Total CVEs
5767
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
804
public exploits
Unpatched
1585
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-6005
A flaw has been found in code-projects Patient Record Management System 1.0. The
|
| 47 |
CVE-2026-25197
A specific endpoint allows authenticated users to pivot to other user profiles b
|
| 47 |
CVE-2026-6033
A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an
|
| 47 |
CVE-2026-4569
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0.
|
| 47 |
CVE-2026-5206
A security vulnerability has been detected in code-projects Simple Gym Managemen
|
| 47 |
CVE-2026-4966
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacte
|
| 47 |
CVE-2026-6007
A vulnerability was found in itsourcecode Construction Management System 1.0. Th
|
| 47 |
CVE-2026-4568
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This
|
| 47 |
CVE-2026-32913
OpenClaw before 2026.3.7 contains an improper header validation vulnerability in
|
| 47 |
CVE-2026-4825
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This
|
| 47 |
CVE-2026-6030
A flaw has been found in itsourcecode Construction Management System 1.0. The im
|
| 47 |
CVE-2026-4572
A weakness has been identified in SourceCodester Sales and Inventory System 1.0.
|
| 47 |
CVE-2026-5197
A vulnerability was found in code-projects Student Membership System 1.0. The af
|
| 47 |
CVE-2026-4781
A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affe
|
| 47 |
CVE-2026-5641
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The
|
| 47 |
CVE-2026-5719
A flaw has been found in itsourcecode Construction Management System 1.0. This a
|
| 47 |
CVE-2026-5543
A vulnerability was identified in PHPGurukul User Registration & Login and User
|
| 47 |
CVE-2026-4970
A security flaw has been discovered in code-projects Social Networking Site 1.0.
|
| 47 |
CVE-2026-5558
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up
|
| 47 |
CVE-2026-6010
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Aff
|
| 47 |
CVE-2026-4780
A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. I
|
| 47 |
CVE-2026-4533
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. A
|
| 47 |
CVE-2026-4779
A security vulnerability has been detected in SourceCodester Sales and Inventory
|
| 47 |
CVE-2026-4778
A weakness has been identified in SourceCodester Sales and Inventory System 1.0.
|
| 47 |
CVE-2026-4876
A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0
|
| 47 |
CVE-2026-4836
A vulnerability was detected in code-projects Accounting System 1.0. The affecte
|
| 47 |
CVE-2026-5196
A vulnerability has been found in code-projects Student Membership System 1.0. I
|
| 47 |
CVE-2026-4783
A vulnerability has been found in itsourcecode College Management System 1.0. Th
|
| 47 |
CVE-2026-4777
A security flaw has been discovered in SourceCodester Sales and Inventory System
|
| 47 |
CVE-2026-4826
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0.
|
| 47 |
CVE-2026-4571
A security flaw has been discovered in SourceCodester Sales and Inventory System
|
| 47 |
CVE-2026-5560
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The
|
| 47 |
CVE-2026-5596
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this is
|
| 47 |
CVE-2026-5587
A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769
|
| 47 |
CVE-2026-4954
A security vulnerability has been detected in mingSoft MCMS 迄 5.5.0. Impacted is
|
| 47 |
CVE-2026-5563
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affec
|
| 47 |
CVE-2026-5537
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affec
|
| 47 |
CVE-2026-34580
Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::
|
| 47 |
CVE-2026-1969
The trx_addons WordPress plugin before 2.38.5 does not correctly validate file t
|
| 47 |
CVE-2026-1890
The LeadConnector WordPress plugin before 3.0.22 does not have authorization in
|
| 47 |
CVE-2026-5597
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown pa
|
| 47 |
CVE-2026-25377
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-24993
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-31920
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-4530
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts a
|
| 47 |
CVE-2026-22484
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-25340
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-25371
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-32499
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-28827
A parsing issue in the handling of directory paths was addressed with improved p
|
| 47 |
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download
|
| 47 |
CVE-2026-20688
A path handling issue was addressed with improved validation. This issue is fixe
|
| 47 |
CVE-2026-5318
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function
|
| 47 |
CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unk
|
| 47 |
CVE-2015-20117
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vul
|
| 47 |
CVE-2026-4971
A weakness has been identified in SourceCodester Note Taking App up to 1.0. This
|
| 47 |
CVE-2026-4968
A vulnerability was determined in SourceCodester Diary App 1.0. The affected ele
|
| 47 |
CVE-2026-32917
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in t
|
| 47 |
CVE-2026-4744
Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oniguruma/sr
|
| 47 |
CVE-2016-20035
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability
|
| 47 |
CVE-2026-4963
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affec
|
| 47 |
CVE-2015-20113
Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and p
|
| 47 |
CVE-2026-32046
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration v
|
| 47 |
CVE-2026-4216
A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. Th
|
| 47 |
CVE-2026-6119
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected
|
| 47 |
CVE-2026-5826
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issu
|
| 47 |
CVE-2026-5825
A vulnerability was detected in code-projects Simple Laundry System 1.0. This vu
|
| 47 |
CVE-2026-5546
A flaw has been found in Campcodes Complete Online Learning Management System 1.
|
| 47 |
CVE-2026-5126
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this is
|
| 47 |
CVE-2026-32915
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allow
|
| 47 |
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulner
|
| 47 |
CVE-2026-5319
A security vulnerability has been detected in itsourcecode Payroll Management Sy
|
| 47 |
CVE-2026-5630
A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted el
|
| 47 |
CVE-2026-5552
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted
|
| 47 |
CVE-2026-5553
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affe
|
| 47 |
CVE-2026-5580
A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an
|
| 47 |
CVE-2026-5529
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerabili
|
| 47 |
CVE-2026-5578
A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability
|
| 47 |
CVE-2026-5583
A security vulnerability has been detected in PHPGurukul Online Shopping Portal
|
| 47 |
CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
|
| 47 |
CVE-2026-5636
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-1346
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
|
| 47 |
CVE-2026-6109
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impa
|
| 47 |
CVE-2026-5321
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is s
|
| 46 |
CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a93
|
| 46 |
CVE-2026-40154
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remo
|
| 46 |
CVE-2026-31845
A pre-authenticated reflected cross-site scripting (XSS) vulnerability exists in
|
| 46 |
CVE-2026-35178
Workbench is a suite of tools for administrators and developers to interact with
|
| 46 |
CVE-2025-62718
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |