Security Dashboard

7d 14d 30d 90d

Total CVEs

1345

last 7 days

Avg Priority

21.2

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

231

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
116	CVE-2026-48027 Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver	CRITICAL	9.3	26.8%	KEV POC	2026-05-27
66	CVE-2026-24444 SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con	CRITICAL	9.3	-	POC	2026-05-28
64	CVE-2026-32847 DeepCode through commit c991dc2 contains a path traversal vulnerability in the S	HIGH	8.7	-	POC	2026-05-28
63	CVE-2026-7862 The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper	HIGH	8.6	0.0%	POC FIX	2026-05-28
58	CVE-2026-10044 Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vul	HIGH	7.5	-	POC FIX	2026-05-28
57	CVE-2026-9346 A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9345 A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the f	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9344 A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9348 A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vuln	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9360 A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9294 A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is	HIGH	7.4	0.0%	POC	2026-05-23
57	CVE-2026-9295 A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f	HIGH	7.4	0.0%	POC	2026-05-23
56	CVE-2026-31266 Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in th	HIGH	7.3	0.0%	POC	2026-05-27
56	CVE-2025-70103 Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th	HIGH	7.3	0.0%	POC	2026-05-27
52	CVE-2026-41141 EspoCRM is an open source customer relationship management application. Prior to	MEDIUM	6.5	-	POC FIX	2026-05-28
50	CVE-2026-8054 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	10.0	0.4%	FIX	2026-05-27
50	CVE-2026-40412 Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows a	CRITICAL	10.0	0.3%	FIX	2026-05-22
50	CVE-2026-41104 Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an	CRITICAL	10.0	0.3%	FIX	2026-05-22
50	CVE-2026-23652 Improper neutralization of special elements used in a command ('command injectio	CRITICAL	10.0	0.1%	FIX	2026-05-22
50	CVE-2026-47280 Improper authentication in Azure Resource Manager (ARM) allows an unauthorized a	CRITICAL	10.0	0.1%	FIX	2026-05-22
50	CVE-2026-42901 Origin validation error in Microsoft Entra ID allows an unauthorized attacker to	CRITICAL	10.0	0.0%	FIX	2026-05-22
50	CVE-2026-46595 Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server	CRITICAL	10.0	0.0%	FIX	2026-05-22
50	CVE-2026-34908 A malicious actor with access to the network could exploit an Improper Access Co	CRITICAL	10.0	0.0%	FIX	2026-05-22
50	CVE-2026-34909 A malicious actor with access to the network could exploit a Path Traversal vuln	CRITICAL	10.0	0.0%	FIX	2026-05-22
50	CVE-2026-33712 Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview cha	CRITICAL	10.0	0.1%		2026-05-22
50	CVE-2026-46840 Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). S	CRITICAL	10.0	-		2026-05-28
50	CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Val	CRITICAL	10.0	0.1%	FIX	2026-05-22
50	CVE-2026-40411 Improper input validation in Azure Virtual Network Gateway allows an authorized	CRITICAL	9.9	0.1%	FIX	2026-05-22
50	CVE-2026-42757 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	CRITICAL	9.9	0.0%		2026-05-27
50	CVE-2026-42748 Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo	CRITICAL	9.9	0.0%		2026-05-27
50	CVE-2026-46425 Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/s	CRITICAL	9.9	0.0%	FIX	2026-05-27
50	CVE-2026-9645 Exposed methods allow authenticated users to create and execute arbitrary JavaSc	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-46775 Vulnerability in Oracle REST Data Services (component: Core). Supported version	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-45102 OneUptime is an open-source monitoring and observability platform. Prior to 10.0	CRITICAL	9.9	0.1%	FIX	2026-05-27
50	CVE-2026-44450 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server	CRITICAL	9.9	0.1%	FIX	2026-05-26
50	CVE-2026-46822 Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (componen	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-46824 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Su	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-42756 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	CRITICAL	9.9	0.0%		2026-05-27
50	CVE-2026-46839 Vulnerability in Oracle REST Data Services (component: Core). Supported version	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-46716 ## Summary `nezha`'s dashboard supports two user roles: `RoleAdmin` (Role==0) a	CRITICAL	9.9	-	FIX	2026-05-23
49	CVE-2026-44887 Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to	CRITICAL	9.8	0.2%	FIX	2026-05-27
49	CVE-2026-44888 Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to	CRITICAL	9.8	0.0%	FIX	2026-05-27
49	CVE-2026-8362 A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when	CRITICAL	9.8	0.0%	FIX	2026-05-27
49	CVE-2026-42758 Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias Webinar	CRITICAL	9.8	0.0%		2026-05-27
49	CVE-2026-32253 Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2	CRITICAL	9.8	0.0%		2026-05-22
49	CVE-2026-48902 The password and username reset features created plain http links for https conn	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular	CRITICAL	9.8	0.0%	FIX	2026-05-25
49	CVE-2026-48691 FastNetMon Community Edition through 1.2.9 contains an integer overflow in the B	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2026-9642 There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthentica	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2026-38704 A command injection vulnerability exists in the WireGuard VPN feature of InHand	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-34311 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Ora	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-8363 A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when p	CRITICAL	9.8	0.0%	FIX	2026-05-27
49	CVE-2026-38702 A command injection vulnerability exists in the Admin Access feature of InHand N	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-42731 Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verifi	CRITICAL	9.8	0.0%		2026-05-27
49	CVE-2026-45039 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	CRITICAL	9.8	-	FIX	2026-05-28
49	CVE-2026-48687 FastNetMon Community Edition through 1.2.9 contains an OS command injection vuln	CRITICAL	9.8	0.1%		2026-05-26
49	CVE-2026-8364 Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe)	CRITICAL	9.8	0.0%	FIX	2026-05-27
49	CVE-2026-8760 The Login with OTP plugin for WordPress is vulnerable to authentication bypass i	CRITICAL	9.8	0.3%		2026-05-27
49	CVE-2026-7524 IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to im	CRITICAL	9.8	0.3%		2026-05-27
49	CVE-2026-46817 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-48689 FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buf	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2025-12686 Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerabi	CRITICAL	9.8	0.2%	FIX	2026-05-27
49	CVE-2026-38703 A command injection vulnerability exists in the ZeroTier VPN feature of InHand N	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-38707 A command injection vulnerability exists in the IPSec VPN feature of InHand Netw	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-46670 ### Summary An unauthenticated SQL injection in the Bazar form-import path (`Fo	CRITICAL	9.8	-	FIX	2026-05-22
49	CVE-2026-25879 # Security Vulnerability Report: Prompt to SQL Injection leading to RCE in lates	CRITICAL	9.8	-	FIX	2026-05-27
49	CVE-2026-46562 # Remote Code Execution via Mission Database algorithm override ## Summary The	CRITICAL	9.8	-	FIX	2026-05-27
49	CVE-2026-8175 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A	CRITICAL	9.8	0.4%		2026-05-27
49	CVE-2026-9367 A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f1948	MEDIUM	5.5	1.0%	POC	2026-05-24
48	CVE-2026-39821 The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels t	CRITICAL	9.6	0.0%	FIX	2026-05-22
48	CVE-2026-8670 Insufficient session expiration vulnerability in syslink software AG Avantra on	CRITICAL	9.6	0.0%	FIX	2026-05-22
48	CVE-2026-45323 MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3	CRITICAL	9.6	-	FIX	2026-05-28
48	CVE-2026-9351 A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16	MEDIUM	5.5	0.1%	POC	2026-05-24
48	CVE-2026-9368 A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi	MEDIUM	5.5	0.1%	POC	2026-05-24
48	CVE-2026-9366 A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted e	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9353 A security vulnerability has been detected in NousResearch hermes-agent up to 20	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9354 A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The a	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9372 A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affec	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9350 A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9349 A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this i	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9352 A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. Thi	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9355 A flaw has been found in SourceCodester Hospitals Patient Records Management Sys	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9356 A vulnerability has been found in SourceCodester Hospitals Patient Records Manag	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9364 A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9580 A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is	MEDIUM	5.5	0.0%	POC FIX	2026-05-26
48	CVE-2026-9584 A security vulnerability has been detected in code-projects Project Management S	MEDIUM	5.5	0.0%	POC	2026-05-26
48	CVE-2026-9606 A vulnerability has been found in itsourcecode Courier Management System 1.0. Im	MEDIUM	5.5	0.0%	POC	2026-05-26
48	CVE-2026-9603 A security vulnerability has been detected in SourceCodester eDoc Doctor Appoint	MEDIUM	5.5	0.0%	POC	2026-05-26
47	CVE-2026-44590 Sherlock hunts down social media accounts by username across social networks. Pr	CRITICAL	9.3	0.8%	FIX	2026-05-27
47	CVE-2026-9739 Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During	CRITICAL	9.4	0.0%		2026-05-27

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d

1 / 15 Next