Total CVEs
2798
last 14 days
Avg Priority
32.9
of max 220
KEV
3
actively exploited
POC
381
public exploits
Unpatched
715
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 35 |
CVE-2026-34235
PJSIP is a free and open source multimedia communication library written in C. P
|
| 35 |
CVE-2026-33576
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels
|
| 35 |
CVE-2026-35383
Bentley Systems iTwin Platform exposed a Cesium ion access token in the source o
|
| 35 |
CVE-2026-5736
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unk
|
| 35 |
CVE-2026-5813
A weakness has been identified in PHPGurukul Online Course Registration 3.1. Thi
|
| 35 |
CVE-2026-5150
A security vulnerability has been detected in code-projects Accounting System 1.
|
| 35 |
CVE-2026-5195
A flaw has been found in code-projects Student Membership System 1.0. This issue
|
| 35 |
CVE-2026-5238
A weakness has been identified in itsourcecode Payroll Management System 1.0. Af
|
| 35 |
CVE-2026-5334
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Imp
|
| 35 |
CVE-2026-5824
A security vulnerability has been detected in code-projects Simple Laundry Syste
|
| 35 |
CVE-2026-5257
A vulnerability has been found in code-projects Simple Laundry System 1.0. This
|
| 35 |
CVE-2026-5256
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerabi
|
| 35 |
CVE-2026-5648
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerabi
|
| 35 |
CVE-2026-5237
A security flaw has been discovered in itsourcecode Payroll Management System 1.
|
| 35 |
CVE-2026-33773
An Incorrect Initialization of Resource vulnerability in the packet forwarding e
|
| 35 |
CVE-2026-27697
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS ha
|
| 35 |
CVE-2026-33088
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability
|
| 35 |
CVE-2026-32662
Development and test API endpoints are present that mirror production functional
|
| 35 |
CVE-2026-21630
Improperly built order clauses lead to a SQL injection vulnerability in the arti
|
| 35 |
CVE-2026-33774
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pac
|
| 35 |
CVE-2026-5575
A vulnerability was detected in SourceCodester/jkev Record Management System 1.0
|
| 35 |
CVE-2026-35654
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Micr
|
| 35 |
CVE-2026-35647
OpenClaw before 2026.3.25 contains an access control vulnerability where verific
|
| 35 |
CVE-2026-34941
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
|
| 35 |
CVE-2026-21013
Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allow
|
| 35 |
CVE-2026-35667
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where th
|
| 35 |
CVE-2025-71280
XenForo before 2.3.7 allows information disclosure via local account page cachin
|
| 35 |
CVE-2026-40446
Access of resource using incompatible type ('type confusion') vulnerability in S
|
| 35 |
CVE-2026-34400
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API
|
| 35 |
CVE-2025-68152
Juju is an open source application orchestration engine that enables any applica
|
| 35 |
CVE-2026-28553
Vulnerability of improper permission control in the theme setting module.
Impact
|
| 34 |
CVE-2026-34722
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
|
| 34 |
CVE-2026-5669
A vulnerability has been found in Cyber-III Student-Management-System up to 1a93
|
| 34 |
CVE-2026-5663
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the
|
| 34 |
CVE-2026-39892
If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g
|
| 34 |
CVE-2026-5691
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This af
|
| 34 |
CVE-2026-5690
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted ele
|
| 34 |
CVE-2026-5689
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
|
| 34 |
CVE-2026-5802
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an
|
| 34 |
CVE-2026-5672
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0.
|
| 34 |
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of us
|
| 34 |
CVE-2026-31067
A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect
|
| 34 |
CVE-2026-33691
The OWASP core rule set (CRS) is a set of generic attack detection rules for use
|
| 34 |
CVE-2026-34775
### Impact
The `nodeIntegrationInWorker` webPreference was not correctly scoped
|
| 34 |
CVE-2026-4818
In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which
|
| 34 |
CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a pol
|
| 34 |
CVE-2026-39961
Aiven Operator allows you to provision and manage Aiven Services from your Kuber
|
| 34 |
CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settl
|
| 34 |
CVE-2026-35586
pyLoad is a free and open-source download manager written in Python. Prior to 0.
|
| 34 |
CVE-2026-35577
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operat
|
| 34 |
CVE-2026-21012
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allo
|
| 34 |
CVE-2026-33786
An Improper Check for Unusual or Exceptional Conditions vulnerability in the cha
|
| 34 |
CVE-2026-33787
An Improper Check for Unusual or Exceptional Conditions vulnerability in the cha
|
| 34 |
CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-proc
|
| 34 |
CVE-2026-33990
## Summary
Docker Model Runner contains an SSRF vulnerability in its OCI registr
|
| 34 |
CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS an
|
| 34 |
CVE-2026-30603
An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.164
|
| 34 |
CVE-2026-4482
The installer certificate files in the …/bootstrap/common/ssl folder do not seem
|
| 34 |
CVE-2026-34864
Boundary-unlimited vulnerability in the application read module.
Impact: Success
|
| 34 |
CVE-2026-30817
An external configuration control vulnerability in the OpenVPN module of TP-Link
|
| 34 |
CVE-2026-30816
An external control of configuration vulnerability in the OpenVPN module of TP-L
|
| 34 |
CVE-2025-64340
Server names containing shell metacharacters (e.g., `&`) can cause command injec
|
| 34 |
CVE-2026-27774
Local privilege escalation due to DLL hijacking vulnerability. The following pro
|
| 34 |
CVE-2026-28728
Local privilege escalation due to DLL hijacking vulnerability. The following pro
|
| 34 |
CVE-2026-34871
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA
|
| 34 |
CVE-2026-25206
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource
|
| 34 |
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machin
|
| 34 |
CVE-2026-33271
Local privilege escalation due to insecure folder permissions. The following pro
|
| 34 |
CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-chec
|
| 34 |
CVE-2026-34863
Out-of-bounds write vulnerability in the file system.
Impact: Successful exploit
|
| 34 |
CVE-2026-39389
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
| 33 |
CVE-2026-34515
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
|
| 33 |
CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
|
| 33 |
CVE-2026-21010
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows
|
| 33 |
CVE-2026-27102
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 t
|
| 33 |
CVE-2026-4837
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic fo
|
| 33 |
CVE-2026-35197
dye is a portable and respectful color library for shell scripts. Prior to 1.1.1
|
| 33 |
CVE-2026-35479
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
|
| 33 |
CVE-2026-3689
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulner
|
| 33 |
CVE-2026-34401
XML Notepad is a Windows program that provides a simple intuitive User Interface
|
| 33 |
CVE-2026-3309
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User
|
| 33 |
CVE-2026-20096
A vulnerability in the web-based management interface of Cisco IMC could allow a
|
| 33 |
CVE-2026-20095
A vulnerability in the web-based management interface of Cisco IMC could allow a
|
| 33 |
CVE-2026-2265
An unauthenticated remote code execution (RCE) vulnerability exists in applicati
|
| 33 |
CVE-2026-20431
In Modem, there is a possible system crash due to a logic error. This could lead
|
| 33 |
CVE-2026-20097
A vulnerability in the web-based management interface of Cisco IMC could allow a
|
| 33 |
CVE-2026-34733
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV
|
| 33 |
CVE-2026-34978
OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik
|
| 33 |
CVE-2026-34750
Payload is a free and open source headless content management system. Prior to v
|
| 33 |
CVE-2026-35549
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2299d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2112d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |