Security Dashboard

7d 14d 30d 90d
Total CVEs
1518
last 7 days
Avg Priority
32.0
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
438
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
34 CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-chec
33 CVE-2026-4837
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic fo
33 CVE-2026-35197
dye is a portable and respectful color library for shell scripts. Prior to 1.1.1
33 CVE-2026-35479
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
33 CVE-2026-27102
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 t
33 CVE-2026-3689
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulner
33 CVE-2026-20431
In Modem, there is a possible system crash due to a logic error. This could lead
33 CVE-2026-34500
CLIENT_CERT authentication does not fail as expected for some scenarios when sof
33 CVE-2026-5876
Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7
33 CVE-2026-39848
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container
33 CVE-2026-34378
OpenEXR provides the specification and reference implementation of the EXR file
33 CVE-2026-3480
The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in a
33 CVE-2026-5867
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a
33 CVE-2026-5869
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a
33 CVE-2026-5864
Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed
33 CVE-2026-39708
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39696
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39702
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39646
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39508
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39517
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39666
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39692
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39674
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39575
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39368
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Li
33 CVE-2026-5905
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.
33 CVE-2026-5207
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order
33 CVE-2026-39354
Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an
33 CVE-2026-39374
Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBul
33 CVE-2026-1865
The User Registration & Membership - Free & Paid Memberships, Subscriptions, Con
33 CVE-2026-5919
Insufficient validation of untrusted input in WebSockets in Google Chrome prior
33 CVE-2026-1839
A vulnerability in the HuggingFace Transformers library, specifically in the `Tr
33 CVE-2026-32588
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticate
33 CVE-2026-39569
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-st
33 CVE-2026-39639
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-i
33 CVE-2026-34538
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom re
33 CVE-2026-35492
### Impact PartitionedDataset in kedro-datasets was vulnerable to path traversa
33 CVE-2025-47374
Memory Corruption when accessing freed memory due to concurrent fence deregistra
33 CVE-2026-39366
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Pa
33 CVE-2026-1672
The BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Plug
33 CVE-2026-39633
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental g
33 CVE-2026-39641
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyr
32 CVE-2026-33736
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authentica
32 CVE-2026-40148
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall(
32 CVE-2026-33141
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Di
32 CVE-2026-39943
Directus is a real-time API and App dashboard for managing SQL database content.
32 CVE-2026-35599
## Summary The `addRepeatIntervalToTime` function uses an O(n) loop that advanc
32 CVE-2026-34897
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
32 CVE-2026-1101
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef
32 CVE-2026-2377
A flaw was found in mirror-registry. Authenticated users can exploit the log exp
32 CVE-2026-35173
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR /
32 CVE-2026-35594
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,
32 CVE-2026-35403
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
32 CVE-2026-33708
Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info
32 CVE-2026-27460
Tandoor Recipes is an application for managing recipes, planning meals, and buil
32 CVE-2026-6068
NASM contains a heap use after free vulnerability in response file (-@) processi
32 CVE-2026-33459
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of serv
32 CVE-2026-4429
The OSM - OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2026-3618
The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Si
32 CVE-2026-5742
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in
32 CVE-2026-4025
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2026-4303
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable
32 CVE-2026-4336
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Si
32 CVE-2026-3142
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vu
32 CVE-2026-2305
The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cros
32 CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripti
32 CVE-2026-4341
The Prime Slider - Addons for Elementor plugin for WordPress is vulnerable to St
32 CVE-2026-3513
The TableOn - WordPress Posts Table Filterable plugin for WordPress is vulnerabl
32 CVE-2026-5357
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scr
32 CVE-2026-4073
The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
32 CVE-2026-4785
The LatePoint - Calendar Booking Plugin for Appointments and Events plugin for W
32 CVE-2026-4333
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stor
32 CVE-2026-3600
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
32 CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in
32 CVE-2026-4895
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulne
32 CVE-2026-4655
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stor
32 CVE-2026-5506
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t
32 CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to S
32 CVE-2026-3498
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scri
32 CVE-2026-4871
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Si
32 CVE-2026-3239
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2026-2481
The Beaver Builder Page Builder - Drag and Drop Website Builder plugin for WordP
32 CVE-2026-5508
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
32 CVE-2026-3311
The The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widget
32 CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries (in
32 CVE-2026-33727
Pi-hole is a Linux network-level advertisement and Internet tracker blocking app
32 CVE-2026-2988
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site S
32 CVE-2026-4379
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site
32 CVE-2025-14732
The Elementor Website Builder - More Than Just a Page Builder plugin for WordPre

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 3 / 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy