Security Dashboard

7d 14d 30d 90d

Total CVEs

1345

last 7 days

Avg Priority

21.2

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

231

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
32	CVE-2026-28444 Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLo	MEDIUM	6.5	0.0%		2026-05-22
32	CVE-2026-4635 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.	MEDIUM	6.5	0.0%		2026-05-22
32	CVE-2026-8884 The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8844 The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scr	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8891 The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8872 The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-9022 The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Sit	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8703 The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scrip	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8042 The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8842 The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Sc	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8871 The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site S	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8887 The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8870 The Team Master - A Modern WordPress Team Showcase plugin for WordPress is vulne	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8877 The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8875 The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable to Stored C	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8868 The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scr	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8867 The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Sit	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8846 The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting v	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8837 The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8899 The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scrip	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8897 The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scri	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8847 The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8845 The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scr	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8869 The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Sc	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8048 The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site S	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8894 The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scriptin	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8702 The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripti	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8040 The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Script	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8698 The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable t	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8701 The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Si	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-6565 The Style Kits - Advanced Theme Styles for Elementor, Elementor Kits & Elementor	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8866 The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8873 The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Sc	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8886 The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripti	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-8898 The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scrip	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-2030 The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-3895 The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-3896 The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cro	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-3897 The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Sto	MEDIUM	6.4	0.0%		2026-05-27
32	CVE-2026-44462 Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system ca	MEDIUM	6.4	-	FIX	2026-05-28
32	CVE-2026-9104 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting	MEDIUM	6.4	0.1%		2026-05-22
32	CVE-2026-6427 The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripti	MEDIUM	6.4	0.0%		2026-05-28
32	CVE-2026-7509 The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripti	MEDIUM	6.4	0.0%		2026-05-22
32	CVE-2026-4334 The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scri	MEDIUM	6.4	0.0%		2026-05-28
32	CVE-2026-45703 ### Summary The `WordExport` export flow only checks whether the current backen	MEDIUM	6.4	-	FIX	2026-05-27
32	CVE-2026-9644 The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to S	MEDIUM	6.4	0.0%		2026-05-28
32	CVE-2026-9373 A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unkno	MEDIUM	6.3	0.1%		2026-05-24
32	CVE-2026-42335 MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.	MEDIUM	6.3	0.0%	FIX	2026-05-26
32	CVE-2026-46416 Microsoft UFO open-source framework for intelligent automation across devices an	MEDIUM	6.3	0.0%		2026-05-27
32	CVE-2026-45412 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via wo	MEDIUM	6.3	0.0%	FIX	2026-05-26
32	CVE-2026-2254 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 an	MEDIUM	6.3	0.0%	FIX	2026-05-27
32	CVE-2026-47274 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	6.3	0.0%	FIX	2026-05-27
32	CVE-2026-47270 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	6.3	0.0%	FIX	2026-05-27
32	CVE-2026-42791 Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_o	MEDIUM	6.3	0.1%		2026-05-27
32	CVE-2026-49093 Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user	MEDIUM	6.3	-		2026-05-28
32	CVE-2026-9806 A stored cross-site scripting (XSS) vulnerability exists in the notification pan	MEDIUM	6.3	0.0%	FIX	2026-05-28
32	CVE-2026-30498 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.p	MEDIUM	6.3	0.0%		2026-05-27
31	CVE-2026-2237 A use of get request method with sensitive query strings vulnerability in volume	MEDIUM	6.2	0.0%	FIX	2026-05-27
31	CVE-2026-9813 FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vuln	MEDIUM	6.2	0.0%	FIX	2026-05-28
31	CVE-2026-48696 FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vu	MEDIUM	6.2	0.0%		2026-05-26
31	CVE-2026-8707 The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-	MEDIUM	6.1	0.1%		2026-05-27
31	CVE-2026-3001 The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Script	MEDIUM	6.1	0.1%		2026-05-27
31	CVE-2026-3349 The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-	MEDIUM	6.1	0.1%		2026-05-27
31	CVE-2026-8911 The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery	MEDIUM	6.1	0.0%		2026-05-27
31	CVE-2026-8906 The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery	MEDIUM	6.1	0.0%		2026-05-27
31	CVE-2025-13593 Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1	MEDIUM	6.1	0.0%	FIX	2026-05-27
31	CVE-2025-66593 An origin validation error vulnerability in Synology Assistant before 7.0.6-5008	MEDIUM	6.1	0.0%	FIX	2026-05-27
31	CVE-2025-66592 An origin validation error vulnerability in Synology Active Backup for Business	MEDIUM	6.1	0.0%	FIX	2026-05-27
30	CVE-2026-7660 The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-S	MEDIUM	6.1	0.0%		2026-05-28
30	CVE-2026-47328 Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly	MEDIUM	6.1	-	FIX	2026-05-28
30	CVE-2026-6864 The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected C	MEDIUM	6.1	0.0%		2026-05-22
30	CVE-2026-9646 A reflected cross-site scripting issue exists in URL handling.	MEDIUM	6.1	-		2026-05-28
30	CVE-2026-44644 ## Summary The `strip_html` filter in liquidjs is intended to remove HTML tags	MEDIUM	6.1	-		2026-05-27
30	CVE-2026-3481 The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scrip	MEDIUM	6.1	0.0%		2026-05-22
30	CVE-2026-45307 Speakr is a personal, self-hosted web application designed for transcribing audi	MEDIUM	6.1	-	FIX	2026-05-28
30	CVE-2026-47128 ### Summary The nono Landlock/seccomp policies allow access to local Unix domai	MEDIUM	6.1	-		2026-05-28
30	CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vuln	MEDIUM	6.1	0.0%	FIX	2026-05-22
30	CVE-2026-49102 Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachme	MEDIUM	6.1	0.0%	FIX	2026-05-27
30	CVE-2026-4377 Dlink DWR-X1820 router uses weak default password generated from its IMEI number	MEDIUM	6.0	0.0%	FIX	2026-05-28
30	CVE-2026-44394 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federa	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-41185 When Calico is configured with the Azure IPAM plugin, the Calico CNI binary muta	MEDIUM	6.0	-	FIX	2026-05-28
30	CVE-2026-42999 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC p	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-42998 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone applic	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-46685 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	MEDIUM	6.0	-	FIX	2026-05-28
30	CVE-2026-41184 In Calico, the install-cni init container logs the rendered CNI configuration to	MEDIUM	6.0	-	FIX	2026-05-28
30	CVE-2026-43000 An issue was discovered in OpenStack Keystone before 29.0.2. When combined with	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-48593 Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oba	MEDIUM	5.9	0.0%	FIX	2026-05-26
30	CVE-2026-43827 Default configurations of Apache Shiro have a session fixation vulnerability. T	MEDIUM	5.9	0.0%		2026-05-25
30	CVE-2025-10466 Improper neutralization of input during web page generation ('Cross-site Scripti	MEDIUM	5.9	0.0%	FIX	2026-05-27
30	CVE-2026-43828 Default configurations of Apache Shiro send sensitive cookies in HTTPS session w	MEDIUM	5.9	0.0%		2026-05-25

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 2 / 5 Next