Total CVEs
6303
last 30 days
Avg Priority
30.6
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
937
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
118
CVE-2026-45321
## Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
Priority Distribution
| Priority | CVE |
|---|---|
| 49 |
CVE-2026-8760
The Login with OTP plugin for WordPress is vulnerable to authentication bypass i
|
| 49 |
CVE-2026-9642
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthentica
|
| 49 |
CVE-2026-48689
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buf
|
| 49 |
CVE-2025-12686
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerabi
|
| 49 |
CVE-2026-42731
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verifi
|
| 49 |
CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Pan
|
| 49 |
CVE-2026-8809
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privi
|
| 49 |
CVE-2026-44649
## Resolution
SillyTavern 1.18.0 now includes a configuration option to limit w
|
| 49 |
CVE-2026-46670
### Summary
An unauthenticated SQL injection in the Bazar form-import path (`Fo
|
| 49 |
CVE-2026-48687
FastNetMon Community Edition through 1.2.9 contains an OS command injection vuln
|
| 49 |
CVE-2026-37431
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection
|
| 49 |
CVE-2026-6960
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload
|
| 49 |
CVE-2026-45697
### Impact
- Unauthenticated users could submit crafted values into Hidden field
|
| 49 |
CVE-2026-45695
## Summary
Kopia's HTTP server, when started with `--without-password `, accept
|
| 49 |
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializ
|
| 49 |
CVE-2026-46614
### Summary
The Fission router registers an internal-style route - `/fission-fu
|
| 49 |
CVE-2026-34311
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Ora
|
| 49 |
CVE-2025-71211
A vulnerability in the Trend Micro Apex One management console could allow a rem
|
| 49 |
CVE-2025-71210
A vulnerability in the Trend Micro Apex One management console could allow a rem
|
| 48 |
CVE-2026-42090
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to N
|
| 48 |
CVE-2026-2587
A critical Remote Code Execution (RCE) vulnerability was identified in the serve
|
| 48 |
CVE-2026-41615
Exposure of sensitive information to an unauthorized actor in Microsoft Authenti
|
| 48 |
CVE-2026-8043
External control of a file name in Ivanti Xtraction before version 2026.2 allows
|
| 48 |
CVE-2026-43899
DeepChat is an open-source artificial intelligence agent platform that unifies m
|
| 48 |
CVE-2026-8511
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote a
|
| 48 |
CVE-2026-8580
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote
|
| 48 |
CVE-2026-8959
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 compone
|
| 48 |
CVE-2026-43941
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
|
| 48 |
CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels t
|
| 48 |
CVE-2026-42048
## Summary
Langflow is vulnerable to Path Traversal in the Knowledge Bases API (
|
| 48 |
CVE-2026-2611
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin
|
| 48 |
CVE-2026-5166
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
|
| 48 |
CVE-2026-42880
### Summary
There is a missing authorization and data-masking gap in Argo CD's S
|
| 48 |
CVE-2026-44547
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The f
|
| 48 |
CVE-2026-42088
OpenC3 COSMOS provides the functionality needed to send commands to and receive
|
| 48 |
CVE-2026-34263
Due to improper Spring Security configuration, SAP Commerce cloud allows an unau
|
| 48 |
CVE-2026-42087
OpenC3 COSMOS provides the functionality needed to send commands to and receive
|
| 48 |
CVE-2026-25293
Buffer overflow due to incorrect authorization in PLC FW
|
| 48 |
CVE-2026-7910
Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote
|
| 48 |
CVE-2026-34260
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerabil
|
| 48 |
CVE-2026-44482
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Las
|
| 48 |
CVE-2026-44211
## Summary
The `kanban` npm package (used by the `cline` CLI) starts a WebSocke
|
| 48 |
CVE-2026-45758
### Impact
On May 11, 2026 at approximately 6:00 PM Pacific, an attacker publis
|
| 48 |
CVE-2026-45323
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3
|
| 48 |
CVE-2026-45311
### Summary
The `run_tests` tool executes `cargo test` in the workspace with `Ap
|
| 48 |
CVE-2026-45374
### Summary
The `task_create` tool spawns durable sub-agents that inherit two i
|
| 48 |
CVE-2026-41589
Wish is an SSH server with defaults and a collection of middlewares. From versio
|
| 48 |
CVE-2026-8953
Sandbox escape due to use-after-free in the Disability Access APIs component. Th
|
| 48 |
CVE-2026-8670
Insufficient session expiration vulnerability in syslink software AG Avantra on
|
| 48 |
CVE-2026-36760
An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.1
|
| 48 |
CVE-2026-6795
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive
|
| 48 |
CVE-2026-46703
#### Summary
Boxlite is a sandbox service that allows users to create lightweig
|
| 48 |
CVE-2026-7908
Use after free in Fullscreen in Google Chrome prior to 148.0.7778.96 allowed a r
|
| 48 |
CVE-2026-8467
Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthent
|
| 48 |
CVE-2026-43633
HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in
|
| 47 |
CVE-2026-9102
A path traversal vulnerability exists in the Altium Enterprise Server Comparison
|
| 47 |
CVE-2026-42231
## Impact
A flaw in the `xml2js` library used to parse XML request bodies in n8n
|
| 47 |
CVE-2026-8134
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the p
|
| 47 |
CVE-2026-40076
## Affected Versions
version ≤ 2.7.8 (latest version at time of disclosure)
ht
|
| 47 |
CVE-2026-44590
Sherlock hunts down social media accounts by username across social networks. Pr
|
| 47 |
CVE-2026-33324
SQLBot is an intelligent Text-to-SQL system based on large language models and R
|
| 47 |
CVE-2026-42882
## Background
The original concern is functional: a resource pattern should tre
|
| 47 |
CVE-2026-29080
### Summary
A SQL injection vulnerability in the Oracle path of `FilterEngine.c
|
| 47 |
CVE-2026-44588
## Summary
The tooltip mouseover handler in `app/src/block/popover.ts` reads `a
|
| 47 |
CVE-2026-44670
## Summary
The kernel stores Attribute View (AV / database) names without any H
|
| 47 |
CVE-2026-44262
### Impact
A remote code execution (RCE) vulnerability affects versions `0.13.2
|
| 47 |
CVE-2026-42811
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials
|
| 47 |
CVE-2026-44336
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MC
|
| 47 |
CVE-2026-42596
### Summary
The default deny-lists used by Gotenberg's `downloadFrom` feature an
|
| 47 |
CVE-2026-42810
Apache Polaris accepts literal `*` characters in namespace and table names. When
|
| 47 |
CVE-2026-42812
In Apache Iceberg, the table's metadata files are control files: they tell reade
|
| 47 |
CVE-2026-7813
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Se
|
| 47 |
CVE-2026-42809
Apache Polaris can issue broad temporary ("vended") storage credentials during
s
|
| 47 |
CVE-2026-42613
# Bug Report: Registration Privilege Escalation via Missing Server-Side Validati
|
| 47 |
CVE-2026-42232
## Impact
An authenticated user with permission to create or modify workflows co
|
| 47 |
CVE-2026-8431
An administrative user with access to configure webhooks can execute arbitrary c
|
| 47 |
CVE-2026-45035
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1
|
| 47 |
CVE-2026-39405
Frappe Learning Management System (LMS) is a learning system that helps users st
|
| 47 |
CVE-2026-42569
# Security Advisory: Unauthenticated Access to Legacy Import Feature
**Severity
|
| 47 |
CVE-2026-44315
### Summary
free5GC's NEF mounts the `3gpp-pfd-management` API without inbound O
|
| 47 |
CVE-2026-44326
### Summary
free5GC's NEF mounts the `3gpp-traffic-influence` API without inboun
|
| 47 |
CVE-2026-43383
In the Linux kernel, the following vulnerability has been resolved:
net/tcp-md5
|
| 47 |
CVE-2026-9129
A path traversal vulnerability exists in the Altium Enterprise Server Viewer Sto
|
| 47 |
CVE-2026-43114
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 47 |
CVE-2026-44592
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_D
|
| 47 |
CVE-2026-9739
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During
|
| 47 |
CVE-2026-44848
## Summary
Portainer enforces Role-Based Access Control (RBAC) on top of the Do
|
| 47 |
CVE-2026-49103
Webmin before 2.640 does not safely construct a filename for saving of an attach
|
| 47 |
CVE-2026-32998
This vulnerability in Veeam Service Provider Console allows for remote code exec
|
| 47 |
CVE-2026-44477
### Impact
The CloudNativePG metrics exporter opens its PostgreSQL connection a
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3799d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |