Total CVEs
1500
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
434
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Priority Distribution
| Priority | CVE |
|---|---|
| 36 |
CVE-2026-1343
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
|
| 36 |
CVE-2026-29047
GLPI is a free asset and IT management software package. From 10.0.0 to before 1
|
| 36 |
CVE-2026-39343
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje
|
| 36 |
CVE-2026-39325
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj
|
| 36 |
CVE-2026-35653
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in t
|
| 36 |
CVE-2026-40242
Arcane is an interface for managing Docker containers, images, networks, and vol
|
| 36 |
CVE-2026-40114
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endp
|
| 36 |
CVE-2026-35660
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability
|
| 36 |
CVE-2026-35476
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
|
| 36 |
CVE-2026-34512
OpenClaw before 2026.3.25 contains an improper access control vulnerability in t
|
| 36 |
CVE-2026-39308
### Summary
PraisonAI's recipe registry publish endpoint writes uploaded recipe
|
| 36 |
CVE-2026-4162
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in
|
| 36 |
CVE-2026-5809
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion i
|
| 36 |
CVE-2026-34379
OpenEXR provides the specification and reference implementation of the EXR file
|
| 36 |
CVE-2026-39370
WWBN AVideo is an open source video platform. In versions 26.0 and prior, object
|
| 36 |
CVE-2026-5053
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. T
|
| 36 |
CVE-2026-35176
openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-
|
| 36 |
CVE-2025-47400
Cryptographic issue while copying data to a destination buffer without validatin
|
| 36 |
CVE-2026-35668
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enf
|
| 36 |
CVE-2025-59969
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnera
|
| 36 |
CVE-2026-32590
A flaw was found in Red Hat Quay's handling of resumable container image layer u
|
| 36 |
CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.
|
| 36 |
CVE-2026-40037
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay v
|
| 36 |
CVE-2026-33702
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
|
| 36 |
CVE-2026-32930
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
|
| 36 |
CVE-2026-32894
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
|
| 36 |
CVE-2026-21919
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Jun
|
| 36 |
CVE-2026-33775
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadB
|
| 36 |
CVE-2026-33780
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer
|
| 36 |
CVE-2026-33706
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated
|
| 36 |
CVE-2026-39414
MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49
|
| 36 |
CVE-2026-39959
Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer
|
| 36 |
CVE-2026-35631
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating inte
|
| 36 |
CVE-2026-35636
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass
|
| 36 |
CVE-2026-33783
A Function Call With Incorrect Argument Type vulnerability in the sensor interfa
|
| 36 |
CVE-2026-33797
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Juno
|
| 36 |
CVE-2026-35621
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where th
|
| 36 |
CVE-2026-40162
Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file wr
|
| 36 |
CVE-2026-40160
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's htt
|
| 36 |
CVE-2026-35444
SDL_image is a library to load images of various formats as SDL surfaces. In do_
|
| 36 |
CVE-2026-39976
Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to befor
|
| 36 |
CVE-2026-39972
### Impact
A cache key collision vulnerability in `TopicSelectorStore` allows a
|
| 36 |
CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the
|
| 36 |
CVE-2026-33704
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated
|
| 36 |
CVE-2026-35170
openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-
|
| 36 |
CVE-2026-40185
TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authori
|
| 36 |
CVE-2025-58920
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
|
| 36 |
CVE-2026-33781
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pac
|
| 36 |
CVE-2026-35644
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that
|
| 36 |
CVE-2026-33703
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Di
|
| 36 |
CVE-2026-35183
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Refer
|
| 36 |
CVE-2026-32589
A flaw was found in Red Hat Quay's container image upload process. An authentica
|
| 35 |
CVE-2026-4483
An exposed IOCTL with an insufficient access control vulnerability has been ide
|
| 35 |
CVE-2026-35572
ChurchCRM is an open-source church management system. Prior to 6.5.3, it is poss
|
| 35 |
CVE-2025-14859
The Semtech LR11xx LoRa transceivers implement secure boot functionality using d
|
| 35 |
CVE-2025-13914
A Key Exchange without Entity Authentication vulnerability in the SSH implementa
|
| 35 |
CVE-2026-21916
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Net
|
| 35 |
CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforce
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |
Prev
6 / 6