Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
6303
last 30 days
Avg Priority
30.6
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
937
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL
118
CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
CRITICAL
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
CRITICAL
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
34 CVE-2026-41119
Dell Live Optics Windows and Personal Edition collectors contain an improper cer
34 CVE-2026-44247
### Impact The Volcano webhook server does not enforce a size limit on incoming
34 CVE-2026-20171
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as featu
34 CVE-2026-41097
Reliance on a component that is not updateable in Windows Secure Boot allows an
34 CVE-2026-21530
Double free in Windows Rich Text Edit allows an authorized attacker to elevate p
34 CVE-2026-32170
Double free in Windows Rich Text Edit Control allows an authorized attacker to e
34 CVE-2025-53870
An improper neutralization of special elements used in an os command ('os comman
34 CVE-2025-53680
An improper neutralization of special elements used in an OS command ("OS Comman
34 CVE-2026-42032
### Impact A vulnerability in `datastore_search_sql` allowed attackers to bypas
34 CVE-2026-42176
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.6
34 CVE-2026-44076
In Netatalk 3.1.0 through 4.4.2, shell injection via volume path. Fixed in 4.4.3
34 CVE-2026-20451
In slbc, there is a possible out of bounds write due to type confusion. This cou
34 CVE-2026-48065
pam_usb provides hardware authentication for Linux using ordinary removable medi
34 CVE-2026-20447
In geniezone, there is a possible escalation of privilege due to a missing bound
34 CVE-2026-20448
In geniezone, there is a possible escalation of privilege due to a missing permi
34 CVE-2026-0804
An ACAP configuration file lacked sufficient input validation, which could allow
34 CVE-2026-42866
Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/
34 CVE-2026-25852
Local privilege escalation due to DLL hijacking vulnerability. The following pro
34 CVE-2026-26946
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to
34 CVE-2026-0541
ACAP applications can gain elevated privileges due to improper input validation
34 CVE-2026-46380
A source code audit led to the discovery of three significant security vulnerabi
34 CVE-2026-40638
Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution w
34 CVE-2026-42408
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Sh
34 CVE-2026-28758
When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_
33 CVE-2026-34216
CtrlPanel is open-source billing software for hosting providers. In versions 1.1
33 CVE-2026-44439
Playwright Capture did not sufficiently restrict navigations and resource reques
33 CVE-2026-48919
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP ref
33 CVE-2026-41292
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degrada
33 CVE-2026-44217
### Impact Implementations that allows user-provided values to be passed to `ev
33 CVE-2026-40622
NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability
33 CVE-2026-48918
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by defau
33 CVE-2026-41132
### Impact Configured SMTP server may be spoofed with any certificate (e.g. self
33 CVE-2026-6366
Improperly Controlled Modification of Dynamically-Determined Object Attributes v
33 CVE-2026-35255
Vulnerability in the Oracle Cloud Native Environment Command Line Interface prod
33 CVE-2026-45130
Vim is an open source, command line text editor. Prior to version 9.2.0450, a he
33 CVE-2026-48917
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP re
33 CVE-2026-48916
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
33 CVE-2026-4362
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthori
33 CVE-2026-40135
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Se
33 CVE-2026-6072
The Oliver POS - A WooCommerce Point of Sale (POS) plugin for WordPress is vulne
33 CVE-2026-31246
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) cont
33 CVE-2026-42209
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to v
33 CVE-2026-44054
In Netatalk 2.0.0 through 4.4.2, predictable afpd session token. Fixed in 4.4.3.
33 CVE-2025-70070
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service
33 CVE-2025-70072
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service
33 CVE-2025-15463
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to a
33 CVE-2026-34350
Null pointer dereference in Windows Storport Miniport Driver allows an unauthori
33 CVE-2026-35514
Chartbrew is an open-source web application that can connect directly to databas
33 CVE-2026-20450
In Modem, there is a possible system crash due to incorrect error handling. This
33 CVE-2026-41308
Password Pusher is an open source application to communicate sensitive informati
33 CVE-2026-20449
In Modem, there is a possible system crash due to a heap buffer overflow. This c
33 CVE-2026-31241
The mem0 1.0.0 server lacks authentication and authorization controls for its me
33 CVE-2026-5957
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all ve
33 CVE-2026-42827
Improper neutralization of special elements used in a command ('command injectio
33 CVE-2026-42732
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQua
33 CVE-2026-4683
The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthori
33 CVE-2026-42744
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQua
33 CVE-2026-28221
Wazuh is a free and open source platform used for threat prevention, detection,
33 CVE-2026-44324
### Summary free5GC's UDR `nudr-dr` `DELETE /subscription-data/{ueId}/{servingPl
33 CVE-2026-35422
Authentication bypass using an alternate path or channel in Windows TCP/IP allow
33 CVE-2026-31244
The mem0 1.0.0 server lacks authentication and authorization controls for its me
33 CVE-2026-3345
IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse
33 CVE-2026-41885
i18next-locize-backend is a simple i18next backend for locize.com which can be u
33 CVE-2026-39053
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-b
33 CVE-2026-41691
Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaS
33 CVE-2026-42314
Insufficient sanitization of package folder names allows writing files outside t
33 CVE-2026-42367
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi funct
33 CVE-2026-4409
The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unautho
33 CVE-2026-40685
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write
33 CVE-2026-44317
### Summary free5GC's PCF `POST /npcf-policyauthorization/v1/app-sessions` handl
33 CVE-2026-42891
User interface (ui) misrepresentation of critical information in Microsoft Edge
33 CVE-2026-45667
### Summary GET `/api/v1/memories/ef` is accessible without authentication and e
33 CVE-2026-26206
Wazuh is a free and open source platform used for threat prevention, detection,
33 CVE-2026-6262
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in vers
33 CVE-2026-4502
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated a
33 CVE-2026-47273
pam_usb provides hardware authentication for Linux using ordinary removable medi
33 CVE-2026-20240
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splu
33 CVE-2026-32739
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 a
33 CVE-2026-39052
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. Th
33 CVE-2026-43889
Outline is a service that allows for collaborative documentation. Prior to 1.7.0
33 CVE-2026-4782
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in a
33 CVE-2026-41655
## Summary The `ecard_preview.php` endpoint does not validate that the `ecard_t
33 CVE-2026-44222
## Summary This report explains a Token Injection vulnerability in vLLM’s multim
33 CVE-2026-32185
Files or directories accessible to external parties in Microsoft Teams allows an
33 CVE-2026-44223
### Summary The `extract_hidden_states` speculative decoding proposer in vLLM r
33 CVE-2026-6936
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to u
33 CVE-2026-35440
Files or directories accessible to external parties in Microsoft Office Word all
33 CVE-2026-41499
Wazuh is a free and open source platform used for threat prevention, detection,
33 CVE-2026-6052
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to runnin
33 CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 a

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3799d
CVE-2023-34048 CRITICAL 9.8 222 946d
Prev 4 / 26 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy