Total CVEs
5736
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
775
public exploits
Unpatched
1588
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 54 |
CVE-2026-5676
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue
|
| 54 |
CVE-2026-5692
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts
|
| 54 |
CVE-2026-5814
A security vulnerability has been detected in PHPGurukul Online Course Registrat
|
| 54 |
CVE-2026-5678
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The aff
|
| 54 |
CVE-2026-5665
A security vulnerability has been detected in code-projects Online FIR System 1.
|
| 54 |
CVE-2026-5805
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The im
|
| 54 |
CVE-2026-5677
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Im
|
| 54 |
CVE-2026-5961
A security vulnerability has been detected in code-projects Simple IT Discussion
|
| 54 |
CVE-2026-5962
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the
|
| 54 |
CVE-2026-2745
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11
|
| 54 |
CVE-2025-15433
The Shared Files WordPress plugin before 1.7.58 allows users with a role as low
|
| 54 |
CVE-2026-1724
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 bef
|
| 53 |
CVE-2026-33033
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
|
| 53 |
CVE-2025-14545
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote
|
| 53 |
CVE-2026-30523
A Business Logic vulnerability exists in SourceCodester Loan Management System v
|
| 53 |
CVE-2026-32053
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook e
|
| 53 |
CVE-2025-13436
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7
|
| 53 |
CVE-2026-32704
### Summary
`POST /api/template/renderSprig` lacks `model.CheckAdminRole`, allow
|
| 53 |
CVE-2025-15488
The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary sh
|
| 53 |
CVE-2026-4432
The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly v
|
| 53 |
CVE-2026-4079
The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape use
|
| 53 |
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v
|
| 53 |
CVE-2025-13078
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10
|
| 53 |
CVE-2026-1900
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible RE
|
| 53 |
CVE-2026-28490
## 1. Executive Summary
A cryptographic padding oracle vulnerability was identi
|
| 53 |
CVE-2026-32054
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability i
|
| 53 |
CVE-2026-32043
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnera
|
| 52 |
CVE-2026-30522
A Business Logic vulnerability exists in SourceCodester Loan Management System v
|
| 52 |
CVE-2026-4228
A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects the functi
|
| 52 |
CVE-2026-32052
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability i
|
| 52 |
CVE-2015-20119
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vu
|
| 52 |
CVE-2026-4210
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3
|
| 52 |
CVE-2026-4204
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,
|
| 52 |
CVE-2026-4206
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32
|
| 52 |
CVE-2026-4205
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 52 |
CVE-2026-4207
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 52 |
CVE-2026-4209
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 52 |
CVE-2026-4203
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS
|
| 52 |
CVE-2026-4543
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is
|
| 52 |
CVE-2026-4192
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by
|
| 52 |
CVE-2026-4185
A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This
|
| 52 |
CVE-2026-4831
A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the fu
|
| 52 |
CVE-2026-5245
A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the funct
|
| 52 |
CVE-2026-4500
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This imp
|
| 52 |
CVE-2026-4988
A security flaw has been discovered in Open5GS 2.7.6. This issue affects the fun
|
| 52 |
CVE-2026-4509
A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an un
|
| 52 |
CVE-2026-6011
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this iss
|
| 52 |
CVE-2026-4511
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affect
|
| 52 |
CVE-2026-4516
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnera
|
| 52 |
CVE-2026-4506
A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the
|
| 52 |
CVE-2026-4515
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This af
|
| 52 |
CVE-2026-4830
A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the
|
| 52 |
CVE-2026-5618
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unk
|
| 52 |
CVE-2026-4171
A security vulnerability has been detected in CodeGenieApp serverless-express up
|
| 52 |
CVE-2026-4308
A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects
|
| 52 |
CVE-2026-4215
A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The imp
|
| 52 |
CVE-2026-4589
A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is
|
| 52 |
CVE-2026-4514
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some u
|
| 52 |
CVE-2026-4586
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the f
|
| 52 |
CVE-2026-4505
A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue af
|
| 52 |
CVE-2026-5413
A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by thi
|
| 52 |
CVE-2026-4573
A security vulnerability has been detected in SourceCodester Simple E-learning S
|
| 52 |
CVE-2026-4574
A vulnerability was detected in SourceCodester Simple E-learning System 1.0. Thi
|
| 52 |
CVE-2026-4485
A vulnerability has been found in itsourcecode College Management System 1.0. Th
|
| 52 |
CVE-2026-4593
A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability
|
| 52 |
CVE-2026-4597
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Im
|
| 52 |
CVE-2026-4173
A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability aff
|
| 52 |
CVE-2026-4234
A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects u
|
| 52 |
CVE-2026-4507
A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affecte
|
| 52 |
CVE-2026-4230
A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the fu
|
| 52 |
CVE-2026-4513
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vul
|
| 52 |
CVE-2026-33720
n8n is an open source workflow automation platform. Prior to version 2.8.0, when
|
| 52 |
CVE-2026-33724
n8n is an open source workflow automation platform. Prior to version 2.5.0, when
|
| 51 |
CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that al
|
| 51 |
CVE-2026-30560
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30556
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30569
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 51 |
CVE-2026-30558
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30571
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 51 |
CVE-2026-30561
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30570
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 51 |
CVE-2026-30567
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 51 |
CVE-2026-30557
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30559
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30564
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30566
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30565
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30526
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zo
|
| 51 |
CVE-2017-20219
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scri
|
| 51 |
CVE-2015-20114
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerabi
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |