Security Dashboard

7d 14d 30d 90d

Total CVEs

1343

last 7 days

Avg Priority

21.3

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

234

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
39	CVE-2026-38945 Command injection in Raynet rvia version 12.6 Update 8 and previous versions all	HIGH	7.8	0.0%		2026-05-27
39	CVE-2026-46439 A High severity Server-Side Template Injection (SSTI) vulnerability exists in th	HIGH	7.8	-	FIX	2026-05-28
39	CVE-2026-47333 Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which can potentia	HIGH	7.8	-	FIX	2026-05-28
39	CVE-2026-47331 Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock wh	HIGH	7.8	-	FIX	2026-05-28
39	CVE-2026-26147 Improper input validation in Azure Compute Gallery allows an authorized attacker	HIGH	7.7	0.1%	FIX	2026-05-22
39	CVE-2026-46427 Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at	HIGH	7.7	0.0%	FIX	2026-05-27
39	CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 an	HIGH	7.7	0.0%	FIX	2026-05-27
39	CVE-2026-48146 Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token	HIGH	7.7	0.0%	FIX	2026-05-27
38	CVE-2026-9804 A flaw was found in KubeVirt's virt-exportserver component. An attacker with spe	HIGH	7.7	0.0%		2026-05-28
38	CVE-2026-39965 TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via	HIGH	7.7	0.0%		2026-05-22
38	CVE-2026-45296 OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's	HIGH	7.7	-	FIX	2026-05-28
38	CVE-2026-34911 A malicious actor with access to the network and low privileges could exploit a	HIGH	7.7	0.0%	FIX	2026-05-22
38	CVE-2026-46823 Vulnerability in the Oracle Public Sector Financials (International) product of	HIGH	7.7	-		2026-05-28
38	CVE-2026-46821 Vulnerability in the Oracle Financials Common Modules product of Oracle E-Busine	HIGH	7.7	-		2026-05-28
38	CVE-2026-42398 Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with	HIGH	7.7	-		2026-05-28
38	CVE-2026-42790 Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_c	HIGH	7.6	0.0%		2026-05-27
38	CVE-2026-34207 TypeBot is a chatbot builder tool. SSRF protection for Webhook / HTTP Request b	HIGH	7.6	0.1%		2026-05-22
38	CVE-2026-48545 Gradio before version 6.15.0 contains a cookie injection vulnerability that allo	HIGH	7.6	0.0%	FIX	2026-05-27
38	CVE-2026-48922 Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not prope	HIGH	7.5	0.2%		2026-05-27
38	CVE-2026-44847 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's web	HIGH	7.5	0.1%	FIX	2026-05-26
38	CVE-2026-9200 The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion i	HIGH	7.5	0.1%		2026-05-27
38	CVE-2026-23663 Improper privilege management in Azure Entra ID allows an unauthorized attacker	HIGH	7.5	0.1%	FIX	2026-05-22
38	CVE-2026-48921 Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does	HIGH	7.5	0.0%		2026-05-27
38	CVE-2026-48829 In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting bo	HIGH	7.5	0.0%	FIX	2026-05-24
38	CVE-2026-42760 Authentication Bypass Using an Alternate Path or Channel vulnerability in revmak	HIGH	7.5	0.0%		2026-05-27
38	CVE-2026-42736 Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Be	HIGH	7.5	0.0%		2026-05-27
38	CVE-2026-43988 Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26	HIGH	7.5	0.0%	FIX	2026-05-26
38	CVE-2026-48151 Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schem	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2025-14713 An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Ed	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-48901 The InputFilter::getInstance() method omitted a security sensitive parameter fro	HIGH	7.5	0.0%		2026-05-26
38	CVE-2026-42497 Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/26. ns	HIGH	7.5	0.0%	FIX	2026-05-26
38	CVE-2026-46597 An incorrectly placed cast from bytes to int allowed for server-side panic in th	HIGH	7.5	0.0%	FIX	2026-05-22
38	CVE-2026-9538 Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/26. ar	HIGH	7.5	0.0%	FIX	2026-05-26
38	CVE-2026-48048 ### Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insuffici	HIGH	7.5	-	FIX	2026-05-26
38	CVE-2026-32995 The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8	HIGH	7.5	0.0%	FIX	2026-05-28
38	CVE-2026-48972 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%	FIX	2026-05-27
38	CVE-2026-46829 Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported ver	HIGH	7.5	-		2026-05-28
38	CVE-2026-4834 The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'sear	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-45332 ### Summary A Broken Access Control vulnerability allows an unauthenticated at	HIGH	7.5	-	FIX	2026-05-27
38	CVE-2026-46834 Vulnerability in the Net Service component of Oracle Database Server. Supported	HIGH	7.5	-		2026-05-28
38	CVE-2026-3366 IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2	HIGH	7.5	0.1%		2026-05-27
38	CVE-2026-5740 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-48116 AnythingLLM is an application that turns pieces of content into context that any	HIGH	7.5	-		2026-05-28
