Security Dashboard

7d 14d 30d 90d
Total CVEs
1513
last 7 days
Avg Priority
32.0
of max 220
KEV
0
actively exploited
POC
181
public exploits
Unpatched
438
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
38 CVE-2025-50662
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2026-34487
Insertion of Sensitive Information into Log File vulnerability in the cloud memb
38 CVE-2026-39304
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apa
38 CVE-2025-50663
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50660
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default
38 CVE-2025-50655
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2026-29129
Configured cipher preference order not preserved vulnerability in Apache Tomcat.
38 CVE-2025-50668
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50672
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50673
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50669
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G
38 CVE-2026-24880
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
38 CVE-2025-50659
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-52222
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G
38 CVE-2026-34904
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media
38 CVE-2025-54324
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor,
38 CVE-2026-34483
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
38 CVE-2025-50654
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-59440
An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor,
38 CVE-2026-34896
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction,
38 CVE-2025-57835
An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor,
38 CVE-2025-45059
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the f
38 CVE-2026-34020
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache O
38 CVE-2025-45057
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the i
38 CVE-2025-45058
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the f
38 CVE-2026-40046
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ
38 CVE-2025-50645
A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead
38 CVE-2026-31790
Issue summary: Applications using RSASVE key encapsulation to establish a secret
38 CVE-2026-28388
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is
38 CVE-2026-33266
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The r
38 CVE-2025-50671
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50666
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50665
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the f
38 CVE-2025-50664
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50661
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2025-50670
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
38 CVE-2026-32280
During chain building, the amount of work that is done is not correctly limited
38 CVE-2026-6069
NASM’s disasm() function contains a stack based buffer overflow when formatting
38 CVE-2026-33710
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, RE
38 CVE-2026-35401
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5
38 CVE-2026-39889
The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activ
38 CVE-2026-6067
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due
38 CVE-2026-34392
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
38 CVE-2026-39863
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.
38 CVE-2026-1092
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10
38 CVE-2025-5804
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
38 CVE-2026-35203
ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in
38 CVE-2026-31940
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in
38 CVE-2026-32931
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
38 CVE-2025-12664
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0
38 CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting t
38 CVE-2026-4660
HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the
38 CVE-2026-33756
Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5
38 CVE-2026-35172
## summary: distribution can restore read access in `repo a` after an explicit d
38 CVE-2026-33350
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
38 CVE-2026-40116
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream Web
38 CVE-2026-5959
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL
38 CVE-2026-1584
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this
38 CVE-2026-40069
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2,
37 CVE-2026-3690
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows r
37 CVE-2026-5991
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the f
37 CVE-2026-5990
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerabi
37 CVE-2026-5992
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function
37 CVE-2026-5629
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is
37 CVE-2026-5686
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerabili
37 CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication chec
37 CVE-2026-5980
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the
37 CVE-2026-34727
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,
37 CVE-2026-5687
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects th
37 CVE-2026-5984
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the funct
37 CVE-2026-5983
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects th
37 CVE-2026-40153
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_com
37 CVE-2026-5988
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function fo
37 CVE-2026-35489
Tandoor Recipes is an application for managing recipes, planning meals, and buil
37 CVE-2026-24156
NVIDIA DALI contains a vulnerability where an attacker could cause a deserializa
37 CVE-2026-39306
### Summary PraisonAI's recipe registry pull flow extracts attacker-controlled
37 CVE-2026-35574
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored C
37 CVE-2026-35455
immich is a high performance self-hosted photo and video management solution. Pr
37 CVE-2026-4158
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege
37 CVE-2026-39883
## Summary The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin
36 CVE-2026-30814
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.
36 CVE-2026-4808
The Gerador de Certificados - DevApps plugin for WordPress is vulnerable to arbi
36 CVE-2026-5217
The Optimole - Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image O
36 CVE-2026-35035
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
36 CVE-2026-35581
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Execut
36 CVE-2026-25932
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.
36 CVE-2026-1078
An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pe
36 CVE-2026-1343
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 5 / 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy