Total CVEs
2374
last 14 days
Avg Priority
26.2
of max 220
KEV
7
actively exploited
POC
137
public exploits
Unpatched
389
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
116
CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,
108
CVE-2026-9082
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
92
CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
89
CVE-2026-34926
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authentica
Priority Distribution
| Priority | CVE |
|---|---|
| 126 |
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defe
|
| 64 |
CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin
|
| 64 |
CVE-2026-43634
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that
|
| 64 |
CVE-2026-32847
DeepCode through commit c991dc2 contains a path traversal vulnerability in the S
|
| 63 |
CVE-2026-6379
The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly san
|
| 63 |
CVE-2026-7862
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper
|
| 63 |
CVE-2026-47114
IINA before 1.4.3 contains a user-assisted command execution vulnerability that
|
| 61 |
CVE-2026-41949
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in t
|
| 61 |
CVE-2026-41470
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP
|
| 58 |
CVE-2026-6381
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a paramete
|
| 58 |
CVE-2025-15609
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API
|
| 58 |
CVE-2026-10044
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vul
|
| 57 |
CVE-2026-9345
A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the f
|
| 57 |
CVE-2026-9346
A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function
|
| 57 |
CVE-2026-9348
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vuln
|
| 57 |
CVE-2026-9360
A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this
|
| 57 |
CVE-2026-9344
A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The
|
| 57 |
CVE-2026-8776
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affe
|
| 57 |
CVE-2026-8775
A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2
|
| 57 |
CVE-2026-9294
A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is
|
| 57 |
CVE-2026-9295
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f
|
| 57 |
CVE-2026-8764
A security vulnerability has been detected in H3C Magic B3 up to 100R002. This a
|
| 56 |
CVE-2025-70103
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th
|
| 56 |
CVE-2026-31266
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in th
|
| 56 |
CVE-2026-6495
The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a
|
| 56 |
CVE-2026-46333
In the Linux kernel, the following vulnerability has been resolved:
ptrace: sli
|
| 42 |
CVE-2026-46345
**Relevant Products/Components:**
* `trestle/core/commands/author/jinja.py`
* `
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3798d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |