Security Dashboard

7d 14d 30d 90d

Total CVEs

1494

last 7 days

Avg Priority

19.3

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

233

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
36	CVE-2026-8143 The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via	HIGH	7.2	0.1%		2026-05-27
36	CVE-2026-42782 Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An	HIGH	7.2	0.0%		2026-05-25
36	CVE-2026-7634 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site S	HIGH	7.2	0.1%		2026-05-28
36	CVE-2026-7052 The HT Contact Form - Drag & Drop Form Builder for WordPress plugin for WordPres	HIGH	7.2	0.2%		2026-05-28
36	CVE-2026-44982 ## Summary The CrowdSec AppSec component fails to read the HTTP request body fo	HIGH	7.2	-	FIX	2026-05-27
36	CVE-2026-6720 When calicoctl is invoked with --log-level=info or --log-level=debug, the client	HIGH	7.2	-	FIX	2026-05-28
36	CVE-2026-2374 The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cros	HIGH	7.2	0.1%		2026-05-28
36	CVE-2026-9291 Insecure deserialization in the job results processing component in Amazon Brake	HIGH	7.1	0.3%	FIX	2026-05-22
36	CVE-2026-6268 The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id'	HIGH	7.1	0.1%	FIX	2026-05-27
36	CVE-2026-42749 Authentication Bypass Using an Alternate Path or Channel vulnerability in Themei	HIGH	7.1	0.1%		2026-05-27
36	CVE-2026-49017 In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite	HIGH	7.1	0.0%	FIX	2026-05-27
36	CVE-2026-39968 TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHS	HIGH	7.1	0.0%		2026-05-22
36	CVE-2026-40847 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40849 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40848 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40846 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40845 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40844 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40842 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40841 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40840 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40838 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40837 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40836 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40834 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40832 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40831 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40833 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40843 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40835 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-40839 An low privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42762 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2025-52747 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2025-22741 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42759 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42754 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42738 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42734 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42733 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42729 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-42728 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-47272 pam_usb provides hardware authentication for Linux using ordinary removable medi	HIGH	7.1	0.0%	FIX	2026-05-27
36	CVE-2026-41074 RT is an open source, enterprise-grade issue and ticket tracking system. Version	HIGH	7.1	0.0%		2026-05-22
36	CVE-2025-14361 Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates all	HIGH	7.1	0.0%		2026-05-26
36	CVE-2026-45342 LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkA	HIGH	7.1	-	FIX	2026-05-28
36	CVE-2026-1933 A flaw was found in Samba’s handling of NTFS-style reparse points on shares conf	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-1718 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a deni	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-7528 IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to unco	HIGH	7.1	0.0%		2026-05-27
36	CVE-2026-47118 Agent Zero before version 1.15 contains a path traversal vulnerability that allo	HIGH	7.1	0.1%	FIX	2026-05-27
36	CVE-2026-45042 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	HIGH	7.1	-	FIX	2026-05-28
35	CVE-2026-40830 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40829 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40828 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40827 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40825 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40824 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-40823 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-49000 An insecure password scheme refers to vulnerabilities arising from improper sele	HIGH	7.0	0.0%		2026-05-27
35	CVE-2025-46284 A race condition was addressed with additional validation. This issue is fixed i	HIGH	7.0	0.0%	FIX	2026-05-26
35	CVE-2026-42789 Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP	HIGH	7.0	0.0%		2026-05-27
35	CVE-2026-44604 A command injection vulnerability was discovered in the `rpmuncompress` utility	HIGH	7.0	0.0%		2026-05-28
35	CVE-2026-8606 A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Ente	HIGH	7.0	0.1%		2026-05-26
35	CVE-2026-42462 ### Summary An attacker can make use of JSON-LD features to restructure a JSON-	HIGH	7.0	-	FIX	2026-05-26
35	CVE-2026-9365 A vulnerability has been found in Ettercap up to 0.8.3. The affected element is	LOW	2.9	0.1%	POC FIX	2026-05-24
35	CVE-2026-9371 A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Aff	LOW	2.9	0.1%	POC	2026-05-24
35	CVE-2026-40826 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	MEDIUM	6.9	0.0%		2026-05-27
35	CVE-2026-40822 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	MEDIUM	6.9	0.0%		2026-05-27
35	CVE-2026-40821 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	MEDIUM	6.9	0.0%		2026-05-27
35	CVE-2026-9306 A security vulnerability has been detected in QuantumNous new-api up to 0.12.1.	LOW	2.9	0.0%	POC	2026-05-23
35	CVE-2026-9370 A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4	LOW	2.9	0.0%	POC	2026-05-24
35	CVE-2026-23679 libusb before version 1.0.30 contains a NULL pointer dereference vulnerability t	MEDIUM	6.9	0.0%	FIX	2026-05-27
35	CVE-2026-45413 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwo	MEDIUM	6.9	0.0%	FIX	2026-05-26
34	CVE-2026-47136 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	MEDIUM	6.9	-	FIX	2026-05-28
34	CVE-2026-49130 Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulne	MEDIUM	6.9	-	FIX	2026-05-28
34	CVE-2026-9053 Mothra would respect a default value given by a website for HTML file upload for	MEDIUM	6.9	0.0%		2026-05-22
34	CVE-2026-48735 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an att	MEDIUM	6.9	-	FIX	2026-05-28
34	CVE-2026-4391 A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. T	MEDIUM	6.9	0.0%		2026-05-27
34	CVE-2026-49129 Music Player Daemon (MPD) before version 0.24.11 contains a server-side request	MEDIUM	6.9	-	FIX	2026-05-28
34	CVE-2026-44378 Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefi	MEDIUM	6.9	0.0%	FIX	2026-05-27
34	CVE-2026-4392 A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affe	MEDIUM	6.9	0.0%		2026-05-27
34	CVE-2026-9490 A security vulnerability has been identified in Acer Care Center where the ACCSv	MEDIUM	6.8	0.0%		2026-05-25
34	CVE-2026-41704 AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls i	MEDIUM	6.8	0.0%	FIX	2026-05-27
34	CVE-2026-9704 A flaw was found in Keycloak. An authenticated user with low privileges can expl	MEDIUM	6.8	0.0%		2026-05-27
34	CVE-2026-9617 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu	MEDIUM	6.8	0.0%	FIX	2026-05-27
34	CVE-2026-9802 A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persis	MEDIUM	6.8	0.0%		2026-05-28
34	CVE-2026-48065 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	6.7	0.0%	FIX	2026-05-27
34	CVE-2026-46380 A source code audit led to the discovery of three significant security vulnerabi	MEDIUM	6.7	-	FIX	2026-05-28
33	CVE-2026-48919 Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP ref	MEDIUM	6.6	0.1%		2026-05-27
33	CVE-2026-48918 Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by defau	MEDIUM	6.6	0.0%		2026-05-27

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3799d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 5 / 17 Next