Security Dashboard

7d 14d 30d 90d
Total CVEs
1501
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
430
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
33 CVE-2026-39508
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39692
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39696
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39575
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39646
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39368
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Li
33 CVE-2026-5905
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.
33 CVE-2026-5207
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order
33 CVE-2026-1865
The User Registration & Membership - Free & Paid Memberships, Subscriptions, Con
33 CVE-2026-39354
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an
33 CVE-2026-39374
Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBul
33 CVE-2026-5919
Insufficient validation of untrusted input in WebSockets in Google Chrome prior
33 CVE-2026-1839
A vulnerability in the HuggingFace Transformers library, specifically in the `Tr
33 CVE-2026-32588
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticate
33 CVE-2026-39639
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-i
33 CVE-2026-39569
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-st
33 CVE-2026-34538
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom re
33 CVE-2025-47374
Memory Corruption when accessing freed memory due to concurrent fence deregistra
33 CVE-2026-39366
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Pa
33 CVE-2026-35492
### Impact PartitionedDataset in kedro-datasets was vulnerable to path traversa
33 CVE-2026-1672
The BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Plug
33 CVE-2026-39641
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyr
33 CVE-2026-39633
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental g
32 CVE-2026-33736
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authentica
32 CVE-2026-34897
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
32 CVE-2026-35594
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,
32 CVE-2026-6068
NASM contains a heap use after free vulnerability in response file (-@) processi
32 CVE-2026-33708
Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info
32 CVE-2026-35599
## Summary The `addRepeatIntervalToTime` function uses an O(n) loop that advanc
32 CVE-2026-2377
A flaw was found in mirror-registry. Authenticated users can exploit the log exp
32 CVE-2026-33141
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Di
32 CVE-2026-35403
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
32 CVE-2026-1101
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef
32 CVE-2026-27460
Tandoor Recipes is an application for managing recipes, planning meals, and buil
32 CVE-2026-35173
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR /
32 CVE-2026-40148
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall(
32 CVE-2026-33459
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of serv
32 CVE-2026-39943
Directus is a real-time API and App dashboard for managing SQL database content.
32 CVE-2026-5742
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in
32 CVE-2026-3618
The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Si
32 CVE-2026-4429
The OSM - OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2026-3142
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vu
32 CVE-2026-4025
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2026-4303
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable
32 CVE-2026-2305
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cros
32 CVE-2026-4336
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Si
32 CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripti
32 CVE-2026-4341
The Prime Slider - Addons for Elementor plugin for WordPress is vulnerable to St
32 CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in
32 CVE-2026-4073
The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
32 CVE-2026-3600
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
32 CVE-2026-4785
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for W
32 CVE-2026-3513
The TableOn - WordPress Posts Table Filterable plugin for WordPress is vulnerabl
32 CVE-2026-4333
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stor
32 CVE-2026-4895
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulne
32 CVE-2026-5357
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scr
32 CVE-2026-4655
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stor
32 CVE-2026-5506
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t
32 CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to S
32 CVE-2026-3498
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scri
32 CVE-2026-3239
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2026-5508
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
32 CVE-2026-3311
The The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widget
32 CVE-2026-4871
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Si
32 CVE-2026-2481
The Beaver Builder Page Builder - Drag and Drop Website Builder plugin for WordP
32 CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries (in
32 CVE-2026-33727
Pi-hole is a Linux network-level advertisement and Internet tracker blocking app
32 CVE-2026-2988
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site S
32 CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2025-14732
The Elementor Website Builder - More Than Just a Page Builder plugin for WordPre
32 CVE-2025-57853
A container privilege escalation flaw was found in certain Web Terminal images.
32 CVE-2025-57854
A container privilege escalation flaw was found in certain OpenShift Update Serv
32 CVE-2025-57851
A container privilege escalation flaw was found in certain Multicluster Engine f
32 CVE-2026-5451
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cros
32 CVE-2025-57175
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a
32 CVE-2026-5711
The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2025-57847
A container privilege escalation flaw was found in certain Ansible Automation Pl
32 CVE-2026-2509
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-S
32 CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can oc
32 CVE-2026-3005
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hard
32 CVE-2025-58713
A container privilege escalation flaw was found in certain Red Hat Process Autom
32 CVE-2026-39859
`liquidjs` 10.25.0 documents `root` as constraining filenames passed to `renderF
32 CVE-2026-35605
File Browser is a file managing interface for uploading, deleting, previewing, r
32 CVE-2026-28810
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP ker
32 CVE-2026-39841
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu
32 CVE-2026-39837
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu
32 CVE-2026-39839
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu
32 CVE-2026-5460
A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 10 / 17 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy