Security Dashboard

7d 14d 30d 90d
Total CVEs
5782
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
807
public exploits
Unpatched
1589
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
HIGH
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
CRITICAL
117
CVE-2026-33017
## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
CRITICAL
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
CRITICAL
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
HIGH

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
32 CVE-2026-21790
HCL Traveler is susceptible to a weak default HTTP header validation vulnerabili
32 CVE-2026-35635
OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerabilit
32 CVE-2026-5393
Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algo
32 CVE-2026-5682
A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Andro
32 CVE-2026-34985
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
32 CVE-2026-34861
Race condition vulnerability in the thermal management module. Impact: Successfu
32 CVE-2026-5724
The frontend gRPC server's streaming interceptor chain did not include the autho
32 CVE-2026-35656
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the
32 CVE-2026-33785
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on
32 CVE-2026-34862
Race condition vulnerability in the power consumption statistics module. Impact:
32 CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cx
32 CVE-2026-39862
Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affec
32 CVE-2026-39409
## Summary `ipRestriction()` does not canonicalize IPv4-mapped IPv6 client addr
32 CVE-2026-35623
OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webh
32 CVE-2026-34481
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/j
32 CVE-2026-34477
The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68
32 CVE-2026-40021
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configurat
32 CVE-2026-5504
A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an at
32 CVE-2026-35165
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
32 CVE-2026-35649
OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that
32 CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applicati
32 CVE-2026-35646
OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulner
32 CVE-2026-35628
OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Tele
32 CVE-2026-5302
CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthentica
32 CVE-2026-6179
Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows att
32 CVE-2026-5447
Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion.
31 CVE-2026-28867
This issue was addressed with improved authentication. This issue is fixed in iO
31 CVE-2026-28822
A type confusion issue was addressed with improved memory handling. This issue i
31 CVE-2026-20637
A use after free issue was addressed with improved memory management. This issue
31 CVE-2026-20699
A downgrade issue affecting Intel-based Mac computers was addressed with additio
31 CVE-2026-28841
A buffer overflow was addressed with improved size validation. This issue is fix
31 CVE-2026-28866
This issue was addressed with improved validation of symlinks. This issue is fix
31 CVE-2026-34385
Fleet is open source device management software. Prior to 4.81.0, a second-order
31 CVE-2026-20695
An information disclosure issue was addressed with improved memory management. T
31 CVE-2026-20651
A privacy issue was addressed with improved handling of temporary files. This is
31 CVE-2026-28889
A permissions issue was addressed with additional restrictions. This issue is fi
31 CVE-2026-28833
A permissions issue was addressed with additional restrictions. This issue is fi
31 CVE-2026-3778
The application does not detect or guard against cyclic PDF object references wh
31 CVE-2026-29976
Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allow
31 CVE-2026-35480
The DAG-CBOR decoder uses collection sizes declared in CBOR headers as Go preall
31 CVE-2026-30007
XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file
31 CVE-2026-30006
XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff
31 CVE-2026-34546
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34555
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34548
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2025-12708
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be ob
31 CVE-2026-34556
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34552
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34536
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34542
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34540
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34533
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34541
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-35406
### Impact A truncated TCP DNS query followed by a connection reset causes aard
31 CVE-2026-34539
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34550
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34551
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34535
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34537
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-33817
Index out-of-range when encountering a branch page with zero elements in go.etcd
31 CVE-2026-34549
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34554
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34534
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2026-34547
iccDEV provides a set of libraries and tools for working with ICC color manageme
31 CVE-2025-64646
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive info
31 CVE-2025-36051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensiti
31 CVE-2025-43238
An integer overflow was addressed with improved input validation. This issue is
31 CVE-2026-0049
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent de
31 CVE-2025-13044
IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names,
31 CVE-2026-32146
Improper path validation vulnerability in the Gleam compiler's handling of git d
31 CVE-2026-31053
A double free vulnerability exists in librz/bin/format/le/le.c in the function l
31 CVE-2026-25204
Deserialization of untrusted data vulnerability in Samsung Open Source Escarogt
31 CVE-2026-40115
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe
31 CVE-2026-33753
### Summary An Authorization Bypass vulnerability in `rfc3161-client`'s signatu
31 CVE-2026-40117
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file
31 CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via a
31 CVE-2026-33035
## Summary AVideo contains a reflected XSS vulnerability that allows unauthenti
31 CVE-2026-22176
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability i
31 CVE-2026-5226
The Optimole - Optimize Images in Real Time plugin for WordPress is vulnerable t
31 CVE-2026-33622
### Summary PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execut
31 CVE-2026-3572
The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery
31 CVE-2026-4394
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script
31 CVE-2026-2277
The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Script
31 CVE-2026-1986
The FloristPress for Woo - Customize your eCommerce store for your Florist plugi
31 CVE-2026-1647
The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Sc
31 CVE-2026-4146
The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Sc
31 CVE-2025-13910
The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cro
31 CVE-2026-2427
The itsukaita plugin for WordPress is vulnerable to Reflected Cross-Site Scripti
31 CVE-2026-32034
OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerabil
31 CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 731d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1197d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 14 / 29 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy