Security Dashboard

7d 14d 30d 90d
Total CVEs
1535
last 7 days
Avg Priority
32.2
of max 220
KEV
0
actively exploited
POC
180
public exploits
Unpatched
445
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
0 CVE-2026-39640
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor the
0 CVE-2026-39618
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo al
0 CVE-2026-27140
SWIG file names containing 'cgo' and well-crafted payloads could lead to code sm
0 CVE-2026-39634
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio gr
0 CVE-2026-39671
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin fo
0 CVE-2026-27144
The compiler is meant to unwrap pointers which are the operands of a memory move
0 CVE-2026-31413
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix un
0 CVE-2026-39620
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment a
0 CVE-2026-32281
Validating certificate chains which use policies is unexpectedly inefficient whe
0 CVE-2026-27143
Arithmetic over induction variables in loops were not correctly checked for unde
0 CVE-2026-32283
If one side of the TLS connection sends multiple key update messages post-handsh
0 CVE-2026-33810
When verifying a certificate chain containing excluded DNS constraints, these co
0 CVE-2026-5438
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP reque
0 CVE-2026-5437
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM m
0 CVE-2026-5904
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker
0 CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc auto
0 CVE-2026-5903
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a
0 CVE-2026-5902
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remot
0 CVE-2026-5901
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727
0 CVE-2026-5900
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a rem
0 CVE-2026-5899
Insufficient policy enforcement in History Navigation in Google Chrome prior to
0 CVE-2026-5898
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55
0 CVE-2026-5897
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allow
0 CVE-2026-5896
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote
0 CVE-2026-5895
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55
0 CVE-2026-5894
Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allo
0 CVE-2026-39398
## Affected openclaw-claude-bridge v1.1.0 ## Issue v1.1.0 spawns the Claude C
0 CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affec
0 CVE-2026-5893
Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to
0 CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55
0 CVE-2026-35565
Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache St
0 CVE-2026-5891
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.77
0 CVE-2026-5890
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attac
0 CVE-2026-5889
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an
0 CVE-2026-5888
Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a
0 CVE-2025-66447
Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone c
0 CVE-2026-5887
Insufficient validation of untrusted input in Downloads in Google Chrome on Wind
0 CVE-2026-22560
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows use
0 CVE-2026-5885
Insufficient validation of untrusted input in WebML in Google Chrome on Windows
0 CVE-2026-5883
Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote
0 CVE-2026-5882
Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allo
0 CVE-2026-5085
Solstice::Session versions through 1440 for Perl generates session ids insecurel
0 CVE-2026-5881
Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allo
0 CVE-2026-5880
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.77
0 CVE-2026-23782
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API manag
0 CVE-2026-5878
Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a
0 CVE-2026-5877
Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a r
0 CVE-2026-36234
itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injectio
0 CVE-2026-31262
Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2)
0 CVE-2025-44560
owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive
0 CVE-2026-23781
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of def
0 CVE-2026-5870
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remot
0 CVE-2026-5868
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 all
0 CVE-2026-5865
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote at
0 CVE-2026-5863
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allow
0 CVE-2026-5862
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allow
0 CVE-2026-5861
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote at
0 CVE-2026-5860
Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remot
0 CVE-2026-31411
In the Linux kernel, the following vulnerability has been resolved: net: atm: f
0 CVE-2026-5859
Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remo
0 CVE-2026-36235
A SQL injection vulnerability was found in the scheduleSubList.php file of itsou
0 CVE-2026-5858
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a
0 CVE-2026-29861
PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulne
0 CVE-2026-23900
Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoc
0 CVE-2026-23780
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL inject
0 CVE-2026-29923
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local user
0 CVE-2026-31170
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allo
0 CVE-2026-30479
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before
0 CVE-2025-70364
An issue was discovered in Kiamo before 8.4 allowing authenticated administrativ
0 CVE-2025-70811
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local
0 CVE-2025-70810
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local
0 CVE-2025-50228
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Eval
0 CVE-2026-36232
A SQL injection vulnerability was found in the instructorClasses.php file of its
0 CVE-2026-4112
Improper neutralization of special elements used in an SQL command (“SQL Injecti
0 CVE-2026-4113
An observable response discrepancy vulnerability in the SonicWall SMA1000 series
0 CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based s
0 CVE-2026-4114
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances all
0 CVE-2026-4116
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances all
0 CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count
0 CVE-2026-40199
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addres
0 CVE-2026-31789
Issue summary: Converting an excessively large OCTET STRING value to a hexadecim
0 CVE-2026-5441
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of
0 CVE-2026-5444
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When
0 CVE-2026-5445
An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function w
0 CVE-2026-36233
A SQL injection vulnerability was found in the assignInstructorSubjects.php file
0 CVE-2026-40260
### Impact An attacker who uses this vulnerability can craft a PDF which leads
0 CVE-2026-5443
A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLO
0 CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in up
0 CVE-2026-5442
A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimensio
0 CVE-2026-36872
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /libr

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 731d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1197d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 17 / 18 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy