Security Dashboard

7d 14d 30d 90d
Total CVEs
1515
last 7 days
Avg Priority
32.0
of max 220
KEV
0
actively exploited
POC
181
public exploits
Unpatched
438
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
41 CVE-2026-26263
GLPI is a free asset and IT management software package. From 11.0.0 to before 1
41 CVE-2026-35045
Tandoor Recipes is an application for managing recipes, planning meals, and buil
41 CVE-2026-39341
ChurchCRM is an open-source church management system. Prior to 7.1.0, The applic
41 CVE-2026-39340
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje
41 CVE-2026-5373
An issue that allowed all-organization administrators to promote accounts to sup
41 CVE-2026-39371
RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver
40 CVE-2026-40259
## Summary An authenticated publish-service reader can invoke `/api/av/removeUn
40 CVE-2025-58913
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
40 CVE-2026-34402
ChurchCRM is an open-source church management system. Prior to 7.1.0, authentica
40 CVE-2026-40393
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occu
40 CVE-2026-5436
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in
40 CVE-2026-40070
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2,
40 CVE-2026-39394
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
40 CVE-2026-39393
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
40 CVE-2026-40093
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati
40 CVE-2026-40200
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co
40 CVE-2026-33466
Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash
40 CVE-2025-24818
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to
40 CVE-2025-24817
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to
40 CVE-2026-20432
In Modem, there is a possible out of bounds write due to a missing bounds check.
40 CVE-2026-35575
ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored C
40 CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier,
40 CVE-2026-40149
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/ap
39 CVE-2026-4151
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This
39 CVE-2026-4154
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This
39 CVE-2026-4150
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This
39 CVE-2026-4152
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
39 CVE-2026-4153
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
39 CVE-2026-5495
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
39 CVE-2026-5494
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
39 CVE-2026-5493
Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod
39 CVE-2026-5496
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Exe
39 CVE-2026-21378
Memory Corruption when accessing an output buffer without validating its size du
39 CVE-2026-5054
NoMachine External Control of File Path Local Privilege Escalation Vulnerability
39 CVE-2026-21375
Memory Corruption when accessing an output buffer without validating its size du
39 CVE-2026-21373
Memory Corruption when accessing an output buffer without validating its size du
39 CVE-2026-21382
Memory Corruption when handling power management requests with improperly sized
39 CVE-2026-21380
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memor
39 CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil
39 CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle at
39 CVE-2026-25203
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat
39 CVE-2026-21376
Memory Corruption when accessing an output buffer without validating its size du
39 CVE-2026-21374
Memory Corruption when processing auxiliary sensor input/output control commands
39 CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during m
39 CVE-2026-21371
Memory Corruption when retrieving output buffer with insufficient size validatio
39 CVE-2025-47390
Memory corruption while preprocessing IOCTL request in JPEG driver.
39 CVE-2025-47391
Memory corruption while processing a frame request from user.
39 CVE-2025-47389
Memory corruption when buffer copy operation fails due to integer overflow durin
39 CVE-2026-5726
ASDA-Soft Stack-based Buffer Overflow Vulnerability
39 CVE-2026-30232
Chartbrew is an open-source web application that can connect directly to databas
39 CVE-2026-33092
Local privilege escalation due to improper handling of environment variables. Th
39 CVE-2026-27806
## Summary The Orbit agent's FileVault disk encryption key rotation flow on col
39 CVE-2026-28261
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, ver
39 CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-fr
39 CVE-2026-40156
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatical
39 CVE-2026-39853
osslsigncode is a tool that implements Authenticode signing and timestamping. Pr
39 CVE-2026-5709
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio
39 CVE-2026-39361
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the
39 CVE-2026-35533
### Summary `mise` loads trust-control settings from a local project `.mise.tom
38 CVE-2026-35650
OpenClaw before 2026.3.22 contains an environment variable override handling vul
38 CVE-2026-40180
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients
38 CVE-2026-40188
goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, th
38 CVE-2026-32252
Chartbrew is an open-source web application that can connect directly to databas
38 CVE-2026-35666
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.r
38 CVE-2026-39843
Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0,
38 CVE-2026-31941
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
38 CVE-2026-4498
Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug r
38 CVE-2026-35446
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
38 CVE-2026-33461
Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure v
38 CVE-2026-40150
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl()
38 CVE-2026-35585
File Browser is a file managing interface for uploading, deleting, previewing, r
38 CVE-2026-39369
WWBN AVideo is an open source video platform. In versions 26.0 and prior, object
38 CVE-2026-21367
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-rang
38 CVE-2026-21381
Transient DOS when receiving a service data frame with excessive length during d
38 CVE-2026-39384
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
38 CVE-2026-35534
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored c
38 CVE-2026-39497
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
38 CVE-2026-39487
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
38 CVE-2026-35568
### Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerabi
38 CVE-2026-5466
wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s`
38 CVE-2026-5479
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EV
38 CVE-2026-5301
Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthe
38 CVE-2026-32144
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_o
38 CVE-2026-35485
text-generation-webui is an open-source web interface for running Large Language
38 CVE-2026-4155
ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Informat
38 CVE-2026-4157
ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vul
38 CVE-2026-35523
Strawberry up until version `0.312.3` is vulnerable to an authentication bypass
38 CVE-2026-3360
The Tutor LMS - eLearning and online course solution plugin for WordPress is vul
38 CVE-2026-39312
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5
38 CVE-2026-3396
WCAPF - WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL I

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 6 / 17 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy