Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
6202
last 30 days
Avg Priority
31.3
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
938
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL
118
CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
CRITICAL
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
CRITICAL
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
55 CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection v
54 CVE-2026-8603
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an a
54 CVE-2026-8602
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnera
54 CVE-2026-33893
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
53 CVE-2026-8604
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigge
53 CVE-2026-33862
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
52 CVE-2026-26289
PowerSYSTEM Center REST API endpoint for device account export allows an authent
50 CVE-2026-33112
Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
50 CVE-2026-33110
Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
50 CVE-2026-35439
Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
50 CVE-2026-40357
Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
49 CVE-2026-32207
Improper neutralization of input during web page generation ('cross-site scripti
49 CVE-2026-41094
Improper control of generation of code ('code injection') in Microsoft Data Form
49 CVE-2026-41109
Improper neutralization of special elements in output used by a downstream compo
49 CVE-2026-41613
Session fixation in Visual Studio Code allows an unauthorized attacker to elevat
49 CVE-2026-40365
Insufficient granularity of access control in Microsoft Office SharePoint allows
49 CVE-2026-41086
Improper access control in Windows Admin Center allows an authorized attacker to
49 CVE-2026-8108
The installation of Fuji Tellus adds a driver to the kernel which grants all use
48 CVE-2026-35435
Improper access control in Azure AI Foundry M365 published agents allows an unau
47 CVE-2026-40364
Access of resource using incompatible type ('type confusion') in Microsoft Offic
47 CVE-2026-40361
Use after free in Microsoft Office Word allows an unauthorized attacker to execu
47 CVE-2026-40367
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized at
47 CVE-2026-40363
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker t
47 CVE-2026-40358
Use after free in Microsoft Office allows an unauthorized attacker to execute co
47 CVE-2026-40366
Use after free in Microsoft Office Word allows an unauthorized attacker to execu
47 CVE-2026-6411
This vulnerability, in the MAXHUB Pivot client application versions prior to v1
46 CVE-2026-34327
Externally controlled reference to a resource in another sphere in Microsoft Par
46 CVE-2026-33833
Improper neutralization of special elements in output used by a downstream compo
46 CVE-2026-41105
Server-side request forgery (ssrf) in Azure Notification Service allows an autho
45 CVE-2026-40368
Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
45 CVE-2026-35555
PowerSYSTEM Center feature for device project groups allows an authenticated use
45 CVE-2026-7256
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI pro
45 CVE-2025-40949
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1
45 CVE-2026-42031
### Impact A vulnerability in `datastore_search_sql` allowed attackers to injec
45 CVE-2026-8135
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to inse
45 CVE-2026-7546
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B2021
45 CVE-2026-43533
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot
45 CVE-2026-42611
### Summary A low-privileged (with the ability to create a page) user can cause
45 CVE-2026-42556
Postiz is an AI social media scheduling tool. From version 2.21.6 to before vers
45 CVE-2026-8208
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerabi
45 CVE-2026-32148
Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.R
45 CVE-2026-45659
Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
44 CVE-2026-44432
### Impact urllib3's [streaming API](https://urllib3.readthedocs.io/en/2.7.0/ad
44 CVE-2026-8832
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code
44 CVE-2026-7841
A remote code execution vulnerability exists in Notification Settings on GeoVisi
44 CVE-2026-42513
This vulnerability exists in e-Sushrut due to improper authentication logic that
44 CVE-2026-6261
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versio
44 CVE-2026-42605
## Summary The `currentDirectory` request parameter in the Flow.js media upload
44 CVE-2026-27648
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex
44 CVE-2026-20887
Improper access control for some Intel Vision software for all versions within R
44 CVE-2026-36734
EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated at
44 CVE-2026-42514
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext with
44 CVE-2026-44127
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated
44 CVE-2026-44048
In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion
44 CVE-2026-23819
A vulnerability in the web-based management interface of Access Points running A
44 CVE-2026-42468
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.00
44 CVE-2026-44513
### Impact A `trust_remote_code` bypass in `DiffusionPipeline.from_pretrained`
44 CVE-2026-44827
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, di
44 CVE-2026-6228
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege
44 CVE-2026-34344
Access of resource using incompatible type ('type confusion') in Windows Ancilla
44 CVE-2026-7522
The Advanced Database Cleaner - Premium plugin for WordPress is vulnerable to Lo
44 CVE-2026-45495
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
44 CVE-2026-42608
# Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File
44 CVE-2026-6692
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Uploa
44 CVE-2026-42215
GitPython is a python library used to interact with Git repositories. From versi
44 CVE-2026-42235
## Impact An unauthenticated attacker could register a malicious MCP OAuth clien
44 CVE-2026-7482
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGU
44 CVE-2026-24217
NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause
44 CVE-2026-34329
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized att
44 CVE-2026-44047
In Netatalk 3.1.0 through 4.4.2, sql injection in mysql cnid backend. Fixed in 4
44 CVE-2026-8540
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote a
44 CVE-2026-8002
Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a
44 CVE-2026-8577
Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a rem
44 CVE-2026-8549
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remot
44 CVE-2026-8581
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote
44 CVE-2026-8544
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remot
44 CVE-2026-8532
Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remot
44 CVE-2026-8555
Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowe
44 CVE-2026-8522
Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allo
44 CVE-2026-7957
Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96
44 CVE-2026-8551
Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a r
44 CVE-2026-8518
Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remot
44 CVE-2026-8527
Insufficient validation of untrusted input in Downloads in Google Chrome prior t
44 CVE-2026-7902
Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowe
44 CVE-2026-8517
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.1
44 CVE-2026-43937
**Issue Details:** YAFNET's only admin authorization gate is `PageSecurityCheckA
44 CVE-2026-9207
Tanium addressed an unauthorized code execution vulnerability in Connect.
44 CVE-2026-8526
Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a
44 CVE-2026-8016
Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remot
44 CVE-2026-8529
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d
Prev 2 / 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy