Total CVEs
1345
last 7 days
Avg Priority
21.2
of max 220
KEV
1
actively exploited
POC
66
public exploits
Unpatched
231
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
Priority Distribution
| Priority | CVE |
|---|---|
| 116 |
CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver
|
| 66 |
CVE-2026-24444
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con
|
| 50 |
CVE-2026-33712
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview cha
|
| 50 |
CVE-2026-46840
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). S
|
| 50 |
CVE-2026-42757
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
|
| 50 |
CVE-2026-42748
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo
|
| 50 |
CVE-2026-46839
Vulnerability in Oracle REST Data Services (component: Core). Supported version
|
| 50 |
CVE-2026-46775
Vulnerability in Oracle REST Data Services (component: Core). Supported version
|
| 50 |
CVE-2026-46824
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Su
|
| 50 |
CVE-2026-46822
Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (componen
|
| 50 |
CVE-2026-9645
Exposed methods allow authenticated users to create and execute arbitrary JavaSc
|
| 50 |
CVE-2026-42756
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
|
| 49 |
CVE-2026-42758
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias Webinar
|
| 49 |
CVE-2026-32253
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2
|
| 49 |
CVE-2026-48902
The password and username reset features created plain http links for https conn
|
| 49 |
CVE-2026-48691
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the B
|
| 49 |
CVE-2026-34311
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Ora
|
| 49 |
CVE-2026-42731
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verifi
|
| 49 |
CVE-2026-48689
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buf
|
| 49 |
CVE-2026-9642
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthentica
|
| 49 |
CVE-2026-8760
The Login with OTP plugin for WordPress is vulnerable to authentication bypass i
|
| 49 |
CVE-2026-7524
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to im
|
| 49 |
CVE-2026-8175
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A
|
| 49 |
CVE-2026-38702
A command injection vulnerability exists in the Admin Access feature of InHand N
|
| 49 |
CVE-2026-38703
A command injection vulnerability exists in the ZeroTier VPN feature of InHand N
|
| 49 |
CVE-2026-38707
A command injection vulnerability exists in the IPSec VPN feature of InHand Netw
|
| 49 |
CVE-2026-38704
A command injection vulnerability exists in the WireGuard VPN feature of InHand
|
| 49 |
CVE-2026-46817
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone
|
| 49 |
CVE-2026-48687
FastNetMon Community Edition through 1.2.9 contains an OS command injection vuln
|
| 47 |
CVE-2026-32998
This vulnerability in Veeam Service Provider Console allows for remote code exec
|
| 47 |
CVE-2026-9739
Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During
|
| 47 |
CVE-2026-48906
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrar
|
| 47 |
CVE-2026-42755
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-42747
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 46 |
CVE-2026-42761
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 46 |
CVE-2026-9037
A firmware update mechanism in the affected charging controller fails to validat
|
| 46 |
CVE-2026-42740
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 46 |
CVE-2026-8979
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an auth
|
| 46 |
CVE-2026-8980
The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privile
|
| 46 |
CVE-2026-42727
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 46 |
CVE-2026-49002
Access control failure means that an application does not effectively check user
|
| 46 |
CVE-2026-7876
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
|
| 46 |
CVE-2026-46819
Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-B
|
| 45 |
CVE-2026-46833
Vulnerability in the Net Service component of Oracle Database Server. Supported
|
| 0 |
CVE-2026-48700
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3798d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |