Security Dashboard

7d 14d 30d 90d
Total CVEs
1516
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
186
public exploits
Unpatched
437
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
47 CVE-2026-5999
A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown
47 CVE-2026-6111
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. Thi
47 CVE-2026-6117
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affect
47 CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected eleme
47 CVE-2026-5607
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0
47 CVE-2026-6034
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. I
47 CVE-2026-6032
A vulnerability was found in code-projects Simple Laundry System 1.0. This impac
47 CVE-2026-5625
A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This i
47 CVE-2026-5620
A vulnerability has been found in itsourcecode Construction Management System 1.
47 CVE-2026-6035
A vulnerability has been found in code-projects Vehicle Showroom Management Syst
47 CVE-2026-35614
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0,
47 CVE-2026-39324
Rack::Session is a session management implementation for Rack. From 2.0.0 to bef
47 CVE-2026-5719
A flaw has been found in itsourcecode Construction Management System 1.0. This a
47 CVE-2026-6005
A flaw has been found in code-projects Patient Record Management System 1.0. The
47 CVE-2026-6033
A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an
47 CVE-2026-6030
A flaw has been found in itsourcecode Construction Management System 1.0. The im
47 CVE-2026-6006
A vulnerability has been found in code-projects Patient Record Management System
47 CVE-2026-6007
A vulnerability was found in itsourcecode Construction Management System 1.0. Th
47 CVE-2026-5649
A vulnerability has been found in code-projects Online Application System for Ad
47 CVE-2026-6010
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Aff
47 CVE-2026-5641
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The
47 CVE-2026-5640
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1.
47 CVE-2026-5587
A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769
47 CVE-2026-5596
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this is
47 CVE-2026-34580
Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::
47 CVE-2026-5597
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown pa
47 CVE-2026-5826
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issu
47 CVE-2026-6119
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected
47 CVE-2026-5825
A vulnerability was detected in code-projects Simple Laundry System 1.0. This vu
47 CVE-2026-5630
A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted el
47 CVE-2026-5636
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
47 CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
47 CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted
47 CVE-2026-1346
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
47 CVE-2026-6109
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impa
46 CVE-2026-5194
Missing hash/digest size and OID checks allow digests smaller than allowed when
46 CVE-2025-62718
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.
46 CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0
46 CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This
46 CVE-2026-35178
Workbench is a suite of tools for administrators and developers to interact with
46 CVE-2026-33784
A Use of Default Password vulnerability in the Juniper Networks Support Insigh
46 CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.
46 CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Managemen
46 CVE-2026-5659
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is
46 CVE-2026-5803
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27
46 CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a93
46 CVE-2026-40177
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run pr
46 CVE-2026-34424
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-st
46 CVE-2026-31845
A pre-authenticated reflected cross-site scripting (XSS) vulnerability exists in
46 CVE-2025-39666
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46
46 CVE-2026-40189
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces
46 CVE-2026-40111
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks
46 CVE-2026-39987
## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal
46 CVE-2026-40154
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remo
46 CVE-2026-33698
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack
46 CVE-2026-35615
### Executive Summary: The path validation has a critical logic bug: it checks f
46 CVE-2026-39322
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and ea
46 CVE-2026-28205
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Def
46 CVE-2026-35556
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that
46 CVE-2026-35573
ChurchCRM is an open-source church management system. Prior to 6.5.3, a path tra
46 CVE-2026-34177
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLo
46 CVE-2026-39339
ChurchCRM is an open-source church management system. Prior to 7.1.0, a critica
46 CVE-2026-34179
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in
46 CVE-2025-71058
Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses withou
46 CVE-2026-5848
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected elem
46 CVE-2026-39847
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0
46 CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictio
46 CVE-2026-26026
GLPI is a free asset and IT management software package. From 11.0.0 to before 1
46 CVE-2026-29145
CLIENT_CERT authentication does not fail as expected for some scenarios when sof
46 CVE-2026-5627
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up
46 CVE-2026-5839
A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue
46 CVE-2026-5838
A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulne
46 CVE-2026-5840
A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impac
46 CVE-2026-28386
Issue summary: Applications using AES-CFB128 encryption or decryption on systems
46 CVE-2025-69515
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attack
46 CVE-2025-58349
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, a
46 CVE-2026-31017
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format fu
46 CVE-2025-57735
When user logged out, the JWT token the user had authtenticated with was not inv
46 CVE-2026-35580
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Act
46 CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0.
46 CVE-2026-33771
A Weak Password Requirements vulnerability in the password management function o
46 CVE-2026-5683
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerabi
46 CVE-2026-32892
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
46 CVE-2026-5679
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B2022
46 CVE-2026-39980
OpenCTI is an open source platform for managing cyber threat intelligence knowle
46 CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability
46 CVE-2026-5810
A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected
46 CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path tra
46 CVE-2026-35050
text-generation-webui is an open-source web interface for running Large Language
46 CVE-2026-40258
## Summary A path traversal vulnerability (Zip Slip) exists in the media archiv

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1724d
CVE-2020-10189 CRITICAL 9.8 223 2227d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 997d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 899d
Prev 3 / 17 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy