Total CVEs
5688
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
769
public exploits
Unpatched
1561
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 51 |
CVE-2016-20036
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vu
|
| 51 |
CVE-2026-32986
A Second-Order Cross-Site Scripting (XSS) vulnerability exists in Textpattern CM
|
| 51 |
CVE-2015-20116
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploa
|
| 51 |
CVE-2026-30563
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales
|
| 50 |
CVE-2026-32057
OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerabil
|
| 50 |
CVE-2026-32045
OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale heade
|
| 50 |
CVE-2025-15363
The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which c
|
| 50 |
CVE-2026-4603
Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by ze
|
| 49 |
CVE-2026-5105
A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affe
|
| 49 |
CVE-2026-5103
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This i
|
| 49 |
CVE-2026-5020
A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected
|
| 49 |
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This i
|
| 49 |
CVE-2026-5101
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This a
|
| 49 |
CVE-2026-5104
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b2022
|
| 49 |
CVE-2026-5102
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. T
|
| 49 |
CVE-2026-5153
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the functio
|
| 49 |
CVE-2026-4554
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element
|
| 49 |
CVE-2026-3881
The Performance Monitor WordPress plugin through 1.0.6 does not validate a param
|
| 48 |
CVE-2026-4592
A security vulnerability has been detected in kalcaddle kodbox 1.64. This impact
|
| 48 |
CVE-2026-5312
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 48 |
CVE-2026-4997
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This af
|
| 48 |
CVE-2026-5638
A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue
|
| 48 |
CVE-2026-5998
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This a
|
| 48 |
CVE-2026-5342
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::
|
| 48 |
CVE-2026-5014
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is
|
| 48 |
CVE-2026-5549
A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected b
|
| 48 |
CVE-2026-5484
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected i
|
| 48 |
CVE-2026-5326
A vulnerability was identified in SourceCodester Leave Application System 1.0. I
|
| 48 |
CVE-2026-4900
A weakness has been identified in code-projects Online Food Ordering System 1.0.
|
| 48 |
CVE-2026-4532
A security vulnerability has been detected in code-projects Simple Food Ordering
|
| 48 |
CVE-2026-5650
A vulnerability was found in code-projects Online Application System for Admissi
|
| 48 |
CVE-2026-5414
A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected b
|
| 48 |
CVE-2026-5571
A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30.
|
| 48 |
CVE-2026-5585
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is
|
| 48 |
CVE-2026-5531
A vulnerability has been found in SourceCodester Student Result Management Syste
|
| 48 |
CVE-2026-5013
A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the fu
|
| 48 |
CVE-2026-32044
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability
|
| 48 |
CVE-2026-33179
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 t
|
| 48 |
CVE-2016-20031
ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in
|
| 48 |
CVE-2026-5666
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by
|
| 48 |
CVE-2026-5661
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown functio
|
| 47 |
CVE-2026-5327
A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1
|
| 47 |
CVE-2026-6118
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is
|
| 47 |
CVE-2026-5351
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the f
|
| 47 |
CVE-2026-5353
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the func
|
| 47 |
CVE-2026-5184
A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted el
|
| 47 |
CVE-2026-5183
A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected el
|
| 47 |
CVE-2026-5352
A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This i
|
| 47 |
CVE-2026-5354
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerabil
|
| 47 |
CVE-2026-5177
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affect
|
| 47 |
CVE-2026-5178
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b2022
|
| 47 |
CVE-2026-4542
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknow
|
| 47 |
CVE-2026-32898
OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerabili
|
| 47 |
CVE-2026-30520
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management Sys
|
| 47 |
CVE-2026-32895
OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in mem
|
| 47 |
CVE-2025-15611
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces i
|
| 47 |
CVE-2026-30527
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Onlin
|
| 47 |
CVE-2025-15445
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-aj
|
| 47 |
CVE-2026-2973
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7
|
| 47 |
CVE-2026-5532
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affe
|
| 47 |
CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element
|
| 47 |
CVE-2026-4496
A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5
|
| 47 |
CVE-2026-4199
A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affe
|
| 47 |
CVE-2026-4187
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.
|
| 47 |
CVE-2026-5595
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affec
|
| 47 |
CVE-2026-5557
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affect
|
| 47 |
CVE-2026-5559
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha
|
| 47 |
CVE-2026-5251
A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown
|
| 47 |
CVE-2026-5248
A vulnerability has been found in gougucms 4.08.18. This affects the function re
|
| 47 |
CVE-2026-4999
A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec
|
| 47 |
CVE-2026-5594
A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the
|
| 47 |
CVE-2026-6125
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted i
|
| 47 |
CVE-2026-5011
A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability a
|
| 47 |
CVE-2026-5561
A vulnerability was determined in Campcodes Complete POS Management and Inventor
|
| 47 |
CVE-2026-6111
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. Thi
|
| 47 |
CVE-2026-5999
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown
|
| 47 |
CVE-2026-5556
A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. Thi
|
| 47 |
CVE-2026-6117
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affect
|
| 47 |
CVE-2026-5535
A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts
|
| 47 |
CVE-2026-5181
A vulnerability has been found in SourceCodester Simple Doctors Appointment Syst
|
| 47 |
CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected eleme
|
| 47 |
CVE-2026-5259
A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affect
|
| 47 |
CVE-2026-4907
A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093e
|
| 47 |
CVE-2026-5470
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e06
|
| 47 |
CVE-2026-5472
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6f
|
| 47 |
CVE-2026-5607
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0
|
| 47 |
CVE-2026-4898
A vulnerability was identified in code-projects Online Food Ordering System 1.0.
|
| 47 |
CVE-2026-5316
A vulnerability was identified in Nothings stb up to 1.22. The impacted element
|
| 47 |
CVE-2026-5328
A weakness has been identified in shsuishang modulithshop up to 829bac71f507e846
|
| 47 |
CVE-2026-5015
A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted eleme
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |