Total CVEs
6199
last 30 days
Avg Priority
35.0
of max 220
KEV
8
actively exploited
POC
742
public exploits
Unpatched
1227
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
Priority Distribution
| Priority | CVE |
|---|---|
| 43 |
CVE-2026-5936
An attacker can control a server-side HTTP request by supplying a crafted URL, c
|
| 43 |
CVE-2026-33953
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5
|
| 43 |
CVE-2026-31943
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `
|
| 43 |
CVE-2026-39974
## Impact
An authenticated Server-Side Request Forgery in `n8n-mcp` allows a cal
|
| 43 |
CVE-2025-15519
Improper input handling in a modem-management administrative CLI command on TP-L
|
| 43 |
CVE-2025-15518
Improper input handling in a wireless-control administrative CLI command on TP-L
|
| 43 |
CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content.
|
| 43 |
CVE-2026-40029
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs
|
| 43 |
CVE-2026-39475
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 43 |
CVE-2026-32516
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 43 |
CVE-2026-27039
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 43 |
CVE-2026-40744
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 43 |
CVE-2026-25007
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 43 |
CVE-2026-24977
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 43 |
CVE-2026-39495
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 43 |
CVE-2025-15101
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web
|
| 43 |
CVE-2026-5173
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.
|
| 43 |
CVE-2026-40032
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injectio
|
| 43 |
CVE-2025-69347
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WP
|
| 43 |
CVE-2026-4416
The Performance Library component of Gigabyte Control Center has an Insecure Des
|
| 43 |
CVE-2026-33788
A Missing Authentication for Critical Function vulnerability in the Flexible PIC
|
| 43 |
CVE-2026-31847
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebu
|
| 43 |
CVE-2026-32864
There is a memory corruption vulnerability due to an out-of-bounds read in mgcor
|
| 43 |
CVE-2026-32861
There is a memory corruption vulnerability due to an out-of-bounds write when lo
|
| 43 |
CVE-2026-32863
There is a memory corruption vulnerability due to an out-of-bounds read in sentr
|
| 43 |
CVE-2026-32862
There is a memory corruption vulnerability due to an out-of-bounds write in ResF
|
| 43 |
CVE-2026-32860
There is a memory corruption vulnerability due to an out-of-bounds write when lo
|
| 43 |
CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI
|
| 43 |
CVE-2026-4731
Integer Overflow or Wraparound vulnerability in artraweditor ART (rtengine mod
|
| 43 |
CVE-2026-1342
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
|
| 43 |
CVE-2026-40031
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that ena
|
| 43 |
CVE-2026-32680
The installer of RATOC RAID Monitoring Manager for Windows allows to customize t
|
| 43 |
CVE-2025-15605
A hardcoded cryptographic key within the configuration mechanism on TP-Link Arch
|
| 43 |
CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_ht
|
| 43 |
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observ
|
| 43 |
CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module
|
| 42 |
CVE-2026-22676
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerab
|
| 42 |
CVE-2026-6482
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege
|
| 42 |
CVE-2026-40318
SiYuan is an open-source personal knowledge management system. In versions 3.6.3
|
| 42 |
CVE-2025-41359
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36,
|
| 42 |
CVE-2026-34885
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 42 |
CVE-2026-38527
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component
|
| 42 |
CVE-2026-4145
During an internal security assessment, a potential vulnerability was discovered
|
| 42 |
CVE-2026-0207
A vulnerability exists in FlashBlade whereby sensitive information may be logged
|
| 42 |
CVE-2026-34975
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0,
|
| 42 |
CVE-2025-59711
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of use
|
| 42 |
CVE-2025-13478
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Li
|
| 42 |
CVE-2026-34545
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-27306
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Inpu
|
| 42 |
CVE-2026-33791
An OS Command Injection vulnerability in the CLI processing of Juniper Networks
|
| 42 |
CVE-2026-21915
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks
|
| 42 |
CVE-2026-34377
---
# CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data
## S
|
| 42 |
CVE-2026-40287
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerab
|
| 42 |
CVE-2026-40030
parseusbs before 1.9 contains an OS command injection vulnerability where the vo
|
| 42 |
CVE-2026-40113
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs
|
| 42 |
CVE-2026-30279
An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel T
|
| 42 |
CVE-2026-30277
An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Pri
|
| 42 |
CVE-2025-30650
A Missing Authentication for Critical Function vulnerability in command processi
|
| 42 |
CVE-2026-28832
An out-of-bounds read was addressed with improved bounds checking. This issue is
|
| 42 |
CVE-2026-30290
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6
|
| 42 |
CVE-2026-28821
A validation issue existed in the entitlement verification. This issue was addre
|
| 42 |
CVE-2026-26306
The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely
|
| 42 |
CVE-2026-32925
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co
|
| 42 |
CVE-2026-23995
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-base
|
| 42 |
CVE-2026-32928
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co
|
| 42 |
CVE-2026-35205
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm w
|
| 42 |
CVE-2026-28760
The installer of RATOC RAID Monitoring Manager for Windows searches the current
|
| 42 |
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-4732
Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndfile-modif
|
| 42 |
CVE-2026-28704
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file i
|
| 42 |
CVE-2026-30292
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer AP
|
| 42 |
CVE-2026-33632
ClearanceKit intercepts file-system access events on macOS and enforces per-proc
|
| 42 |
CVE-2026-35204
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a spec
|
| 42 |
CVE-2026-30287
An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner
|
| 42 |
CVE-2026-30289
An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App
|
| 42 |
CVE-2026-4788
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information
|
| 42 |
CVE-2026-32926
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in
|
| 42 |
CVE-2026-32927
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in
|
| 42 |
CVE-2026-30291
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Edi
|
| 42 |
CVE-2026-33253
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services wit
|
| 42 |
CVE-2026-34544
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-32929
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!ge
|
| 42 |
CVE-2026-32845
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cg
|
| 42 |
CVE-2026-40027
ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path t
|
| 42 |
CVE-2026-35553
Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer ov
|
| 42 |
CVE-2026-40024
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_rec
|
| 42 |
CVE-2026-22593
EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-
|
| 42 |
CVE-2026-22682
OpenHarness prior to commit 166fcfe contains an improper access control vulnerab
|
| 42 |
CVE-2026-35641
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in
|
| 42 |
CVE-2026-33747
### Impact
When using a custom BuildKit frontend, the frontend can craft an API
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2302d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2115d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1729d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2232d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1002d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3757d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 904d |