Security Dashboard

7d 14d 30d 90d

Total CVEs

1345

last 7 days

Avg Priority

21.2

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

231

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
64	CVE-2026-32847 DeepCode through commit c991dc2 contains a path traversal vulnerability in the S	HIGH	8.7	-	POC	2026-05-28
57	CVE-2026-9346 A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9345 A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the f	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9360 A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9348 A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vuln	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9344 A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9295 A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f	HIGH	7.4	0.0%	POC	2026-05-23
57	CVE-2026-9294 A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is	HIGH	7.4	0.0%	POC	2026-05-23
56	CVE-2025-70103 Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th	HIGH	7.3	0.0%	POC	2026-05-27
56	CVE-2026-31266 Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in th	HIGH	7.3	0.0%	POC	2026-05-27
44	CVE-2026-8832 The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code	HIGH	8.8	0.4%		2026-05-27
44	CVE-2026-46414 Microsoft UFO open-source framework for intelligent automation across devices an	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-47161 RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7	HIGH	8.7	0.5%		2026-05-27
44	CVE-2026-8787 The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-48920 Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining im	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-38807 Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-6419 The WishList Member plugin for WordPress is vulnerable to Privilege Escalation v	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-44988 LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-6898 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-6895 The WishList Member plugin for WordPress is vulnerable to Missing Authorization	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-6897 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-41075 RT is an open source, enterprise-grade issue and ticket tracking system. Version	HIGH	8.8	0.0%		2026-05-22
44	CVE-2026-9009 The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnera	HIGH	8.8	0.2%		2026-05-28
44	CVE-2026-9018 The Easy Elements for Elementor - Addons & Website Templates plugin for WordPres	HIGH	8.8	0.0%		2026-05-22
44	CVE-2026-9227 The GutenBee - Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary	HIGH	8.8	0.1%		2026-05-28
44	CVE-2026-6226 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthent	HIGH	8.8	0.1%		2026-05-28
44	CVE-2026-8915 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo	HIGH	8.8	0.0%		2026-05-28
44	CVE-2026-46827 Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (componen	HIGH	8.8	-		2026-05-28
44	CVE-2026-8992 An improper certificate validation vulnerability in Ivanti Secure Access Client	HIGH	8.8	0.1%		2026-05-22
44	CVE-2026-7802 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authoriza	HIGH	8.8	0.1%		2026-05-28
44	CVE-2026-5065 IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credential	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-46826 Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (componen	HIGH	8.8	-		2026-05-28
44	CVE-2026-46837 Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suit	HIGH	8.8	-		2026-05-28
44	CVE-2026-4944 vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remot	HIGH	8.8	-		2026-05-28
44	CVE-2026-8179 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A	HIGH	8.8	0.1%		2026-05-27
44	CVE-2026-36044 @pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enume	HIGH	8.8	0.1%		2026-05-27
44	CVE-2026-48544 Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in	HIGH	8.7	0.2%		2026-05-27
44	CVE-2026-40818 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40819 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40817 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40814 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40850 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40810 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40813 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40811 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40816 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40815 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
44	CVE-2026-40812 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	8.7	0.0%		2026-05-27
43	CVE-2026-42737 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	HIGH	8.6	0.0%		2026-05-27
43	CVE-2026-32997 A vulnerability allowing an authenticated user with the Backup Administrator rol	HIGH	8.6	0.0%		2026-05-28
43	CVE-2026-9038 A stack-based buffer overflow vulnerability in the charging controller’s signal-	HIGH	8.6	-		2026-05-28
43	CVE-2026-8652 An OS Command Injection vulnerability exists in Aterm. If a malicious third pers	HIGH	8.5	0.3%		2026-05-25
43	CVE-2026-3515 A vulnerability in the `GitHubRepository` block of the `prefect-github` integrat	HIGH	8.5	0.1%		2026-05-24
43	CVE-2026-42730 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	8.5	0.0%		2026-05-27
43	CVE-2026-9489 NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulner	HIGH	8.5	0.0%		2026-05-25
43	CVE-2026-9789 A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense softwar	HIGH	8.5	0.0%		2026-05-28
42	CVE-2026-46820 Vulnerability in the Oracle Financials Common Modules product of Oracle E-Busine	HIGH	8.5	-		2026-05-28
42	CVE-2026-49046 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	8.5	0.0%		2026-05-27
42	CVE-2025-48977 Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated	HIGH	8.5	0.0%		2026-05-28
42	CVE-2026-40851 A local attacker can perform a confusion attack on the cfgparser via a specially	HIGH	8.4	0.0%		2026-05-27
42	CVE-2026-7365 IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Anal	HIGH	8.4	0.0%		2026-05-27
41	CVE-2026-9284 The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthoriz	HIGH	8.2	0.1%		2026-05-23
41	CVE-2026-42735 Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic	HIGH	8.2	0.0%		2026-05-27
41	CVE-2026-5260 A flaw was found in libgnutls. A remote attacker, by sending an extremely short	HIGH	8.2	0.1%		2026-05-26
41	CVE-2026-42013 A flaw was found in gnutls. When validating certificates, an oversized Subject A	HIGH	8.2	0.0%		2026-05-26
41	CVE-2026-8994 The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass	HIGH	8.1	0.1%		2026-05-27
41	CVE-2026-41076 RT is an open source, enterprise-grade issue and ticket tracking system. Version	HIGH	8.1	0.1%		2026-05-22
41	CVE-2026-46402 Microsoft UFO open-source framework for intelligent automation across devices an	HIGH	8.1	0.1%		2026-05-27
40	CVE-2026-40172 authentik is an open-source identity provider. In versions prior to 2025.12.5 an	HIGH	8.1	0.0%		2026-05-22
40	CVE-2026-6455 The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Sit	HIGH	8.1	0.0%		2026-05-28
40	CVE-2026-35277 Vulnerability in Oracle REST Data Services (component: Core). Supported version	HIGH	8.1	-		2026-05-28
40	CVE-2026-45344 LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the s	HIGH	8.1	-		2026-05-28
40	CVE-2026-9095 Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions withou	HIGH	8.1	-		2026-05-28
40	CVE-2026-46828 Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (componen	HIGH	8.1	-		2026-05-28
40	CVE-2026-3012 A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. W	HIGH	8.0	0.0%		2026-05-27
40	CVE-2026-6957 Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from fed	HIGH	8.0	0.0%		2026-05-27
40	CVE-2026-37266 An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows	HIGH	8.0	-		2026-05-28
40	CVE-2026-35266 Vulnerability in Oracle REST Data Services (component: Core). Supported version	HIGH	7.9	-		2026-05-28
39	CVE-2025-69600 Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to ex	HIGH	7.8	0.1%		2026-05-27
39	CVE-2026-45322 Microsoft UFO open-source framework for intelligent automation across devices an	HIGH	7.8	0.1%		2026-05-27
39	CVE-2026-38945 Command injection in Raynet rvia version 12.6 Update 8 and previous versions all	HIGH	7.8	0.0%		2026-05-27
39	CVE-2026-3623 IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allo	HIGH	7.8	0.0%		2026-05-27
38	CVE-2026-39965 TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via	HIGH	7.7	0.0%		2026-05-22
38	CVE-2026-46823 Vulnerability in the Oracle Public Sector Financials (International) product of	HIGH	7.7	-		2026-05-28
38	CVE-2026-42398 Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with	HIGH	7.7	-		2026-05-28
38	CVE-2026-46821 Vulnerability in the Oracle Financials Common Modules product of Oracle E-Busine	HIGH	7.7	-		2026-05-28
38	CVE-2026-9804 A flaw was found in KubeVirt's virt-exportserver component. An attacker with spe	HIGH	7.7	0.0%		2026-05-28
38	CVE-2026-34207 TypeBot is a chatbot builder tool. SSRF protection for Webhook / HTTP Request b	HIGH	7.6	0.1%		2026-05-22
38	CVE-2026-42790 Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_c	HIGH	7.6	0.0%		2026-05-27
38	CVE-2026-48922 Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not prope	HIGH	7.5	0.2%		2026-05-27

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d

1 / 3 Next