Total CVEs
6193
last 30 days
Avg Priority
35.0
of max 220
KEV
8
actively exploited
POC
751
public exploits
Unpatched
1226
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
Priority Distribution
| Priority | CVE |
|---|---|
| 41 |
CVE-2026-40168
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/s
|
| 41 |
CVE-2026-32829
lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In vers
|
| 41 |
CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applicati
|
| 41 |
CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (
|
| 41 |
CVE-2026-32278
# Security Advisory - Form Plugin (Stored XSS)
## Summary
A Stored Cross-site
|
| 41 |
CVE-2026-33009
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
|
| 41 |
CVE-2026-2992
The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is
|
| 41 |
CVE-2026-34375
WWBN AVideo is an open source video platform. In versions up to and including 26
|
| 41 |
CVE-2026-31788
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd
|
| 41 |
CVE-2026-4984
The Twilio integration webhook handler accepts any POST request without validati
|
| 41 |
CVE-2026-33072
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to
|
| 41 |
CVE-2026-33163
### Impact
When a `Parse.Cloud.afterLiveQueryEvent` trigger is registered for a
|
| 41 |
CVE-2026-34725
### Summary
A stored XSS vulnerability exists in DbGate because attacker-control
|
| 41 |
CVE-2026-33206
calibre is a cross-platform e-book manager for viewing, converting, editing, and
|
| 41 |
CVE-2026-33941
## Summary
The Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.
|
| 41 |
CVE-2026-33748
### Impact
Insufficient validation of Git URL fragment subdir components (`<url>
|
| 41 |
CVE-2026-31921
Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for
|
| 41 |
CVE-2026-1116
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` met
|
| 41 |
CVE-2026-34236
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From versio
|
| 41 |
CVE-2026-24063
When a plugin is installed using the Arturia Software Center (MacOS), it also in
|
| 41 |
CVE-2026-33979
## Description
A vulnerability has been identified in express-xss-sanitizer (<=
|
| 41 |
CVE-2026-4740
A flaw was found in Open Cluster Management (OCM), the technology underlying Red
|
| 41 |
CVE-2026-33243
barebox is a bootloader. In barebox from version 2016.03.0 to before version 202
|
| 41 |
CVE-2026-40193
### Summary
The `auth.ldap` module constructs LDAP search filters and DN string
|
| 41 |
CVE-2026-3324
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to auth
|
| 41 |
CVE-2026-34632
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vu
|
| 41 |
CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a mo
|
| 41 |
CVE-2025-7389
A vulnerability in the AdminServer component of OpenEdge on all supported platfo
|
| 41 |
CVE-2026-33037
WWBN AVideo is an open source video platform. In versions 25.0 and below, the of
|
| 41 |
CVE-2026-34783
## Summary
A path traversal vulnerability in Ferret's `IO::FS::WRITE` standard
|
| 41 |
CVE-2026-33482
## Summary
The `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/fun
|
| 41 |
CVE-2026-33496
## Description
Ory Oathkeeper is vulnerable to authentication bypass due to cac
|
| 41 |
CVE-2026-33949
### Summary
A Path Traversal vulnerability in `@tinacms/graphql` allows unauthen
|
| 41 |
CVE-2026-4021
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypa
|
| 41 |
CVE-2026-22324
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-58913
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-32531
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27093
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-4272
Missing Authentication for Critical Function vulnerability in Honeywell Handheld
|
| 41 |
CVE-2026-4350
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion vi
|
| 41 |
CVE-2026-28291
### Summary
simple-git enables running native Git commands from JavaScript. Som
|
| 41 |
CVE-2026-4101
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
|
| 41 |
CVE-2026-34528
## Summary
The `signupHandler` in File Browser applies default user permissions
|
| 41 |
CVE-2026-32808
pyLoad is a free and open-source download manager written in Python. Versions be
|
| 41 |
CVE-2026-25471
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themep
|
| 41 |
CVE-2026-4347
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due t
|
| 41 |
CVE-2026-35607
File Browser is a file managing interface for uploading, deleting, previewing, r
|
| 41 |
CVE-2026-33938
## Summary
The `@partial-block` special variable is stored in the template data
|
| 41 |
CVE-2026-4800
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h
|
| 41 |
CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati
|
| 41 |
CVE-2026-32730
# MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
## Sum
|
| 41 |
CVE-2026-27625
Stirling-PDF is a locally hosted web application that performs various operation
|
| 41 |
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite v
|
| 41 |
CVE-2026-30975
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 h
|
| 41 |
CVE-2026-34522
### Summary
A path traversal vulnerability in `/api/chats/import` allows an auth
|
| 41 |
CVE-2026-32727
SciTokens is a reference library for generating and using SciTokens. Prior to ve
|
| 41 |
CVE-2026-32505
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-32504
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-32503
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-32500
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27081
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27080
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27079
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27078
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27077
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27076
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27075
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27048
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-27047
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25464
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25458
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25457
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25382
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25381
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25380
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25379
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-25017
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22516
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22515
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22514
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22513
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22512
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22511
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22508
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22509
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22506
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22504
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22503
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22502
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22499
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2303d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2116d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1729d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2232d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1002d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3757d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 904d |