Security Dashboard

7d 14d 30d 90d
Total CVEs
2766
last 14 days
Avg Priority
35.6
of max 220
KEV
3
actively exploited
POC
318
public exploits
Unpatched
553
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
HIGH
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
HIGH
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
MEDIUM

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
11 CVE-2026-5772
A 1-byte stack buffer over-read was identified in the MatchDomainName function (
11 CVE-2026-35200
### Impact A file can be uploaded with a filename extension that passes the fil
11 CVE-2026-34248
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
11 CVE-2026-39349
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to
10 CVE-2026-27949
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerabil
10 CVE-2026-27675
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function
10 CVE-2026-0233
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital
10 CVE-2026-34850
Race condition vulnerability in the notification service. Impact: Successful exp
9 CVE-2026-32270
Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through
9 CVE-2026-27820
zlib is a Ruby interface for the zlib compression/decompression library. Version
9 CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6
7 CVE-2025-12141
In Grafana's alerting system, users with edit permissions for a contact point, s
5 CVE-2026-34983
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is
5 CVE-2026-40319
## Summary The RegexMatching check in the `giskard-checks` package passes a user
0 CVE-2025-66447
Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone c
0 CVE-2026-39654
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget
0 CVE-2026-39486
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
0 CVE-2026-39686
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-40730
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer theme
0 CVE-2026-31409
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unse
0 CVE-2026-31405
In the Linux kernel, the following vulnerability has been resolved: media: dvb-
0 CVE-2026-31408
In the Linux kernel, the following vulnerability has been resolved: Bluetooth:
0 CVE-2026-31406
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix w
0 CVE-2026-31407
In the Linux kernel, the following vulnerability has been resolved: netfilter:
0 CVE-2026-31410
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use
0 CVE-2026-31413
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix un
0 CVE-2026-31426
In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: c
0 CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based s
0 CVE-2026-4112
Improper neutralization of special elements used in an SQL command (“SQL Injecti
0 CVE-2026-31416
In the Linux kernel, the following vulnerability has been resolved: netfilter:
0 CVE-2026-5426
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver de
0 CVE-2026-31411
In the Linux kernel, the following vulnerability has been resolved: net: atm: f
0 CVE-2026-31425
In the Linux kernel, the following vulnerability has been resolved: rds: ib: re
0 CVE-2026-37342
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL
0 CVE-2026-37341
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL
0 CVE-2026-31428
In the Linux kernel, the following vulnerability has been resolved: netfilter:
0 CVE-2026-40876
### Summary goshs contains an SFTP root escape caused by prefix-based path valid
0 CVE-2026-31424
In the Linux kernel, the following vulnerability has been resolved: netfilter:
0 CVE-2026-31423
In the Linux kernel, the following vulnerability has been resolved: net/sched:
0 CVE-2026-4114
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances all
0 CVE-2026-31422
In the Linux kernel, the following vulnerability has been resolved: net/sched:
0 CVE-2026-31421
In the Linux kernel, the following vulnerability has been resolved: net/sched:
0 CVE-2026-31415
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid
0 CVE-2026-39398
## Affected openclaw-claude-bridge v1.1.0 ## Issue v1.1.0 spawns the Claude C
0 CVE-2026-37340
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Inj
0 CVE-2026-37339
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Inj
0 CVE-2026-37100
An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B3
0 CVE-2026-31987
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act
0 CVE-2026-40883
### Summary goshs contains a cross-site request forgery issue in its state-chang
0 CVE-2026-40880
# CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead
0 CVE-2026-21709
A vulnerability allowing a local attacker with administrator privileges to bypas
0 CVE-2026-40881
# CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion ## Summary W
0 CVE-2026-40885
### Summary goshs leaks file-based ACL credentials through its public collaborat
0 CVE-2026-37344
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL
0 CVE-2026-31317
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) wh
0 CVE-2026-37343
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL
0 CVE-2025-65134
In manikandan580 School-management-system 1.0, a reflected cross-site scripting
0 CVE-2026-31420
In the Linux kernel, the following vulnerability has been resolved: bridge: mrp
0 CVE-2026-31419
In the Linux kernel, the following vulnerability has been resolved: net: bondin
0 CVE-2026-31280
An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.
0 CVE-2026-31427
In the Linux kernel, the following vulnerability has been resolved: netfilter:
0 CVE-2026-31789
Issue summary: Converting an excessively large OCTET STRING value to a hexadecim
0 CVE-2026-31417
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fi
0 CVE-2026-31414
In the Linux kernel, the following vulnerability has been resolved: netfilter:
0 CVE-2026-31418
In the Linux kernel, the following vulnerability has been resolved: netfilter:

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 735d
CVE-2019-19781 CRITICAL 9.8 223 2303d
CVE-2020-5902 CRITICAL 9.8 223 2116d
CVE-2021-35464 CRITICAL 9.8 223 1730d
CVE-2020-10189 CRITICAL 9.8 223 2233d
CVE-2012-4681 CRITICAL 9.8 223 4981d
CVE-2022-42475 CRITICAL 9.8 223 1201d
CVE-2023-3519 CRITICAL 9.8 223 1003d
CVE-2015-7450 CRITICAL 9.8 222 3758d
CVE-2023-34048 CRITICAL 9.8 222 905d
Prev 31 / 31

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy