Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
6202
last 30 days
Avg Priority
31.3
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
938
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL
118
CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
CRITICAL
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
CRITICAL
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
136 CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Capti
133 CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0
127 CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a
120 CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possi
118 CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicio
117 CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo
117 CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON T
116 CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver
69 CVE-2026-24118
### Summary VM2 suffers from a sandbox breakout vulnerability. This allows atta
69 CVE-2026-26956
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerab
69 CVE-2026-24120
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix f
69 CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.1
69 CVE-2026-45185
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable u
68 CVE-2026-6722
Pre-NVD disclosure via GitHub release 'PHP 8.2.31' (php/php-src). The PHP develo
67 CVE-2026-41922
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-43944
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
67 CVE-2026-41923
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerab
67 CVE-2026-41925
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-41926
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-41924
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-44643
Angular Expressions provides expressions for the Angular.JS web framework as a s
67 CVE-2026-41948
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows
67 CVE-2026-41947
Dify version 1.14.1 and prior contains an authorization bypass vulnerability tha
66 CVE-2026-24444
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con
66 CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_mo
66 CVE-2026-31071
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack au
66 CVE-2026-45091
sealed-env is a cross-stack, zero-trust secret management library for Node.js an
49 CVE-2026-7567
The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass
48 CVE-2026-42048
## Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API (
47 CVE-2026-44262
### Impact A remote code execution (RCE) vulnerability affects versions `0.13.2
46 CVE-2026-36356
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1
46 CVE-2026-42607
### Summary An authenticated user with administrative privileges can achieve Rem
45 CVE-2026-30893
Wazuh is a free and open source platform used for threat prevention, detection,

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy