Total CVEs
2734
last 14 days
Avg Priority
33.0
of max 220
KEV
3
actively exploited
POC
356
public exploits
Unpatched
709
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-5537
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affec
|
| 47 |
CVE-2026-5597
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown pa
|
| 47 |
CVE-2026-5318
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function
|
| 47 |
CVE-2026-6119
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected
|
| 47 |
CVE-2026-5825
A vulnerability was detected in code-projects Simple Laundry System 1.0. This vu
|
| 47 |
CVE-2026-5546
A flaw has been found in Campcodes Complete Online Learning Management System 1.
|
| 47 |
CVE-2026-5826
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issu
|
| 47 |
CVE-2026-5126
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this is
|
| 47 |
CVE-2026-5319
A security vulnerability has been detected in itsourcecode Payroll Management Sy
|
| 47 |
CVE-2026-5630
A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted el
|
| 47 |
CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted
|
| 47 |
CVE-2026-5553
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affe
|
| 47 |
CVE-2026-5552
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
|
| 47 |
CVE-2026-5636
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5583
A security vulnerability has been detected in PHPGurukul Online Shopping Portal
|
| 47 |
CVE-2026-5529
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerabili
|
| 47 |
CVE-2026-5578
A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability
|
| 47 |
CVE-2026-5580
A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an
|
| 47 |
CVE-2026-5321
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is s
|
| 47 |
CVE-2026-6109
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impa
|
| 46 |
CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This
|
| 46 |
CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a93
|
| 46 |
CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.
|
| 46 |
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Managemen
|
| 46 |
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0
|
| 46 |
CVE-2026-5803
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27
|
| 46 |
CVE-2026-5659
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is
|
| 46 |
CVE-2026-5339
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the
|
| 46 |
CVE-2026-5331
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part
|
| 46 |
CVE-2026-5848
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected elem
|
| 46 |
CVE-2026-5203
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the func
|
| 46 |
CVE-2026-5417
A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affect
|
| 46 |
CVE-2026-5370
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the
|
| 46 |
CVE-2026-5325
A vulnerability was determined in SourceCodester Simple Customer Relationship Ma
|
| 46 |
CVE-2026-5253
A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulne
|
| 46 |
CVE-2026-5332
A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects
|
| 46 |
CVE-2026-5249
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function
|
| 46 |
CVE-2026-5839
A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue
|
| 46 |
CVE-2026-5838
A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulne
|
| 46 |
CVE-2026-5840
A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impac
|
| 46 |
CVE-2026-5576
A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affec
|
| 46 |
CVE-2026-5568
A vulnerability has been found in Akaunting up to 3.1.21. This issue affects som
|
| 46 |
CVE-2026-5252
A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unkn
|
| 46 |
CVE-2026-5254
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. A
|
| 46 |
CVE-2026-5679
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B2022
|
| 46 |
CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability
|
| 46 |
CVE-2026-5683
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerabi
|
| 46 |
CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0.
|
| 46 |
CVE-2026-5810
A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected
|
| 44 |
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by t
|
| 44 |
CVE-2026-5619
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This
|
| 44 |
CVE-2026-5125
A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by t
|
| 44 |
CVE-2026-5833
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up
|
| 44 |
CVE-2026-5602
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the
|
| 44 |
CVE-2026-5603
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The aff
|
| 44 |
CVE-2026-6003
A security vulnerability has been detected in code-projects Simple IT Discussion
|
| 44 |
CVE-2026-5643
A vulnerability was identified in Cyber-III Student-Management-System up to 1a93
|
| 44 |
CVE-2026-5106
A flaw has been found in code-projects Exam Form Submission 1.0. The impacted el
|
| 44 |
CVE-2026-5836
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected
|
| 44 |
CVE-2026-5644
A security flaw has been discovered in Cyber-III Student-Management-System up to
|
| 44 |
CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is
|
| 44 |
CVE-2026-5209
A security vulnerability has been detected in SourceCodester Leave Application S
|
| 44 |
CVE-2026-5835
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this v
|
| 44 |
CVE-2026-5235
A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts
|
| 44 |
CVE-2026-5323
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability
|
| 44 |
CVE-2026-5668
A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f7
|
| 35 |
CVE-2026-33951
Signal K Server is a server application that runs on a central hub in a boat. Pr
|
| 35 |
CVE-2026-39365
### Summary
Any files ending with `.map` even out side the project can be retur
|
| 35 |
CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacte
|
| 35 |
CVE-2026-34973
### Summary
The `searchCustomPages()` method in `phpmyfaq/src/phpMyFAQ/Search.p
|
| 35 |
CVE-2026-34999
OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulne
|
| 35 |
CVE-2026-34217
## Description
A scope modification vulnerability exists in `@nyariv/sandboxjs`
|
| 35 |
CVE-2026-34505
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook au
|
| 35 |
CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
|
| 35 |
CVE-2026-35632
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.
|
| 35 |
CVE-2026-5244
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the
|
| 35 |
CVE-2026-33029
### Summary
An input validation vulnerability in the logrotate configuration all
|
| 35 |
CVE-2026-34530
### Summary
The SPA index page in File Browser is vulnerable to Stored Cross-sit
|
| 35 |
CVE-2026-33027
## Summary
The nginx-ui configuration improperly handles URL-encoded traversal s
|
| 35 |
CVE-2026-5526
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/
|
| 35 |
CVE-2026-22680
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability
|
| 35 |
CVE-2026-0932
Blind server-side request forgery (SSRF) vulnerability in legacy connection meth
|
| 35 |
CVE-2026-39933
Improper neutralization of input during web page generation ('cross-site scripti
|
| 35 |
CVE-2026-39935
Improper neutralization of input during web page generation ('cross-site scripti
|
| 35 |
CVE-2026-39936
Improper neutralization of input during web page generation ('cross-site scripti
|
| 35 |
CVE-2026-28767
A specific administrative endpoint notifications is accessible without proper au
|
| 35 |
CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected
|
| 35 |
CVE-2026-39838
Improper neutralization of input during web page generation ('cross-site scripti
|
| 35 |
CVE-2026-34606
Frappe Learning Management System (LMS) is a learning system that helps users st
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |