Security Dashboard

7d 14d 30d 90d
Total CVEs
1518
last 7 days
Avg Priority
32.0
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
438
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
42 CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file
42 CVE-2026-28704
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file i
42 CVE-2026-4788
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information
42 CVE-2026-22682
OpenHarness prior to commit 166fcfe contains an improper access control vulnerab
42 CVE-2026-33791
An OS Command Injection vulnerability in the CLI processing of Juniper Networks
42 CVE-2026-40030
parseusbs before 1.9 contains an OS command injection vulnerability where the vo
42 CVE-2026-40113
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs
42 CVE-2026-35204
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a spec
42 CVE-2026-35205
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm w
42 CVE-2026-40024
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_rec
42 CVE-2026-21915
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks
42 CVE-2026-35641
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in
42 CVE-2026-40027
ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path t
42 CVE-2026-34719
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
42 CVE-2026-35618
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 s
42 CVE-2026-5264
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can s
42 CVE-2026-33779
An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web o
42 CVE-2026-35478
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1
42 CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unaut
42 CVE-2026-35595
## Summary A user with Write-level access to a project can escalate their permi
42 CVE-2026-31939
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path t
41 CVE-2026-39363
### Summary [`server.fs`](https://vite.dev/config/server-options#server-fs-stri
41 CVE-2026-34045
Podman Desktop is a graphical tool for developing on containers and Kubernetes.
41 CVE-2026-35525
### Summary LiquidJS enforces partial and layout root restrictions using the re
41 CVE-2026-35604
File Browser is a file managing interface for uploading, deleting, previewing, r
41 CVE-2026-5208
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authen
41 CVE-2026-5477
An integer overflow existed in the wolfCrypt CMAC implementation, that could be
41 CVE-2026-39364
### Summary The contents of files that are specified by [`server.fs.deny`](http
41 CVE-2026-1116
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` met
41 CVE-2026-4740
A flaw was found in Open Cluster Management (OCM), the technology underlying Red
41 CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a mo
41 CVE-2026-40168
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/s
41 CVE-2026-34578
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNs
41 CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applicati
41 CVE-2026-40163
Saltcorn is an extensible, open source, no-code database application builder. Pr
41 CVE-2026-39429
### Summary The cache server is directly exposed by the root shard and has no a
41 CVE-2026-4272
Missing Authentication for Critical Function vulnerability in Honeywell Handheld
41 CVE-2026-35607
File Browser is a file managing interface for uploading, deleting, previewing, r
41 CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite v
41 CVE-2026-24660
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functi
41 CVE-2026-20884
An integer overflow vulnerability exists in the deflate_dng_load_raw functionali
41 CVE-2026-24450
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw fun
41 CVE-2026-39307
The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbit
41 CVE-2026-5915
Insufficient validation of untrusted input in WebML in Google Chrome prior to 14
41 CVE-2026-35488
Tandoor Recipes is an application for managing recipes, planning meals, and buil
41 CVE-2026-39331
ChurchCRM is an open-source church management system. Prior to 7.1.0, an authent
41 CVE-2026-39344
ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a
41 CVE-2026-5907
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 al
41 CVE-2026-26263
GLPI is a free asset and IT management software package. From 11.0.0 to before 1
41 CVE-2026-35045
Tandoor Recipes is an application for managing recipes, planning meals, and buil
41 CVE-2026-39340
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje
41 CVE-2026-39341
ChurchCRM is an open-source church management system. Prior to 7.1.0, The applic
41 CVE-2026-5373
An issue that allowed all-organization administrators to promote accounts to sup
41 CVE-2026-39371
RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver
40 CVE-2026-40070
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2,
40 CVE-2026-5436
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in
40 CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati
40 CVE-2026-40393
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occu
40 CVE-2026-33466
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash
40 CVE-2026-39394
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
40 CVE-2026-39393
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
40 CVE-2025-58913
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
40 CVE-2026-40200
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co
40 CVE-2026-40259
## Summary An authenticated publish-service reader can invoke `/api/av/removeUn
40 CVE-2026-34402
ChurchCRM is an open-source church management system. Prior to 7.1.0, authentica
40 CVE-2025-24818
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to
40 CVE-2025-24817
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to
40 CVE-2026-20432
In Modem, there is a possible out of bounds write due to a missing bounds check.
40 CVE-2026-35575
ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored C
40 CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier,
40 CVE-2026-40149
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/ap
39 CVE-2026-4150
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This
39 CVE-2026-4154
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This
39 CVE-2026-4151
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This
39 CVE-2026-4153
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
39 CVE-2026-4152
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
39 CVE-2026-5495
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
39 CVE-2026-5494
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
39 CVE-2026-5496
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Exe
39 CVE-2026-5493
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
39 CVE-2026-21380
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memor
39 CVE-2026-21382
Memory Corruption when handling power management requests with improperly sized
39 CVE-2026-21378
Memory Corruption when accessing an output buffer without validating its size du
39 CVE-2026-5054
NoMachine External Control of File Path Local Privilege Escalation Vulnerability
39 CVE-2026-21373
Memory Corruption when accessing an output buffer without validating its size du
39 CVE-2026-21375
Memory Corruption when accessing an output buffer without validating its size du
39 CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil
39 CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle at
39 CVE-2026-25203
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat
39 CVE-2026-21376
Memory Corruption when accessing an output buffer without validating its size du

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 3 / 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy