Security Dashboard

7d 14d 30d 90d

Total CVEs

1343

last 7 days

Avg Priority

21.3

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

234

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
38	CVE-2026-48151 Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schem	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2025-14713 An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Ed	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-48901 The InputFilter::getInstance() method omitted a security sensitive parameter fro	HIGH	7.5	0.0%		2026-05-26
38	CVE-2026-42497 Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/26. ns	HIGH	7.5	0.0%	FIX	2026-05-26
38	CVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side panic in th	HIGH	7.5	0.0%	FIX	2026-05-22
38	CVE-2026-9538 Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/26. ar	HIGH	7.5	0.0%	FIX	2026-05-26
38	CVE-2026-8360 Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DL	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-45104 MapServer is a system for developing web-based GIS applications. From 6.4.0 to b	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-8359 When processing a request with a URL path starting with /status or /sysinfo, WOS	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-3366 IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2	HIGH	7.5	0.1%		2026-05-27
38	CVE-2026-45332 ### Summary A Broken Access Control vulnerability allows an unauthenticated at	HIGH	7.5	-	FIX	2026-05-27
38	CVE-2026-45357 ## Summary The `date` filter's strftime implementation parses width specifiers	HIGH	7.5	-		2026-05-27
38	CVE-2026-45617 ## Summary The built-in `strip_html` filter in liquidjs uses a regex containing	HIGH	7.5	-	FIX	2026-05-27
38	CVE-2026-47717 ### Summary The GET /api/project endpoint exposes sensitive project configurati	HIGH	7.5	-	FIX	2026-05-27
38	CVE-2026-48116 AnythingLLM is an application that turns pieces of content into context that any	HIGH	7.5	-		2026-05-28
38	CVE-2026-32995 The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8	HIGH	7.5	0.0%	FIX	2026-05-28
38	CVE-2026-48972 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%	FIX	2026-05-27
38	CVE-2026-8361 A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processin	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-8180 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A	HIGH	7.5	0.1%		2026-05-27
38	CVE-2026-7797 The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin p	HIGH	7.5	0.1%		2026-05-28
38	CVE-2026-44905 Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26	HIGH	7.5	0.0%		2026-05-26
38	CVE-2026-46834 Vulnerability in the Net Service component of Oracle Database Server. Supported	HIGH	7.5	-		2026-05-28
38	CVE-2026-46835 Vulnerability in the Net Service component of Oracle Database Server. Supported	HIGH	7.5	-		2026-05-28
38	CVE-2026-48048 ### Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insuffici	HIGH	7.5	-	FIX	2026-05-26
38	CVE-2026-9011 The Ditty - Responsive News Tickers, Sliders, and Lists plugin for WordPress is	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-8679 The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Re	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-46829 Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported ver	HIGH	7.5	-		2026-05-28
38	CVE-2026-5740 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-4834 The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'sear	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-8671 Insertion of sensitive information into log file vulnerability in syslink softwa	HIGH	7.5	0.0%	FIX	2026-05-22
37	CVE-2026-47269 pam_usb provides hardware authentication for Linux using ordinary removable medi	HIGH	7.4	0.1%	FIX	2026-05-27
37	CVE-2026-9632 A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-9631 A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affe	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-9627 A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-9628 A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-44460 FileRise is a self-hosted web-based file manager with multi-file upload, editing	HIGH	7.4	0.0%	FIX	2026-05-27
37	CVE-2026-49014 In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver all	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-46818 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone	HIGH	7.4	-		2026-05-28
37	CVE-2026-48526 PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the ve	HIGH	7.4	-	FIX	2026-05-28
37	CVE-2026-44726 ## Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS c	HIGH	7.4	-	FIX	2026-05-27
37	CVE-2026-36540 Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command in	HIGH	7.3	0.2%		2026-05-27
37	CVE-2026-37713 An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows	HIGH	7.3	0.1%		2026-05-27
37	CVE-2026-37712 An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows	HIGH	7.3	0.1%		2026-05-27
37	CVE-2026-42745 Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTEC	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-38422 Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-42746 Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-42753 Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::	HIGH	7.3	0.0%	FIX	2026-05-27
37	CVE-2026-36539 Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-48831 Wine ships a .desktop file that registers itself as a MIME handler for EXE files	HIGH	7.3	0.0%		2026-05-24
37	CVE-2026-36538 Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential store	HIGH	7.3	0.0%		2026-05-27
36	CVE-2026-38426 Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a	HIGH	7.3	0.2%		2026-05-27
36	CVE-2026-32996 This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privile	HIGH	7.3	0.0%		2026-05-28
36	CVE-2026-9795 A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature.	HIGH	7.3	0.0%		2026-05-28
36	CVE-2026-37711 An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows	HIGH	7.3	0.2%		2026-05-27
36	CVE-2026-38427 An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allo	HIGH	7.3	0.1%		2026-05-27
36	CVE-2026-36045 picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the Exec	HIGH	7.3	0.1%		2026-05-27
36	CVE-2026-34126 TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1	HIGH	7.3	-	FIX	2026-05-28
36	CVE-2026-6169 The affiliate-toolkit plugin for WordPress is vulnerable to remote code executio	HIGH	7.2	0.2%		2026-05-27
36	CVE-2026-40852 A highly authenticated attacker can alter the config generator injecting a paylo	HIGH	7.2	0.1%		2026-05-27
36	CVE-2026-3375 The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scri	HIGH	7.2	0.1%		2026-05-27
36	CVE-2026-8143 The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via	HIGH	7.2	0.1%		2026-05-27
36	CVE-2026-42782 Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An	HIGH	7.2	0.0%		2026-05-25
36	CVE-2026-7634 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site S	HIGH	7.2	0.1%		2026-05-28
36	CVE-2026-2374 The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cros	HIGH	7.2	0.1%		2026-05-28
36	CVE-2026-44982 ## Summary The CrowdSec AppSec component fails to read the HTTP request body fo	HIGH	7.2	-	FIX	2026-05-27
36	CVE-2026-6720 When calicoctl is invoked with --log-level=info or --log-level=debug, the client	HIGH	7.2	-	FIX	2026-05-28
36	CVE-2026-7052 The HT Contact Form - Drag & Drop Form Builder for WordPress plugin for WordPres	HIGH	7.2	0.2%		2026-05-28
36	CVE-2026-9291 Insecure deserialization in the job results processing component in Amazon Brake	HIGH	7.1	0.3%	FIX	2026-05-22
36	CVE-2026-6268 The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id'	HIGH	7.1	0.1%	FIX	2026-05-27
36	CVE-2026-42749 Authentication Bypass Using an Alternate Path or Channel vulnerability in Themei	HIGH	7.1	0.1%		2026-05-27
36	CVE-2026-49017 In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite	HIGH	7.1	0.0%	FIX	2026-05-27
36	CVE-2026-39968 TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHS	HIGH	7.1	0.0%		2026-05-22
36	CVE-2026-40843 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40840 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40833 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40835 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40836 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40832 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40831 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40838 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40834 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40845 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40839 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40841 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40837 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40842 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40848 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40844 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40846 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3799d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 3 / 4 Next