Total CVEs
6141
last 30 days
Avg Priority
31.2
of max 220
KEV
14
actively exploited
POC
492
public exploits
Unpatched
914
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
118
CVE-2026-45321
## Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 4
117
CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1
117
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows v
Priority Distribution
| Priority | CVE |
|---|---|
| 108 |
CVE-2026-9082
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 92 |
CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
|
| 89 |
CVE-2026-34926
A directory traversal vulnerability in the Apex One (on-premise) server could al
|
| 55 |
CVE-2026-6860
A TCP client can perform a TLS handshake and present the server name extension w
|
| 54 |
CVE-2026-33741
EspoCRM is an open source customer relationship management application. Versions
|
| 53 |
CVE-2026-42220
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.
|
| 53 |
CVE-2026-5337
During the analysis, it was identified that authenticated attackers with Subscri
|
| 52 |
CVE-2026-41141
EspoCRM is an open source customer relationship management application. Prior to
|
| 52 |
CVE-2026-7832
A security flaw has been discovered in IObit Advanced SystemCare 19. This affect
|
| 51 |
CVE-2026-5776
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses
|
| 51 |
CVE-2026-44166
A pre-hijacking issue was discovered with the OAuth2 autolinking by [Alardiians]
|
| 50 |
CVE-2026-41950
Dify before version 1.14.0 contains an authorization bypass vulnerability that a
|
| 50 |
CVE-2026-6815
An arbitrary file write vulnerability exists in Casdoor's Local File System stor
|
| 49 |
CVE-2026-7385
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to co
|
| 49 |
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-m
|
| 49 |
CVE-2026-7785
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94
|
| 49 |
CVE-2026-7812
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391
|
| 49 |
CVE-2026-7698
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.
|
| 49 |
CVE-2026-9367
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f1948
|
| 48 |
CVE-2026-7446
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects
|
| 48 |
CVE-2026-7443
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affecte
|
| 48 |
CVE-2026-7416
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affec
|
| 48 |
CVE-2026-8305
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element i
|
| 48 |
CVE-2026-7633
A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impa
|
| 48 |
CVE-2026-7723
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown
|
| 48 |
CVE-2026-7630
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affecte
|
| 48 |
CVE-2026-7714
A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affec
|
| 48 |
CVE-2026-9351
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16
|
| 48 |
CVE-2026-8321
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affect
|
| 48 |
CVE-2026-7679
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This im
|
| 48 |
CVE-2026-7722
A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the
|
| 48 |
CVE-2026-8759
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an un
|
| 48 |
CVE-2026-9368
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi
|
| 48 |
CVE-2026-8757
A vulnerability was found in adenhq hive up to 0.11.0. This affects the function
|
| 48 |
CVE-2026-7645
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by thi
|
| 48 |
CVE-2026-46383
Microsoft APM is an open-source, community-driven dependency manager for AI agen
|
| 48 |
CVE-2026-7703
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impac
|
| 48 |
CVE-2026-8737
A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affec
|
| 48 |
CVE-2026-8031
A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7.
|
| 48 |
CVE-2026-8244
A vulnerability was identified in Industrial Application Software IAS Canias ERP
|
| 48 |
CVE-2026-7810
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b
|
| 48 |
CVE-2026-7594
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is th
|
| 48 |
CVE-2026-7788
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028
|
| 48 |
CVE-2026-7811
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d9363
|
| 48 |
CVE-2026-7579
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0.
|
| 48 |
CVE-2026-7733
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function Upl
|
| 48 |
CVE-2026-7417
A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function
|
| 48 |
CVE-2026-7505
A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. Th
|
| 48 |
CVE-2026-8115
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4.
|
| 48 |
CVE-2026-9354
A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The a
|
| 48 |
CVE-2026-9353
A security vulnerability has been detected in NousResearch hermes-agent up to 20
|
| 48 |
CVE-2026-9366
A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted e
|
| 48 |
CVE-2026-7536
A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affect
|
| 48 |
CVE-2026-8225
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function
|
| 48 |
CVE-2026-8318
A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c67
|
| 48 |
CVE-2026-8226
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability a
|
| 48 |
CVE-2026-8319
A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e
|
| 48 |
CVE-2026-7468
A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0.
|
| 48 |
CVE-2026-9372
A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affec
|
| 48 |
CVE-2026-8738
A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impa
|
| 48 |
CVE-2026-7668
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability a
|
| 48 |
CVE-2026-9350
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi
|
| 48 |
CVE-2026-8758
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This
|
| 48 |
CVE-2026-8032
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The im
|
| 48 |
CVE-2026-7681
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.
|
| 48 |
CVE-2026-8725
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected ele
|
| 48 |
CVE-2026-8751
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the
|
| 48 |
CVE-2026-8133
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Aff
|
| 48 |
CVE-2026-7632
A vulnerability was determined in code-projects Online Hospital Management Syste
|
| 48 |
CVE-2026-7686
A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected
|
| 48 |
CVE-2026-7550
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory Sy
|
| 48 |
CVE-2026-7545
A weakness has been identified in SourceCodester Advanced School Management Syst
|
| 48 |
CVE-2026-8130
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This a
|
| 48 |
CVE-2026-8750
A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue
|
| 48 |
CVE-2026-7702
A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue aff
|
| 48 |
CVE-2026-8129
A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The im
|
| 48 |
CVE-2026-9356
A vulnerability has been found in SourceCodester Hospitals Patient Records Manag
|
| 48 |
CVE-2026-7506
A vulnerability has been found in SourceCodester Hotel Management System 1.0. Th
|
| 48 |
CVE-2026-9352
A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. Thi
|
| 48 |
CVE-2026-8098
A security vulnerability has been detected in code-projects Feedback System 1.0.
|
| 48 |
CVE-2026-8033
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.
|
| 48 |
CVE-2026-8241
A vulnerability has been found in Industrial Application Software IAS Canias ERP
|
| 48 |
CVE-2026-7555
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Th
|
| 48 |
CVE-2026-8126
A flaw has been found in SourceCodester Comment System 1.0. This issue affects s
|
| 48 |
CVE-2026-8132
A weakness has been identified in CodeAstro Leave Management System 1.0. Affecte
|
| 48 |
CVE-2026-9349
A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this i
|
| 48 |
CVE-2026-8128
A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affecte
|
| 48 |
CVE-2026-8785
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Af
|
| 48 |
CVE-2026-8131
A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. T
|
| 48 |
CVE-2026-7549
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0.
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3798d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |
1 / 26
Next