Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
6152
last 30 days
Avg Priority
31.3
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
941
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL
118
CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
CRITICAL
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
CRITICAL
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
30 CVE-2026-8724
A security flaw has been discovered in Dataease 2.10.20. Impacted is the functio
30 CVE-2026-7393
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affect
30 CVE-2026-7408
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Aff
30 CVE-2026-7394
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. A
30 CVE-2026-7388
A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function
30 CVE-2026-7407
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce S
30 CVE-2026-8218
A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affect
30 CVE-2026-8136
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0.
30 CVE-2026-8253
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected b
30 CVE-2026-8219
A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0
30 CVE-2026-8255
A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affec
30 CVE-2026-8256
A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0
30 CVE-2026-9369
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affe
30 CVE-2026-8119
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function og
30 CVE-2026-8212
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerab
30 CVE-2026-7740
A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. Thi
30 CVE-2026-8087
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is
30 CVE-2026-8258
A flaw has been found in Squirrel up to 3.2. Impacted is the function validate_f
30 CVE-2026-8257
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affec
30 CVE-2026-8084
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerabili
30 CVE-2026-7739
A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerabil
30 CVE-2026-8770
A vulnerability was identified in continuedev continue up to 1.2.22. This affect
30 CVE-2026-8124
A security vulnerability has been detected in GPAC up to 26.02.0. This affects t
30 CVE-2026-8213
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this
30 CVE-2026-8086
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affec
30 CVE-2026-8274
A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Aff
30 CVE-2026-8088
A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected ele
30 CVE-2026-7397
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This aff
30 CVE-2026-7582
A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.
29 CVE-2026-8784
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the f
27 CVE-2026-8767
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the functi
27 CVE-2026-7724
A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected
27 CVE-2026-8741
A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown func
27 CVE-2026-9304
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected
26 CVE-2026-7846
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.
26 CVE-2026-7845
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This i
26 CVE-2026-7847
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Th
25 CVE-2026-8736
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerabi
20 CVE-2025-31974
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Moun
20 CVE-2026-27964
### Summary A Reflected Cross-Site Scripting (XSS) vulnerability exists in the f
20 CVE-2026-44069
In Netatalk 3.0.0 through 4.4.2, integer underflow in volxlate. Fixed in 4.5.0.
20 CVE-2026-30963
### Summary To defend against namespace hijacking achieved through update/patch
19 CVE-2026-3495
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some va
19 CVE-2026-44987
SysReptor is a fully customizable pentest reporting platform. Prior to version 2
19 CVE-2026-9712
When creating an export through the pretix API, API clients are returned an UUI
19 CVE-2026-44459
### Summary Improper validation of the JWT NumericDate claims `exp`, `nbf`, and
19 CVE-2026-6923
A side-channel attack, which requires a physical presence to the TPM, can lead t
19 CVE-2026-45683
### Summary The Java TLS ioctl probe reads user-controlled ioctl pointers with
19 CVE-2026-44071
Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables
19 CVE-2026-44074
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, re
19 CVE-2026-44075
A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 throug
19 CVE-2026-44602
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received o
19 CVE-2026-44601
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a
19 CVE-2026-44600
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue durin
19 CVE-2026-44219
## Summary Both SCA HTTP clients (`src/ciguard/analyzer/sca/osv.py` and `src/ci
19 CVE-2026-43964
Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allow
19 CVE-2026-44603
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN c
19 CVE-2026-42874
### Impact The `Response.set_cookie()` method does not sanitize its string argum
19 CVE-2026-7837
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netat
19 CVE-2026-44242
## Summary `ResourceBundleMessageSource` maintains two caches: `messageCache` (
19 CVE-2026-43863
mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c
19 CVE-2025-59851
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities fl
19 CVE-2025-31985
HCL BigFix Service Management (SM) is affected by a security misconfiguration du
19 CVE-2025-31984
HCL BigFix Service Management (SM) is affected by a security misconfiguration du
19 CVE-2026-43859
mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cra
19 CVE-2026-44599
Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2
19 CVE-2026-40686
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bound
19 CVE-2026-43862
In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
19 CVE-2026-43860
mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_
19 CVE-2026-43861
mutt before 2.3.2 does not check for '\0' in url_pct_decode.
19 CVE-2026-4273
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that
19 CVE-2026-44589
## Summary The `isBlockedUrl()` denylist introduced in `nuxt-og-image@6.2.5` to
19 CVE-2026-6638
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH P
19 CVE-2026-3832
A flaw was found in gnutls. A remote attacker could exploit this vulnerability b
19 CVE-2026-44582
### Impact React Server Component responses can be vulnerable to cache poisonin
19 CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control
19 CVE-2026-8491
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Nod
19 CVE-2026-42082
### Summary The AMF in Free5GC v4.2.1 does not enforce the concurrent security
19 CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vul
19 CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNC
19 CVE-2026-44572
### Impact Next.js uses the `x-nextjs-data` request header for internal data re
18 CVE-2025-31983
HCL BigFix Service Management (SM) is affected by a security misconfiguration vu
18 CVE-2026-44474
## Summary Ella Core didn't enforce security rules on concurrent running of sec
18 CVE-2025-31982
HCL BigFix Service Management (SM) had directories that were not linked or publi
18 CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient
18 CVE-2026-46483
Vim is an open source, command line text editor. Prior to 9.2.0479, a command in
18 CVE-2026-41962
Permission control vulnerability in the app management and control module. Impac
18 CVE-2025-46371
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risk
18 CVE-2026-45803
`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a secu
18 CVE-2026-45781
The MCP Registry provides MCP clients with a list of MCP servers, like an app st

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3799d
CVE-2023-34048 CRITICAL 9.8 222 946d
Prev 3 / 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy