Security Dashboard

7d 14d 30d 90d
Total CVEs
1500
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
434
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
27 CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authoriza
27 CVE-2026-4654
The Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress i
27 CVE-2026-5380
An issue that could allow an authorized user to view the clear-text secrets for
27 CVE-2026-5623
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affe
27 CVE-2026-35592
pyLoad is a free and open-source download manager written in Python. Prior to 0.
27 CVE-2026-33866
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used
27 CVE-2026-39412
### Summary The `sort_natural` filter bypasses the `ownPropertyOnly` security o
27 CVE-2026-39629
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
27 CVE-2026-39712
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
27 CVE-2026-39625
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vu
27 CVE-2026-34899
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes - W
27 CVE-2026-5823
A weakness has been identified in itsourcecode Construction Management System 1.
27 CVE-2026-3477
The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorizat
27 CVE-2026-39648
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Ex
27 CVE-2026-39637
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Inco
27 CVE-2026-39662
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for
27 CVE-2026-39609
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows
27 CVE-2026-39704
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automate
27 CVE-2026-39664
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Expl
27 CVE-2026-39659
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-
27 CVE-2026-39652
Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-book
27 CVE-2026-39657
Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-fo
27 CVE-2026-39650
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiemen
27 CVE-2026-39700
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting In
27 CVE-2026-39698
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt
27 CVE-2026-39706
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy all
27 CVE-2026-39528
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recip
27 CVE-2026-39644
Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-rev
27 CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-en
27 CVE-2026-39694
Missing Authorization vulnerability in NSquared Simply Schedule Appointments sim
27 CVE-2026-39678
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System bookin
27 CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. T
27 CVE-2026-39672
Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Ra
27 CVE-2026-39668
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce bo
27 CVE-2026-5624
A security flaw has been discovered in ProjectSend r2002. This vulnerability aff
27 CVE-2026-39561
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Explo
27 CVE-2026-39563
Missing Authorization vulnerability in ILLID Share This Image share-this-image a
27 CVE-2026-39543
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploitin
27 CVE-2026-39605
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-l
27 CVE-2026-39501
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switc
27 CVE-2026-39676
Missing Authorization vulnerability in Shahjada Download Manager download-manage
27 CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl genera
27 CVE-2026-39680
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator d
27 CVE-2026-39682
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-m
27 CVE-2026-39690
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block aut
27 CVE-2026-39505
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting
27 CVE-2026-39714
Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows
27 CVE-2026-39716
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploit
27 CVE-2026-39882
overview: this report shows that the otlp HTTP exporters (traces/metrics/logs) r
27 CVE-2026-5705
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affect
27 CVE-2026-3177
The Charitable - Donation Plugin for WordPress - Fundraising with Recurring Dona
26 CVE-2026-39922
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side req
26 CVE-2026-34837
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-35620
OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the
26 CVE-2026-33705
Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template fil
26 CVE-2026-40100
FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/
26 CVE-2026-39362
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
26 CVE-2026-39407
## Summary A path handling inconsistency in `serveStatic` allows protected stat
26 CVE-2026-35651
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence in
26 CVE-2026-39415
Frappe Learning Management System (LMS) is a learning system that helps users st
26 CVE-2026-40151
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deploymen
26 CVE-2026-35662
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send
26 CVE-2026-5808
A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae31
26 CVE-2026-35619
OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the
26 CVE-2026-40252
FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Cont
26 CVE-2026-40086
Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal v
26 CVE-2026-39851
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.
26 CVE-2026-34782
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-35208
lichess.org is the forever free, adless and open source chess server. Any approv
26 CVE-2026-33737
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, mu
26 CVE-2026-39921
GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side req
26 CVE-2026-35040
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, usin
26 CVE-2026-39406
## Summary A path handling inconsistency in `serveStatic` allows protected stat
26 CVE-2026-35642
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where g
26 CVE-2026-5670
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61
26 CVE-2026-35629
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability i
26 CVE-2025-14243
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an
26 CVE-2026-40087
LangChain's f-string prompt-template validation was incomplete in two respects.
26 CVE-2026-5675
A vulnerability was found in itsourcecode Construction Management System 1.0. Th
26 CVE-2026-40152
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files()
26 CVE-2026-2519
The Online Scheduling and Appointment Booking System - Bookly plugin for WordPre
26 CVE-2026-34718
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
26 CVE-2026-39958
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible
26 CVE-2026-32591
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an or
26 CVE-2026-4420
Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating f
26 CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scr
26 CVE-2026-33865
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsi
26 CVE-2026-34951
Workbench is a suite of tools for administrators and developers to interact with
26 CVE-2026-39840
Improper neutralization of input during web page generation ('cross-site scripti
26 CVE-2026-35475
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 6 / 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy