Total CVEs
6151
last 30 days
Avg Priority
35.1
of max 220
KEV
8
actively exploited
POC
754
public exploits
Unpatched
1225
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
Priority Distribution
| Priority | CVE |
|---|---|
| 39 |
CVE-2026-27920
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device H
|
| 39 |
CVE-2026-27919
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device H
|
| 39 |
CVE-2026-32155
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-32069
Double free in Windows Projected File System allows an authorized attacker to el
|
| 39 |
CVE-2026-32077
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device H
|
| 39 |
CVE-2026-32078
Use after free in Windows Projected File System allows an authorized attacker to
|
| 39 |
CVE-2026-32154
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-32076
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized att
|
| 39 |
CVE-2026-32152
Use after free in Desktop Window Manager allows an authorized attacker to elevat
|
| 39 |
CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databas
|
| 39 |
CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an int
|
| 39 |
CVE-2026-29139
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by a
|
| 39 |
CVE-2026-32153
Use after free in Microsoft Windows Speech allows an authorized attacker to elev
|
| 39 |
CVE-2026-32089
Use after free in Windows Speech Brokered Api allows an authorized attacker to e
|
| 39 |
CVE-2026-27927
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-27918
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32090
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32857
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) p
|
| 39 |
CVE-2026-32165
Use after free in Windows User Interface Core allows an authorized attacker to e
|
| 39 |
CVE-2026-32164
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-27911
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32163
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-27283
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After F
|
| 39 |
CVE-2026-27309
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free
|
| 39 |
CVE-2026-27292
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vu
|
| 39 |
CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-34937
### Summary
`run_python()` in `praisonai` constructs a shell command string by
|
| 39 |
CVE-2026-27289
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds rea
|
| 39 |
CVE-2026-34628
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-34618
Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds w
|
| 39 |
CVE-2026-27313
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-34631
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write
|
| 39 |
CVE-2026-27284
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-27293
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer
|
| 39 |
CVE-2026-34630
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-27238
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-34629
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27295
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds wr
|
| 39 |
CVE-2026-27296
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflo
|
| 39 |
CVE-2026-34627
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27291
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-27298
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resour
|
| 39 |
CVE-2026-27297
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflo
|
| 39 |
CVE-2026-27294
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds re
|
| 39 |
CVE-2026-23273
In the Linux kernel, the following vulnerability has been resolved:
macvlan: ob
|
| 39 |
CVE-2026-23392
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23391
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23378
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 39 |
CVE-2026-23372
In the Linux kernel, the following vulnerability has been resolved:
nfc: rawsoc
|
| 39 |
CVE-2026-23340
In the Linux kernel, the following vulnerability has been resolved:
net: sched:
|
| 39 |
CVE-2026-23336
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80
|
| 39 |
CVE-2026-23317
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx:
|
| 39 |
CVE-2026-23306
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm800
|
| 39 |
CVE-2026-40156
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatical
|
| 39 |
CVE-2026-33744
## Summary
The `docker.system_packages` field in `bentofile.yaml` accepts arbit
|
| 39 |
CVE-2026-3779
The application's list box calculate array logic keeps stale references to page
|
| 39 |
CVE-2026-23407
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-23271
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix _
|
| 39 |
CVE-2026-29923
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local user
|
| 39 |
CVE-2026-23411
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-23393
In the Linux kernel, the following vulnerability has been resolved:
bridge: cfm
|
| 39 |
CVE-2026-23383
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64:
|
| 39 |
CVE-2026-33641
## Summary
Glances supports dynamic configuration values in which substrings enc
|
| 39 |
CVE-2026-23410
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-23350
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/queu
|
| 39 |
CVE-2026-23408
In the Linux kernel, the following vulnerability has been resolved:
apparmor: F
|
| 39 |
CVE-2026-23288
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxd
|
| 39 |
CVE-2026-20698
The issue was addressed with improved memory handling. This issue is fixed in iO
|
| 39 |
CVE-2026-23406
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2026-23278
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23275
In the Linux kernel, the following vulnerability has been resolved:
io_uring: e
|
| 39 |
CVE-2026-23274
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23272
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23554
The Intel EPT paging code uses an optimization to defer flushing of any cached
E
|
| 39 |
CVE-2026-23280
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxd
|
| 39 |
CVE-2026-22163
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such cod
|
| 39 |
CVE-2026-3308
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.
|
| 39 |
CVE-2026-32711
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc
|
| 39 |
CVE-2026-33156
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, Scree
|
| 39 |
CVE-2026-21375
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-33491
Zen C is a systems programming language that compiles to human-readable GNU C/C1
|
| 39 |
CVE-2026-33023
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. I
|
| 39 |
CVE-2026-21378
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-21382
Memory Corruption when handling power management requests with improperly sized
|
| 39 |
CVE-2026-21380
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memor
|
| 39 |
CVE-2026-21373
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-5054
NoMachine External Control of File Path Local Privilege Escalation Vulnerability
|
| 39 |
CVE-2026-33092
Local privilege escalation due to improper handling of environment variables. Th
|
| 39 |
CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil
|
| 39 |
CVE-2026-39853
osslsigncode is a tool that implements Authenticode signing and timestamping. Pr
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2303d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2116d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1730d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2233d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1003d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3757d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 905d |