Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
1372
last 7 days
Avg Priority
20.7
of max 220
KEV
1
actively exploited
POC
64
public exploits
Unpatched
217
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116
CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
35 CVE-2026-9365
A vulnerability has been found in Ettercap up to 0.8.3. The affected element is
35 CVE-2026-9371
A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Aff
35 CVE-2026-9306
A security vulnerability has been detected in QuantumNous new-api up to 0.12.1.
35 CVE-2026-9370
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4
31 CVE-2026-9343
A weakness has been identified in Edimax EW-7438RPn up to 1.31. The affected ele
31 CVE-2026-9347
A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the
31 CVE-2026-9296
A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the functi
31 CVE-2026-9297
A security vulnerability has been detected in Edimax BR-6428NS 1.10. Affected is
31 CVE-2026-9362
A security vulnerability has been detected in Edimax EW-7438RPn 1.12. This vulne
31 CVE-2026-9363
A vulnerability was detected in Edimax EW-7438RPn 1.12. This issue affects the f
31 CVE-2026-9359
A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vuln
31 CVE-2026-9361
A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the funct
31 CVE-2026-9302
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00
31 CVE-2026-9300
A vulnerability has been found in omec-project amf up to 2.1.1. This affects an
31 CVE-2026-9301
A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability af
31 CVE-2026-9298
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this v
31 CVE-2026-9299
A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is
31 CVE-2026-9358
A vulnerability was determined in postcss up to 7.1.1. Affected is the function
31 CVE-2026-9583
A weakness has been identified in SourceCodester CET Automated Grading System wi
31 CVE-2026-9305
A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted
31 CVE-2026-9607
A vulnerability was found in itsourcecode Courier Management System 1.0. The aff
31 CVE-2026-9342
A security flaw has been discovered in SourceCodester Hospitals Patient Records
31 CVE-2026-9303
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unk
30 CVE-2026-9582
A security flaw has been discovered in SourceCodester CET Automated Grading Syst
30 CVE-2026-9604
A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affect
30 CVE-2026-9579
A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function use
30 CVE-2026-9369
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affe
27 CVE-2026-9304
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected
20 CVE-2026-30963
### Summary To defend against namespace hijacking achieved through update/patch
19 CVE-2026-9712
When creating an export through the pretix API, API clients are returned an UUI
19 CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control
18 CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient
18 CVE-2025-46371
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risk
17 CVE-2026-39824
NewNTUnicodeString does not check for string length overflow. When provided with
16 CVE-2026-47330
Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under c
16 CVE-2026-47337
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointe
16 CVE-2026-47336
Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized
16 CVE-2026-47329
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate inva
16 CVE-2026-47327
Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointe
16 CVE-2026-49009
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4
16 CVE-2026-39967
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine'
12 CVE-2025-68710
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2
12 CVE-2025-68708
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local atta
12 CVE-2025-68711
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.
12 CVE-2026-5222
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party regis
12 CVE-2026-7882
Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to
12 CVE-2026-8411
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8414
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8434
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8409
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8416
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8413
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8340
Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVers
12 CVE-2026-8412
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8432
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8415
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8427
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8410
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-8433
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-7887
For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses
12 CVE-2026-8435
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) a
12 CVE-2026-25608
STER uses unencrypted TCP traffic to transmit data over the network. It allows a
12 CVE-2026-7886
Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage v
11 CVE-2026-9581
A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is
10 CVE-2026-7890
In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from
10 CVE-2026-8139
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page
10 CVE-2026-9609
A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the f
10 CVE-2026-9357
A vulnerability was found in vBulletin 6.x. This impacts an unknown function of
10 CVE-2026-46549
### Summary The OAuth token strategy attached `oauth_scope` and `oauth_granted_
10 CVE-2026-9608
A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted eleme
9 CVE-2025-71310
The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficient
6 CVE-2026-9828
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-c
0 CVE-2026-45753
### Description `symfony/html-sanitizer` lets applications sanitise untrusted H
0 CVE-2026-45756
### Description The `JsonPath` component's `match()` and `search()` filter func
0 CVE-2026-45287
### Summary `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/ote
0 CVE-2026-46629
### Description `IntlExtension` memoises every `\IntlDateFormatter` and `\Numbe
0 CVE-2026-46668
### Impact Users are impacted if: - They have a caveat structure with a nested
0 CVE-2026-46554
### Summary Deleted API tokens continued to authenticate requests until their ca
0 CVE-2026-8353
Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in t
0 CVE-2026-8347
Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level i
0 CVE-2026-45305
### Description `Symfony\Component\Yaml\Parser::cleanup()` strips the optional
0 CVE-2026-45072
### Description Symfony's profiler, a development only debug UI, renders source
0 CVE-2026-45071
### Description `symfony/dom-crawler` provides the `Crawler` class for navigati
0 CVE-2026-45304
### Description `Symfony\Component\Yaml\Parser` resolves YAML aliases (`*anchor
0 CVE-2026-45133
### Description `Symfony\Component\Yaml\Parser` is the entry point for parsing
0 CVE-2026-46553
### Summary The upload-by-URL path did not enforce `NC_ATTACHMENT_FIELD_SIZE` ag
0 CVE-2026-46628
### Description The `spaceless` filter is registered with `is_safe => ['html']`
0 CVE-2026-46637
### Description Several filters in the `twig/*` extras packages are registered
0 CVE-2026-46635
### Description The `column` filter passes its input straight to PHP's native `

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy