE-2026-35462
Papra is a minimalistic document management and archiving platform. Prior to 26.
|
| 22 |
CVE-2026-3568
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Ref
|
| 22 |
CVE-2026-4977
The UsersWP - Front-end login form, User Registration, User Profile & Members Di
|
| 22 |
CVE-2026-4057
The Download Manager plugin for WordPress is vulnerable to unauthorized modifica
|
| 22 |
CVE-2026-35460
Papra is a minimalistic document management and archiving platform. Prior to 26.
|
| 22 |
CVE-2026-3831
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress i
|
| 22 |
CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior
|
| 22 |
CVE-2026-3371
The Tutor LMS - eLearning and online course solution plugin for WordPress is vul
|
| 22 |
CVE-2026-4799
In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted
|
| 22 |
CVE-2026-32618
Discourse is an open-source discussion platform. From versions 2026.1.0-latest t
|
| 22 |
CVE-2026-32951
Discourse is an open-source discussion platform. From versions 2026.1.0-latest t
|
| 22 |
CVE-2026-2826
The Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin for WordPr
|
| 22 |
CVE-2026-3139
The User Profile Builder - Beautiful User Registration Forms, User Profiles & Us
|
| 22 |
CVE-2026-4989
Improper input validation in the gateway health check feature in Devolutions Ser
|
| 22 |
CVE-2026-31150
Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers
|
| 22 |
CVE-2026-20446
In sec boot, there is a possible out of bounds write due to an integer overflow.
|
| 22 |
CVE-2026-34738
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo
|
| 22 |
CVE-2026-34383
Admidio is an open-source user management solution. Prior to version 5.0.8, the
|
| 22 |
CVE-2026-39592
Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-pa
|
| 22 |
CVE-2026-39565
Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-ma
|
| 22 |
CVE-2026-39485
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embe
|
| 22 |
CVE-2026-4820
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure at
|
| 22 |
CVE-2026-1924
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request
|
| 22 |
CVE-2026-39627
Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incor
|
| 22 |
CVE-2026-5875
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote
|
| 22 |
CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed
|
| 22 |
CVE-2026-33005
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeeting
|
| 22 |
CVE-2026-35181
**Severity:** Medium
**CWE:** CWE-352 (Cross-Site Request Forgery)
## Summary
|
| 22 |
CVE-2026-4141
The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request
|
| 22 |
CVE-2026-1673
The BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Plug
|
| 22 |
CVE-2026-2104
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2
|
| 22 |
CVE-2026-28736
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ow
|
| 22 |
CVE-2026-2619
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 bef
|
| 22 |
CVE-2026-35598
## Summary
The CalDAV `GetResource` and `GetResourcesByList` methods fetch task
|
| 22 |
CVE-2026-35596
## Summary
The `hasAccessToLabel` function contains a SQL operator precedence b
|
| 22 |
CVE-2026-35411
### Summary
Directus is vulnerable to an Open Redirect via the redirect query p
|
| 22 |
CVE-2026-40103
### Summary
Vikunja's scoped API token enforcement for custom project backgroun
|
| 22 |
CVE-2026-33118
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
| 22 |
CVE-2025-9484
GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 bef
|
| 22 |
CVE-2026-0814
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorize
|
| 22 |
CVE-2026-1752
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 bef
|
| 22 |
CVE-2026-39985
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
|
| 22 |
CVE-2026-35180
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the si
|
| 22 |
CVE-2026-33460
Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information
|
| 21 |
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect
|
| 21 |
CVE-2026-32602
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpo
|
| 21 |
CVE-2026-35414
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon
|
| 21 |
CVE-2026-35041
fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0,
|
| 21 |
CVE-2026-39413
## Summary
The LightRAG API is vulnerable to a JWT algorithm confusion attack wh
|
| 21 |
CVE-2026-1163
An insufficient session expiration vulnerability exists in the latest version of
|
| 21 |
CVE-2025-36373
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway
|
| 20 |
CVE-2026-21009
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Relea
|
| 20 |
CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data
|
| 20 |
CVE-2026-35177
Vim is an open source, command line text editor. Prior to 9.2.0280, a path trave
|
| 20 |
CVE-2026-34858
UAF vulnerability in the communication module.
Impact: Successful exploitation o
|
| 20 |
CVE-2026-34860
Access control vulnerability in the memo module.
Impact: Successful exploitation
|
| 20 |
CVE-2026-34944
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
|
| 20 |
CVE-2026-35601
## Summary
The CalDAV output generator builds iCalendar VTODO entries via raw s
|
| 20 |
CVE-2026-31804
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. P
|
| 20 |
CVE-2026-39316
OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik
|
| 20 |
CVE-2026-21767
HCL BigFix Platform is affected by insufficient authentication. The application
|
| 20 |
CVE-2026-39314
OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik
|
| 20 |
CVE-2026-34553
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 20 |
CVE-2026-2625
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability
|
| 20 |
CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of serv
|
| 20 |
CVE-2026-40394
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "w
|
| 20 |
CVE-2026-40396
Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (da
|
| 20 |
CVE-2026-40385
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote
|
| 20 |
CVE-2026-0232
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent
|
| 20 |
CVE-2026-40386
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Ol
|
| 0 |
CVE-2026-39398
## Affected
openclaw-claude-bridge v1.1.0
## Issue
v1.1.0 spawns the Claude C
|
| 0 |
CVE-2026-40260
### Impact
An attacker who uses this vulnerability can craft a PDF which leads
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |
Prev
14 / 14