Total CVEs
5663
last 30 days
Avg Priority
35.3
of max 220
KEV
8
actively exploited
POC
770
public exploits
Unpatched
1097
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
118
CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
114
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
109
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform
Priority Distribution
| Priority | CVE |
|---|---|
| 33 |
CVE-2026-39374
Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBul
|
| 33 |
CVE-2026-33730
Open Source Point of Sale (opensourcepos) is a web based point of sale applicati
|
| 33 |
CVE-2026-25834
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
|
| 33 |
CVE-2026-32120
OpenEMR is a free and open source electronic health records and medical practice
|
| 33 |
CVE-2026-29597
Incorrect access control in the file_details.asp endpoint of DDSN Interactive Ac
|
| 33 |
CVE-2025-14790
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attac
|
| 33 |
CVE-2025-14915
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphe
|
| 33 |
CVE-2026-3590
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.
|
| 33 |
CVE-2026-3531
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal
|
| 33 |
CVE-2026-3214
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal
|
| 33 |
CVE-2026-20690
An out-of-bounds access issue was addressed with improved bounds checking. This
|
| 33 |
CVE-2026-28878
A privacy issue was addressed by removing sensitive data. This issue is fixed in
|
| 33 |
CVE-2026-34779
### Impact
On macOS, `app.moveToApplicationsFolder()` used an AppleScript fallba
|
| 33 |
CVE-2026-34788
Emlog is an open source website building system. In versions 2.6.2 and prior, a
|
| 33 |
CVE-2026-20083
A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE
|
| 33 |
CVE-2026-34261
Due to a missing authorization check in SAP Business Analytics and SAP Content M
|
| 33 |
CVE-2026-34740
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EP
|
| 33 |
CVE-2026-35173
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR /
|
| 33 |
CVE-2026-3527
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashbo
|
| 33 |
CVE-2026-20042
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard cou
|
| 33 |
CVE-2026-5919
Insufficient validation of untrusted input in WebSockets in Google Chrome prior
|
| 33 |
CVE-2026-3121
A flaw was found in Keycloak. An administrator with `manage-clients` permission
|
| 33 |
CVE-2025-69988
BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An un
|
| 33 |
CVE-2026-1839
A vulnerability in the HuggingFace Transformers library, specifically in the `Tr
|
| 33 |
CVE-2026-20657
The issue was addressed with improved memory handling. This issue is fixed in iO
|
| 33 |
CVE-2026-1014
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exp
|
| 33 |
CVE-2026-28880
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 33 |
CVE-2026-25339
Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi C
|
| 33 |
CVE-2026-23484
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and pri
|
| 33 |
CVE-2026-30480
A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) o
|
| 33 |
CVE-2026-1101
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef
|
| 33 |
CVE-2026-25344
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
|
| 33 |
CVE-2026-28857
The issue was addressed with improved memory handling. This issue is fixed in Sa
|
| 33 |
CVE-2026-32588
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticate
|
| 33 |
CVE-2026-28844
A file access issue was addressed with improved input validation. This issue is
|
| 33 |
CVE-2026-32514
Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allo
|
| 33 |
CVE-2026-32489
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploit
|
| 33 |
CVE-2026-24972
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing
|
| 33 |
CVE-2026-32483
Missing Authorization vulnerability in codepeople Contact Form Email contact-for
|
| 33 |
CVE-2026-27046
Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allow
|
| 33 |
CVE-2026-25469
Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – W
|
| 33 |
CVE-2026-32535
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Hel
|
| 33 |
CVE-2026-32541
Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager prem
|
| 33 |
CVE-2026-40199
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addres
|
| 33 |
CVE-2026-24364
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend
|
| 33 |
CVE-2026-39569
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-st
|
| 33 |
CVE-2026-24376
Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerab
|
| 33 |
CVE-2026-39639
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-i
|
| 33 |
CVE-2026-30655
SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and ea
|
| 33 |
CVE-2026-33141
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Di
|
| 33 |
CVE-2026-25462
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting In
|
| 33 |
CVE-2026-24987
Missing Authorization vulnerability in activity-log.com WP System Log winterlock
|
| 33 |
CVE-2026-25009
Missing Authorization vulnerability in raratheme Education Zone education-zone a
|
| 33 |
CVE-2026-25455
Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerc
|
| 33 |
CVE-2026-25454
Missing Authorization vulnerability in MVPThemes The League the-league allows Ex
|
| 33 |
CVE-2026-25437
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exp
|
| 33 |
CVE-2026-32527
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7
|
| 33 |
CVE-2026-32533
Authorization Bypass Through User-Controlled Key vulnerability in LatePoint Late
|
| 33 |
CVE-2026-23972
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager
|
| 33 |
CVE-2026-25430
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and C
|
| 33 |
CVE-2026-25034
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-ma
|
| 33 |
CVE-2026-25398
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor
|
| 33 |
CVE-2026-25390
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-appr
|
| 33 |
CVE-2026-25365
Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-tur
|
| 33 |
CVE-2026-25327
Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservati
|
| 33 |
CVE-2026-3889
Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and
|
| 33 |
CVE-2026-22485
Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gall
|
| 33 |
CVE-2026-28835
A use-after-free issue was addressed with improved memory management. This issue
|
| 33 |
CVE-2026-5903
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a
|
| 33 |
CVE-2026-33903
## Summary
Ella Core panics when processing a specially crafted NGAP LocationRe
|
| 33 |
CVE-2026-22155
A cleartext transmission of sensitive information vulnerability in Fortinet Fort
|
| 33 |
CVE-2026-5881
Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allo
|
| 33 |
CVE-2026-34538
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom re
|
| 33 |
CVE-2026-20110
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated
|
| 33 |
CVE-2026-3571
The Pie Register - User Registration, Profiles & Content Restriction plugin for
|
| 33 |
CVE-2026-23481
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there
|
| 33 |
CVE-2026-33215
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native me
|
| 33 |
CVE-2026-6080
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up
|
| 33 |
CVE-2026-34613
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV
|
| 33 |
CVE-2026-35492
### Impact
PartitionedDataset in kedro-datasets was vulnerable to path traversa
|
| 33 |
CVE-2026-34611
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV
|
| 33 |
CVE-2026-39366
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Pa
|
| 33 |
CVE-2026-28863
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 33 |
CVE-2025-47374
Memory Corruption when accessing freed memory due to concurrent fence deregistra
|
| 33 |
CVE-2026-4749
NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecas
|
| 33 |
CVE-2025-36375
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway
|
| 33 |
CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-pri
|
| 33 |
CVE-2026-33904
## Summary
A deadlock in the AMF's SCTP notification handler causes the entire
|
| 33 |
CVE-2025-53847
A missing authentication for critical function vulnerability in Fortinet FortiOS
|
| 33 |
CVE-2026-25627
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to v
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1732d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2235d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1005d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3760d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 907d |