Security Dashboard

7d 14d 30d 90d
Total CVEs
1524
last 7 days
Avg Priority
32.2
of max 220
KEV
0
actively exploited
POC
192
public exploits
Unpatched
437
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
55 CVE-2026-5637
A security vulnerability has been detected in projectworlds Car Rental System 1.
54 CVE-2026-5678
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The aff
54 CVE-2026-5688
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
54 CVE-2026-5814
A security vulnerability has been detected in PHPGurukul Online Course Registrat
54 CVE-2026-5973
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is t
54 CVE-2026-5665
A security vulnerability has been detected in code-projects Online FIR System 1.
54 CVE-2026-5692
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts
54 CVE-2026-5970
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affec
54 CVE-2026-5676
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue
54 CVE-2026-5677
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Im
54 CVE-2026-5972
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This iss
54 CVE-2026-5985
A security flaw has been discovered in code-projects Simple IT Discussion Forum
54 CVE-2026-5961
A security vulnerability has been detected in code-projects Simple IT Discussion
54 CVE-2026-5971
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerabilit
54 CVE-2026-5962
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the
54 CVE-2026-5805
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The im
53 CVE-2026-4436
A low-privileged remote attacker can send Modbus packets to manipulate register
53 CVE-2026-33033
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
53 CVE-2025-14545
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote
53 CVE-2026-4432
The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly v
53 CVE-2026-4079
The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape use
53 CVE-2026-1900
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible RE
52 CVE-2026-6011
A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this iss
52 CVE-2026-5618
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unk
51 CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerabil
50 CVE-2026-39337
ChurchCRM is an open-source church management system. Prior to 7.1.0, critical p
50 CVE-2025-54328
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor,
50 CVE-2026-5058
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulne
50 CVE-2026-5059
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. Th
50 CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.
50 CVE-2026-39355
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken ac
50 CVE-2026-39888
## Summary `execute_code()` in `praisonaiagents.tools.python_tools` defaults to
50 CVE-2026-40089
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The S
50 CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in th
49 CVE-2026-4003
The Users manager - PN plugin for WordPress is vulnerable to Privilege Escalatio
49 CVE-2026-39890
## Summary The `AgentService.loadAgentFromFile` method uses the `js-yaml` librar
49 CVE-2026-3535
The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary
49 CVE-2026-1830
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution
49 CVE-2026-4631
Cockpit's remote login feature passes user-supplied hostnames and usernames from
49 CVE-2026-6057
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability
49 CVE-2026-0740
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary f
49 CVE-2026-1114
In parisneo/lollms version 2.1.0, the application's session management is vulner
49 CVE-2026-20911
A heap-based buffer overflow vulnerability exists in the HuffTable::initval func
49 CVE-2026-20889
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functi
49 CVE-2026-21413
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw
49 CVE-2026-31059
A remote command execution (RCE) vulnerability in the /goform/formDia component
49 CVE-2026-31271
megagao production_ssm v1.0 contains an authorization bypass vulnerability in th
49 CVE-2026-33816
Memory-safety vulnerability in github.com/jackc/pgx/v5.
49 CVE-2026-30079
In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state
49 CVE-2026-31272
MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/m
49 CVE-2026-3296
The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in
49 CVE-2026-31040
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient
49 CVE-2025-52909
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
49 CVE-2025-62818
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Mod
49 CVE-2026-33815
Memory-safety vulnerability in github.com/jackc/pgx/v5.
49 CVE-2026-31151
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypa
49 CVE-2026-35490
### Summary On 13 routes across 5 blueprint files, the `@login_optionally_requi
49 CVE-2026-4277
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
49 CVE-2025-52908
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
49 CVE-2026-5735
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of t
49 CVE-2026-5734
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Fire
49 CVE-2026-2942
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file u
49 CVE-2026-5731
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunder
48 CVE-2026-1115
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social f
48 CVE-2026-5874
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a re
48 CVE-2026-39619
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busi
48 CVE-2026-39617
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bl
48 CVE-2026-40088
The `execute_command` function and workflow shell execution are exposed to user-
48 CVE-2026-5638
A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue
48 CVE-2026-5998
A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This a
48 CVE-2026-5650
A vulnerability was found in code-projects Online Application System for Admissi
48 CVE-2026-5585
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is
48 CVE-2026-5666
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by
48 CVE-2026-5661
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown functio
47 CVE-2026-6118
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is
47 CVE-2026-39397
@delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual
47 CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the search
47 CVE-2025-15611
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces i
47 CVE-2026-33707
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, th
47 CVE-2026-3199
A vulnerability in the task management component of Sonatype Nexus Repository ve
47 CVE-2026-40157
PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the rec
47 CVE-2026-35047
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vul
47 CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element
47 CVE-2026-34078
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1
47 CVE-2026-33439
## Summary OpenIdentityPlatform OpenAM 16.0.5 (and likely earlier versions) is
47 CVE-2026-40035
dfir-unfurl through 20250810 contains an improper input validation vulnerability
47 CVE-2026-34977
Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when up
47 CVE-2026-5595
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affec
47 CVE-2026-25776
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability
47 CVE-2026-39382
dbt enables data analysts and engineers to transform their data using the same p

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2110d
CVE-2021-35464 CRITICAL 9.8 223 1724d
CVE-2020-10189 CRITICAL 9.8 223 2227d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 997d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 899d
Prev 2 / 17 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy