Security Dashboard

7d 14d 30d 90d
Total CVEs
16349
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3571
public exploits
Unpatched
5454
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
CRITICAL
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
62 CVE-2022-50929
Connectify Hotspot 2018 contains an unquoted service path vulnerability in its C
62 CVE-2022-50901
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in th
62 CVE-2019-25483
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell e
62 CVE-2020-37036
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Loa
62 CVE-2021-47756
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulne
62 CVE-2026-0861
Passing too large an alignment to the memalign suite of functions (memalign, pos
62 CVE-2019-25467
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflo
62 CVE-2020-37049
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command L
62 CVE-2020-37042
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in
62 CVE-2020-37040
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows att
62 CVE-2026-24882
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon durin
62 CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name pro
62 CVE-2026-24884
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 an
62 CVE-2026-35021
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
62 CVE-2026-1687
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon
62 CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior
62 CVE-2025-52482
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS
62 CVE-2026-28216
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.
62 CVE-2026-30534
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
62 CVE-2025-68137
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer
62 CVE-2025-62514
Parsec is a cloud-based application for cryptographically secure file sharing. I
62 CVE-2026-26861
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripti
62 CVE-2026-26862
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Si
61 CVE-2021-47846
Digital Crime Report Management System 1.0 contains a critical SQL injection vul
61 CVE-2020-36945
WebDamn User Registration Login System contains a SQL injection vulnerability th
61 CVE-2019-25325
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.
61 CVE-2026-27190
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a com
61 CVE-2019-25506
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the
61 CVE-2019-25499
Simple Job Script contains an SQL injection vulnerability that allows unauthenti
61 CVE-2019-25494
Homey BNB V4 contains an SQL injection vulnerability in the administration panel
61 CVE-2018-25196
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthentica
61 CVE-2018-25192
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows una
61 CVE-2019-25486
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticate
61 CVE-2019-25498
Simple Job Script contains an SQL injection vulnerability that allows unauthenti
61 CVE-2018-25199
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticat
61 CVE-2019-25532
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows
61 CVE-2019-25533
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability t
61 CVE-2019-25531
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email pa
61 CVE-2019-25527
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability th
61 CVE-2019-25542
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that a
61 CVE-2019-25524
XooGallery Latest contains an SQL injection vulnerability that allows unauthenti
61 CVE-2019-25525
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability th
61 CVE-2019-25543
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that
61 CVE-2022-50892
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows
61 CVE-2023-54340
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthent
61 CVE-2019-25522
XooGallery Latest contains multiple SQL injection vulnerabilities that allow una
61 CVE-2019-25523
XooGallery Latest contains an SQL injection vulnerability that allows unauthenti
61 CVE-2019-25513
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerabilit
61 CVE-2018-25194
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated
61 CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated
61 CVE-2020-36999
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows atta
61 CVE-2020-37076
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' para
61 CVE-2021-47848
Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows a
61 CVE-2019-25495
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenti
61 CVE-2019-25496
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenti
61 CVE-2026-26740
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to caus
61 CVE-2019-25520
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vuln
61 CVE-2019-25510
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vuln
61 CVE-2019-25501
Simple Job Script contains an SQL injection vulnerability that allows attackers
61 CVE-2019-25440
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticate
61 CVE-2018-25175
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauth
61 CVE-2018-25188
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unaut
61 CVE-2019-25443
Inventory Webapp contains an SQL injection vulnerability that allows unauthentic
61 CVE-2019-25462
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unau
61 CVE-2019-25431
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in
61 CVE-2019-25433
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthentica
61 CVE-2018-25167
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login paramet
61 CVE-2019-25507
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows
61 CVE-2018-25172
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated
61 CVE-2018-25166
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows un
61 CVE-2018-25163
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated
61 CVE-2018-25173
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticat
61 CVE-2019-25446
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenti
61 CVE-2018-25197
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthentica
61 CVE-2019-25504
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenti
61 CVE-2018-25187
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated att
61 CVE-2018-25179
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticat
61 CVE-2018-25182
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allo
61 CVE-2018-25189
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username
61 CVE-2019-25497
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenti
61 CVE-2020-37151
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php pa
61 CVE-2019-25492
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated
61 CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated
61 CVE-2019-25490
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated
61 CVE-2019-25491
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated
61 CVE-2026-27179
MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection
61 CVE-2019-25500
Simple Job Script contains an SQL injection vulnerability that allows unauthenti
61 CVE-2018-25176
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthent
61 CVE-2019-25516
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerabilit
61 CVE-2019-25511
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerabilit

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1725d
CVE-2020-10189 CRITICAL 9.8 223 2228d
CVE-2012-4681 CRITICAL 9.8 223 4976d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 998d
CVE-2015-7450 CRITICAL 9.8 222 3753d
CVE-2023-34048 CRITICAL 9.8 222 900d
Prev 10 / 40 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy