Total CVEs
1516
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
186
public exploits
Unpatched
437
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Priority Distribution
| Priority | CVE |
|---|---|
| 46 |
CVE-2026-26026
GLPI is a free asset and IT management software package. From 11.0.0 to before 1
|
| 46 |
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictio
|
| 46 |
CVE-2026-29145
CLIENT_CERT authentication does not fail as expected for some scenarios when sof
|
| 46 |
CVE-2026-5627
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up
|
| 46 |
CVE-2026-28386
Issue summary: Applications using AES-CFB128 encryption or decryption on
systems
|
| 46 |
CVE-2025-69515
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attack
|
| 46 |
CVE-2025-58349
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, a
|
| 46 |
CVE-2026-31017
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format fu
|
| 46 |
CVE-2026-35580
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Act
|
| 46 |
CVE-2025-57735
When user logged out, the JWT token the user had authtenticated with was not inv
|
| 46 |
CVE-2026-39980
OpenCTI is an open source platform for managing cyber threat intelligence knowle
|
| 46 |
CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path tra
|
| 46 |
CVE-2026-33771
A Weak Password Requirements vulnerability in the password management function o
|
| 46 |
CVE-2026-35050
text-generation-webui is an open-source web interface for running Large Language
|
| 46 |
CVE-2026-40258
## Summary
A path traversal vulnerability (Zip Slip) exists in the media archiv
|
| 46 |
CVE-2026-32892
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
|
| 45 |
CVE-2026-39846
SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious no
|
| 45 |
CVE-2026-39305
The Action Orchestrator feature contains a Path Traversal vulnerability that all
|
| 45 |
CVE-2026-34987
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and
|
| 45 |
CVE-2026-34971
Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and
|
| 45 |
CVE-2026-39860
Nix is a package manager for Linux and other Unix systems. A bug in the fix for
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1724d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2227d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 997d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 899d |
Prev
2 / 2