Security Dashboard

7d 14d 30d 90d
Total CVEs
1540
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
189
public exploits
Unpatched
438
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
30 CVE-2026-5774
Improper synchronization of the userTokens map in the API server in Canonical Ju
30 CVE-2026-3446
When calling base64.b64decode() or related functions the decoding process would
30 CVE-2026-35407
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.
30 CVE-2026-34380
OpenEXR provides the specification and reference implementation of the EXR file
30 CVE-2026-39615
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
30 CVE-2026-39541
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
30 CVE-2026-5376
An issue that could prevent session inactivity timeouts from triggering due to a
30 CVE-2026-39408
## Summary A path traversal issue in `toSSG()` allows files to be written outsi
30 CVE-2026-35201
### Summary A signed length truncation bug causes an out-of-bounds read in the
30 CVE-2026-34946
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and
30 CVE-2026-5295
A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7
30 CVE-2026-34721
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
30 CVE-2026-35597
## Summary The TOTP failed-attempt lockout mechanism is non-functional due to a
30 CVE-2026-39865
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.
30 CVE-2026-34859
UAF vulnerability in the kernel module. Impact: Successful exploitation of this
30 CVE-2026-34942
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
30 CVE-2026-39844
### Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh
30 CVE-2026-5300
Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows una
29 CVE-2026-5384
An issue that could allow a credential to be updated and used for a task from ou
29 CVE-2026-5374
An issue that allowed MCP agents to access remediation and asset information fro
29 CVE-2026-5378
An issue that allowed administrators to create and update users outside of their
29 CVE-2026-34981
The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1
29 CVE-2026-20709
Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Pr
29 CVE-2025-24819
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due t
28 CVE-2026-39901
### Summary A transaction integrity flaw allows an authenticated tenant user to
28 CVE-2026-1502
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
28 CVE-2026-34854
UAF vulnerability in the kernel module. Impact: Successful exploitation of this
28 CVE-2026-34855
Out-of-bounds write vulnerability in the kernel module. Impact: Successful explo
28 CVE-2026-1516
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 b
28 CVE-2026-5673
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability
28 CVE-2026-40190
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform.
28 CVE-2026-34943
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
28 CVE-2026-34867
Double free vulnerability in the multi-mode input system. Impact: Successful exp
28 CVE-2026-27315
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sen
28 CVE-2026-5745
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists
28 CVE-2025-65116
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Window
28 CVE-2025-48651
N/A
28 CVE-2026-39856
osslsigncode is a tool that implements Authenticode signing and timestamping. Pr
28 CVE-2026-35477
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, th
28 CVE-2026-39390
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
28 CVE-2026-5986
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted
28 CVE-2026-40159
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Mode
28 CVE-2026-39392
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
28 CVE-2026-5600
A new API endpoint introduced in pretix 2025 that is supposed to return all che
28 CVE-2026-29043
HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can
28 CVE-2026-39855
osslsigncode is a tool that implements Authenticode signing and timestamping. Pr
27 CVE-2026-5831
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impa
27 CVE-2026-3358
The Tutor LMS - eLearning and online course solution plugin for WordPress is vul
27 CVE-2026-4124
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all ve
27 CVE-2026-2712
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of fun
27 CVE-2026-34903
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Inc
27 CVE-2026-4065
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and
27 CVE-2026-35046
Tandoor Recipes is an application for managing recipes, planning meals, and buil
27 CVE-2026-40212
OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scri
27 CVE-2025-1794
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scri
27 CVE-2026-39380
Open Source Point of Sale is a web based point-of-sale application written in PH
27 CVE-2026-39367
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo
27 CVE-2026-40071
pyLoad is a free and open-source download manager written in Python. Prior to 0.
27 CVE-2026-32712
Open Source Point of Sale is a web based point-of-sale application written in PH
27 CVE-2026-3781
The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via t
27 CVE-2025-14857
An improper access control vulnerability exists in Semtech LoRa LR11xxx transcei
27 CVE-2026-4401
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Fo
27 CVE-2025-70365
A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due
27 CVE-2026-31353
An authenticated stored cross-site scripting (XSS) vulnerability in the Category
27 CVE-2026-39607
Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exp
27 CVE-2026-31354
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the
27 CVE-2026-39603
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography
27 CVE-2026-39710
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensio
27 CVE-2026-39635
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine gra
27 CVE-2026-40112
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoin
27 CVE-2026-4332
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef
27 CVE-2026-35207
dde-control-center is the control panel of DDE, the Deepin Desktop Environment.
27 CVE-2026-35600
## Summary Task titles are embedded directly into Markdown link syntax in overd
27 CVE-2026-35602
## Summary The Vikunja file import endpoint uses the attacker-controlled `Size`
27 CVE-2026-21011
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr
27 CVE-2026-33119
User interface (ui) misrepresentation of critical information in Microsoft Edge
27 CVE-2026-0811
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site
27 CVE-2026-33406
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level
27 CVE-2026-32893
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cr
27 CVE-2026-3646
The LTL Freight Quotes - R+L Carriers Edition plugin for WordPress is vulnerable
27 CVE-2026-4664
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authe
27 CVE-2026-3594
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Inf
27 CVE-2026-39941
ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vul
27 CVE-2026-3691
OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnera
27 CVE-2026-5167
The Masteriyo LMS - Online Course Builder for eLearning, LMS & Education plugin
27 CVE-2026-35487
text-generation-webui is an open-source web interface for running Large Language
27 CVE-2026-35483
text-generation-webui is an open-source web interface for running Large Language
27 CVE-2026-35484
text-generation-webui is an open-source web interface for running Large Language
27 CVE-2026-39400
Cronicle is a multi-server task scheduler and runner, with a web based front-end
27 CVE-2026-35608
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored X

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 12 / 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy