Total CVEs
5757
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
799
public exploits
Unpatched
1581
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-33439
## Summary
OpenIdentityPlatform OpenAM 16.0.5 (and likely earlier versions) is
|
| 47 |
CVE-2026-40035
dfir-unfurl through 20250810 contains an improper input validation vulnerability
|
| 47 |
CVE-2026-34977
Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when up
|
| 47 |
CVE-2026-30849
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to
|
| 47 |
CVE-2025-71279
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been
|
| 47 |
CVE-2026-33992
## Summary
PyLoad's download engine accepts arbitrary URLs without validation,
|
| 47 |
CVE-2026-33873
## Description
### 1. Summary
The Agentic Assistant feature in Langflow execut
|
| 47 |
CVE-2026-1496
Vulnerable versions of Coverity Connect lack an error handler in the authenticat
|
| 47 |
CVE-2026-32754
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
|
| 47 |
CVE-2026-4187
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.
|
| 47 |
CVE-2026-5595
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affec
|
| 47 |
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affect
|
| 47 |
CVE-2026-5559
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha
|
| 47 |
CVE-2026-3106
Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within
|
| 47 |
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health a
|
| 47 |
CVE-2026-25776
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability
|
| 47 |
CVE-2026-32940
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, S
|
| 47 |
CVE-2026-39382
dbt enables data analysts and engineers to transform their data using the same p
|
| 47 |
CVE-2026-3107
Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affect
|
| 47 |
CVE-2026-4317
SQL inyection (SQLi) vulnerability in Umami Software web application through an
|
| 47 |
CVE-2026-5248
A vulnerability has been found in gougucms 4.08.18. This affects the function re
|
| 47 |
CVE-2026-5251
A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown
|
| 47 |
CVE-2026-4999
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec
|
| 47 |
CVE-2026-5594
A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the
|
| 47 |
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability a
|
| 47 |
CVE-2026-5561
A vulnerability was determined in Campcodes Complete POS Management and Inventor
|
| 47 |
CVE-2026-6125
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted i
|
| 47 |
CVE-2026-5999
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown
|
| 47 |
CVE-2026-6111
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. Thi
|
| 47 |
CVE-2026-5556
A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. Thi
|
| 47 |
CVE-2026-6117
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affect
|
| 47 |
CVE-2026-5535
A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts
|
| 47 |
CVE-2026-32987
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during dev
|
| 47 |
CVE-2026-35459
## Summary
The fix for CVE-2026-33992 (GHSA-m74m-f7cr-432x) added IP validation
|
| 47 |
CVE-2026-34361
## Summary
The FHIR Validator HTTP service exposes an unauthenticated `/loadIG`
|
| 47 |
CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected eleme
|
| 47 |
CVE-2026-32663
The WebSocket backend uses charging station identifiers to uniquely associate se
|
| 47 |
CVE-2026-27649
The WebSocket backend uses charging station identifiers to uniquely associate se
|
| 47 |
CVE-2026-5181
A vulnerability has been found in SourceCodester Simple Doctors Appointment Syst
|
| 47 |
CVE-2026-5472
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6f
|
| 47 |
CVE-2026-5259
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affect
|
| 47 |
CVE-2026-5470
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e06
|
| 47 |
CVE-2026-5607
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0
|
| 47 |
CVE-2026-4907
A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093e
|
| 47 |
CVE-2026-5328
A weakness has been identified in shsuishang modulithshop up to 829bac71f507e846
|
| 47 |
CVE-2026-33134
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below con
|
| 47 |
CVE-2026-4898
A vulnerability was identified in code-projects Online Food Ordering System 1.0.
|
| 47 |
CVE-2026-5015
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted eleme
|
| 47 |
CVE-2026-5539
A flaw has been found in code-projects Simple Laundry System 1.0. This affects a
|
| 47 |
CVE-2026-5316
A vulnerability was identified in Nothings stb up to 1.22. The impacted element
|
| 47 |
CVE-2026-5317
A security flaw has been discovered in Nothings stb up to 1.22. This affects the
|
| 47 |
CVE-2026-6034
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. I
|
| 47 |
CVE-2026-5620
A vulnerability has been found in itsourcecode Construction Management System 1.
|
| 47 |
CVE-2026-4849
A vulnerability was identified in code-projects Simple Laundry System 1.0. This
|
| 47 |
CVE-2026-6032
A vulnerability was found in code-projects Simple Laundry System 1.0. This impac
|
| 47 |
CVE-2026-6035
A vulnerability has been found in code-projects Vehicle Showroom Management Syst
|
| 47 |
CVE-2026-5541
A vulnerability was found in code-projects Simple Laundry System 1.0. This issue
|
| 47 |
CVE-2026-5157
A vulnerability was identified in code-projects Online Food Ordering System 1.0.
|
| 47 |
CVE-2026-5625
A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This i
|
| 47 |
CVE-2026-4877
A security flaw has been discovered in itsourcecode Payroll Management System up
|
| 47 |
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below hav
|
| 47 |
CVE-2026-5255
A vulnerability was detected in code-projects Simple Laundry System 1.0. This af
|
| 47 |
CVE-2026-5542
A vulnerability was determined in code-projects Simple Laundry System 1.0. Impac
|
| 47 |
CVE-2026-5314
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function s
|
| 47 |
CVE-2026-4845
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is an unknown
|
| 47 |
CVE-2026-5533
A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element
|
| 47 |
CVE-2026-4848
A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. This affects
|
| 47 |
CVE-2026-33135
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below hav
|
| 47 |
CVE-2026-32295
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force att
|
| 47 |
CVE-2026-4847
A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted eleme
|
| 47 |
CVE-2026-4846
A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected
|
| 47 |
CVE-2025-41007
SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, cre
|
| 47 |
CVE-2026-4992
A flaw has been found in wandb OpenUI up to 1.0. This affects the function creat
|
| 47 |
CVE-2026-5215
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 47 |
CVE-2026-32539
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-34220
## Summary
MikroORM versions <= 6.6.9 and <= 7.0.5 are vulnerable to SQL inject
|
| 47 |
CVE-2026-27413
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-39324
Rack::Session is a session management implementation for Rack. From 2.0.0 to bef
|
| 47 |
CVE-2025-41008
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker t
|
| 47 |
CVE-2026-35614
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0,
|
| 47 |
CVE-2013-20005
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows
|
| 47 |
CVE-2026-5031
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacte
|
| 47 |
CVE-2026-5719
A flaw has been found in itsourcecode Construction Management System 1.0. This a
|
| 47 |
CVE-2026-4779
A security vulnerability has been detected in SourceCodester Sales and Inventory
|
| 47 |
CVE-2026-5196
A vulnerability has been found in code-projects Student Membership System 1.0. I
|
| 47 |
CVE-2026-4569
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0.
|
| 47 |
CVE-2026-5641
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The
|
| 47 |
CVE-2026-4570
A vulnerability was identified in SourceCodester Sales and Inventory System 1.0.
|
| 47 |
CVE-2026-5543
A vulnerability was identified in PHPGurukul User Registration & Login and User
|
| 47 |
CVE-2026-6005
A flaw has been found in code-projects Patient Record Management System 1.0. The
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |