Security Dashboard

7d 14d 30d 90d

Total CVEs

1524

last 7 days

Avg Priority

32.2

of max 220

KEV

actively exploited

POC

192

public exploits

Unpatched

437

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
31	CVE-2026-6000 A vulnerability was found in code-projects Online Library Management System 1.0.	LOW	2.1	0.0%	POC	2026-04-10
31	CVE-2026-5847 A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impa	LOW	2.1	0.0%	POC	2026-04-09
30	CVE-2026-5960 A weakness has been identified in code-projects Patient Record Management System	LOW	2.1	0.0%	POC	2026-04-09
19	CVE-2026-21388 Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {	LOW	3.7	0.0%		2026-04-09
19	CVE-2026-24661 Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the	LOW	3.7	0.0%		2026-04-09
19	CVE-2026-34166 ## Summary The `replace` filter in LiquidJS incorrectly accounts for memory usa	LOW	3.7	0.0%	FIX	2026-04-08
19	CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resou	LOW	3.7	0.0%		2026-04-06
18	CVE-2026-40194 phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1	LOW	3.7	0.0%	FIX	2026-04-10
18	CVE-2026-40184 TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded pho	LOW	3.7	0.1%		2026-04-10
18	CVE-2026-40097 Step CA is an online certificate authority for secure, automated certificate man	LOW	3.7	0.0%	FIX	2026-04-10
18	CVE-2026-33551 An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.	LOW	3.5	0.0%	FIX	2026-04-10
18	CVE-2026-35679 Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under cert	LOW	3.5	0.0%		2026-04-05
18	CVE-2026-35400 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	LOW	3.5	0.0%		2026-04-08
18	CVE-2026-40077 Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in t	LOW	3.5	0.0%	FIX	2026-04-09
17	CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.4	0.0%		2026-04-06
17	CVE-2026-28264 Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorre	LOW	3.3	0.0%		2026-04-08
16	CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.1	0.0%		2026-04-06
16	CVE-2026-40109 Flux notification-controller is the event forwarder and notification dispatcher	LOW	3.1	0.0%	FIX	2026-04-09
15	CVE-2026-5382 An issue that could expose records outside of the authorized organization scope	LOW	3.0	0.0%		2026-04-07
15	CVE-2026-5379 An issue that allowed MCP agents to access certificate information from outside	LOW	3.0	0.0%		2026-04-07
15	CVE-2026-40354 Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Fla	LOW	2.9	0.0%		2026-04-11
14	CVE-2026-40228 In systemd 259, systemd-journald can send ANSI escape sequences to the terminals	LOW	2.9	0.0%		2026-04-10
14	CVE-2026-34781 ### Impact Apps that call `clipboard.readImage()` may be vulnerable to a denial	LOW	2.8	0.0%	FIX	2026-04-07
14	CVE-2026-5375 An issue that could allow a user with access to a credential to view sensitive f	LOW	2.7	0.0%		2026-04-07
14	CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	LOW	2.7	0.0%	FIX	2026-04-07
14	CVE-2026-4916 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2	LOW	2.7	0.0%		2026-04-08
14	CVE-2025-15480 In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user cr	LOW	2.7	0.0%	FIX	2026-04-09
14	CVE-2025-14551 In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials durin	LOW	2.7	0.0%	FIX	2026-04-09
12	CVE-2026-5188 An integer underflow issue exists in wolfSSL when parsing the Subject Alternativ	LOW	2.3	0.0%		2026-04-10
12	CVE-2026-5448 X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-5392 Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-39957 Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL opera	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-34945 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-34988 Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-5187 Two potential heap out-of-bounds write locations existed in DecodeObjectId() in	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-35624 OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room auth	LOW	2.3	0.1%	FIX	2026-04-09
12	CVE-2026-35617 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Goog	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-35648 OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued no	LOW	2.3	0.0%	FIX	2026-04-10
12	CVE-2026-34720 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	LOW	2.3	0.0%		2026-04-08
11	CVE-2026-5381 An issue that could expose task information outside of the authorized organizati	LOW	2.2	0.0%		2026-04-07
11	CVE-2026-39349 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to	LOW	2.1	0.0%		2026-04-07
10	CVE-2026-5772 A 1-byte stack buffer over-read was identified in the MatchDomainName function (	LOW	2.1	0.0%		2026-04-09
10	CVE-2026-34248 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	LOW	2.1	0.0%		2026-04-08
10	CVE-2026-5778 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause	LOW	2.1	0.1%		2026-04-09
10	CVE-2026-27949 Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerabil	LOW	2.0	0.0%		2026-04-07
8	CVE-2026-40072 web3.py allows you to interact with the Ethereum blockchain using Python. From 6	LOW	1.7	0.0%		2026-04-09
5	CVE-2026-34983 Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is	LOW	1.0	0.0%	FIX	2026-04-09

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2110d
CVE-2021-35464	CRITICAL	9.8	223	1724d
CVE-2020-10189	CRITICAL	9.8	223	2227d
CVE-2012-4681	CRITICAL	9.8	223	4975d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	997d
CVE-2015-7450	CRITICAL	9.8	222	3752d
CVE-2023-34048	CRITICAL	9.8	222	899d