Total CVEs
6152
last 30 days
Avg Priority
31.3
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
941
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
118
CVE-2026-45321
## Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
Priority Distribution
| Priority | CVE |
|---|---|
| 48 |
CVE-2026-8725
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected ele
|
| 48 |
CVE-2026-8032
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The im
|
| 48 |
CVE-2026-8751
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the
|
| 48 |
CVE-2026-8133
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Aff
|
| 48 |
CVE-2026-7632
A vulnerability was determined in code-projects Online Hospital Management Syste
|
| 48 |
CVE-2026-9356
A vulnerability has been found in SourceCodester Hospitals Patient Records Manag
|
| 48 |
CVE-2026-8241
A vulnerability has been found in Industrial Application Software IAS Canias ERP
|
| 48 |
CVE-2026-7555
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Th
|
| 48 |
CVE-2026-8128
A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affecte
|
| 48 |
CVE-2026-7506
A vulnerability has been found in SourceCodester Hotel Management System 1.0. Th
|
| 48 |
CVE-2026-8033
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.
|
| 48 |
CVE-2026-7550
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory Sy
|
| 48 |
CVE-2026-8750
A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue
|
| 48 |
CVE-2026-8131
A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. T
|
| 48 |
CVE-2026-7702
A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue aff
|
| 48 |
CVE-2026-8785
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Af
|
| 48 |
CVE-2026-8098
A security vulnerability has been detected in code-projects Feedback System 1.0.
|
| 48 |
CVE-2026-8132
A weakness has been identified in CodeAstro Leave Management System 1.0. Affecte
|
| 48 |
CVE-2026-7545
A weakness has been identified in SourceCodester Advanced School Management Syst
|
| 48 |
CVE-2026-7686
A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected
|
| 48 |
CVE-2026-7549
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0.
|
| 48 |
CVE-2026-9349
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this i
|
| 48 |
CVE-2026-8129
A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The im
|
| 48 |
CVE-2026-8130
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This a
|
| 48 |
CVE-2026-8126
A flaw has been found in SourceCodester Comment System 1.0. This issue affects s
|
| 48 |
CVE-2026-9352
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. Thi
|
| 48 |
CVE-2026-9355
A flaw has been found in SourceCodester Hospitals Patient Records Management Sys
|
| 48 |
CVE-2026-9364
A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is
|
| 48 |
CVE-2026-8734
A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this is
|
| 48 |
CVE-2026-8739
A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected eleme
|
| 48 |
CVE-2026-8752
A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability aff
|
| 48 |
CVE-2026-7695
A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operati
|
| 48 |
CVE-2026-7694
A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Effi
|
| 48 |
CVE-2026-7670
A flaw has been found in Jinher OA 1.0. The affected element is an unknown funct
|
| 48 |
CVE-2026-9606
A vulnerability has been found in itsourcecode Courier Management System 1.0. Im
|
| 48 |
CVE-2026-7384
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b36
|
| 48 |
CVE-2026-7589
A vulnerability was determined in ghantakiran splunk-mcp-integration up to 0b86b
|
| 48 |
CVE-2026-9580
A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is
|
| 48 |
CVE-2026-9584
A security vulnerability has been detected in code-projects Project Management S
|
| 48 |
CVE-2026-8083
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System
|
| 48 |
CVE-2026-9603
A security vulnerability has been detected in SourceCodester eDoc Doctor Appoint
|
| 48 |
CVE-2026-7404
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0.
|
| 48 |
CVE-2026-7403
A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the f
|
| 48 |
CVE-2026-7400
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1
|
| 48 |
CVE-2026-7398
A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e5
|
| 48 |
CVE-2026-7396
A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by t
|
| 48 |
CVE-2026-7386
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an u
|
| 47 |
CVE-2026-44262
### Impact
A remote code execution (RCE) vulnerability affects versions `0.13.2
|
| 47 |
CVE-2026-1631
The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plu
|
| 47 |
CVE-2026-32175
A tampering vulnerability exists when .NET Core improperly handles specially cra
|
| 47 |
CVE-2026-6402
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-or
|
| 47 |
CVE-2026-43638
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerabili
|
| 47 |
CVE-2026-5335
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV file
|
| 46 |
CVE-2026-36356
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1
|
| 46 |
CVE-2026-42607
### Summary
An authenticated user with administrative privileges can achieve Rem
|
| 46 |
CVE-2026-43644
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability i
|
| 45 |
CVE-2026-30893
Wazuh is a free and open source platform used for threat prevention, detection,
|
| 44 |
CVE-2026-42215
GitPython is a python library used to interact with Git repositories. From versi
|
| 44 |
CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacke
|
| 44 |
CVE-2026-0073
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB
|
| 44 |
CVE-2026-42559
## Summary
Prior to version 1.4.0, the `rmcp` crate's Streamable HTTP server tr
|
| 44 |
CVE-2026-23918
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2
|
| 44 |
CVE-2026-42786
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel ba
|
| 44 |
CVE-2026-44340
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extr
|
| 44 |
CVE-2026-32689
Allocation of Resources Without Limits or Throttling vulnerability in phoenixfra
|
| 43 |
CVE-2026-44011
We identified a vulnerability in the latest version of Craft CMS which contains
|
| 43 |
CVE-2026-42080
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to
|
| 43 |
CVE-2026-44578
### Impact
Self-hosted applications using the built-in Node.js server can be vu
|
| 42 |
CVE-2026-46345
**Relevant Products/Components:**
* `trestle/core/commands/author/jinja.py`
* `
|
| 42 |
CVE-2025-70116
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 fi
|
| 42 |
CVE-2026-9807
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9
|
| 42 |
CVE-2026-41160
EspoCRM is an open source customer relationship management application. Prior to
|
| 41 |
CVE-2026-39804
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel ba
|
| 39 |
CVE-2026-44243
## 🧾 Summary
A vulnerability in **GitPython** allows **attackers who can supply
|
| 39 |
CVE-2026-36355
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known v
|
| 38 |
CVE-2026-37554
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attac
|
| 38 |
CVE-2026-28952
An integer overflow was addressed with improved input validation. This issue is
|
| 38 |
CVE-2026-39820
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were
|
| 38 |
CVE-2026-33814
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of
|
| 38 |
CVE-2026-42499
Pathological inputs could cause DoS through consumePhrase when parsing an email
|
| 38 |
CVE-2026-39836
The Dial and LookupPort functions panic on Windows when provided with an input c
|
| 38 |
CVE-2026-33811
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can
|
| 38 |
CVE-2026-20188
A vulnerability in the connection-handling mechanism of Cisco Crosswork Network
|
| 37 |
CVE-2026-23926
An authenticated (non-super) administrator can create a maintenance period with
|
| 36 |
CVE-2026-44010
### Summary
The GraphQL Address element resolver (src/gql/resolvers/elements/Ad
|
| 35 |
CVE-2026-32686
Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthe
|
| 35 |
CVE-2026-9365
A vulnerability has been found in Ettercap up to 0.8.3. The affected element is
|
| 35 |
CVE-2026-9371
A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Aff
|
| 35 |
CVE-2026-8275
A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnera
|
| 35 |
CVE-2026-7554
A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this iss
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3799d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |