Security Dashboard

7d 14d 30d 90d

Total CVEs

1370

last 7 days

Avg Priority

20.7

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

217

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
47	CVE-2026-42747 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
47	CVE-2026-42755 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-8979 The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an auth	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-44451 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component	CRITICAL	9.3	0.0%	FIX	2026-05-26
46	CVE-2026-42727 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-35090 In Slican telephone exchanges it is possible to manage the control panel remotel	CRITICAL	9.3	0.1%	FIX	2026-05-27
46	CVE-2026-8980 The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privile	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-42761 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-45261 GitButler is a modern Git-based version control interface for AI-powered workflo	CRITICAL	9.3	-	FIX	2026-05-28
46	CVE-2026-35087 Slican telephone exchanges allow administrative protocol authentication bypass.	CRITICAL	9.3	0.1%	FIX	2026-05-27
46	CVE-2026-42740 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-9054 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than	CRITICAL	9.2	0.0%	FIX	2026-05-22
46	CVE-2026-9312 A server-side request forgery (SSRF) vulnerability was identified in GitHub Ente	CRITICAL	9.2	0.0%	FIX	2026-05-27
46	CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_f	CRITICAL	9.1	0.1%	FIX	2026-05-27
46	CVE-2026-33843 Authentication bypass using an alternate path or channel in Microsoft Azure Acti	CRITICAL	9.1	0.1%	FIX	2026-05-22
46	CVE-2026-49002 Access control failure means that an application does not effectively check user	CRITICAL	9.1	0.0%		2026-05-27
46	CVE-2026-39833 The in-memory keyring returned by NewKeyring() silently accepted keys with the C	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-42496 Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/26. pen	CRITICAL	9.1	0.0%	FIX	2026-05-26
46	CVE-2026-39834 When writing data larger than 4GB in a single Write call on an SSH channel, an i	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-7876 IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19	CRITICAL	9.1	0.0%		2026-05-27
46	CVE-2026-42508 Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-39832 When adding a key to a remote agent constraint extensions such as restrict-desti	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-44449 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the prima	CRITICAL	9.1	0.1%	FIX	2026-05-26
46	CVE-2026-33000 A malicious actor with access to the network and high privileges could exploit a	CRITICAL	9.1	0.1%	FIX	2026-05-22
46	CVE-2026-46621 ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs scrip	CRITICAL	9.1	-	FIX	2026-05-27
46	CVE-2026-44632 ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algor	CRITICAL	9.1	-	FIX	2026-05-27
45	CVE-2026-48150 Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/ro	CRITICAL	9.0	0.0%	FIX	2026-05-27
45	CVE-2026-32999 Insufficient character filtering in backup agent signing module on Comet Backup	CRITICAL	9.0	0.0%	FIX	2026-05-28
45	CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to inse	HIGH	8.9	0.1%		2026-05-21
45	CVE-2026-45659 Deserialization of untrusted data in Microsoft Office SharePoint allows an autho	HIGH	8.8	0.5%	FIX	2026-05-22
44	CVE-2026-8832 The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code	HIGH	8.8	0.4%		2026-05-27
44	CVE-2026-9207 Tanium addressed an unauthorized code execution vulnerability in Connect.	HIGH	8.8	0.1%	FIX	2026-05-27
44	CVE-2026-35430 Authorization bypass through user-controlled key in Azure Privileged Identity Ma	HIGH	8.8	0.1%	FIX	2026-05-22
44	CVE-2026-46414 Microsoft UFO open-source framework for intelligent automation across devices an	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-47161 RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7	HIGH	8.7	0.5%		2026-05-27
44	CVE-2026-8787 The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-48920 Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining im	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-38807 Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-6419 The WishList Member plugin for WordPress is vulnerable to Privilege Escalation v	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-6897 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-44988 LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-6895 The WishList Member plugin for WordPress is vulnerable to Missing Authorization	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-6898 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-41075 RT is an open source, enterprise-grade issue and ticket tracking system. Version	HIGH	8.8	0.0%		2026-05-22
44	CVE-2026-44713 pam_usb provides hardware authentication for Linux using ordinary removable medi	HIGH	8.8	0.0%	FIX	2026-05-27
44	CVE-2026-44741 # GM-369 ## Summary SQL injection in Pimcore's translation grid date filter - t	HIGH	8.8	-	FIX	2026-05-27
44	CVE-2026-8179 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A	HIGH	8.8	0.1%		2026-05-27
44	CVE-2026-6226 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthent	HIGH	8.8	0.1%		2026-05-28
44	CVE-2026-5065 IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credential	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-47125 ## Summary The `PUT /api/environments/{id}/templates/variables` endpoint, which	HIGH	8.8	-	FIX	2026-05-23
44	CVE-2026-9227 The GutenBee - Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary	HIGH	8.8	0.1%		2026-05-28
44	CVE-2026-46612 ### Summary The Fission `storagesvc` component registers archive CRUD handlers	HIGH	8.8	-	FIX	2026-05-21
44	CVE-2026-35676 phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability i	HIGH	8.8	-	FIX	2026-05-28
44	CVE-2026-36044 @pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enume	HIGH	8.8	0.1%		2026-05-27
44	CVE-2026-8915 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo	HIGH	8.8	0.0%		2026-05-28
44	CVE-2026-45044 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	HIGH	8.8	-		2026-05-28
44	CVE-2026-8992 An improper certificate validation vulnerability in Ivanti Secure Access Client	HIGH	8.8	0.1%		2026-05-22
44	CVE-2026-6406 The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI)	HIGH	8.8	0.0%	FIX	2026-05-22
44	CVE-2026-4944 vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remot	HIGH	8.8	-		2026-05-28
44	CVE-2026-9208 Tanium addressed an unauthorized code execution vulnerability in Connect.	HIGH	8.8	0.1%	FIX	2026-05-27
44	CVE-2026-9009 The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnera	HIGH	8.8	0.2%		2026-05-28
44	CVE-2026-35675 phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the pas	HIGH	8.8	-	FIX	2026-05-28
44	CVE-2026-8676 An attacker is able to downgrade the security of a Bluetooth LE connection by de	HIGH	8.8	0.0%	FIX	2026-05-26
44	CVE-2026-7802 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authoriza	HIGH	8.8	0.1%		2026-05-28
44	CVE-2026-46519 ## Summary `mcp-server-kubernetes` exposes three environment variables (`ALLOW_	HIGH	8.8	-	FIX	2026-05-21
44	CVE-2026-9018 The Easy Elements for Elementor - Addons & Website Templates plugin for WordPres	HIGH	8.8	0.0%		2026-05-22
44	CVE-2026-48544 Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in	HIGH	8.7	0.2%		2026-05-27
44	CVE-2026-3294 An authentication logic vulnerability in multiple TP-Link range extenders allows	HIGH	8.7	0.1%	FIX	2026-05-22
44	CVE-2026-44886 Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 202	HIGH	8.7	0.1%	FIX	2026-05-27
44	CVE-2025-41669 The Web-based Management allows a remote low privileged Engineer user to install	HIGH	8.7	0.1%	FIX	2026-05-27
44	CVE-2026-40811 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40814 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40817 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40850 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40816 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40819 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40810 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40812 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40815 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40813 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40818 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2025-41670 A local user with low privileges may be able to influence the behavior of a priv	HIGH	8.7	0.0%	FIX	2026-05-27
44	CVE-2026-47074 Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, E	HIGH	8.7	0.0%	FIX	2026-05-28
44	CVE-2026-44739 ### Summary The columnConfigAction endpoint in the CustomReportsBundle is vulner	HIGH	8.7	-	FIX	2026-05-27
44	CVE-2026-35671 phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability	HIGH	8.7	-	FIX	2026-05-28
44	CVE-2026-44830 Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Serv	HIGH	8.7	0.0%	FIX	2026-05-27
44	CVE-2026-42197 RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd	HIGH	8.7	0.0%	FIX	2026-05-27
44	CVE-2026-35672 phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.	HIGH	8.7	-	FIX	2026-05-28
44	CVE-2026-47102 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /us	HIGH	8.7	0.1%	FIX	2026-05-21
44	CVE-2026-47101 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API key	HIGH	8.7	0.1%	FIX	2026-05-21

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 2 / 16 Next