Security Dashboard

7d 14d 30d 90d
Total CVEs
1500
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
183
public exploits
Unpatched
434
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
38 CVE-2026-35203
ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in
38 CVE-2025-12664
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0
38 CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting t
38 CVE-2026-34392
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
38 CVE-2026-40116
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream Web
38 CVE-2026-33710
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, RE
38 CVE-2026-6069
NASM’s disasm() function contains a stack based buffer overflow when formatting
38 CVE-2026-39863
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.
37 CVE-2026-3690
OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows r
37 CVE-2026-5992
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function
37 CVE-2026-5991
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the f
37 CVE-2026-5990
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerabi
37 CVE-2026-5629
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is
37 CVE-2026-34727
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,
37 CVE-2026-5984
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the funct
37 CVE-2026-5983
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects th
37 CVE-2026-5687
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects th
37 CVE-2026-5686
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerabili
37 CVE-2026-40153
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_com
37 CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication chec
37 CVE-2026-5980
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the
37 CVE-2026-6137
A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected elem
37 CVE-2026-5988
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function fo
37 CVE-2026-35489
Tandoor Recipes is an application for managing recipes, planning meals, and buil
37 CVE-2026-24156
NVIDIA DALI contains a vulnerability where an attacker could cause a deserializa
37 CVE-2026-39306
### Summary PraisonAI's recipe registry pull flow extracts attacker-controlled
37 CVE-2026-35574
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored C
37 CVE-2026-35455
immich is a high performance self-hosted photo and video management solution. Pr
37 CVE-2026-4158
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege
37 CVE-2026-39883
## Summary The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin
36 CVE-2026-30814
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.
36 CVE-2026-4808
The Gerador de Certificados - DevApps plugin for WordPress is vulnerable to arbi
36 CVE-2026-5217
The Optimole - Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image O
36 CVE-2026-35035
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
36 CVE-2026-35581
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Execut
36 CVE-2026-25932
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.
36 CVE-2026-1078
An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pe
36 CVE-2026-1343
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
36 CVE-2026-29047
GLPI is a free asset and IT management software package. From 10.0.0 to before 1
36 CVE-2026-39343
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje
36 CVE-2026-39325
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj
36 CVE-2026-40242
Arcane is an interface for managing Docker containers, images, networks, and vol
36 CVE-2026-35660
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability
36 CVE-2026-40114
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endp
36 CVE-2026-34512
OpenClaw before 2026.3.25 contains an improper access control vulnerability in t
36 CVE-2026-35653
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in t
36 CVE-2026-35476
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
36 CVE-2026-39308
### Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe
36 CVE-2026-4162
The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in
36 CVE-2026-5809
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion i
36 CVE-2026-34379
OpenEXR provides the specification and reference implementation of the EXR file
36 CVE-2026-39370
WWBN AVideo is an open source video platform. In versions 26.0 and prior, object
36 CVE-2026-5053
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. T
36 CVE-2026-35176
openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-
36 CVE-2025-47400
Cryptographic issue while copying data to a destination buffer without validatin
36 CVE-2026-39976
Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to befor
36 CVE-2026-33797
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Juno
36 CVE-2026-32930
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
36 CVE-2026-33704
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated
36 CVE-2026-33783
A Function Call With Incorrect Argument Type vulnerability in the sensor interfa
36 CVE-2026-35444
SDL_image is a library to load images of various formats as SDL surfaces. In do_
36 CVE-2026-40162
Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file wr
36 CVE-2026-35621
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where th
36 CVE-2025-59969
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnera
36 CVE-2026-33781
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pac
36 CVE-2026-40160
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's htt
36 CVE-2026-35636
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass
36 CVE-2026-32589
A flaw was found in Red Hat Quay's container image upload process. An authentica
36 CVE-2026-32590
A flaw was found in Red Hat Quay's handling of resumable container image layer u
36 CVE-2026-39959
Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer
36 CVE-2026-33703
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Di
36 CVE-2026-39972
### Impact A cache key collision vulnerability in `TopicSelectorStore` allows a
36 CVE-2026-33702
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch
36 CVE-2026-35631
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating inte
36 CVE-2026-35183
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Refer
36 CVE-2026-35668
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enf
36 CVE-2026-32894
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
36 CVE-2026-21919
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Jun
36 CVE-2026-35170
openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-
36 CVE-2026-35644
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that
36 CVE-2026-40185
TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authori
36 CVE-2026-33780
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer
36 CVE-2026-33775
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadB
36 CVE-2026-33706
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated
36 CVE-2025-58920
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
36 CVE-2026-39977
flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.
36 CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the
36 CVE-2026-40037
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay v
36 CVE-2026-39414
MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49
35 CVE-2026-4483
An exposed IOCTL with an  insufficient access control vulnerability has been ide

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 8 / 17 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy