Total CVEs
16527
last 90 days
Avg Priority
36.3
of max 220
KEV
40
actively exploited
POC
3209
public exploits
Unpatched
4329
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
Priority Distribution
| Priority | CVE |
|---|---|
| 34 |
CVE-2026-22747
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not
|
| 34 |
CVE-2026-35586
pyLoad is a free and open-source download manager written in Python. Prior to 0.
|
| 34 |
CVE-2026-40939
The Data Sharing Framework (DSF) implements a distributed process engine based o
|
| 34 |
CVE-2026-35577
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operat
|
| 34 |
CVE-2026-20980
Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physica
|
| 34 |
CVE-2026-30816
An external control of configuration vulnerability in the OpenVPN module of TP-L
|
| 34 |
CVE-2026-28741
Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.
|
| 34 |
CVE-2025-32063
There is a misconfiguration vulnerability inside the Infotainment ECU manufactur
|
| 34 |
CVE-2026-30817
An external configuration control vulnerability in the OpenVPN module of TP-Link
|
| 34 |
CVE-2025-15584
Netskope was notified about a potential gap in its Endpoint DLP Module for Netsk
|
| 34 |
CVE-2025-7708
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educati
|
| 34 |
CVE-2026-31850
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitiv
|
| 34 |
CVE-2026-34325
Vulnerability in the Oracle Financial Services Analytical Applications Infrastru
|
| 34 |
CVE-2026-30931
ImageMagick is free and open-source software used for editing and manipulating d
|
| 34 |
CVE-2026-28686
ImageMagick is free and open-source software used for editing and manipulating d
|
| 34 |
CVE-2026-33786
An Improper Check for Unusual or Exceptional Conditions vulnerability in the cha
|
| 34 |
CVE-2026-40191
ClearanceKit intercepts file-system access events on macOS and enforces per-proc
|
| 34 |
CVE-2026-21012
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allo
|
| 34 |
CVE-2026-30937
ImageMagick is free and open-source software used for editing and manipulating d
|
| 34 |
CVE-2026-33787
An Improper Check for Unusual or Exceptional Conditions vulnerability in the cha
|
| 34 |
CVE-2026-33990
## Summary
Docker Model Runner contains an SSRF vulnerability in its OCI registr
|
| 34 |
CVE-2026-33572
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly bro
|
| 34 |
CVE-2025-9520
An IDOR vulnerability exists in Omada Controllers that allows an attacker with A
|
| 34 |
CVE-2025-36365
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.
|
| 34 |
CVE-2026-40253
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In ver
|
| 34 |
CVE-2025-10010
The CPSD CryptoPro Secure Disk application boots a small Linux operating system
|
| 34 |
CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS an
|
| 34 |
CVE-2026-33997
## Summary
A security vulnerability has been detected that allows [plugins](htt
|
| 34 |
CVE-2025-41117
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and t
|
| 34 |
CVE-2026-20024
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and C
|
| 34 |
CVE-2026-0119
In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of boun
|
| 34 |
CVE-2026-4482
The installer certificate files in the …/bootstrap/common/ssl folder do not seem
|
| 34 |
CVE-2026-30603
An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.164
|
| 34 |
CVE-2026-34068
### Impact
The staking contract accepts `UpdateValidator` transactions that set
|
| 34 |
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers usin
|
| 34 |
CVE-2026-34864
Boundary-unlimited vulnerability in the application read module.
Impact: Success
|
| 34 |
CVE-2026-28547
Vulnerability of uninitialized pointer access in the scanning module. Impact: Su
|
| 34 |
CVE-2025-47363
Memory corruption when calculating oversized partition sizes without proper chec
|
| 34 |
CVE-2025-47364
Memory corruption while calculating offset from partition start point.
|
| 34 |
CVE-2025-33215
NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component whe
|
| 34 |
CVE-2025-33216
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface
|
| 34 |
CVE-2026-24918
Address read vulnerability in the communication module.
Impact: Successful explo
|
| 34 |
CVE-2026-32229
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO
|
| 34 |
CVE-2026-41239
## Summary
| Field | Value |
|:------|:------|
| **Severity** | Medium |
| **Af
|
| 34 |
CVE-2026-41201
## Summary:
An attacker can acheive Full Account Takeover & Privilege Escalation
|
| 34 |
CVE-2026-42038
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.
|
| 34 |
CVE-2026-33623
### Summary
PinchTab `v0.8.4` contains a Windows-only command injection issue in
|
| 34 |
CVE-2026-23653
Improper neutralization of special elements used in a command ('command injectio
|
| 34 |
CVE-2026-0390
Reliance on untrusted inputs in a security decision in Windows Boot Loader allow
|
| 34 |
CVE-2026-26124
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate pr
|
| 34 |
CVE-2026-1588
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element i
|
| 34 |
CVE-2026-23651
Permissive regular expression in Azure Compute Gallery allows an authorized atta
|
| 34 |
CVE-2026-20099
A vulnerability in the web-based management interface of Cisco FXOS Software and
|
| 34 |
CVE-2026-24777
OpenProject is an open-source, web-based project management software. Prior to 1
|
| 34 |
CVE-2026-23779
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 34 |
CVE-2026-31833
Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authentic
|
| 34 |
CVE-2026-35074
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-35073
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-35072
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-25691
A improper limitation of a pathname to a restricted directory ('path traversal')
|
| 34 |
CVE-2026-22341
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-T
|
| 34 |
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment
|
| 34 |
CVE-2025-48418
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6
|
| 34 |
CVE-2026-25120
Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, th
|
| 34 |
CVE-2026-21522
Improper neutralization of special elements used in a command ('command injectio
|
| 34 |
CVE-2025-64340
Server names containing shell metacharacters (e.g., `&`) can cause command injec
|
| 34 |
CVE-2026-32948
### Summary
On Windows, sbt uses `Process("cmd", "/c", ...)` to run VCS commands
|
| 34 |
CVE-2026-26887
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26889
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26888
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26890
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26886
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26885
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26884
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26883
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26972
OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, Op
|
| 34 |
CVE-2025-15316
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
|
| 34 |
CVE-2026-39809
A improper neutralization of special elements used in an sql command ('sql injec
|
| 34 |
CVE-2026-32496
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
|
| 34 |
CVE-2025-15315
Tanium addressed a local privilege escalation vulnerability in Tanium Module Ser
|
| 34 |
CVE-2026-26033
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unq
|
| 34 |
CVE-2024-14025
An SQL injection vulnerability has been reported to affect Video Station. If an
|
| 34 |
CVE-2026-21424
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-29608
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run nod
|
| 34 |
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `downl
|
| 34 |
CVE-2026-21421
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2025-13818
Local privilege escalation vulnerability via insecure temporary batch file execu
|
| 34 |
CVE-2026-35153
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-21426
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 744d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2311d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2124d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1738d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2241d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4989d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1210d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1011d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3766d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 913d |