Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
6303
last 30 days
Avg Priority
30.6
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
937
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL
118
CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
CRITICAL
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
CRITICAL
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
18 CVE-2026-6333
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the H
18 CVE-2026-45316
### Summary The `POST /api/v1/notes/{id}/pin` endpoint performs a write operati
18 CVE-2025-31959
HCL BigFix Service Management (SM) application fails to strip EXIF metadata from
18 CVE-2026-41663
## Summary Several administrative operations in Admidio's preferences module (d
18 CVE-2026-4643
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rend
18 CVE-2026-42448
### Impact A receiver who specifies "--output <dir>" where that output directory
17 CVE-2026-34685
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2
17 CVE-2026-42195
draw.io is a configurable diagramming and whiteboarding application. Prior to ve
17 CVE-2026-40131
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries
17 CVE-2026-44405
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
17 CVE-2026-28751
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
17 CVE-2026-39824
NewNTUnicodeString does not check for string length overflow. When provided with
17 CVE-2026-28957
An issue with app access to camera metadata was addressed with improved logic. T
17 CVE-2026-28910
This issue was addressed with improved permissions checking. This issue is fixed
17 CVE-2026-42355
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an
17 CVE-2026-42442
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a
17 CVE-2026-21996
An unprivileged attacker can reliably trigger a crash of the dtrace process with
17 CVE-2026-27781
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
17 CVE-2026-25110
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
17 CVE-2026-42444
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a
17 CVE-2026-42445
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an
17 CVE-2026-42443
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an
17 CVE-2026-33565
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
16 CVE-2026-47329
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate inva
16 CVE-2026-47336
Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized
16 CVE-2026-47337
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointe
16 CVE-2026-47330
Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under c
16 CVE-2026-32803
Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13
16 CVE-2026-47327
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointe
16 CVE-2026-44220
## Summary The `discover_pipeline_files()` function in `src/ciguard/discovery.p
16 CVE-2026-45362
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in
16 CVE-2026-44070
In Netatalk 2.0.0 through 4.4.2, unbounded realloc in charset conversion. Fixed
16 CVE-2026-7835
In Netatalk 3.0.3 through 4.4.2, format string argument mismatch. Fixed in 4.5.0
16 CVE-2026-49009
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4
16 CVE-2026-22741
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resol
16 CVE-2026-8579
Insufficient validation of untrusted input in Skia in Google Chrome prior to 148
16 CVE-2026-44057
A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through
16 CVE-2026-7836
In Netatalk 2.0.0 through 4.4.2, hextoint macro uppercase bug. Fixed in 4.5.0.
16 CVE-2026-4053
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the Po
16 CVE-2026-8545
Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowe
16 CVE-2026-8572
Insufficient policy enforcement in Network in Google Chrome on Android prior to
16 CVE-2026-8554
Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allo
16 CVE-2026-8578
Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allo
16 CVE-2026-8556
Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0
16 CVE-2025-59854
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulner
16 CVE-2026-27680
Due to improper input handling under certain conditions, SAP NetWeaver Applicati
16 CVE-2025-59853
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where t
16 CVE-2026-8553
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote
16 CVE-2026-8017
Side-channel information leakage in Media in Google Chrome prior to 148.0.7778.9
16 CVE-2026-39967
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine'
16 CVE-2026-6334
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client
16 CVE-2026-7959
Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.
16 CVE-2026-8536
Insufficient validation of untrusted input in ReadingMode in Google Chrome on Ma
16 CVE-2026-8568
Insufficient policy enforcement in AI in Google Chrome prior to 148.0.7778.168 a
16 CVE-2026-40020
Attacker can use the IMAP SETACL command to inject the anyone permission to user
16 CVE-2026-8022
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 al
16 CVE-2026-7965
Insufficient validation of untrusted input in DevTools in Google Chrome prior to
16 CVE-2026-44970
*Discovered through manual source code review. Verified by PoC execution against
16 CVE-2026-7937
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778
16 CVE-2026-7909
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.77
16 CVE-2026-45739
## Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQ
16 CVE-2026-7968
Insufficient validation of untrusted input in CORS in Google Chrome prior to 148
16 CVE-2026-7954
Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote
16 CVE-2026-7945
Insufficient validation of untrusted input in COOP in Google Chrome prior to 148
16 CVE-2026-4286
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{tea
16 CVE-2026-7944
Insufficient validation of untrusted input in Persistent Cache in Google Chrome
16 CVE-2026-7949
Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a rem
16 CVE-2026-7966
Insufficient validation of untrusted input in SiteIsolation in Google Chrome pri
15 CVE-2026-44072
In Netatalk 2.2.1 through 4.4.2, system() after failed chdir(). Fixed in 4.5.0.
15 CVE-2026-44218
## Summary The published `ghcr.io/jo-jo98/ciguard` container image inherits the
15 CVE-2026-44916
In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered witho
15 CVE-2025-62312
HCL AION is affected by a vulnerability where basic authorization tokens are use
15 CVE-2026-7262
Pre-NVD disclosure via GitHub release 'PHP 8.2.31' (php/php-src). The PHP develo
15 CVE-2026-42578
# Security Vulnerability Report: HTTP Header Injection via HttpProxyHandler Disa
15 CVE-2026-8276
A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some
15 CVE-2026-32684
The application does not impose strict enough restrictions on directory access p
15 CVE-2026-7610
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an u
15 CVE-2026-44927
In uriparser before 1.0.2, there is pointer difference truncation to int in vari
15 CVE-2026-44928
In uriparser before 1.0.2, the function family EqualsUri can misclassify two une
15 CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collisi
14 CVE-2026-45028
### Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect th
14 CVE-2026-41963
Stack overflow vulnerability in the media platform. Impact: Successful exploitat
14 CVE-2026-41659
## Summary The member assignment DataTables endpoint (`members_assignment_data.
14 CVE-2026-8492
Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate
14 CVE-2025-62345
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Inp
13 CVE-2025-31957
HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery
13 CVE-2025-31975
HCL BigFix Service Management (SM) is affected by an Information Disclosure - Se
13 CVE-2025-62309
HCL AION is affected by a vulnerability where auto-complete functionality is ena
13 CVE-2025-62317
HCL AION is affected by a vulnerability where sensitive information may be inclu
13 CVE-2026-44638
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. F

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3799d
CVE-2023-34048 CRITICAL 9.8 222 946d
Prev 4 / 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy