Total CVEs
2374
last 14 days
Avg Priority
26.2
of max 220
KEV
7
actively exploited
POC
137
public exploits
Unpatched
389
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
116
CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,
108
CVE-2026-9082
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
92
CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
89
CVE-2026-34926
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authentica
Priority Distribution
| Priority | CVE |
|---|---|
| 108 |
CVE-2026-9082
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 92 |
CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
|
| 54 |
CVE-2026-33741
EspoCRM is an open source customer relationship management application. Versions
|
| 52 |
CVE-2026-41141
EspoCRM is an open source customer relationship management application. Prior to
|
| 51 |
CVE-2026-5776
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses
|
| 49 |
CVE-2026-7385
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to co
|
| 49 |
CVE-2026-9367
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f1948
|
| 48 |
CVE-2026-9351
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16
|
| 48 |
CVE-2026-9368
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi
|
| 48 |
CVE-2026-8759
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an un
|
| 48 |
CVE-2026-8757
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function
|
| 48 |
CVE-2026-46383
Microsoft APM is an open-source, community-driven dependency manager for AI agen
|
| 48 |
CVE-2026-8737
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affec
|
| 48 |
CVE-2026-9366
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted e
|
| 48 |
CVE-2026-9354
A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The a
|
| 48 |
CVE-2026-9353
A security vulnerability has been detected in NousResearch hermes-agent up to 20
|
| 48 |
CVE-2026-9372
A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affec
|
| 48 |
CVE-2026-8738
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impa
|
| 48 |
CVE-2026-8758
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This
|
| 48 |
CVE-2026-8725
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected ele
|
| 48 |
CVE-2026-9350
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi
|
| 48 |
CVE-2026-8751
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the
|
| 48 |
CVE-2026-8785
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Af
|
| 48 |
CVE-2026-9349
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this i
|
| 48 |
CVE-2026-9356
A vulnerability has been found in SourceCodester Hospitals Patient Records Manag
|
| 48 |
CVE-2026-9352
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. Thi
|
| 48 |
CVE-2026-8750
A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue
|
| 48 |
CVE-2026-9355
A flaw has been found in SourceCodester Hospitals Patient Records Management Sys
|
| 48 |
CVE-2026-8739
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected eleme
|
| 48 |
CVE-2026-8734
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this is
|
| 48 |
CVE-2026-9364
A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is
|
| 48 |
CVE-2026-8752
A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability aff
|
| 48 |
CVE-2026-9580
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is
|
| 48 |
CVE-2026-9584
A security vulnerability has been detected in code-projects Project Management S
|
| 48 |
CVE-2026-9603
A security vulnerability has been detected in SourceCodester eDoc Doctor Appoint
|
| 48 |
CVE-2026-9606
A vulnerability has been found in itsourcecode Courier Management System 1.0. Im
|
| 47 |
CVE-2026-1631
The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plu
|
| 42 |
CVE-2025-70116
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 fi
|
| 42 |
CVE-2026-9807
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9
|
| 42 |
CVE-2026-41160
EspoCRM is an open source customer relationship management application. Prior to
|
| 26 |
CVE-2026-41178
### Summary
https://github.com/open-telemetry/opentelemetry-go/pull/7880 remove
|
| 26 |
CVE-2026-45773
Turborepo is a high-performance build system for JavaScript and TypeScript codeb
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3798d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |