Total CVEs
16349
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3571
public exploits
Unpatched
5454
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-5184
A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted el
|
| 47 |
CVE-2026-5354
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerabil
|
| 47 |
CVE-2026-5183
A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected el
|
| 47 |
CVE-2026-5353
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the func
|
| 47 |
CVE-2026-5351
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the f
|
| 47 |
CVE-2026-5177
A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affect
|
| 47 |
CVE-2026-5178
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b2022
|
| 47 |
CVE-2025-67491
OpenEMR is a free and open source electronic health records and medical practice
|
| 47 |
CVE-2026-2953
A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the fu
|
| 47 |
CVE-2026-26953
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level
|
| 47 |
CVE-2026-24127
Typemill is a flat-file, Markdown-based CMS designed for informational documenta
|
| 47 |
CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the com
|
| 47 |
CVE-2025-15582
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacte
|
| 47 |
CVE-2021-47870
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scri
|
| 47 |
CVE-2026-30224
OliveTin gives access to predefined shell commands from a web interface. Prior t
|
| 47 |
CVE-2026-2551
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerab
|
| 47 |
CVE-2021-47843
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows a
|
| 47 |
CVE-2020-36993
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Su
|
| 47 |
CVE-2026-26377
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote atta
|
| 47 |
CVE-2026-23887
Group-Office is an enterprise customer relationship management and groupware too
|
| 47 |
CVE-2026-23960
Argo Workflows is an open source container-native workflow engine for orchestrat
|
| 47 |
CVE-2019-25400
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vul
|
| 47 |
CVE-2026-2957
A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts
|
| 47 |
CVE-2025-57681
The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4
|
| 47 |
CVE-2026-2849
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781
|
| 47 |
CVE-2025-70458
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainChecker
|
| 47 |
CVE-2026-3761
A flaw has been found in SourceCodester Client Database Management System 1.0. T
|
| 47 |
CVE-2025-70296
A stored HTML injection vulnerability in the Recipe Notes rendering component in
|
| 47 |
CVE-2026-4542
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknow
|
| 47 |
CVE-2026-23630
Docmost is open-source collaborative wiki and documentation software. In version
|
| 47 |
CVE-2026-3268
A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected el
|
| 47 |
CVE-2026-32898
OpenClaw versions prior to 2026.2.23 contain an authorization bypass vulnerabili
|
| 47 |
CVE-2026-25889
File Browser provides a file managing interface within a specified directory and
|
| 47 |
CVE-2026-25500
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, a
|
| 47 |
CVE-2026-27458
LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and be
|
| 47 |
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site s
|
| 47 |
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site s
|
| 47 |
CVE-2026-24855
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 ha
|
| 47 |
CVE-2026-27147
GetSimple CMS is a content management system. All versions of GetSimple CMS are
|
| 47 |
CVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site s
|
| 47 |
CVE-2026-24903
OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-
|
| 47 |
CVE-2025-14556
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 47 |
CVE-2020-36988
PDW File Browser version 1.3 contains stored and reflected cross-site scripting
|
| 47 |
CVE-2026-23875
CrawlChat is an open-source, AI-powered platform that transforms technical docum
|
| 47 |
CVE-2026-30520
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management Sys
|
| 47 |
CVE-2026-26188
Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building too
|
| 47 |
CVE-2026-26059
ChurchCRM is an open-source church management system. In versions prior to 6.8.2
|
| 47 |
CVE-2025-9208
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 47 |
CVE-2026-29175
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XS
|
| 47 |
CVE-2025-13672
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 47 |
CVE-2019-25367
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulner
|
| 47 |
CVE-2021-47817
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authen
|
| 47 |
CVE-2026-27621
TypiCMS is a multilingual content management system based on the Laravel framewo
|
| 47 |
CVE-2026-21866
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vu
|
| 47 |
CVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a m
|
| 47 |
CVE-2026-27742
Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability
|
| 47 |
CVE-2019-25390
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 47 |
CVE-2026-32895
OpenClaw versions prior to 2026.2.26 fail to enforce sender authorization in mem
|
| 47 |
CVE-2025-15611
The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces i
|
| 47 |
CVE-2026-1112
A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the
|
| 47 |
CVE-2025-15445
The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-aj
|
| 47 |
CVE-2026-2109
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected
|
| 47 |
CVE-2026-30527
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Onlin
|
| 47 |
CVE-2026-2973
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7
|
| 47 |
CVE-2019-25368
OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag
|
| 47 |
CVE-2021-47779
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in
|
| 47 |
CVE-2025-70960
A stored cross-site scripting (XSS) vulnerability in the Forums module of Tenden
|
| 47 |
CVE-2025-70959
A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci
|
| 47 |
CVE-2020-37044
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via
|
| 47 |
CVE-2025-65349
A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in
|
| 47 |
CVE-2026-25483
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC
|
| 47 |
CVE-2026-24043
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control
|
| 47 |
CVE-2026-23476
FacturaScripts is open-source enterprise resource planning and accounting softwa
|
| 47 |
CVE-2026-25581
SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an
|
| 47 |
CVE-2026-23725
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cro
|
| 47 |
CVE-2021-47808
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the
|
| 47 |
CVE-2025-71177
LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scr
|
| 47 |
CVE-2026-1337
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and
|
| 47 |
CVE-2025-70368
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerabilit
|
| 47 |
CVE-2025-63644
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Soci
|
| 47 |
CVE-2026-24034
Horilla is a free and open source Human Resource Management System (HRMS). In ve
|
| 47 |
CVE-2026-26997
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #
|
| 47 |
CVE-2026-29177
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3
|
| 47 |
CVE-2021-47783
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated at
|
| 47 |
CVE-2019-25377
OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the sys
|
| 47 |
CVE-2025-69207
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an
|
| 47 |
CVE-2026-23496
Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore.
|
| 47 |
CVE-2026-5532
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affe
|
| 47 |
CVE-2026-23849
File Browser provides a file managing interface within a specified directory and
|
| 47 |
CVE-2026-6108
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |