Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
17716
last 90 days
Avg Priority
34.3
of max 220
KEV
31
actively exploited
POC
2291
public exploits
Unpatched
3560
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
141 CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall M
136 CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Capti
133 CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0
131 CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1,
131 CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripti
129 CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an autho
127 CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a
126 CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defe
124 CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
120 CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possi
119 CVE-2026-39987
## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal
119 CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow
119 CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re
119 CVE-2026-5281
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote
118 CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
118 CVE-2026-45321
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicio
117 CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised
117 CVE-2026-33017
## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b
117 CVE-2026-42208
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo
117 CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON T
117 CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when config
116 CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver
114 CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
109 CVE-2026-3502
TrueConf Client downloads application update code and applies it without perform
109 CVE-2026-31431
In the Linux kernel, the following vulnerability has been resolved: crypto: alg
109 CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized
108 CVE-2026-9082
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
96 CVE-2025-14558
The rtsol(8) and rtsold(8) programs do not validate the domain search list optio
92 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
92 CVE-2026-32202
Protection mechanism failure in Windows Shell allows an unauthorized attacker to
90 CVE-2026-20079
A vulnerability in the web interface of Cisco Secure Firewall Management Center
89 CVE-2026-21385
Memory corruption while using alignments for memory allocation.
89 CVE-2026-34926
A directory traversal vulnerability in the Apex One (on-premise) server could al
82 CVE-2026-27971
Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable
74 CVE-2026-39808
A improper neutralization of special elements used in an os command ('os command
71 CVE-2026-24105
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1
70 CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a cr
70 CVE-2026-24898
OpenEMR is a free and open source electronic health records and medical practice
70 CVE-2026-26478
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012
70 CVE-2026-24107
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the
70 CVE-2026-24101
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_mul
70 CVE-2026-40887
## Summary An unauthenticated SQL injection vulnerability exists in the Vendure
70 CVE-2026-27944
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.
70 CVE-2026-28289
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
70 CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration
70 CVE-2026-4689
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPC
70 CVE-2026-30957
OneUptime is a solution for monitoring and managing online services. Prior to 10
70 CVE-2026-28794
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere t
70 CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice
70 CVE-2026-30861
WeKnora is an LLM-powered framework designed for deep document understanding and
70 CVE-2026-28411
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an u
70 CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Pri
70 CVE-2026-30860
WeKnora is an LLM-powered framework designed for deep document understanding and
70 CVE-2026-28775
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP
70 CVE-2026-33309
### Summary While reviewing the recent patch for **CVE-2025-68478** (External C
70 CVE-2026-30887
OneUptime is a solution for monitoring and managing online services. Prior to 10
70 CVE-2026-30956
OneUptime is a solution for monitoring and managing online services. Prior to 10
70 CVE-2026-30921
OneUptime is a solution for monitoring and managing online services. Prior to 10
69 CVE-2026-2699
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthentica
69 CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter fro
69 CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1
69 CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute ar
69 CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a r
69 CVE-2026-3584
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al
69 CVE-2026-3703
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_4
69 CVE-2026-27005
Chartbrew is an open-source web application that can connect directly to databas
69 CVE-2026-28292
`simple-git`, an interface for running git commands in any node.js application,
69 CVE-2026-25873
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in t
69 CVE-2026-24118
### Summary VM2 suffers from a sandbox breakout vulnerability. This allows atta
69 CVE-2026-22891
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing funct
69 CVE-2025-70231
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When proces
69 CVE-2026-30821
Flowise is a drag & drop user interface to build a customized large language mod
69 CVE-2026-26956
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerab
69 CVE-2025-46108
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpi
69 CVE-2025-70221
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70226
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70218
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the gofo
69 CVE-2025-70225
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime para
69 CVE-2025-70232
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70230
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70219
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formD
69 CVE-2025-70229
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70233
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70223
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70222
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70220
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2026-34935
### Summary The `--mcp` CLI argument is passed directly to `shlex.split()` and
69 CVE-2026-24120
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix f
69 CVE-2026-32304
## Summary The `create_function(args, code)` function passes both parameters di
69 CVE-2026-32248
Parse Server is an open source backend that can be deployed to any infrastructur

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d
1 / 197 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy