Security Dashboard

7d 14d 30d 90d
Total CVEs
1515
last 7 days
Avg Priority
32.0
of max 220
KEV
0
actively exploited
POC
181
public exploits
Unpatched
438
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
39 CVE-2025-47389
Memory corruption when buffer copy operation fails due to integer overflow durin
39 CVE-2025-47390
Memory corruption while preprocessing IOCTL request in JPEG driver.
39 CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during m
39 CVE-2025-47391
Memory corruption while processing a frame request from user.
39 CVE-2026-21374
Memory Corruption when processing auxiliary sensor input/output control commands
39 CVE-2026-21371
Memory Corruption when retrieving output buffer with insufficient size validatio
39 CVE-2026-5726
ASDA-Soft Stack-based Buffer Overflow Vulnerability
39 CVE-2026-27806
## Summary The Orbit agent's FileVault disk encryption key rotation flow on col
39 CVE-2026-28261
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, ver
39 CVE-2026-33092
Local privilege escalation due to improper handling of environment variables. Th
39 CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-fr
39 CVE-2026-39853
osslsigncode is a tool that implements Authenticode signing and timestamping. Pr
39 CVE-2026-40156
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatical
39 CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databas
39 CVE-2026-5709
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio
39 CVE-2026-39361
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the
39 CVE-2026-35533
### Summary `mise` loads trust-control settings from a local project `.mise.tom
38 CVE-2026-32252
Chartbrew is an open-source web application that can connect directly to databas
38 CVE-2026-39843
Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0,
38 CVE-2026-33461
Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure v
38 CVE-2026-35666
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.r
38 CVE-2026-31941
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
38 CVE-2026-35446
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
38 CVE-2026-40150
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl()
38 CVE-2026-40180
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients
38 CVE-2026-4498
Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug r
38 CVE-2026-35650
OpenClaw before 2026.3.22 contains an environment variable override handling vul
38 CVE-2026-40188
goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, th
38 CVE-2026-35585
File Browser is a file managing interface for uploading, deleting, previewing, r
38 CVE-2026-39369
WWBN AVideo is an open source video platform. In versions 26.0 and prior, object
38 CVE-2026-21381
Transient DOS when receiving a service data frame with excessive length during d
38 CVE-2026-21367
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-rang
38 CVE-2026-39384
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
38 CVE-2026-35534
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored c
38 CVE-2026-39497
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
38 CVE-2026-39487
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
38 CVE-2026-35568
### Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerabi
38 CVE-2026-5466
wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s`
38 CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EV
38 CVE-2026-5301
Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthe
38 CVE-2026-32144
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_o
38 CVE-2026-35485
text-generation-webui is an open-source web interface for running Large Language
38 CVE-2026-4155
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Informat
38 CVE-2026-4157
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vul
38 CVE-2026-35523
Strawberry up until version `0.312.3` is vulnerable to an authentication bypass
38 CVE-2026-3360
The Tutor LMS - eLearning and online course solution plugin for WordPress is vul
38 CVE-2026-39312
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5
38 CVE-2026-3396
WCAPF - WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL I
38 CVE-2026-4156
ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execu
38 CVE-2026-30078
OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invali
38 CVE-2026-39611
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
38 CVE-2026-39613
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
38 CVE-2026-39623
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
38 CVE-2026-39684
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
38 CVE-2026-26027
GLPI is a free asset and IT management software package. From 11.0.0 to before 1
38 CVE-2026-35526
Strawberry GraphQL's WebSocket subscription handlers for both the `graphql-trans
38 CVE-2025-57834
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Mod
38 CVE-2026-39376
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10,
38 CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is p
38 CVE-2026-34148
Fedify is a TypeScript library for building federated server apps powered by Act
38 CVE-2026-29181
multi-value `baggage:` header extraction parses each header field-value independ
38 CVE-2026-24146
NVIDIA Triton Inference Server contains a vulnerability where insufficient input
38 CVE-2026-24175
NVIDIA Triton Inference Server contains a vulnerability where an attacker could
38 CVE-2026-24173
NVIDIA Triton Inference Server contains a vulnerability where an attacker could
38 CVE-2026-24174
NVIDIA Triton Inference Server contains a vulnerability where an attacker could
38 CVE-2026-3902
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
38 CVE-2026-22750
When configuring SSL bundles in Spring Cloud Gateway by using the configuration
38 CVE-2026-30075
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing
38 CVE-2026-39356
Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle O
38 CVE-2026-5886
Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 al
38 CVE-2026-39885
## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-pa
38 CVE-2026-35486
text-generation-webui is an open-source web interface for running Large Language
38 CVE-2026-28390
Issue summary: During processing of a crafted CMS EnvelopedData message with Key
38 CVE-2026-28389
Issue summary: During processing of a crafted CMS EnvelopedData message with Key
38 CVE-2026-33540
Distribution is a toolkit to pack, ship, store, and deliver container content. P
38 CVE-2026-33034
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
38 CVE-2025-57835
An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor,
38 CVE-2025-50644
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50647
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specificall
38 CVE-2025-50648
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade
38 CVE-2025-50646
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insuf
38 CVE-2025-50650
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade
38 CVE-2025-50653
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50662
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default
38 CVE-2025-52221
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm f
38 CVE-2025-50667
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2026-24880
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
38 CVE-2025-54324
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor,
38 CVE-2026-34896
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction,

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 4 / 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy