Security Dashboard

7d 14d 30d 90d
Total CVEs
2734
last 14 days
Avg Priority
33.0
of max 220
KEV
3
actively exploited
POC
356
public exploits
Unpatched
709
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
HIGH
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
HIGH

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
46 CVE-2025-15620
HiOS Switch Platform contains a denial-of-service vulnerability in the web inter
46 CVE-2026-28205
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Def
46 CVE-2026-35556
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that
46 CVE-2026-35573
ChurchCRM is an open-source church management system. Prior to 6.5.3, a path tra
46 CVE-2026-0545
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not
46 CVE-2026-21861
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS co
46 CVE-2026-30877
baserCMS is a website development framework. Prior to version 5.2.3, there is an
46 CVE-2026-34177
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLo
46 CVE-2026-39339
ChurchCRM is an open-source church management system. Prior to 7.1.0, a critica
46 CVE-2026-34745
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3
46 CVE-2026-34179
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in
46 CVE-2026-33615
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
46 CVE-2026-34456
Reviactyl is an open-source game server management panel built using Laravel, Re
46 CVE-2026-35561
Insufficient authentication security controls in the browser-based authenticatio
46 CVE-2026-32211
Missing authentication for critical function in Azure MCP Server allows an unaut
46 CVE-2025-71058
Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses withou
46 CVE-2026-39847
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0
46 CVE-2026-34564
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34558
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34566
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34567
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34563
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34565
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34557
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34568
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictio
46 CVE-2026-34532
Parse Server is an open source backend that can be deployed to any infrastructur
46 CVE-2026-26026
GLPI is a free asset and IT management software package. From 11.0.0 to before 1
46 CVE-2026-34751
### Impact A vulnerability in the password recovery flow could allow an unauthe
46 CVE-2026-34952
### Summary The PraisonAI Gateway server accepts WebSocket connections at `/ws`
46 CVE-2026-29145
CLIENT_CERT authentication does not fail as expected for some scenarios when sof
46 CVE-2026-5627
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up
46 CVE-2026-34953
### Summary `OAuthManager.validate_token()` returns `True` for any token not fo
46 CVE-2026-35560
Improper certificate validation in the identity provider connection components i
46 CVE-2026-34758
OneUptime is an open-source monitoring and observability platform. Prior to vers
46 CVE-2026-34560
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2025-15618
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses a
46 CVE-2026-35039
## Impact Setting up a custom cacheKeyBuilder method which does not properly cr
46 CVE-2026-34872
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Cry
46 CVE-2026-28386
Issue summary: Applications using AES-CFB128 encryption or decryption on systems
46 CVE-2026-31017
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format fu
46 CVE-2025-69515
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attack
46 CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation ca
46 CVE-2025-58349
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, a
46 CVE-2025-15484
The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides
46 CVE-2026-34559
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
46 CVE-2026-35580
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Act
46 CVE-2025-57735
When user logged out, the JWT token the user had authtenticated with was not inv
46 CVE-2026-40258
## Summary A path traversal vulnerability (Zip Slip) exists in the media archiv
46 CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path tra
46 CVE-2026-33771
A Weak Password Requirements vulnerability in the password management function o
46 CVE-2026-32892
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
46 CVE-2026-34950
### Summary The fix for GHSA-c2ff-88x2-x9pg (CVE-2023-48223) is incomplete. The
46 CVE-2026-35050
text-generation-webui is an open-source web interface for running Large Language
46 CVE-2026-39980
OpenCTI is an open source platform for managing cyber threat intelligence knowle
45 CVE-2026-35216
Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauth
45 CVE-2026-39846
SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious no
45 CVE-2026-34448
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an att
45 CVE-2026-28798
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 syst
45 CVE-2026-30282
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirro
45 CVE-2026-39305
The Action Orchestrator feature contains a Path Traversal vulnerability that all
45 CVE-2026-34971
Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and
45 CVE-2026-34987
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and
45 CVE-2026-39860
Nix is a package manager for Linux and other Unix systems. A bug in the fix for

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 3 / 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy