Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
6152
last 30 days
Avg Priority
31.3
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
941
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL
118
CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
CRITICAL
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
CRITICAL
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
131 CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1,
131 CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripti
126 CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defe
65 CVE-2026-7823
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Aff
65 CVE-2026-7538
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This iss
65 CVE-2026-7747
A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected
65 CVE-2026-7719
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The
65 CVE-2026-7853
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the fun
65 CVE-2026-7854
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affecte
65 CVE-2026-43639
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerabili
65 CVE-2026-5787
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7
64 CVE-2026-7834
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This i
64 CVE-2026-5786
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1
64 CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin
64 CVE-2026-43284
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp:
64 CVE-2026-44499
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a compos
64 CVE-2026-32834
Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contai
64 CVE-2026-29514
NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerabilit
64 CVE-2026-32847
DeepCode through commit c991dc2 contains a path traversal vulnerability in the S
64 CVE-2026-34965
Cockpit CMS contains an authenticated remote code execution vulnerability in the
64 CVE-2026-43634
HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that
63 CVE-2026-43640
Bitwarden Server prior to v2026.4.1 does not require master-password re-authenti
63 CVE-2026-4935
The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does
63 CVE-2026-6379
The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly san
63 CVE-2026-47114
IINA before 1.4.3 contains a user-assisted command execution vulnerability that
63 CVE-2026-7862
The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper
63 CVE-2026-42899
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an
63 CVE-2026-43983
Pocket ID is an OIDC provider that allows users to authenticate with their passk
62 CVE-2026-35433
Improper input validation in .NET allows an unauthorized attacker to elevate pri
62 CVE-2026-32177
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate pr
62 CVE-2026-41927
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based bu
62 CVE-2026-45369
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitut
61 CVE-2026-41471
Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier conta
61 CVE-2026-41949
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in t
61 CVE-2026-41470
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP
61 CVE-2026-10044
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vul
61 CVE-2026-44331
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqlta
59 CVE-2026-46300
A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. This vulnerabi
59 CVE-2026-44244
`GitConfigParser.set_value()` passes values to Python's `configparser` without v
59 CVE-2026-43500
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also
59 CVE-2026-45370
python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_envir
59 CVE-2026-44738
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-l
58 CVE-2026-34473
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H26
58 CVE-2026-37555
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path
58 CVE-2026-6321
fast-uri decoded percent-encoded path separators and dot segments before applyin
58 CVE-2026-6322
fast-uri normalize() decoded percent-encoded authority delimiters inside the hos
58 CVE-2026-7461
Improper neutralization of inputs used in an OS command in the FSx Windows File
58 CVE-2026-6381
The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a paramete
58 CVE-2026-34474
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A
58 CVE-2026-42154
Prometheus is an open-source monitoring system and time series database. Prior t
58 CVE-2026-42151
Prometheus is an open-source monitoring system and time series database. Prior t
58 CVE-2025-15609
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API
57 CVE-2026-7749
A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. T
57 CVE-2026-7717
A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issu
57 CVE-2026-8137
A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vu
57 CVE-2026-7748
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by t
57 CVE-2026-7750
A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerabil
57 CVE-2026-8138
A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the fun
57 CVE-2026-7470
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected
57 CVE-2026-7821
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.
57 CVE-2026-8260
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element
57 CVE-2026-9345
A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the f
57 CVE-2026-9346
A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function
57 CVE-2026-7503
A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impac
57 CVE-2026-7675
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to
57 CVE-2026-8775
A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2
57 CVE-2026-9348
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vuln
57 CVE-2026-7419
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
57 CVE-2026-7685
A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unkn
57 CVE-2026-7684
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This
57 CVE-2026-8776
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affe
57 CVE-2026-8234
A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vu
57 CVE-2026-9360
A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this
57 CVE-2026-9344
A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The
57 CVE-2026-7418
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
57 CVE-2026-7420
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-18053
57 CVE-2026-7855
A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issu
57 CVE-2026-9295
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f
57 CVE-2026-9294
A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is
57 CVE-2026-7856
A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part
57 CVE-2026-7851
A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the fu
57 CVE-2026-7857
A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability
57 CVE-2026-8764
A security vulnerability has been detected in H3C Magic B3 up to 100R002. This a
56 CVE-2025-70103
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th
56 CVE-2026-7833
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerabilit
56 CVE-2026-31266
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in th
56 CVE-2026-38751
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulner
56 CVE-2026-6495
The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a
56 CVE-2026-46333
In the Linux kernel, the following vulnerability has been resolved: ptrace: sli
55 CVE-2026-5788
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, an

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3799d
CVE-2023-34048 CRITICAL 9.8 222 946d
1 / 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy