Security Dashboard

7d 14d 30d 90d

Total CVEs

1494

last 7 days

Avg Priority

19.3

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

233

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
26	CVE-2026-48156 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an att	MEDIUM	5.1	-	FIX	2026-05-28
26	CVE-2026-48128 Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery	MEDIUM	5.1	0.1%	FIX	2026-05-27
26	CVE-2026-2607 IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v	MEDIUM	5.1	0.0%		2026-05-27
26	CVE-2026-8672 Use of default password vulnerability in syslink software AG Avantra on Linux, W	MEDIUM	5.1	0.0%	FIX	2026-05-22
26	CVE-2026-44903 Prometheus is an open-source monitoring system and time series database. From 2.	MEDIUM	5.1	0.0%	FIX	2026-05-26
26	CVE-2026-6816 An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the	MEDIUM	5.1	-		2026-05-28
25	CVE-2026-46526 Local Deep Research is an AI-powered research assistant for deep, iterative rese	MEDIUM	5.0	-	FIX	2026-05-28
25	CVE-2026-7618 The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnera	MEDIUM	4.9	0.0%		2026-05-27
24	CVE-2026-5308 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.	MEDIUM	4.9	0.0%		2026-05-22
24	CVE-2026-9801 A flaw was found in Keycloak. A remote attacker with high privileges, such as a	MEDIUM	4.9	0.3%		2026-05-28
24	CVE-2026-6059 A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be e	MEDIUM	4.8	0.0%		2026-05-25
24	CVE-2026-2288 The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scriptin	MEDIUM	4.8	0.0%		2026-05-27
24	CVE-2026-44443 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce()	MEDIUM	4.8	0.0%	FIX	2026-05-26
24	CVE-2026-2280 The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting	MEDIUM	4.8	0.0%		2026-05-27
24	CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number sou	MEDIUM	4.8	0.0%		2026-05-26
24	CVE-2026-48155 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an att	MEDIUM	4.8	-	FIX	2026-05-28
24	CVE-2026-47673 Hono is a Web application framework that provides support for any JavaScript run	MEDIUM	4.8	-	FIX	2026-05-28
24	CVE-2026-4410 IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM Web	MEDIUM	4.8	0.0%		2026-05-27
24	CVE-2026-44587 ### Summary CarrierWave's content_type_denylist check fails to escape regex meta	MEDIUM	4.7	-	FIX	2026-05-27
24	CVE-2026-9818 Roundcube's HTML sanitization path for message rendering allows loopback, localh	MEDIUM	4.7	-	FIX	2026-05-28
24	CVE-2026-49059 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Fa	MEDIUM	4.7	0.0%		2026-05-27
23	CVE-2026-41073 RT is an open source, enterprise-grade issue and ticket tracking system. Version	MEDIUM	4.6	0.0%		2026-05-22
23	CVE-2026-33462 A path traversal vulnerability was identified in Kibana's dashboard management f	MEDIUM	4.6	-		2026-05-28
23	CVE-2026-44710 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	4.6	0.0%	FIX	2026-05-27
22	CVE-2026-3348 The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Sit	MEDIUM	4.4	0.0%		2026-05-27
22	CVE-2026-48792 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	4.4	0.0%	FIX	2026-05-27
22	CVE-2026-5516 IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSph	MEDIUM	4.4	0.0%		2026-05-27
22	CVE-2026-48924 Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect U	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2025-14481 The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object Refer	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-48923 Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 an	MEDIUM	4.3	0.0%	FIX	2026-05-27
22	CVE-2026-1248 IBM Business Automation Workflow containers and traditional may leak information	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8903 The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulner	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-36239 PbootCMS v.3.2.11 contains a code injection vulnerability in its site configurat	MEDIUM	4.3	0.0%		2026-05-26
22	CVE-2026-9674 A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-48925 A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-7614 The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Reque	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-9236 The CM Ad Changer - A simple tool to control and optimize your site's banners pl	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8941 The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request For	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8943 The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Reque	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8942 The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Reques	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8939 The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Reques	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8708 The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8938 The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-41009 When the director sends a long-running request (e.g. compile_package), the agent	MEDIUM	4.3	0.0%	FIX	2026-05-27
22	CVE-2026-48926 Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a per	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-48973 Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting In	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-9791 A flaw was found in Keycloak. An authenticated user with existing organization m	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-49051 Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-8689 The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-7526 The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exp	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-9618 The PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, Pay	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-9241 The FOX - Currency Switcher Professional for WooCommerce plugin for WordPress is	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-10028 A flaw was found in glib-networking. A remote attacker can exploit this vulnerab	MEDIUM	4.3	-		2026-05-28
22	CVE-2026-4888 The Everest Forms - Contact Form, Payment Form, Quiz, Survey & Custom Form Build	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-42568 ### Summary An LDAP injection vulnerability exists in `org.yamcs.security.LdapA	MEDIUM	4.3	-	FIX	2026-05-26
22	CVE-2026-49052 Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite a	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-49045 Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Inc	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-44595 ### Summary The IAM API endpoints (`listUsers`, `getUser`, `listGroups`, and `g	MEDIUM	4.3	-	FIX	2026-05-27
22	CVE-2026-48971 Missing Authorization vulnerability in WebToffee Product Import Export for WooCo	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-5296 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 bef	MEDIUM	4.3	0.0%	FIX	2026-05-27
22	CVE-2026-4646 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.	MEDIUM	4.3	0.2%		2026-05-22
22	CVE-2026-2601 GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 bef	MEDIUM	4.3	0.0%	FIX	2026-05-27
22	CVE-2026-8682 The 3D Viewer - 3D Model Viewer - Augmented Reality - Virtual Try On plugin for	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-9015 The Equalize Digital Accessibility Checker - WCAG, ADA, EAA and Section 508 comp	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-49047 Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incor	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-7615 The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forg	MEDIUM	4.3	0.0%		2026-05-22
22	CVE-2026-4070 The Alfie - Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request	MEDIUM	4.3	0.0%		2026-05-22
22	CVE-2026-7636 The Slider by Soliloquy - Responsive Image Slider for WordPress plugin for WordP	MEDIUM	4.3	0.0%		2026-05-22
22	CVE-2026-7621 The SMTP2GO for WordPress - Email Made Easy plugin for WordPress is vulnerable t	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-7533 The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Requ	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-9798 A flaw was found in Keycloak, an open-source identity and access management solu	MEDIUM	4.3	0.1%		2026-05-28
22	CVE-2026-49054 Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Explo	MEDIUM	4.3	0.0%		2026-05-27
22	CVE-2026-3636 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.	MEDIUM	4.3	0.0%		2026-05-22
22	CVE-2026-47675 Hono is a Web application framework that provides support for any JavaScript run	MEDIUM	4.3	-	FIX	2026-05-28
22	CVE-2026-9228 The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable	MEDIUM	4.3	0.0%		2026-05-28
22	CVE-2026-8692 The Vedrixa Forms - User Registration Form, Signup Form & Drag & Drop Form Build	MEDIUM	4.3	0.0%		2026-05-22
22	CVE-2026-7249 The Location Weather plugin for WordPress is vulnerable to unauthorized modifica	MEDIUM	4.3	0.0%		2026-05-22
22	CVE-2026-2518 The FastX theme for WordPress is vulnerable to unauthorized limited plugin insta	MEDIUM	4.3	0.0%		2026-05-22
22	CVE-2026-8716 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7	MEDIUM	4.3	0.0%	FIX	2026-05-27
21	CVE-2026-9689 A flaw was found in Keycloak, an open-source identity and access management solu	MEDIUM	4.2	0.1%		2026-05-27
21	CVE-2025-32745 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate V	MEDIUM	4.2	0.0%	FIX	2026-05-22
21	CVE-2026-48522 PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient	MEDIUM	4.2	-	FIX	2026-05-28
20	CVE-2026-46692 An attacker who can connect to a `magick -distribute-cache` service can cause a	MEDIUM	4.1	-	FIX	2026-05-22
20	CVE-2026-42401 Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana c	MEDIUM	4.1	-		2026-05-28
20	CVE-2026-47165 The distributed pixel cache was originally designed to operate without a challen	MEDIUM	4.1	-	FIX	2026-05-22
20	CVE-2026-46693 An attacker who can connect to a magick -distribute-cache service can hijack a f	MEDIUM	4.1	-	FIX	2026-05-22
20	CVE-2026-21785 A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Serve	MEDIUM	4.0	0.0%		2026-05-27
20	CVE-2025-32746 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Se	MEDIUM	4.0	0.0%	FIX	2026-05-22
0	CVE-2026-45068 ### Description Symfony Mailer selects a transport via the `MAILER_DSN` environ	MEDIUM	-	-	FIX	2026-05-27

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3799d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 4 / 5 Next