Security Dashboard

7d 14d 30d 90d

Total CVEs

1494

last 7 days

Avg Priority

19.3

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

233

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
36	CVE-2026-40842 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40843 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40839 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42738 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42728 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2025-52747 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42729 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42733 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42734 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42762 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42754 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2025-22741 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42759 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-47272 pam_usb provides hardware authentication for Linux using ordinary removable medi	HIGH	7.1	0.0%	FIX	2026-05-27
36	CVE-2026-41074 RT is an open source, enterprise-grade issue and ticket tracking system. Version	HIGH	7.1	0.0%		2026-05-22
36	CVE-2026-1718 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a deni	HIGH	7.1	0.0%		2026-05-27
36	CVE-2025-14361 Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates all	HIGH	7.1	0.0%		2026-05-26
36	CVE-2026-1933 A flaw was found in Samba’s handling of NTFS-style reparse points on shares conf	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-7528 IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to unco	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-45342 LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkA	HIGH	7.1	-	FIX	2026-05-28
36	CVE-2026-45042 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	HIGH	7.1	-	FIX	2026-05-28
36	CVE-2026-47118 Agent Zero before version 1.15 contains a path traversal vulnerability that allo	HIGH	7.1	0.1%	FIX	2026-05-27
35	CVE-2026-40829 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40830 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40828 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40827 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40823 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40824 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40825 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-49000 An insecure password scheme refers to vulnerabilities arising from improper sele	HIGH	7.0	0.0%		2026-05-27
35	CVE-2025-46284 A race condition was addressed with additional validation. This issue is fixed i	HIGH	7.0	0.0%	FIX	2026-05-26
35	CVE-2026-44604 A command injection vulnerability was discovered in the `rpmuncompress` utility	HIGH	7.0	0.0%		2026-05-28
35	CVE-2026-42789 Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-42462 ### Summary An attacker can make use of JSON-LD features to restructure a JSON-	HIGH	7.0	-	FIX	2026-05-26
35	CVE-2026-8606 A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Ente	HIGH	7.0	0.1%		2026-05-26
0	CVE-2026-44174 ### TL;DR This vulnerability affects all Kirby sites that might have potential	HIGH	-	-	FIX	2026-05-26
0	CVE-2026-44177 ### TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and i	HIGH	-	-	FIX	2026-05-26
0	CVE-2026-43945 Pre-auth RCE in FUXA via Logic Bypass Summary A Critical vulnerability cha	HIGH	-	-	FIX	2026-05-26
0	CVE-2026-43947 ### Summary An unauthenticated Remote Code Execution vulnerability exists in FU	HIGH	-	-	FIX	2026-05-26
0	CVE-2026-44705 ### Summary The tmp npm package contains a path traversal vulnerability that al	HIGH	-	-	FIX	2026-05-27
0	CVE-2026-43946 ### Summary An authorization bypass in the /api/getTagValue endpoint allows una	HIGH	-	-	FIX	2026-05-26
0	CVE-2026-45077 ### Description `Symfony\Bridge\Monolog\Command\ServerLogCommand` (the `server:	HIGH	-	-	FIX	2026-05-27
0	CVE-2026-45067 ### Description `Symfony\Component\Mime\Address` is the value-object every Symf	HIGH	-	-	FIX	2026-05-27
0	CVE-2026-47138 ### Impact An unauthenticated attacker who knows a publicly-known Parse Applica	HIGH	-	-	FIX	2026-05-23
0	CVE-2026-45725 ## Summary The compliance-trestle library's remote fetching cache mechanism (HT	HIGH	-	-	FIX	2026-05-27
0	CVE-2026-42563 ## Summary Dulwich's `ProcessMergeDriver` substitutes the file path (from the g	HIGH	-	-		2026-05-28
0	CVE-2026-44974 ### Impact The two parsers resolved duplicates inconsistently and silently: - `C	HIGH	-	-	FIX	2026-05-27
0	CVE-2026-45704 ### Summary `CustomReports` uses inconsistent authorization between the report	HIGH	-	-	FIX	2026-05-27
0	CVE-2026-45063 ### Description `X509Authenticator` implements client-certificate (mTLS) authen	HIGH	-	-	FIX	2026-05-27
0	CVE-2026-44175 ### TL;DR This vulnerability affects all Kirby sites that use the list field or	HIGH	-	-	FIX	2026-05-26

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3799d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 4 / 4