Total CVEs
6202
last 30 days
Avg Priority
31.3
of max 220
KEV
14
actively exploited
POC
495
public exploits
Unpatched
938
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
118
CVE-2026-45321
## Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
Priority Distribution
| Priority | CVE |
|---|---|
| 131 |
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1,
|
| 65 |
CVE-2026-7538
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This iss
|
| 65 |
CVE-2026-7823
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Aff
|
| 65 |
CVE-2026-7719
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The
|
| 65 |
CVE-2026-7747
A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected
|
| 65 |
CVE-2026-7854
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affecte
|
| 65 |
CVE-2026-7853
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the fun
|
| 65 |
CVE-2026-5787
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7
|
| 64 |
CVE-2026-7834
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This i
|
| 64 |
CVE-2026-5786
An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1
|
| 64 |
CVE-2026-32834
Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contai
|
| 64 |
CVE-2026-29514
NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerabilit
|
| 64 |
CVE-2026-32847
DeepCode through commit c991dc2 contains a path traversal vulnerability in the S
|
| 64 |
CVE-2026-34965
Cockpit CMS contains an authenticated remote code execution vulnerability in the
|
| 62 |
CVE-2026-41927
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based bu
|
| 61 |
CVE-2026-41471
Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier conta
|
| 58 |
CVE-2026-34473
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H26
|
| 58 |
CVE-2026-34474
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A
|
| 57 |
CVE-2026-7749
A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. T
|
| 57 |
CVE-2026-7717
A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issu
|
| 57 |
CVE-2026-7750
A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerabil
|
| 57 |
CVE-2026-8137
A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vu
|
| 57 |
CVE-2026-7748
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by t
|
| 57 |
CVE-2026-7470
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected
|
| 57 |
CVE-2026-8138
A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the fun
|
| 57 |
CVE-2026-8260
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element
|
| 57 |
CVE-2026-7821
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.
|
| 57 |
CVE-2026-7503
A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impac
|
| 57 |
CVE-2026-7675
A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to
|
| 57 |
CVE-2026-9345
A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the f
|
| 57 |
CVE-2026-9346
A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function
|
| 57 |
CVE-2026-7420
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-18053
|
| 57 |
CVE-2026-9348
A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vuln
|
| 57 |
CVE-2026-8776
A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affe
|
| 57 |
CVE-2026-7684
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This
|
| 57 |
CVE-2026-8234
A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vu
|
| 57 |
CVE-2026-7685
A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unkn
|
| 57 |
CVE-2026-7419
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
|
| 57 |
CVE-2026-8775
A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2
|
| 57 |
CVE-2026-7418
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th
|
| 57 |
CVE-2026-9360
A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this
|
| 57 |
CVE-2026-9344
A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The
|
| 57 |
CVE-2026-7855
A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issu
|
| 57 |
CVE-2026-9294
A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is
|
| 57 |
CVE-2026-9295
A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f
|
| 57 |
CVE-2026-7857
A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability
|
| 57 |
CVE-2026-7856
A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part
|
| 57 |
CVE-2026-7851
A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the fu
|
| 57 |
CVE-2026-8764
A security vulnerability has been detected in H3C Magic B3 up to 100R002. This a
|
| 56 |
CVE-2025-70103
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th
|
| 56 |
CVE-2026-31266
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in th
|
| 56 |
CVE-2026-7833
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerabilit
|
| 56 |
CVE-2026-38751
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulner
|
| 55 |
CVE-2026-5788
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, an
|
| 54 |
CVE-2026-8603
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an a
|
| 54 |
CVE-2026-8602
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnera
|
| 54 |
CVE-2026-33893
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
|
| 53 |
CVE-2026-8604
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigge
|
| 53 |
CVE-2026-33862
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
|
| 52 |
CVE-2026-26289
PowerSYSTEM Center REST API endpoint for device account export allows an authent
|
| 49 |
CVE-2026-8108
The installation of Fuji Tellus adds a driver to the kernel which grants all use
|
| 45 |
CVE-2026-35555
PowerSYSTEM Center feature for device project groups allows an authenticated use
|
| 45 |
CVE-2026-7256
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI pro
|
| 45 |
CVE-2025-40949
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1
|
| 45 |
CVE-2026-8135
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to inse
|
| 45 |
CVE-2026-7546
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B2021
|
| 45 |
CVE-2026-42556
Postiz is an AI social media scheduling tool. From version 2.21.6 to before vers
|
| 44 |
CVE-2026-8832
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code
|
| 44 |
CVE-2026-7841
A remote code execution vulnerability
exists in Notification Settings on GeoVisi
|
| 44 |
CVE-2026-42513
This vulnerability exists in e-Sushrut due to improper authentication logic that
|
| 44 |
CVE-2026-6261
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versio
|
| 44 |
CVE-2026-27648
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex
|
| 44 |
CVE-2026-20887
Improper access control for some Intel Vision software for all versions within R
|
| 44 |
CVE-2026-36734
EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated at
|
| 44 |
CVE-2026-42514
This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext with
|
| 44 |
CVE-2026-23819
A vulnerability in the web-based management interface of Access Points running A
|
| 44 |
CVE-2026-42468
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.00
|
| 44 |
CVE-2026-6228
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege
|
| 44 |
CVE-2026-7522
The Advanced Database Cleaner - Premium plugin for WordPress is vulnerable to Lo
|
| 44 |
CVE-2026-6692
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Uploa
|
| 44 |
CVE-2026-24217
NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause
|
| 44 |
CVE-2026-31225
The superduper project thru v0.10.0 contains a critical remote code execution vu
|
| 44 |
CVE-2026-31218
The _load_model() function in the neural_magic_training.py script of the optimat
|
| 44 |
CVE-2026-31219
The _load_model() function in the neural_magic_training.py script of the optimat
|
| 44 |
CVE-2026-31224
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerabil
|
| 44 |
CVE-2026-31223
The snorkel library thru v0.10.0 contains a critical insecure deserialization vu
|
| 44 |
CVE-2026-31222
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerabil
|
| 44 |
CVE-2026-2052
The Widget Options - Advanced Conditional Visibility for Gutenberg Blocks & Clas
|
| 44 |
CVE-2026-5127
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Members
|
| 44 |
CVE-2026-31232
The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3798d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |
1 / 9
Next