Total CVEs
5697
last 30 days
Avg Priority
34.0
of max 220
KEV
6
actively exploited
POC
777
public exploits
Unpatched
1569
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-5552
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5529
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerabili
|
| 47 |
CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
|
| 47 |
CVE-2026-5636
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5580
A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an
|
| 47 |
CVE-2026-6109
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impa
|
| 47 |
CVE-2026-5321
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is s
|
| 46 |
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0
|
| 46 |
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Managemen
|
| 46 |
CVE-2026-5803
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27
|
| 46 |
CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.
|
| 46 |
CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a93
|
| 46 |
CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This
|
| 46 |
CVE-2026-5659
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is
|
| 46 |
CVE-2026-5339
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the
|
| 46 |
CVE-2026-5041
A vulnerability was identified in code-projects Chamber of Commerce Membership M
|
| 46 |
CVE-2026-5331
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part
|
| 46 |
CVE-2026-32850
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vuln
|
| 46 |
CVE-2026-32852
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vuln
|
| 46 |
CVE-2026-32851
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vuln
|
| 46 |
CVE-2026-5848
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected elem
|
| 46 |
CVE-2026-5203
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the func
|
| 46 |
CVE-2025-60948
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A
|
| 46 |
CVE-2026-4875
A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0
|
| 46 |
CVE-2026-5417
A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affect
|
| 46 |
CVE-2026-5370
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the
|
| 46 |
CVE-2026-4969
A vulnerability was identified in code-projects Social Networking Site 1.0. The
|
| 46 |
CVE-2026-5325
A vulnerability was determined in SourceCodester Simple Customer Relationship Ma
|
| 46 |
CVE-2026-4835
A security vulnerability has been detected in code-projects Accounting System 1.
|
| 46 |
CVE-2026-5249
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function
|
| 46 |
CVE-2026-4626
A vulnerability has been found in projectworlds Lawyer Management System 1.0. Th
|
| 46 |
CVE-2026-4596
A vulnerability was identified in projectworlds Lawyer Management System 1.0. Th
|
| 46 |
CVE-2026-5332
A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects
|
| 46 |
CVE-2026-4995
A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulne
|
| 46 |
CVE-2026-5253
A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulne
|
| 46 |
CVE-2026-5839
A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue
|
| 46 |
CVE-2026-5840
A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impac
|
| 46 |
CVE-2026-5838
A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulne
|
| 46 |
CVE-2026-4994
A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the fu
|
| 46 |
CVE-2026-5568
A vulnerability has been found in Akaunting up to 3.1.21. This issue affects som
|
| 46 |
CVE-2026-5576
A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affec
|
| 46 |
CVE-2026-5252
A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unkn
|
| 46 |
CVE-2026-5254
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. A
|
| 46 |
CVE-2026-5810
A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected
|
| 46 |
CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability
|
| 46 |
CVE-2026-5679
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B2022
|
| 46 |
CVE-2026-5683
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerabi
|
| 46 |
CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0.
|
| 45 |
CVE-2026-4582
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PL
|
| 45 |
CVE-2026-4583
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Af
|
| 44 |
CVE-2026-5023
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8
|
| 44 |
CVE-2026-5619
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This
|
| 44 |
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by t
|
| 44 |
CVE-2026-5007
A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is t
|
| 44 |
CVE-2026-5833
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up
|
| 44 |
CVE-2026-5125
A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by t
|
| 44 |
CVE-2026-4253
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the f
|
| 44 |
CVE-2026-32896
OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler contains a pass
|
| 44 |
CVE-2026-5603
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The aff
|
| 44 |
CVE-2026-5602
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the
|
| 44 |
CVE-2026-30568
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 44 |
CVE-2026-5835
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this v
|
| 44 |
CVE-2026-4616
A security flaw has been discovered in bolo-blog 까지 2.6.4. The affected element
|
| 44 |
CVE-2026-4899
A security flaw has been discovered in code-projects Online Food Ordering System
|
| 44 |
CVE-2026-5644
A security flaw has been discovered in Cyber-III Student-Management-System up to
|
| 44 |
CVE-2026-5209
A security vulnerability has been detected in SourceCodester Leave Application S
|
| 44 |
CVE-2026-5106
A flaw has been found in code-projects Exam Form Submission 1.0. The impacted el
|
| 44 |
CVE-2026-4972
A security vulnerability has been detected in code-projects Online Reviewer Syst
|
| 44 |
CVE-2026-5836
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected
|
| 44 |
CVE-2026-4909
A weakness has been identified in code-projects Exam Form Submission 1.0/7.php.
|
| 44 |
CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is
|
| 44 |
CVE-2026-5643
A vulnerability was identified in Cyber-III Student-Management-System up to 1a93
|
| 44 |
CVE-2026-6003
A security vulnerability has been detected in code-projects Simple IT Discussion
|
| 44 |
CVE-2026-1430
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape som
|
| 44 |
CVE-2026-32065
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulner
|
| 44 |
CVE-2026-5235
A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts
|
| 44 |
CVE-2026-4833
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects
|
| 44 |
CVE-2026-5037
A vulnerability was determined in mxml up to 4.0.4. This issue affects the funct
|
| 44 |
CVE-2026-5323
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability
|
| 44 |
CVE-2026-5668
A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f7
|
| 44 |
CVE-2026-4591
A weakness has been identified in kalcaddle kodbox 1.64. This affects the functi
|
| 44 |
CVE-2026-4537
A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impact
|
| 44 |
CVE-2026-4238
A vulnerability has been found in itsourcecode College Management System 1.0. Th
|
| 44 |
CVE-2026-4189
A weakness has been identified in phpipam up to 1.7.4. The impacted element is a
|
| 44 |
CVE-2026-4550
A vulnerability has been found in code-projects Simple Gym Management System up
|
| 43 |
CVE-2026-28204
Charging station authentication identifiers are publicly accessible via web-base
|
| 43 |
CVE-2026-31926
Charging station authentication identifiers are publicly accessible via web-base
|
| 42 |
CVE-2026-4233
A vulnerability was identified in ThingsGateway 12. This affects an unknown part
|
| 42 |
CVE-2026-4307
A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The i
|
| 42 |
CVE-2026-4557
A vulnerability was detected in code-projects Exam Form Submission 1.0. This imp
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |