Total CVEs
6161
last 30 days
Avg Priority
35.2
of max 220
KEV
8
actively exploited
POC
755
public exploits
Unpatched
1234
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
Priority Distribution
| Priority | CVE |
|---|---|
| 22 |
CVE-2026-21783
HCL Traveler is affected by sensitive information disclosure. The application g
|
| 22 |
CVE-2026-32099
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
|
| 22 |
CVE-2026-33214
Weblate is a web based localization tool. In versions prior to 5.17, the transla
|
| 22 |
CVE-2026-6298
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a
|
| 22 |
CVE-2026-39618
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo al
|
| 22 |
CVE-2026-5889
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an
|
| 22 |
CVE-2026-4393
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allow
|
| 22 |
CVE-2026-35411
### Summary
Directus is vulnerable to an Open Redirect via the redirect query p
|
| 22 |
CVE-2025-15635
Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order fo
|
| 22 |
CVE-2025-53444
Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows C
|
| 22 |
CVE-2025-55268
HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the ac
|
| 22 |
CVE-2025-55273
HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability whe
|
| 22 |
CVE-2026-4949
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User
|
| 22 |
CVE-2026-28736
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ow
|
| 22 |
CVE-2026-0814
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorize
|
| 22 |
CVE-2026-33460
Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information
|
| 22 |
CVE-2026-40486
### Summary
A Mass Assignment / Broken Object Property Level Authorization (BOPA
|
| 22 |
CVE-2026-40305
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS
|
| 21 |
CVE-2026-32187
Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
|
| 21 |
CVE-2026-24318
Due to an Insecure session management vulnerability in SAP Business Objects Busi
|
| 21 |
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect
|
| 21 |
CVE-2026-35041
fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0,
|
| 21 |
CVE-2026-32602
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpo
|
| 21 |
CVE-2026-33248
### Background
NATS.io is a high performance open source pub-sub distributed co
|
| 21 |
CVE-2026-3532
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / O
|
| 21 |
CVE-2026-26072
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
|
| 21 |
CVE-2026-26071
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
|
| 21 |
CVE-2026-35414
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon
|
| 21 |
CVE-2026-27814
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
|
| 21 |
CVE-2026-39413
## Summary
The LightRAG API is vulnerable to a JWT algorithm confusion attack wh
|
| 21 |
CVE-2025-55269
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which mak
|
| 21 |
CVE-2026-22574
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR
|
| 21 |
CVE-2026-1163
An insufficient session expiration vulnerability exists in the latest version of
|
| 21 |
CVE-2026-32310
Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6
|
| 21 |
CVE-2026-27166
Discourse is an open source discussion platform. Prior to versions 2026.3.0-late
|
| 21 |
CVE-2026-27683
SAP BusinessObjects Business Intelligence application allows an authenticated at
|
| 21 |
CVE-2026-35601
## Summary
The CalDAV output generator builds iCalendar VTODO entries via raw s
|
| 21 |
CVE-2026-33619
### Summary
PinchTab v0.8.3 contains a server-side request forgery issue in the
|
| 21 |
CVE-2025-36373
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway
|
| 21 |
CVE-2026-21009
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Relea
|
| 21 |
CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data
|
| 21 |
CVE-2025-43883
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check fo
|
| 21 |
CVE-2026-39845
Weblate is a web based localization tool. In versions prior to 5.17, the webhook
|
| 21 |
CVE-2026-34944
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
|
| 21 |
CVE-2026-34860
Access control vulnerability in the memo module.
Impact: Successful exploitation
|
| 21 |
CVE-2026-34858
UAF vulnerability in the communication module.
Impact: Successful exploitation o
|
| 20 |
CVE-2026-35177
Vim is an open source, command line text editor. Prior to 9.2.0280, a path trave
|
| 20 |
CVE-2026-31804
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. P
|
| 20 |
CVE-2026-40394
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "w
|
| 20 |
CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of serv
|
| 20 |
CVE-2026-33414
## Summary
A command injection vulnerability exists in Podman's HyperV machine
|
| 20 |
CVE-2026-28816
A path handling issue was addressed with improved validation. This issue is fixe
|
| 20 |
CVE-2025-62844
A weak authentication vulnerability has been reported to affect QHora. If an att
|
| 20 |
CVE-2026-28826
A logic issue was addressed with improved restrictions. This issue is fixed in m
|
| 20 |
CVE-2026-28882
This issue was addressed with improved checks. This issue is fixed in iOS 26.4 a
|
| 20 |
CVE-2026-39566
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
|
| 20 |
CVE-2026-39572
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
|
| 20 |
CVE-2026-39316
OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik
|
| 20 |
CVE-2026-21767
HCL BigFix Platform is affected by insufficient authentication. The application
|
| 20 |
CVE-2026-20607
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 20 |
CVE-2026-40385
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote
|
| 20 |
CVE-2026-40386
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Ol
|
| 20 |
CVE-2026-39314
OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik
|
| 20 |
CVE-2026-0232
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent
|
| 20 |
CVE-2026-33535
An out-of-bounds write of a zero byte exists in the X11 `display` interaction pa
|
| 20 |
CVE-2026-40396
Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (da
|
| 20 |
CVE-2026-34553
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 20 |
CVE-2025-14684
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could
|
| 20 |
CVE-2026-2625
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability
|
| 20 |
CVE-2026-33555
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not chec
|
| 0 |
CVE-2026-39398
## Affected
openclaw-claude-bridge v1.1.0
## Issue
v1.1.0 spawns the Claude C
|
| 0 |
CVE-2026-40883
### Summary
goshs contains a cross-site request forgery issue in its state-chang
|
| 0 |
CVE-2026-40881
# CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion
## Summary
W
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2303d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2116d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1730d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2233d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4981d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1003d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3758d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 905d |
Prev
31 / 31