Security Dashboard

7d 14d 30d 90d
Total CVEs
2575
last 14 days
Avg Priority
35.3
of max 220
KEV
4
actively exploited
POC
317
public exploits
Unpatched
505
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
HIGH
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
HIGH
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
MEDIUM

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
27 CVE-2026-39685
Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer al
27 CVE-2026-39682
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-m
27 CVE-2026-39680
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator d
27 CVE-2026-39678
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System bookin
27 CVE-2026-39675
Missing Authorization vulnerability in webmuehle Court Reservation court-reserva
27 CVE-2026-39673
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allow
27 CVE-2026-39672
Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Ra
27 CVE-2026-39669
Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Expl
27 CVE-2026-39668
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce bo
27 CVE-2026-39664
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Expl
27 CVE-2026-39663
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appo
27 CVE-2026-39662
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for
27 CVE-2026-39660
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager
27 CVE-2026-39659
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-
27 CVE-2026-39658
Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field pa
27 CVE-2026-39657
Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-fo
27 CVE-2026-39656
Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-raz
27 CVE-2026-39652
Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-book
27 CVE-2026-39650
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiemen
27 CVE-2026-39649
Missing Authorization vulnerability in themebeez Royale News royale-news allows
27 CVE-2026-39648
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Ex
27 CVE-2026-39644
Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-rev
27 CVE-2026-39643
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPa
27 CVE-2026-39637
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Inco
27 CVE-2026-39624
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploit
27 CVE-2026-39622
Missing Authorization vulnerability in acmethemes Education Base education-base
27 CVE-2026-39616
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Downl
27 CVE-2026-39612
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Explo
27 CVE-2026-39610
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allo
27 CVE-2026-39609
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows
27 CVE-2026-39608
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-ga
27 CVE-2026-39606
Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows E
27 CVE-2026-39605
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-l
27 CVE-2026-39602
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking
27 CVE-2026-39588
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite
27 CVE-2026-39585
Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploi
27 CVE-2026-39563
Missing Authorization vulnerability in ILLID Share This Image share-this-image a
27 CVE-2026-39562
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoi
27 CVE-2026-39561
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Explo
27 CVE-2026-39543
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploitin
27 CVE-2026-39535
Missing Authorization vulnerability in fullworks Display Eventbrite Events widge
27 CVE-2026-39528
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recip
27 CVE-2026-39520
Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting In
27 CVE-2026-39509
Missing Authorization vulnerability in wpWax Directorist directorist allows Expl
27 CVE-2026-39505
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting
27 CVE-2026-39501
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switc
27 CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. T
27 CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl genera
27 CVE-2026-40737
Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COM
27 CVE-2026-40742
Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-
27 CVE-2026-40763
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-ele
27 CVE-2026-40778
Missing Authorization vulnerability in Majestic Support Majestic Support majesti
27 CVE-2026-39882
overview: this report shows that the otlp HTTP exporters (traces/metrics/logs) r
27 CVE-2026-40179
### Impact Stored cross-site scripting (XSS) via crafted metric names in the Pr
27 CVE-2026-5474
A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE
27 CVE-2026-6494
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can e
27 CVE-2026-40041
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows att
27 CVE-2026-5713
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabi
27 CVE-2026-3581
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authoriza
27 CVE-2026-0718
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin
27 CVE-2026-31924
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
27 CVE-2026-5427
The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in version
27 CVE-2026-5502
The Tutor LMS - eLearning and online course solution plugin for WordPress is vul
27 CVE-2026-5606
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
27 CVE-2026-5705
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affect
27 CVE-2026-5579
A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue aff
27 CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted
27 CVE-2026-21726
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequ
27 CVE-2026-5052
Vault’s PKI engine’s ACME validation did not reject local targets when issuing h
27 CVE-2026-3177
The Charitable - Donation Plugin for WordPress - Fundraising with Recurring Dona
27 CVE-2026-5572
A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03
26 CVE-2026-39851
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.
26 CVE-2026-35413
## Summary When `GRAPHQL_INTROSPECTION=false` is configured, Directus correctly
26 CVE-2026-35166
### Impact Links and image links in the default markdown to HTML renderer are no
26 CVE-2026-39406
## Summary A path handling inconsistency in `serveStatic` allows protected stat
26 CVE-2026-39407
## Summary A path handling inconsistency in `serveStatic` allows protected stat
26 CVE-2026-35179
## Summary The SocialMediaPublisher plugin exposes a `publishInstagram.json.php
26 CVE-2026-5675
A vulnerability was found in itsourcecode Construction Management System 1.0. Th
26 CVE-2026-40347
### Summary A denial of service vulnerability exists when parsing crafted `mult
26 CVE-2026-5670
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61
26 CVE-2026-39362
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
26 CVE-2025-15565
The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of
26 CVE-2026-40304
Summary The unaccess handler (controller/unaccess.go) contains a logical error i
26 CVE-2026-4160
The Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Fo
26 CVE-2025-14243
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an
26 CVE-2026-21003
Improper input validation in data related to network restrictions prior to SMR A
26 CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible
26 CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered
26 CVE-2026-32591
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an or
26 CVE-2026-3438
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Reposito

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 735d
CVE-2019-19781 CRITICAL 9.8 223 2303d
CVE-2020-5902 CRITICAL 9.8 223 2116d
CVE-2021-35464 CRITICAL 9.8 223 1729d
CVE-2020-10189 CRITICAL 9.8 223 2232d
CVE-2012-4681 CRITICAL 9.8 223 4980d
CVE-2022-42475 CRITICAL 9.8 223 1201d
CVE-2023-3519 CRITICAL 9.8 223 1002d
CVE-2015-7450 CRITICAL 9.8 222 3757d
CVE-2023-34048 CRITICAL 9.8 222 904d
Prev 24 / 29 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy