Security Dashboard

7d 14d 30d 90d
Total CVEs
1503
last 7 days
Avg Priority
32.1
of max 220
KEV
0
actively exploited
POC
184
public exploits
Unpatched
431
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
35 CVE-2026-4483
An exposed IOCTL with an  insufficient access control vulnerability has been ide
35 CVE-2026-35572
ChurchCRM is an open-source church management system. Prior to 6.5.3, it is poss
35 CVE-2025-14859
The Semtech LR11xx LoRa transceivers implement secure boot functionality using d
35 CVE-2025-13914
A Key Exchange without Entity Authentication vulnerability in the SSH implementa
35 CVE-2026-21916
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Net
35 CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforce
35 CVE-2026-39365
### Summary Any files ending with `.map` even out side the project can be retur
35 CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacte
35 CVE-2026-35584
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
35 CVE-2026-35632
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.
35 CVE-2026-22680
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability
35 CVE-2026-39936
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-22711
Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia F
35 CVE-2026-39838
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-39933
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-39935
Improper neutralization of input during web page generation ('cross-site scripti
35 CVE-2026-5739
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected
35 CVE-2026-39934
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wiki
35 CVE-2025-20628
An insufficient granularity of access control vulnerability exists in PingIDM (f
35 CVE-2026-39351
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0,
35 CVE-2026-4901
Hydrosystem Control System saves sensitive information into a log file. Critical
35 CVE-2026-5736
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unk
35 CVE-2026-5648
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerabi
35 CVE-2026-5824
A security vulnerability has been detected in code-projects Simple Laundry Syste
35 CVE-2026-33088
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability
34 CVE-2026-34478
Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/l
34 CVE-2026-35647
OpenClaw before 2026.3.25 contains an access control vulnerability where verific
34 CVE-2026-35667
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where th
34 CVE-2026-35661
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Tele
34 CVE-2026-35626
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulner
34 CVE-2026-35664
OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw
34 CVE-2026-35665
OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where th
34 CVE-2026-35627
OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbo
34 CVE-2026-34480
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layou
34 CVE-2026-34479
The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape ch
34 CVE-2026-5974
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affe
34 CVE-2026-40178
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run pr
34 CVE-2026-35633
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability
34 CVE-2026-35637
OpenClaw before 2026.3.22 performs cite expansion before completing channel and
34 CVE-2026-5689
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
34 CVE-2026-5690
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted ele
34 CVE-2026-5813
A weakness has been identified in PHPGurukul Online Course Registration 3.1. Thi
34 CVE-2026-5691
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This af
34 CVE-2026-5802
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an
34 CVE-2026-5672
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0.
34 CVE-2026-39892
If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g
34 CVE-2026-35640
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook s
34 CVE-2026-35655
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP per
34 CVE-2026-35652
OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in inte
34 CVE-2026-33773
An Incorrect Initialization of Resource vulnerability in the packet forwarding e
34 CVE-2026-5663
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the
34 CVE-2026-5669
A vulnerability has been found in Cyber-III Student-Management-System up to 1a93
34 CVE-2026-35654
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Micr
34 CVE-2026-34941
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0
34 CVE-2026-6105
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7
34 CVE-2026-33774
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pac
34 CVE-2026-5503
In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally
34 CVE-2026-34722
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
34 CVE-2026-31067
A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect
34 CVE-2026-34080
xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a pol
34 CVE-2026-4931
Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settl
34 CVE-2026-35586
pyLoad is a free and open-source download manager written in Python. Prior to 0.
34 CVE-2026-4482
The installer certificate files in the …/bootstrap/common/ssl folder do not seem
34 CVE-2026-30816
An external control of configuration vulnerability in the OpenVPN module of TP-L
34 CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-proc
34 CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS an
34 CVE-2026-33787
An Improper Check for Unusual or Exceptional Conditions vulnerability in the cha
34 CVE-2026-33786
An Improper Check for Unusual or Exceptional Conditions vulnerability in the cha
34 CVE-2026-30817
An external configuration control vulnerability in the OpenVPN module of TP-Link
34 CVE-2026-35577
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operat
34 CVE-2026-39961
Aiven Operator allows you to provision and manage Aiven Services from your Kuber
34 CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-chec
34 CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machin
34 CVE-2026-39389
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
33 CVE-2026-35197
dye is a portable and respectful color library for shell scripts. Prior to 1.1.1
33 CVE-2026-27102
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 t
33 CVE-2026-35479
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
33 CVE-2026-4837
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic fo
33 CVE-2026-3689
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulner
33 CVE-2026-20431
In Modem, there is a possible system crash due to a logic error. This could lead
33 CVE-2026-34500
CLIENT_CERT authentication does not fail as expected for some scenarios when sof
33 CVE-2026-5876
Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7
33 CVE-2026-34378
OpenEXR provides the specification and reference implementation of the EXR file
33 CVE-2026-39848
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container
33 CVE-2026-3480
The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in a
33 CVE-2026-5864
Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed
33 CVE-2026-5867
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a
33 CVE-2026-5869
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a
33 CVE-2026-39575
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
33 CVE-2026-39702
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 9 / 17 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy