Security Dashboard

7d 14d 30d 90d
Total CVEs
1518
last 7 days
Avg Priority
32.0
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
438
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
44 CVE-2026-33782
A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP d
44 CVE-2026-35663
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing
44 CVE-2026-35638
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the C
44 CVE-2026-34724
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
44 CVE-2026-35639
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the d
44 CVE-2026-35669
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gatew
44 CVE-2026-40107
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configu
44 CVE-2026-35169
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
44 CVE-2026-35063
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the call
44 CVE-2026-39911
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript exec
43 CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
43 CVE-2026-39338
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Re
43 CVE-2026-33229
### Impact An improperly protected scripting API allows any user with script rig
43 CVE-2026-5501
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificat
43 CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file
43 CVE-2026-35643
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vu
43 CVE-2026-39983
## Summary `basic-ftp` version `5.2.0` allows FTP command injection via CRLF se
43 CVE-2026-40158
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based
43 CVE-2026-35399
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS
43 CVE-2026-39495
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
43 CVE-2026-32864
There is a memory corruption vulnerability due to an out-of-bounds read in mgcor
43 CVE-2026-32863
There is a memory corruption vulnerability due to an out-of-bounds read in sentr
43 CVE-2026-32862
There is a memory corruption vulnerability due to an out-of-bounds write in ResF
43 CVE-2026-32861
There is a memory corruption vulnerability due to an out-of-bounds write when lo
43 CVE-2026-32860
There is a memory corruption vulnerability due to an out-of-bounds write when lo
43 CVE-2026-1342
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
42 CVE-2026-39974
## Impact An authenticated Server-Side Request Forgery in `n8n-mcp` allows a cal
42 CVE-2026-34885
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
42 CVE-2026-30815
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX
42 CVE-2026-35625
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where si
42 CVE-2026-5173
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.
42 CVE-2026-5329
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validatio
42 CVE-2026-40031
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that ena
42 CVE-2026-40032
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injectio
42 CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI
42 CVE-2026-30818
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX
42 CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content.
42 CVE-2026-39416
AIL framework is an open-source platform to collect, crawl, process and analyse
42 CVE-2026-33788
A Missing Authentication for Critical Function vulnerability in the Flexible PIC
42 CVE-2026-40029
parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs
42 CVE-2026-34975
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0,
42 CVE-2026-3466
Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL
42 CVE-2026-5483
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in
42 CVE-2025-30650
A Missing Authentication for Critical Function vulnerability in command processi
42 CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file
42 CVE-2026-4788
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information
42 CVE-2026-28704
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file i
42 CVE-2026-22682
OpenHarness prior to commit 166fcfe contains an improper access control vulnerab
42 CVE-2026-40027
ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path t
42 CVE-2026-35205
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm w
42 CVE-2026-35641
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in
42 CVE-2026-33791
An OS Command Injection vulnerability in the CLI processing of Juniper Networks
42 CVE-2026-21915
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks
42 CVE-2026-35204
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a spec
42 CVE-2026-40113
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs
42 CVE-2026-40024
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_rec
42 CVE-2026-40030
parseusbs before 1.9 contains an OS command injection vulnerability where the vo
42 CVE-2026-34719
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
42 CVE-2026-35595
## Summary A user with Write-level access to a project can escalate their permi
42 CVE-2026-33779
An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web o
42 CVE-2026-5264
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can s
42 CVE-2026-35618
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 s
42 CVE-2026-35478
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1
42 CVE-2026-31939
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path t
42 CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unaut
41 CVE-2026-39363
### Summary [`server.fs`](https://vite.dev/config/server-options#server-fs-stri
41 CVE-2026-34045
Podman Desktop is a graphical tool for developing on containers and Kubernetes.
41 CVE-2026-35525
### Summary LiquidJS enforces partial and layout root restrictions using the re
41 CVE-2026-35604
File Browser is a file managing interface for uploading, deleting, previewing, r
41 CVE-2026-5208
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authen
41 CVE-2026-5477
An integer overflow existed in the wolfCrypt CMAC implementation, that could be
41 CVE-2026-39364
### Summary The contents of files that are specified by [`server.fs.deny`](http
41 CVE-2026-1116
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` met
41 CVE-2026-4740
A flaw was found in Open Cluster Management (OCM), the technology underlying Red
41 CVE-2026-40168
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/s
41 CVE-2026-40163
Saltcorn is an extensible, open source, no-code database application builder. Pr
41 CVE-2026-39429
### Summary The cache server is directly exposed by the root shard and has no a
41 CVE-2026-34578
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNs
41 CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applicati
41 CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a mo
41 CVE-2026-4272
Missing Authentication for Critical Function vulnerability in Honeywell Handheld
41 CVE-2026-35607
File Browser is a file managing interface for uploading, deleting, previewing, r
41 CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite v
41 CVE-2026-39307
The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbit
41 CVE-2026-5915
Insufficient validation of untrusted input in WebML in Google Chrome prior to 14
41 CVE-2026-24660
A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functi
41 CVE-2026-24450
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw fun
41 CVE-2026-20884
An integer overflow vulnerability exists in the deflate_dng_load_raw functionali
41 CVE-2026-35488
Tandoor Recipes is an application for managing recipes, planning meals, and buil
41 CVE-2026-39331
ChurchCRM is an open-source church management system. Prior to 7.1.0, an authent

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 5 / 17 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy