Security Dashboard

7d 14d 30d 90d
Total CVEs
1535
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
181
public exploits
Unpatched
444
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
22 CVE-2026-1924
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request
22 CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed
22 CVE-2026-5875
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote
22 CVE-2026-33005
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeeting
22 CVE-2026-4141
The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request
22 CVE-2026-1673
The BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Plug
22 CVE-2026-0814
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorize
22 CVE-2026-33118
Microsoft Edge (Chromium-based) Spoofing Vulnerability
22 CVE-2026-39985
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
22 CVE-2026-35596
## Summary The `hasAccessToLabel` function contains a SQL operator precedence b
22 CVE-2026-35598
## Summary The CalDAV `GetResource` and `GetResourcesByList` methods fetch task
22 CVE-2026-40103
### Summary Vikunja's scoped API token enforcement for custom project backgroun
22 CVE-2025-9484
GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 bef
22 CVE-2026-1752
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 bef
22 CVE-2026-2104
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2
22 CVE-2026-2619
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 bef
22 CVE-2026-33460
Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information
22 CVE-2026-35180
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the si
21 CVE-2026-32602
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpo
21 CVE-2026-35041
fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0,
21 CVE-2026-39413
## Summary The LightRAG API is vulnerable to a JWT algorithm confusion attack wh
21 CVE-2026-1163
An insufficient session expiration vulnerability exists in the latest version of
20 CVE-2026-34860
Access control vulnerability in the memo module. Impact: Successful exploitation
20 CVE-2026-34858
UAF vulnerability in the communication module. Impact: Successful exploitation o
20 CVE-2026-35177
Vim is an open source, command line text editor. Prior to 9.2.0280, a path trave
20 CVE-2026-35601
## Summary The CalDAV output generator builds iCalendar VTODO entries via raw s
20 CVE-2026-21009
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Relea
20 CVE-2026-5507
When restoring a session from cache, a pointer from the serialized session data
20 CVE-2026-34944
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
20 CVE-2026-39316
OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik
20 CVE-2026-39314
OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik
20 CVE-2026-3830
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not
20 CVE-2025-15441
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepa
20 CVE-2026-0232
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent
20 CVE-2026-40385
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote
20 CVE-2026-40386
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Ol
20 CVE-2026-40394
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "w
20 CVE-2026-40395
Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of serv
20 CVE-2026-40396
Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (da
19 CVE-2026-21388
Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {
19 CVE-2026-24661
Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the
19 CVE-2026-34166
## Summary The `replace` filter in LiquidJS incorrectly accounts for memory usa
18 CVE-2026-40097
Step CA is an online certificate authority for secure, automated certificate man
18 CVE-2026-40194
phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1
18 CVE-2026-40184
TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded pho
18 CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.
18 CVE-2026-40077
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in t
18 CVE-2026-35400
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
17 CVE-2026-33404
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level
17 CVE-2026-28264
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorre
16 CVE-2026-33405
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level
16 CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher
15 CVE-2026-5382
An issue that could expose records outside of the authorized organization scope
15 CVE-2026-5379
An issue that allowed MCP agents to access certificate information from outside
15 CVE-2026-40354
Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Fla
14 CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals
14 CVE-2026-34781
### Impact Apps that call `clipboard.readImage()` may be vulnerable to a denial
14 CVE-2026-5375
An issue that could allow a user with access to a credential to view sensitive f
14 CVE-2026-4292
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
14 CVE-2025-14551
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials durin
14 CVE-2025-15480
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user cr
14 CVE-2026-4916
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2
12 CVE-2026-34849
UAF vulnerability in the screen management module. Impact: Successful exploitati
12 CVE-2026-5188
An integer underflow issue exists in wolfSSL when parsing the Subject Alternativ
12 CVE-2026-35624
OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room auth
12 CVE-2026-35648
OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued no
12 CVE-2026-35617
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Goog
12 CVE-2026-5187
Two potential heap out-of-bounds write locations existed in DecodeObjectId() in
12 CVE-2026-39957
Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL opera
12 CVE-2026-5448
X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A
12 CVE-2026-34720
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
12 CVE-2026-34988
Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and
12 CVE-2026-34945
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and
12 CVE-2026-5392
Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an
11 CVE-2026-5381
An issue that could expose task information outside of the authorized organizati
11 CVE-2026-34851
Race condition vulnerability in the event notification module. Impact: Successfu
11 CVE-2026-39349
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to
10 CVE-2026-34248
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
10 CVE-2026-5772
A 1-byte stack buffer over-read was identified in the MatchDomainName function (
10 CVE-2026-5778
Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause
10 CVE-2026-27949
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerabil
10 CVE-2026-0233
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital
10 CVE-2026-34850
Race condition vulnerability in the notification service. Impact: Successful exp
8 CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6
5 CVE-2026-34983
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is
0 CVE-2026-39679
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
0 CVE-2026-39544
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
0 CVE-2026-39677
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
0 CVE-2026-39681
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
0 CVE-2026-39538
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 731d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1197d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 15 / 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy