Total CVEs
5773
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
805
public exploits
Unpatched
1587
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 32 |
CVE-2026-3142
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vu
|
| 32 |
CVE-2026-4336
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-4120
The Info Cards - Add Text and Media in Card Layouts plugin for WordPress is vuln
|
| 32 |
CVE-2026-4303
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-4084
The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-S
|
| 32 |
CVE-2026-5590
A race condition during TCP connection teardown can cause tcp_recv() to operate
|
| 32 |
CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2026-33335
Vikunja is an open-source self-hosted task management platform. Starting in vers
|
| 32 |
CVE-2026-32880
ChurchCRM is an open-source church management system. Versions prior to 7.0.2 al
|
| 32 |
CVE-2026-4895
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulne
|
| 32 |
CVE-2026-3513
The TableOn - WordPress Posts Table Filterable plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-4333
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stor
|
| 32 |
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in
|
| 32 |
CVE-2026-4341
The Prime Slider - Addons for Elementor plugin for WordPress is vulnerable to St
|
| 32 |
CVE-2026-4073
The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-4785
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for W
|
| 32 |
CVE-2026-4006
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-5357
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-3617
The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-3600
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-4077
The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-32774
Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment
|
| 32 |
CVE-2026-4655
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stor
|
| 32 |
CVE-2026-33679
Vikunja is an open-source self-hosted task management platform. Prior to version
|
| 32 |
CVE-2026-33675
Vikunja is an open-source self-hosted task management platform. Prior to version
|
| 32 |
CVE-2026-4086
The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-4389
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vul
|
| 32 |
CVE-2026-2512
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-2430
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
|
| 32 |
CVE-2026-1834
The Ibtana - WordPress Website Builder plugin for WordPress is vulnerable to Sto
|
| 32 |
CVE-2026-5506
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t
|
| 32 |
CVE-2026-3427
The Yoast SEO - Advanced SEO with real-time guidance and built-in AI plugin for
|
| 32 |
CVE-2026-1397
The PQ Addons - Creative Elementor Widgets plugin for WordPress is vulnerable to
|
| 32 |
CVE-2026-3554
The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-4072
The WordPress PayPal Donation plugin for WordPress is vulnerable to Stored Cross
|
| 32 |
CVE-2026-3619
The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2026-1886
The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Sto
|
| 32 |
CVE-2026-4067
The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
|
| 32 |
CVE-2026-3350
The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to S
|
| 32 |
CVE-2026-3498
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scri
|
| 32 |
CVE-2026-2501
The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-1899
The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scri
|
| 32 |
CVE-2026-2480
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-2496
The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-1093
The WPFAQBlock- FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vul
|
| 32 |
CVE-2026-1889
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-1851
The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-1854
The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2026-2949
The Xpro Addons - 140+ Widgets for Elementor plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-2924
The Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for Wor
|
| 32 |
CVE-2026-2481
The Beaver Builder Page Builder - Drag and Drop Website Builder plugin for WordP
|
| 32 |
CVE-2026-4268
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to S
|
| 32 |
CVE-2026-3239
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-2602
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-4766
The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 32 |
CVE-2026-2437
The WP Travel Engine - Tour Booking Plugin - Tour Operator Software plugin for W
|
| 32 |
CVE-2026-3311
The The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widget
|
| 32 |
CVE-2026-4871
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-0626
The WPFunnels - Easy Funnel Builder To Optimize Buyer Journeys And Get More Lead
|
| 32 |
CVE-2025-6229
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder,
|
| 32 |
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and conta
|
| 32 |
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
|
| 32 |
CVE-2026-1911
The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 32 |
CVE-2026-0609
The Logo Slider - Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugi
|
| 32 |
CVE-2026-1575
The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-1275
The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-1908
The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-3333
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Sit
|
| 32 |
CVE-2026-1806
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerab
|
| 32 |
CVE-2026-1891
The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-5508
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
|
| 32 |
CVE-2026-1822
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 32 |
CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries (in
|
| 32 |
CVE-2026-0688
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery
|
| 32 |
CVE-2026-33246
### Background
NATS.io is a high performance open source pub-sub distributed co
|
| 32 |
CVE-2026-33223
### Background
NATS.io is a high performance open source pub-sub distributed co
|
| 32 |
CVE-2026-24964
Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGa
|
| 32 |
CVE-2026-24362
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-
|
| 32 |
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow.
|
| 32 |
CVE-2026-25601
A vulnerability was identified in MEPIS RM, an industrial
software product devel
|
| 32 |
CVE-2026-33727
Pi-hole is a Linux network-level advertisement and Internet tracker blocking app
|
| 32 |
CVE-2026-4752
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mat
|
| 32 |
CVE-2026-2600
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerabl
|
| 32 |
CVE-2025-15064
The Ultimate Member - User Profile, Registration, Login, Member Directory, Conte
|
| 32 |
CVE-2026-0552
The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-2988
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 32 |
CVE-2025-14732
The Elementor Website Builder - More Than Just a Page Builder plugin for WordPre
|
| 32 |
CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2025-13368
The Xpro Addons - 140+ Widgets for Elementor plugin for WordPress is vulnerable
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |