Total CVEs
2735
last 14 days
Avg Priority
33.0
of max 220
KEV
3
actively exploited
POC
356
public exploits
Unpatched
709
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 124 |
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
|
| 69 |
CVE-2026-2699
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthentica
|
| 69 |
CVE-2026-34935
### Summary
The `--mcp` CLI argument is passed directly to `shlex.split()` and
|
| 67 |
CVE-2026-23696
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vul
|
| 67 |
CVE-2026-33579
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /
|
| 67 |
CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injec
|
| 67 |
CVE-2026-30562
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 66 |
CVE-2026-22679
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthentica
|
| 66 |
CVE-2026-35022
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
|
| 66 |
CVE-2026-2701
Authenticated user can upload a malicious file to the server and execute it, whi
|
| 66 |
CVE-2026-39912
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication token
|
| 49 |
CVE-2026-20093
A vulnerability in the change password functionality of Cisco Integrated Managem
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |