Security Dashboard

7d 14d 30d 90d
Total CVEs
1532
last 7 days
Avg Priority
32.2
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
443
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
26 CVE-2026-34782
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-34837
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-34718
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-32591
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an or
26 CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible
26 CVE-2026-21003
Improper input validation in data related to network restrictions prior to SMR A
26 CVE-2026-4420
Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating f
26 CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scr
26 CVE-2026-33865
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsi
26 CVE-2026-34951
Workbench is a suite of tools for administrators and developers to interact with
26 CVE-2026-39840
Improper neutralization of input during web page generation ('cross-site scripti
26 CVE-2026-35474
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirec
26 CVE-2026-35398
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-35396
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-35472
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-35473
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redi
26 CVE-2026-35475
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect
26 CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.
26 CVE-2026-33273
Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2
26 CVE-2026-39347
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to
26 CVE-2026-6107
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some u
26 CVE-2026-27787
Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If th
26 CVE-2026-35613
coursevault-preview is a utility for previewing course material files from a con
26 CVE-2025-14858
The Semtech LR11xx LoRa transceivers running early versions of firmware contains
26 CVE-2026-3438
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Reposito
26 CVE-2026-34866
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitat
26 CVE-2026-34757
LIBPNG is a reference library for use in applications that read, create, and man
26 CVE-2026-40028
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerabil
26 CVE-2026-35634
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the
26 CVE-2026-21014
Improper access control in Samsung Camera prior to version 16.5.00.28 allows loc
26 CVE-2026-21904
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scri
26 CVE-2026-35659
OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT m
26 CVE-2026-40447
Integer overflow or wraparound vulnerability in Samsung Open Source Escargot all
26 CVE-2026-21008
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 all
26 CVE-2026-5987
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d
25 CVE-2026-4979
The UsersWP - Front-end login form, User Registration, User Profile & Members Di
25 CVE-2026-35461
Papra is a minimalistic document management and archiving platform. Prior to 26.
25 CVE-2026-35516
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkR
25 CVE-2026-5704
A flaw was found in tar. A remote attacker could exploit this vulnerability by c
25 CVE-2026-34972
OpenFGA is a high-performance and flexible authorization/permission engine built
25 CVE-2026-39411
# Summary The `webapi` authentication layer trusts a client-controlled `X-lobe-
25 CVE-2026-39880
Remnawave Backend is the backend for the Remnawave proxy and user management sol
25 CVE-2026-39881
Vim is an open source, command line text editor. Prior to 9.2.0316, a command in
25 CVE-2026-39631
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolp
24 CVE-2026-24147
NVIDIA Triton Inference Server contains a vulnerability in triton server where a
24 CVE-2026-5647
A vulnerability was detected in code-projects Online Shoe Store 1.0. This affect
24 CVE-2026-35571
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache n
24 CVE-2026-6042
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the fu
24 CVE-2026-39391
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
24 CVE-2026-40025
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in th
24 CVE-2026-40026
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in th
24 CVE-2026-35206
Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 a
24 CVE-2026-39410
## Summary A discrepancy between browser cookie parsing and `parse()` handling
24 CVE-2026-4406
The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scr
24 CVE-2026-21006
Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows ph
24 CVE-2026-34857
UAF vulnerability in the communication module. Impact: Successful exploitation o
24 CVE-2026-35404
Open edX Platform enables the authoring and delivery of online learning at any s
24 CVE-2026-40223
In systemd 258 before 260, a local unprivileged user can trigger an assert when
24 CVE-2026-32932
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
23 CVE-2026-39345
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to
23 CVE-2026-30613
An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16a
23 CVE-2026-31058
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer ove
23 CVE-2026-31061
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove
23 CVE-2026-31065
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow
23 CVE-2026-31060
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove
23 CVE-2026-31062
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow
23 CVE-2026-31063
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer ove
23 CVE-2026-31066
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove
22 CVE-2026-5383
An issue that could allow access to Explorer groups from outside of the authoriz
22 CVE-2026-3574
The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stor
22 CVE-2026-5169
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored
22 CVE-2026-2838
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Sto
22 CVE-2026-39864
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.
22 CVE-2026-21007
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 R
22 CVE-2026-24511
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 t
22 CVE-2026-4330
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vuln
22 CVE-2026-33227
Improper validation and restriction of a classpath path name vulnerability in Ap
22 CVE-2026-5918
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.
22 CVE-2026-5906
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727
22 CVE-2026-35462
Papra is a minimalistic document management and archiving platform. Prior to 26.
22 CVE-2026-3568
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Ref
22 CVE-2026-4057
The Download Manager plugin for WordPress is vulnerable to unauthorized modifica
22 CVE-2026-4977
The UsersWP - Front-end login form, User Registration, User Profile & Members Di
22 CVE-2026-35460
Papra is a minimalistic document management and archiving platform. Prior to 26.
22 CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior
22 CVE-2026-3371
The Tutor LMS - eLearning and online course solution plugin for WordPress is vul
22 CVE-2026-20446
In sec boot, there is a possible out of bounds write due to an integer overflow.
22 CVE-2026-39627
Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incor
22 CVE-2026-1924
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request
22 CVE-2026-39485
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embe

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 731d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1197d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 14 / 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy