Total CVEs
6064
last 30 days
Avg Priority
35.1
of max 220
KEV
8
actively exploited
POC
754
public exploits
Unpatched
1187
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
Priority Distribution
| Priority | CVE |
|---|---|
| 39 |
CVE-2026-24159
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remot
|
| 39 |
CVE-2026-24157
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an at
|
| 39 |
CVE-2026-26170
Improper input validation in Microsoft PowerShell allows an authorized attacker
|
| 39 |
CVE-2026-29144
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass
|
| 39 |
CVE-2026-29143
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authentica
|
| 39 |
CVE-2026-27907
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allo
|
| 39 |
CVE-2026-27909
Use after free in Microsoft Windows Search Component allows an authorized attack
|
| 39 |
CVE-2026-33874
Gematik Authenticator securely authenticates users for login to digital health a
|
| 39 |
CVE-2026-35043
Commit ce53491 (March 24) fixed command injection via `system_packages` in Docke
|
| 39 |
CVE-2026-4154
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This
|
| 39 |
CVE-2026-4150
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This
|
| 39 |
CVE-2026-4151
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This
|
| 39 |
CVE-2026-24152
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attac
|
| 39 |
CVE-2026-24151
NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may
|
| 39 |
CVE-2026-24150
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attac
|
| 39 |
CVE-2025-33248
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script wher
|
| 39 |
CVE-2026-34054
vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3,
|
| 39 |
CVE-2026-24141
NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONN
|
| 39 |
CVE-2026-26176
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allow
|
| 39 |
CVE-2026-26153
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized
|
| 39 |
CVE-2026-26184
Buffer over-read in Windows Projected File System allows an authorized attacker
|
| 39 |
CVE-2026-4153
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
|
| 39 |
CVE-2026-4152
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
|
| 39 |
CVE-2026-26183
Improper access control in Windows RPC API allows an authorized attacker to elev
|
| 39 |
CVE-2026-26159
Missing authentication for critical function in Windows Remote Desktop Licensing
|
| 39 |
CVE-2026-24165
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserializati
|
| 39 |
CVE-2026-32183
Improper neutralization of special elements used in a command ('command injectio
|
| 39 |
CVE-2026-26168
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-30309
InfCode's terminal auto-execution module contains a critical command filtering v
|
| 39 |
CVE-2026-5494
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
|
| 39 |
CVE-2026-5495
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
|
| 39 |
CVE-2026-5496
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Exe
|
| 39 |
CVE-2026-5493
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
|
| 39 |
CVE-2026-33098
Use after free in Windows Container Isolation FS Filter Driver allows an authori
|
| 39 |
CVE-2026-27916
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an a
|
| 39 |
CVE-2026-32074
Double free in Windows Projected File System allows an authorized attacker to el
|
| 39 |
CVE-2026-27915
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an a
|
| 39 |
CVE-2026-33101
Use after free in Windows Print Spooler Components allows an authorized attacker
|
| 39 |
CVE-2026-32078
Use after free in Windows Projected File System allows an authorized attacker to
|
| 39 |
CVE-2026-32076
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized att
|
| 39 |
CVE-2026-27924
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-27920
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device H
|
| 39 |
CVE-2026-32155
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-32222
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized att
|
| 39 |
CVE-2026-32069
Double free in Windows Projected File System allows an authorized attacker to el
|
| 39 |
CVE-2026-27919
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device H
|
| 39 |
CVE-2026-32154
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-32152
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-27923
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-32077
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device H
|
| 39 |
CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an int
|
| 39 |
CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databas
|
| 39 |
CVE-2026-29139
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by a
|
| 39 |
CVE-2026-32090
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32089
Use after free in Windows Speech Brokered Api allows an authorized attacker to e
|
| 39 |
CVE-2026-27918
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32153
Use after free in Microsoft Windows Speech allows an authorized attacker to elev
|
| 39 |
CVE-2026-27927
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32857
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) p
|
| 39 |
CVE-2026-32164
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32165
Use after free in Windows User Interface Core allows an authorized attacker to e
|
| 39 |
CVE-2026-27911
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32163
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-27283
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After F
|
| 39 |
CVE-2026-27309
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free
|
| 39 |
CVE-2026-27292
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vu
|
| 39 |
CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-34937
### Summary
`run_python()` in `praisonai` constructs a shell command string by
|
| 39 |
CVE-2026-27295
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds wr
|
| 39 |
CVE-2026-34618
Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds w
|
| 39 |
CVE-2026-34628
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-34630
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-34627
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-34629
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27294
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds re
|
| 39 |
CVE-2026-27291
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-27293
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer
|
| 39 |
CVE-2026-27284
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-27297
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflo
|
| 39 |
CVE-2026-34631
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write
|
| 39 |
CVE-2026-27296
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflo
|
| 39 |
CVE-2026-27289
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds rea
|
| 39 |
CVE-2026-27298
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resour
|
| 39 |
CVE-2026-27238
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27313
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-23273
In the Linux kernel, the following vulnerability has been resolved:
macvlan: ob
|
| 39 |
CVE-2026-23392
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23391
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23378
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 39 |
CVE-2026-23372
In the Linux kernel, the following vulnerability has been resolved:
nfc: rawsoc
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2303d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2116d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1729d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2233d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1002d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3757d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 904d |