Total CVEs
2816
last 14 days
Avg Priority
34.6
of max 220
KEV
4
actively exploited
POC
310
public exploits
Unpatched
537
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
Priority Distribution
| Priority | CVE |
|---|---|
| 32 |
CVE-2026-34370
Chamilo LMS is an open-source learning management system. In versions prior to 2
|
| 32 |
CVE-2026-6080
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up
|
| 32 |
CVE-2026-32151
Exposure of sensitive information to an unauthorized actor in Windows Shell allo
|
| 32 |
CVE-2025-15636
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
|
| 32 |
CVE-2026-3488
The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in
|
| 32 |
CVE-2026-4666
The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification
|
| 32 |
CVE-2026-35034
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 c
|
| 32 |
CVE-2026-3618
The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-5742
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in
|
| 32 |
CVE-2026-4429
The OSM - OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-3659
The WP Circliful plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2026-2305
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-3142
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vu
|
| 32 |
CVE-2026-4336
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-4303
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-4025
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-5590
A race condition during TCP connection teardown can cause tcp_recv() to operate
|
| 32 |
CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2026-4059
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-5357
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-3513
The TableOn - WordPress Posts Table Filterable plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-4333
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stor
|
| 32 |
CVE-2026-4341
The Prime Slider - Addons for Elementor plugin for WordPress is vulnerable to St
|
| 32 |
CVE-2026-4785
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for W
|
| 32 |
CVE-2026-3600
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-4073
The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in
|
| 32 |
CVE-2026-4895
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulne
|
| 32 |
CVE-2026-4655
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stor
|
| 32 |
CVE-2026-5506
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t
|
| 32 |
CVE-2026-3998
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-4005
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-4011
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-5711
The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to S
|
| 32 |
CVE-2026-3498
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scri
|
| 32 |
CVE-2026-2481
The Beaver Builder Page Builder - Drag and Drop Website Builder plugin for WordP
|
| 32 |
CVE-2026-0626
The WPFunnels - Easy Funnel Builder To Optimize Buyer Journeys And Get More Lead
|
| 32 |
CVE-2026-3005
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-2949
The Xpro Addons - 140+ Widgets for Elementor plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-2924
The Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for Wor
|
| 32 |
CVE-2026-2437
The WP Travel Engine - Tour Booking Plugin - Tour Operator Software plugin for W
|
| 32 |
CVE-2026-1607
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-5508
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
|
| 32 |
CVE-2026-4871
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-3311
The The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widget
|
| 32 |
CVE-2026-3239
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-5717
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries (in
|
| 32 |
CVE-2026-1572
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthor
|
| 32 |
CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hard
|
| 32 |
CVE-2026-39630
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images ge
|
| 32 |
CVE-2026-33727
Pi-hole is a Linux network-level advertisement and Internet tracker blocking app
|
| 32 |
CVE-2026-0738
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-0552
The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-0664
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-0737
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-5070
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via
|
| 32 |
CVE-2026-3878
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2025-15064
The Ultimate Member - User Profile, Registration, Login, Member Directory, Conte
|
| 32 |
CVE-2026-3299
The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scri
|
| 32 |
CVE-2026-3875
The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-3885
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-2600
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-2988
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 32 |
CVE-2025-13364
The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory &
|
| 32 |
CVE-2025-13368
The Xpro Addons - 140+ Widgets for Elementor plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-32282
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod
|
| 32 |
CVE-2025-14732
The Elementor Website Builder - More Than Just a Page Builder plugin for WordPre
|
| 32 |
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can oc
|
| 32 |
CVE-2026-2509
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-S
|
| 32 |
CVE-2025-57853
A container privilege escalation flaw was found in certain Web Terminal images.
|
| 32 |
CVE-2026-5451
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-2840
The Email Encoder - Protect Email Addresses and Phone Numbers plugin for WordPre
|
| 32 |
CVE-2026-5162
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2025-58713
A container privilege escalation flaw was found in certain Red Hat Process Autom
|
| 32 |
CVE-2025-57854
A container privilege escalation flaw was found in certain OpenShift Update Serv
|
| 32 |
CVE-2025-57851
A container privilege escalation flaw was found in certain Multicluster Engine f
|
| 32 |
CVE-2025-57175
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a
|
| 32 |
CVE-2025-57847
A container privilege escalation flaw was found in certain Ansible Automation Pl
|
| 32 |
CVE-2026-39420
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below
|
| 32 |
CVE-2026-40021
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configurat
|
| 32 |
CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cx
|
| 32 |
CVE-2026-34481
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/j
|
| 32 |
CVE-2026-34477
The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68
|
| 32 |
CVE-2026-35656
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the
|
| 32 |
CVE-2026-5724
The frontend gRPC server's streaming interceptor chain did not include the autho
|
| 32 |
CVE-2026-39421
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below co
|
| 32 |
CVE-2026-25118
immich is a high performance self-hosted photo and video management solution. Pr
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2302d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2115d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1729d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2232d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1002d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3757d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 904d |