Total CVEs
5792
last 30 days
Avg Priority
34.0
of max 220
KEV
8
actively exploited
POC
777
public exploits
Unpatched
1600
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
119
CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had co
117
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publi
117
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows building public flows
117
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l
109
CVE-2026-3502
TrueConf Client downloads application update code and applies it without performing verification. An
Priority Distribution
| Priority | CVE |
|---|---|
| 124 |
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
|
| 117 |
CVE-2026-33017
## Summary
The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b
|
| 117 |
CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when config
|
| 109 |
CVE-2026-3502
TrueConf Client downloads application update code and applies it without perform
|
| 69 |
CVE-2026-4585
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up
|
| 69 |
CVE-2026-4170
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerabil
|
| 69 |
CVE-2016-20026
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache To
|
| 69 |
CVE-2026-4184
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulne
|
| 69 |
CVE-2026-4183
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected
|
| 69 |
CVE-2026-4182
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unkn
|
| 69 |
CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability th
|
| 69 |
CVE-2016-20030
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows u
|
| 69 |
CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure
|
| 69 |
CVE-2026-21992
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware
|
| 69 |
CVE-2026-30533
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 69 |
CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 69 |
CVE-2026-30530
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 68 |
CVE-2026-34205
Home Assistant is open source home automation software that puts local control a
|
| 67 |
CVE-2026-23696
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vul
|
| 67 |
CVE-2025-71275
A critical security vulnerability exists in Zimbra Collaboration Suite (ZCS) Pos
|
| 67 |
CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injec
|
| 67 |
CVE-2026-30562
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 67 |
CVE-2025-60949
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployme
|
| 66 |
CVE-2026-35022
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
|
| 66 |
CVE-2026-22679
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthentica
|
| 66 |
CVE-2026-25769
Wazuh is a free and open source platform used for threat prevention, detection,
|
| 66 |
CVE-2026-2701
Authenticated user can upload a malicious file to the server and execute it, whi
|
| 66 |
CVE-2026-33475
Langflow is a tool for building and deploying AI-powered agents and workflows. A
|
| 65 |
CVE-2026-6114
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
|
| 65 |
CVE-2026-6025
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
|
| 65 |
CVE-2026-6029
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
|
| 65 |
CVE-2026-6028
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-6116
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vu
|
| 65 |
CVE-2026-6115
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the
|
| 65 |
CVE-2026-6112
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
|
| 65 |
CVE-2026-6113
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-6027
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This is
|
| 65 |
CVE-2026-6026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 65 |
CVE-2026-5997
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impac
|
| 65 |
CVE-2026-5993
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vu
|
| 65 |
CVE-2026-5996
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-5853
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-5850
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
|
| 65 |
CVE-2026-5994
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 65 |
CVE-2026-5995
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacte
|
| 65 |
CVE-2026-5852
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
|
| 65 |
CVE-2026-5851
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 65 |
CVE-2026-5854
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
|
| 65 |
CVE-2026-4252
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue
|
| 65 |
CVE-2026-4567
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is
|
| 65 |
CVE-2026-4181
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an
|
| 64 |
CVE-2026-5976
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 64 |
CVE-2026-5975
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The imp
|
| 64 |
CVE-2026-5978
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 64 |
CVE-2026-5977
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This im
|
| 64 |
CVE-2026-4558
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function s
|
| 64 |
CVE-2026-4213
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS
|
| 64 |
CVE-2026-32051
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerabil
|
| 64 |
CVE-2016-20025
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnera
|
| 64 |
CVE-2026-4747
Each RPCSEC_GSS data packet is validated by a routine which checks a signature i
|
| 64 |
CVE-2026-4490
A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the funct
|
| 64 |
CVE-2026-4492
A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is
|
| 64 |
CVE-2026-4491
A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the fun
|
| 64 |
CVE-2026-4489
A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability af
|
| 64 |
CVE-2026-4493
A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted elemen
|
| 64 |
CVE-2026-4214
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,
|
| 64 |
CVE-2026-4211
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 64 |
CVE-2026-4212
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L
|
| 64 |
CVE-2026-4188
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected ele
|
| 64 |
CVE-2026-4529
A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the fu
|
| 64 |
CVE-2026-4167
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the funct
|
| 64 |
CVE-2026-4566
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the fun
|
| 64 |
CVE-2026-4227
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impac
|
| 64 |
CVE-2026-4226
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element
|
| 64 |
CVE-2026-4488
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Af
|
| 64 |
CVE-2026-4487
A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impa
|
| 64 |
CVE-2026-4318
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is
|
| 64 |
CVE-2026-30531
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 64 |
CVE-2016-20034
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that
|
| 64 |
CVE-2026-30529
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 64 |
CVE-2026-22683
Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnera
|
| 64 |
CVE-2025-60947
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacke
|
| 64 |
CVE-2025-60946
Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated att
|
| 63 |
CVE-2026-32989
Precurio Intranet Portal 4.4 contains a cross-site request forgery (CSRF) weakne
|
| 63 |
CVE-2026-29002
CouchCMS contains a privilege escalation vulnerability that allows authenticated
|
| 63 |
CVE-2026-35020
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
|
| 63 |
CVE-2026-5684
A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issu
|
| 62 |
CVE-2026-35021
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
|
| 62 |
CVE-2026-30534
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 61 |
CVE-2015-20120
Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL in
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1724d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2227d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 997d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 899d |
1 / 18
Next