Security Dashboard

7d 14d 30d 90d

Total CVEs

1372

last 7 days

Avg Priority

20.7

of max 220

KEV

actively exploited

POC

public exploits

Unpatched

217

CRIT/HIGH without patch

How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50

CISA Known Exploited Vulnerability — confirmed active exploitation in the wild

EPSS x100

Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)

CVSS x5

Common Vulnerability Scoring System — technical severity (0-50)

POC +20

Public exploit code exists — lowers barrier for attackers

0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

116

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console,

CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
52	CVE-2026-41141 EspoCRM is an open source customer relationship management application. Prior to	MEDIUM	6.5	-	POC FIX	2026-05-28
49	CVE-2026-9367 A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f1948	MEDIUM	5.5	1.0%	POC	2026-05-24
48	CVE-2026-9351 A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16	MEDIUM	5.5	0.1%	POC	2026-05-24
48	CVE-2026-9368 A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi	MEDIUM	5.5	0.1%	POC	2026-05-24
48	CVE-2026-9366 A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted e	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9353 A security vulnerability has been detected in NousResearch hermes-agent up to 20	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9354 A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The a	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9372 A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affec	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9350 A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. Thi	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9355 A flaw has been found in SourceCodester Hospitals Patient Records Management Sys	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9349 A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this i	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9356 A vulnerability has been found in SourceCodester Hospitals Patient Records Manag	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9352 A weakness has been identified in NousResearch hermes-agent up to 2026.4.23. Thi	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9364 A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is	MEDIUM	5.5	0.0%	POC	2026-05-24
48	CVE-2026-9603 A security vulnerability has been detected in SourceCodester eDoc Doctor Appoint	MEDIUM	5.5	0.0%	POC	2026-05-26
48	CVE-2026-9584 A security vulnerability has been detected in code-projects Project Management S	MEDIUM	5.5	0.0%	POC	2026-05-26
48	CVE-2026-9606 A vulnerability has been found in itsourcecode Courier Management System 1.0. Im	MEDIUM	5.5	0.0%	POC	2026-05-26
48	CVE-2026-9580 A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is	MEDIUM	5.5	0.0%	POC FIX	2026-05-26
42	CVE-2025-70116 A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 fi	MEDIUM	4.3	0.0%	POC	2026-05-27
42	CVE-2026-9807 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9	MEDIUM	4.3	0.0%	POC FIX	2026-05-28
42	CVE-2026-41160 EspoCRM is an open source customer relationship management application. Prior to	MEDIUM	4.3	-	POC FIX	2026-05-28
35	CVE-2026-6826 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclo	MEDIUM	6.9	0.0%		2026-05-21
35	CVE-2026-40821 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	MEDIUM	6.9	0.0%		2026-05-27
35	CVE-2026-40822 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	MEDIUM	6.9	0.0%		2026-05-27
35	CVE-2026-40826 A high privileged remote attacker can exploit an unauthenticated SQL Injection v	MEDIUM	6.9	0.0%		2026-05-27
35	CVE-2026-23679 libusb before version 1.0.30 contains a NULL pointer dereference vulnerability t	MEDIUM	6.9	0.0%	FIX	2026-05-27
35	CVE-2026-45413 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwo	MEDIUM	6.9	0.0%	FIX	2026-05-26
34	CVE-2026-48735 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an att	MEDIUM	6.9	-	FIX	2026-05-28
34	CVE-2026-44378 Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefi	MEDIUM	6.9	0.0%	FIX	2026-05-27
34	CVE-2026-4392 A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affe	MEDIUM	6.9	0.0%		2026-05-27
34	CVE-2026-4391 A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. T	MEDIUM	6.9	0.0%		2026-05-27
34	CVE-2026-9053 Mothra would respect a default value given by a website for HTML file upload for	MEDIUM	6.9	0.0%		2026-05-22
34	CVE-2026-47136 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	MEDIUM	6.9	-		2026-05-28
34	CVE-2026-9490 A security vulnerability has been identified in Acer Care Center where the ACCSv	MEDIUM	6.8	0.0%		2026-05-25
34	CVE-2026-41704 AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls i	MEDIUM	6.8	0.0%	FIX	2026-05-27
34	CVE-2026-9802 A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persis	MEDIUM	6.8	0.0%		2026-05-28
34	CVE-2026-9617 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu	MEDIUM	6.8	0.0%	FIX	2026-05-27
34	CVE-2026-9704 A flaw was found in Keycloak. An authenticated user with low privileges can expl	MEDIUM	6.8	0.0%		2026-05-27
34	CVE-2026-46678 ## Summary When an application using Pydantic AI opts a URL into `force_downloa	MEDIUM	6.8	-	FIX	2026-05-21
34	CVE-2026-48065 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	6.7	0.0%	FIX	2026-05-27
34	CVE-2026-46380 A source code audit led to the discovery of three significant security vulnerabi	MEDIUM	6.7	-	FIX	2026-05-28
33	CVE-2026-48919 Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP ref	MEDIUM	6.6	0.1%		2026-05-27
33	CVE-2026-48918 Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by defau	MEDIUM	6.6	0.0%		2026-05-27
33	CVE-2026-48916 Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.	MEDIUM	6.6	0.0%		2026-05-27
33	CVE-2026-48917 Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP re	MEDIUM	6.6	0.1%		2026-05-27
33	CVE-2026-42827 Improper neutralization of special elements used in a command ('command injectio	MEDIUM	6.5	0.1%	FIX	2026-05-22
33	CVE-2026-42732 Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQua	MEDIUM	6.5	0.1%		2026-05-27
33	CVE-2026-42744 Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQua	MEDIUM	6.5	0.1%		2026-05-27
33	CVE-2026-47273 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	6.5	0.0%	FIX	2026-05-27
33	CVE-2026-6936 IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to u	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-6052 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to runnin	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-42725 Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checko	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-41069 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 a	MEDIUM	6.5	0.0%	FIX	2026-05-22
33	CVE-2026-42726 Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-w	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-38930 OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-48968 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-42750 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-42751 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-48877 Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateB	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2025-0898 The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-9156 Tanium addressed a denial of service vulnerability in Tanium Server.	MEDIUM	6.5	0.0%	FIX	2026-05-27
33	CVE-2026-3279 The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthori	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-2340 A flaw was found in Samba’s vfs_worm module. The module is intended to provide w	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-6938 IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploadi	MEDIUM	6.5	0.0%		2026-05-27
33	CVE-2026-47672 epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrast	MEDIUM	6.5	0.0%		2026-05-26
32	CVE-2026-44596 ### Summary The authentication endpoint `POST /auth/token` in `yamcs-core` lack	MEDIUM	6.5	-	FIX	2026-05-27
32	CVE-2026-7048 The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress	MEDIUM	6.5	0.1%		2026-05-28
32	CVE-2026-4635 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.	MEDIUM	6.5	0.0%		2026-05-22
32	CVE-2026-9796 A flaw was found in Keycloak. An authenticated administrator with the `manage-cl	MEDIUM	6.5	0.0%		2026-05-28
32	CVE-2026-3173 The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Objec	MEDIUM	6.5	0.0%		2026-05-28
32	CVE-2026-46556 ###Summary A Server-Side Request Forgery (SSRF) vulnerability in get_image_info(	MEDIUM	6.5	-		2026-05-21
32	CVE-2026-5755 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x	MEDIUM	6.5	0.0%		2026-05-22
32	CVE-2026-5737 The Independent Analytics plugin for WordPress is vulnerable to Server-Side Requ	MEDIUM	6.5	0.0%		2026-05-28
32	CVE-2026-44645 ## Summary The `renderLimit` option - documented in `docs/source/tutorials/dos.	MEDIUM	6.5	-		2026-05-27
32	CVE-2026-3676 IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM	MEDIUM	6.5	0.0%		2026-05-27
32	CVE-2026-48710 Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the H	MEDIUM	6.5	0.0%	FIX	2026-05-26
32	CVE-2026-9792 A flaw was found in Keycloak's Client Policies, specifically within the `org.key	MEDIUM	6.5	0.0%		2026-05-28
32	CVE-2026-48147 Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherR	MEDIUM	6.5	0.0%	FIX	2026-05-27
32	CVE-2026-46551 ### Summary The `uploadViaURL` path in the v1/v2 attachment API did not enforce	MEDIUM	6.5	-		2026-05-21
32	CVE-2026-45081 Frappe HR is an open-source human resources management solution (HRMS). Prior to	MEDIUM	6.5	0.0%	FIX	2026-05-27
32	CVE-2026-47124 ### Summary Any authenticated non-admin member can connect to the server-status	MEDIUM	6.5	-	FIX	2026-05-23
32	CVE-2026-49044 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-05-27
32	CVE-2026-47157 aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths	MEDIUM	6.5	-	FIX	2026-05-23
32	CVE-2026-39969 TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cl	MEDIUM	6.5	0.0%		2026-05-22
32	CVE-2026-39966 TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API	MEDIUM	6.5	0.0%		2026-05-22
32	CVE-2026-28444 Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLo	MEDIUM	6.5	0.0%		2026-05-22
32	CVE-2026-1402 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1	MEDIUM	6.5	0.1%	FIX	2026-05-27
32	CVE-2026-8405 IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Da	MEDIUM	6.5	0.0%		2026-05-27
32	CVE-2026-9035 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A	MEDIUM	6.5	0.0%		2026-05-27
32	CVE-2026-8884 The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored	MEDIUM	6.4	0.0%		2026-05-27

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d

1 / 5 Next