Security Dashboard

7d 14d 30d 90d
Total CVEs
1516
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
186
public exploits
Unpatched
437
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
46 CVE-2026-5659
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is
46 CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This
46 CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.
46 CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0
46 CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a93
46 CVE-2026-5848
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected elem
46 CVE-2026-5840
A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impac
46 CVE-2026-5839
A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue
46 CVE-2026-5838
A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulne
46 CVE-2026-5683
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerabi
46 CVE-2026-5810
A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected
46 CVE-2026-5679
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B2022
46 CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability
46 CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0.
44 CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by t
44 CVE-2026-5619
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This
44 CVE-2026-5833
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up
44 CVE-2026-5602
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the
44 CVE-2026-5603
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The aff
44 CVE-2026-6003
A security vulnerability has been detected in code-projects Simple IT Discussion
44 CVE-2026-5835
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this v
44 CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is
44 CVE-2026-5644
A security flaw has been discovered in Cyber-III Student-Management-System up to
44 CVE-2026-5643
A vulnerability was identified in Cyber-III Student-Management-System up to 1a93
44 CVE-2026-5836
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected
44 CVE-2026-5668
A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f7
35 CVE-2026-39365
### Summary Any files ending with `.map` even out side the project can be retur
35 CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacte
35 CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
35 CVE-2026-35632
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.
35 CVE-2026-22680
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability
35 CVE-2026-22711
Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia F
35 CVE-2026-39838
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected
35 CVE-2026-39936
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-39935
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-39933
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-39934
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wiki
35 CVE-2025-20628
An insufficient granularity of access control vulnerability exists in PingIDM (f
35 CVE-2026-39351
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0,
35 CVE-2026-4901
Hydrosystem Control System saves sensitive information into a log file. Critical
35 CVE-2026-5736
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unk
35 CVE-2026-5824
A security vulnerability has been detected in code-projects Simple Laundry Syste
35 CVE-2026-5648
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerabi
35 CVE-2026-33088
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability
34 CVE-2026-35667
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where th
34 CVE-2026-5663
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the
34 CVE-2026-5813
A weakness has been identified in PHPGurukul Online Course Registration 3.1. Thi
34 CVE-2026-34480
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layou
34 CVE-2026-34722
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
34 CVE-2026-35652
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in inte
34 CVE-2026-35654
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Micr
34 CVE-2026-35637
OpenClaw before 2026.3.22 performs cite expansion before completing channel and
34 CVE-2026-39892
If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g
34 CVE-2026-33774
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pac
34 CVE-2026-35661
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Tele
34 CVE-2026-35665
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where th
34 CVE-2026-35633
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability
34 CVE-2026-40178
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run pr
34 CVE-2026-5669
A vulnerability has been found in Cyber-III Student-Management-System up to 1a93
34 CVE-2026-6105
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7
34 CVE-2026-35664
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw
34 CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP per
34 CVE-2026-5690
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted ele
34 CVE-2026-5503
In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally
34 CVE-2026-34479
The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape ch
34 CVE-2026-5691
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This af
34 CVE-2026-5672
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0.
34 CVE-2026-5974
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affe
34 CVE-2026-5689
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
34 CVE-2026-5802
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an
34 CVE-2026-35640
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook s
34 CVE-2026-35627
OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbo
34 CVE-2026-35626
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulner
34 CVE-2026-35647
OpenClaw before 2026.3.25 contains an access control vulnerability where verific
34 CVE-2026-33773
An Incorrect Initialization of Resource vulnerability in the packet forwarding e
34 CVE-2026-34478
Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/l
34 CVE-2026-34941
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
34 CVE-2026-31067
A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect
34 CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a pol
34 CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settl
34 CVE-2026-35586
pyLoad is a free and open-source download manager written in Python. Prior to 0.
34 CVE-2026-4482
The installer certificate files in the …/bootstrap/common/ssl folder do not seem
34 CVE-2026-39961
Aiven Operator allows you to provision and manage Aiven Services from your Kuber
34 CVE-2026-30816
An external control of configuration vulnerability in the OpenVPN module of TP-L
34 CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-proc
34 CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS an
34 CVE-2026-30817
An external configuration control vulnerability in the OpenVPN module of TP-Link
34 CVE-2026-33787
An Improper Check for Unusual or Exceptional Conditions vulnerability in the cha
34 CVE-2026-35577
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operat

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1724d
CVE-2020-10189 CRITICAL 9.8 223 2227d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 997d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 899d
Prev 2 / 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy