Total CVEs
5792
last 30 days
Avg Priority
34.0
of max 220
KEV
8
actively exploited
POC
777
public exploits
Unpatched
1600
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 64 |
CVE-2026-4487
A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impa
|
| 64 |
CVE-2026-4227
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impac
|
| 64 |
CVE-2026-4318
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is
|
| 64 |
CVE-2026-4226
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element
|
| 64 |
CVE-2026-4488
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Af
|
| 64 |
CVE-2026-30531
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 64 |
CVE-2016-20034
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that
|
| 64 |
CVE-2026-33665
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and
|
| 64 |
CVE-2026-30529
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 64 |
CVE-2026-22683
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnera
|
| 64 |
CVE-2025-60947
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacke
|
| 64 |
CVE-2025-60946
Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated att
|
| 64 |
CVE-2026-25075
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerabil
|
| 64 |
CVE-2026-32846
OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal v
|
| 64 |
CVE-2026-33713
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.
|
| 63 |
CVE-2026-32989
Precurio Intranet Portal 4.4 contains a cross-site request forgery (CSRF) weakne
|
| 63 |
CVE-2026-32635
A Cross-Site Scripting (XSS) vulnerability has been identified in the Angular ru
|
| 63 |
CVE-2026-22666
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code e
|
| 63 |
CVE-2026-5684
A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issu
|
| 63 |
CVE-2026-29002
CouchCMS contains a privilege escalation vulnerability that allows authenticated
|
| 63 |
CVE-2026-35020
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
|
| 63 |
CVE-2026-33663
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.
|
| 63 |
CVE-2026-28529
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in
|
| 62 |
CVE-2026-35021
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
|
| 62 |
CVE-2026-30534
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 61 |
CVE-2026-26740
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to caus
|
| 61 |
CVE-2015-20120
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL in
|
| 61 |
CVE-2015-20121
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities th
|
| 61 |
CVE-2026-4896
The WCFM - Frontend Manager for WooCommerce along with Bookings Subscription Lis
|
| 61 |
CVE-2026-3857
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10
|
| 59 |
CVE-2017-20218
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows se
|
| 59 |
CVE-2026-33150
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 t
|
| 59 |
CVE-2016-20033
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability
|
| 59 |
CVE-2026-33352
### Summary
An unauthenticated SQL injection vulnerability exists in `objects/c
|
| 59 |
CVE-2026-32064
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc
|
| 59 |
CVE-2026-2995
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 bef
|
| 58 |
CVE-2026-26829
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-s
|
| 58 |
CVE-2026-32055
OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in w
|
| 58 |
CVE-2017-20222
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthent
|
| 58 |
CVE-2017-20220
Serviio PRO 1.8 contains an improper access control vulnerability in the Configu
|
| 58 |
CVE-2026-32056
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment
|
| 58 |
CVE-2017-20217
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper
|
| 58 |
CVE-2026-32049
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inb
|
| 58 |
CVE-2026-32981
A path traversal vulnerability was identified in Ray Dashboard (default port 826
|
| 58 |
CVE-2013-20006
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in se
|
| 58 |
CVE-2026-30575
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Managem
|
| 58 |
CVE-2026-30576
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Managem
|
| 58 |
CVE-2026-30573
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Managem
|
| 58 |
CVE-2026-32048
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during c
|
| 58 |
CVE-2026-3988
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
|
| 58 |
CVE-2026-30574
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Managem
|
| 58 |
CVE-2026-4338
The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to
|
| 58 |
CVE-2026-33484
### Summary
The `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves ima
|
| 58 |
CVE-2026-33497
### Summary
In the download_profile_picture function of the /profile_pictures/{f
|
| 57 |
CVE-2026-4840
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affe
|
| 57 |
CVE-2026-25192
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to
|
| 57 |
CVE-2026-29796
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to
|
| 57 |
CVE-2026-6123
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromA
|
| 57 |
CVE-2026-4565
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function
|
| 57 |
CVE-2026-4486
A vulnerability was found in D-Link DIR-513 1.10. This affects the function form
|
| 57 |
CVE-2026-5212
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 57 |
CVE-2026-4976
A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerab
|
| 57 |
CVE-2026-5567
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the funct
|
| 57 |
CVE-2026-5046
A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function fo
|
| 57 |
CVE-2026-4534
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlE
|
| 57 |
CVE-2026-4904
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the
|
| 57 |
CVE-2026-4903
A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the f
|
| 57 |
CVE-2026-5830
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the funct
|
| 57 |
CVE-2026-4535
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affect
|
| 57 |
CVE-2026-5045
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the fun
|
| 57 |
CVE-2026-5152
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function for
|
| 57 |
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the functio
|
| 57 |
CVE-2026-4905
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function for
|
| 57 |
CVE-2026-5604
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element
|
| 57 |
CVE-2026-6016
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the
|
| 57 |
CVE-2026-6122
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is
|
| 57 |
CVE-2026-4551
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the
|
| 57 |
CVE-2026-4961
A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulner
|
| 57 |
CVE-2026-5021
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPU
|
| 57 |
CVE-2026-5609
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerabilit
|
| 57 |
CVE-2026-4906
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is
|
| 57 |
CVE-2026-6120
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fro
|
| 57 |
CVE-2026-5204
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function f
|
| 57 |
CVE-2026-5154
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element
|
| 57 |
CVE-2026-5156
A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function
|
| 57 |
CVE-2026-4552
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the fun
|
| 57 |
CVE-2026-4902
A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function
|
| 57 |
CVE-2026-4960
A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the functio
|
| 57 |
CVE-2026-5036
A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects
|
| 57 |
CVE-2026-6121
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is t
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1724d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2227d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 997d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 899d |