38	CVE-2026-8180 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A	HIGH	7.5	0.1%		2026-05-27
38	CVE-2026-7797 The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin p	HIGH	7.5	0.1%		2026-05-28
38	CVE-2026-8679 The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Re	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-45357 ## Summary The `date` filter's strftime implementation parses width specifiers	HIGH	7.5	-		2026-05-27
38	CVE-2026-45104 MapServer is a system for developing web-based GIS applications. From 6.4.0 to b	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-45617 ## Summary The built-in `strip_html` filter in liquidjs uses a regex containing	HIGH	7.5	-	FIX	2026-05-27
38	CVE-2026-8361 A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processin	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-9011 The Ditty - Responsive News Tickers, Sliders, and Lists plugin for WordPress is	HIGH	7.5	0.1%		2026-05-22
38	CVE-2026-47717 ### Summary The GET /api/project endpoint exposes sensitive project configurati	HIGH	7.5	-	FIX	2026-05-27
38	CVE-2026-8360 Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DL	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-8671 Insertion of sensitive information into log file vulnerability in syslink softwa	HIGH	7.5	0.0%	FIX	2026-05-22
38	CVE-2026-44905 Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26	HIGH	7.5	0.0%		2026-05-26
38	CVE-2026-8359 When processing a request with a URL path starting with /status or /sysinfo, WOS	HIGH	7.5	0.0%	FIX	2026-05-27
38	CVE-2026-46835 Vulnerability in the Net Service component of Oracle Database Server. Supported	HIGH	7.5	-		2026-05-28
37	CVE-2026-47269 pam_usb provides hardware authentication for Linux using ordinary removable medi	HIGH	7.4	0.1%	FIX	2026-05-27
37	CVE-2026-9632 A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-9631 A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affe	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-9628 A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-9627 A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-44460 FileRise is a self-hosted web-based file manager with multi-file upload, editing	HIGH	7.4	0.0%	FIX	2026-05-27
37	CVE-2026-49014 In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver all	HIGH	7.4	0.0%		2026-05-27
37	CVE-2026-48526 PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the ve	HIGH	7.4	-	FIX	2026-05-28
37	CVE-2026-46818 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone	HIGH	7.4	-		2026-05-28
37	CVE-2026-44726 ## Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS c	HIGH	7.4	-	FIX	2026-05-27
37	CVE-2026-36540 Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command in	HIGH	7.3	0.2%		2026-05-27
37	CVE-2026-37712 An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows	HIGH	7.3	0.1%		2026-05-27
37	CVE-2026-37713 An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows	HIGH	7.3	0.1%		2026-05-27
37	CVE-2026-42745 Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTEC	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-38422 Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-42746 Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-42753 Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::	HIGH	7.3	0.0%	FIX	2026-05-27
37	CVE-2026-36539 Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi	HIGH	7.3	0.0%		2026-05-27
37	CVE-2026-48831 Wine ships a .desktop file that registers itself as a MIME handler for EXE files	HIGH	7.3	0.0%		2026-05-24
37	CVE-2026-36538 Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential store	HIGH	7.3	0.0%		2026-05-27
36	CVE-2026-32996 This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privile	HIGH	7.3	0.0%		2026-05-28
36	CVE-2026-37711 An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows	HIGH	7.3	0.2%		2026-05-27
36	CVE-2026-38426 Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a	HIGH	7.3	0.2%		2026-05-27
36	CVE-2026-9795 A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature.	HIGH	7.3	0.0%		2026-05-28
36	CVE-2026-38427 An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allo	HIGH	7.3	0.1%		2026-05-27
36	CVE-2026-34126 TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1	HIGH	7.3	-	FIX	2026-05-28
36	CVE-2026-36045 picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the Exec	HIGH	7.3	0.1%		2026-05-27
36	CVE-2026-6169 The affiliate-toolkit plugin for WordPress is vulnerable to remote code executio	HIGH	7.2	0.2%		2026-05-27
36	CVE-2026-40852 A highly authenticated attacker can alter the config generator injecting a paylo	HIGH	7.2	0.1%		2026-05-27
36	CVE-2026-3375 The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scri	HIGH	7.2	0.1%		2026-05-27
36	CVE-2026-8143 The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via	HIGH	7.2	0.1%		2026-05-27
36	CVE-2026-42782 Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An	HIGH	7.2	0.0%		2026-05-25

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3799d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 4 / 15 Next