Security Dashboard

7d 14d 30d 90d
Total CVEs
1532
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
181
public exploits
Unpatched
444
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
0 CVE-2026-39667
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39500
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39604
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39654
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39628
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
0 CVE-2026-39626
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
0 CVE-2026-39482
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39483
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39683
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39703
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-39665
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
0 CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved: usb: gadget
0 CVE-2026-39486
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
0 CVE-2026-39496
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
0 CVE-2026-39479
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
0 CVE-2026-39475
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
0 CVE-2026-39466
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
0 CVE-2026-39566
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-39542
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doo
0 CVE-2026-39536
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-39469
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-39473
Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernströ
0 CVE-2026-39711
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-The
0 CVE-2026-39586
Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq
0 CVE-2026-39572
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-39516
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-39571
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-39570
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servan
0 CVE-2026-39564
Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephoto
0 CVE-2026-39709
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe
0 CVE-2026-39686
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
0 CVE-2026-39614
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player
0 CVE-2026-39610
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allo
0 CVE-2026-39663
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appo
0 CVE-2026-39624
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploit
0 CVE-2026-39660
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager
0 CVE-2026-39464
Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, U
0 CVE-2026-39484
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel
0 CVE-2026-39658
Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field pa
0 CVE-2026-39691
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box
0 CVE-2026-39713
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate
0 CVE-2026-39608
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-ga
0 CVE-2026-39701
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting
0 CVE-2026-39606
Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows E
0 CVE-2026-39630
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images ge
0 CVE-2026-39649
Missing Authorization vulnerability in themebeez Royale News royale-news allows
0 CVE-2026-39656
Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-raz
0 CVE-2026-39653
Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing wit
0 CVE-2026-39689
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-comme
0 CVE-2026-39477
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allo
0 CVE-2026-39476
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-li
0 CVE-2026-39602
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking
0 CVE-2026-39504
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect a
0 CVE-2026-39588
Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite
0 CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-w
0 CVE-2026-39669
Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Expl
0 CVE-2026-39651
Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite
0 CVE-2026-39647
Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for
0 CVE-2026-39643
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPa
0 CVE-2026-39687
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle D
0 CVE-2026-39506
Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro
0 CVE-2026-39673
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allow
0 CVE-2026-39585
Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploi
0 CVE-2026-39535
Missing Authorization vulnerability in fullworks Display Eventbrite Events widge
0 CVE-2026-39509
Missing Authorization vulnerability in wpWax Directorist directorist allows Expl
0 CVE-2026-39510
Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image
0 CVE-2026-39645
Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPaymen
0 CVE-2026-39675
Missing Authorization vulnerability in webmuehle Court Reservation court-reserva
0 CVE-2026-39707
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using C
0 CVE-2026-39562
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoi
0 CVE-2026-39520
Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting In
0 CVE-2026-39685
Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer al
0 CVE-2026-39616
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Downl
0 CVE-2026-39695
Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allo
0 CVE-2026-39612
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Explo
0 CVE-2026-39521
Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content
0 CVE-2026-39715
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager
0 CVE-2026-39526
Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStr
0 CVE-2026-39699
Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-wo
0 CVE-2026-39488
Missing Authorization vulnerability in SureCart SureCart surecart allows Exploit
0 CVE-2026-39622
Missing Authorization vulnerability in acmethemes Education Base education-base
0 CVE-2026-39697
Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI
0 CVE-2026-32289
Context was not properly tracked across template branches for JS template litera
0 CVE-2026-32282
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod
0 CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously
0 CVE-2026-27144
The compiler is meant to unwrap pointers which are the operands of a memory move
0 CVE-2026-39640
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor the
0 CVE-2026-39634
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio gr
0 CVE-2026-39632
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandbl
0 CVE-2026-39620
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment a

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 731d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1197d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 16 / 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy