Total CVEs
16531
last 90 days
Avg Priority
36.3
of max 220
KEV
40
actively exploited
POC
3214
public exploits
Unpatched
4329
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
Priority Distribution
| Priority | CVE |
|---|---|
| 34 |
CVE-2026-35153
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-21426
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh
|
| 34 |
CVE-2026-0027
In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due
|
| 34 |
CVE-2026-20436
In wlan STA driver, there is a possible escalation of privilege due to a missing
|
| 34 |
CVE-2026-1585
An unquoted Windows service executable path vulnerability in IJ Scan Utility for
|
| 34 |
CVE-2026-4105
A flaw was found in systemd. The systemd-machined service contains an Improper A
|
| 34 |
CVE-2026-22270
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-27774
Local privilege escalation due to DLL hijacking vulnerability. The following pro
|
| 34 |
CVE-2026-28728
Local privilege escalation due to DLL hijacking vulnerability. The following pro
|
| 34 |
CVE-2025-9909
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creati
|
| 34 |
CVE-2026-0940
A potential improper initialization vulnerability was reported in the BIOS of so
|
| 34 |
CVE-2026-32259
ImageMagick is free and open-source software used for editing and manipulating d
|
| 34 |
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2
|
| 34 |
CVE-2026-2809
Netskope was notified about a potential gap in its Endpoint DLP Module for Netsk
|
| 34 |
CVE-2026-21423
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-25206
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource
|
| 34 |
CVE-2025-32452
Uncontrolled search path for some AI Playground before version 2.6.1 beta within
|
| 34 |
CVE-2026-34871
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA
|
| 34 |
CVE-2025-20070
Improper conditions check for the Intel(R) Optane(TM) PMem management software b
|
| 34 |
CVE-2026-39389
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
| 34 |
CVE-2025-9908
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansibl
|
| 34 |
CVE-2026-3091
An uncontrolled search path element vulnerability in Synology Presto Client befo
|
| 34 |
CVE-2026-21425
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-41989
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial
|
| 34 |
CVE-2026-0705
Local privilege escalation due to insecure folder permissions. The following pro
|
| 34 |
CVE-2026-24510
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Im
|
| 34 |
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machin
|
| 34 |
CVE-2026-5165
A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) devic
|
| 34 |
CVE-2025-14917
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphe
|
| 34 |
CVE-2025-9907
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansibl
|
| 34 |
CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-chec
|
| 34 |
CVE-2026-27653
The installers for multiple products provided by Soliton Systems K.K. contain an
|
| 34 |
CVE-2026-33271
Local privilege escalation due to insecure folder permissions. The following pro
|
| 34 |
CVE-2025-9957
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2
|
| 34 |
CVE-2025-36522
Incorrect default permissions for some Intel(R) Chipset Software before version
|
| 34 |
CVE-2025-31655
Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool wit
|
| 34 |
CVE-2026-5164
A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly v
|
| 34 |
CVE-2026-26891
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL
|
| 34 |
CVE-2026-21709
A vulnerability allowing a local attacker with administrator privileges to bypas
|
| 34 |
CVE-2024-14024
An improper certificate validation vulnerability has been reported to affect Vid
|
| 34 |
CVE-2026-20440
In MAE, there is a possible out of bounds write due to a missing bounds check. T
|
| 34 |
CVE-2025-14740
Docker Desktop for Windows contains multiple incorrect permission assignment vul
|
| 34 |
CVE-2025-13918
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 P
|
| 34 |
CVE-2025-32060
The system suffers from the absence of a kernel module signature verification. I
|
| 34 |
CVE-2025-35999
Incorrect permission assignment for critical resource for some System Firmware U
|
| 34 |
CVE-2026-34863
Out-of-bounds write vulnerability in the file system.
Impact: Successful exploit
|
| 34 |
CVE-2026-20444
In display, there is a possible memory corruption due to a missing bounds check.
|
| 34 |
CVE-2025-20106
Uncontrolled search path in some software installer for some VTune(TM) Profiler
|
| 34 |
CVE-2026-20443
In display, there is a possible memory corruption due to use after free. This co
|
| 34 |
CVE-2026-20426
In display, there is a possible out of bounds write due to a missing bounds chec
|
| 34 |
CVE-2026-20425
In display, there is a possible out of bounds write due to a missing bounds chec
|
| 34 |
CVE-2026-20428
In display, there is a possible out of bounds write due to a missing bounds chec
|
| 34 |
CVE-2026-20427
In display, there is a possible escalation of privilege due to a missing bounds
|
| 34 |
CVE-2026-20441
In MAE, there is a possible out of bounds write due to a missing bounds check. T
|
| 34 |
CVE-2026-20413
In imgsys, there is a possible out of bounds write due to a missing bounds check
|
| 34 |
CVE-2025-36511
Incorrect default permissions for some Intel(R) Memory and Storage Tool before v
|
| 34 |
CVE-2025-22849
Incorrect default permissions for the Intel(R) Optane(TM) PMem management softwa
|
| 34 |
CVE-2026-20410
In imgsys, there is a possible out of bounds write due to a missing bounds check
|
| 34 |
CVE-2026-20414
In imgsys, there is a possible escalation of privilege due to use after free. Th
|
| 34 |
CVE-2026-26951
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release ver
|
| 34 |
CVE-2026-35349
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --p
|
| 34 |
CVE-2026-32901
OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.
|
| 34 |
CVE-2026-26942
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper N
|
| 34 |
CVE-2026-22761
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command inject
|
| 34 |
CVE-2026-41415
PJSIP is a free and open source multimedia communication library written in C. I
|
| 33 |
CVE-2026-27794
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Pri
|
| 33 |
CVE-2026-2462
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail
|
| 33 |
CVE-2026-22284
Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Imprope
|
| 33 |
CVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the fun
|
| 33 |
CVE-2025-15312
Tanium addressed an improper output sanitization vulnerability in Tanium Applian
|
| 33 |
CVE-2026-34515
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
|
| 33 |
CVE-2026-26274
October is a Content Management System (CMS) and web platform. Prior to 3.7.14 a
|
| 33 |
CVE-2026-24640
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet
|
| 33 |
CVE-2026-30897
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8
|
| 33 |
CVE-2025-46607
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 33 |
CVE-2025-46641
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 33 |
CVE-2026-32003
OpenClaw versions prior to 2026.2.22 contain an environment variable injection v
|
| 33 |
CVE-2026-34388
Fleet is open source device management software. Prior to 4.81.0, a denial-of-se
|
| 33 |
CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
|
| 33 |
CVE-2026-20202
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splu
|
| 33 |
CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55
|
| 33 |
CVE-2026-34277
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS
|
| 33 |
CVE-2026-32694
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permission
|
| 33 |
CVE-2026-21010
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows
|
| 33 |
CVE-2026-33182
### Impact
Users providing user generated input into the `resolveEndpoint` metho
|
| 33 |
CVE-2026-32058
OpenClaw versions prior to 2026.2.26 contain an approval context-binding weaknes
|
| 33 |
CVE-2026-35479
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
|
| 33 |
CVE-2026-34391
Fleet is open source device management software. Prior to 4.81.1, a vulnerabilit
|
| 33 |
CVE-2025-15324
Tanium addressed a documentation issue in Engage.
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 744d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2312d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2124d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1738d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2241d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4989d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1210d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1011d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3766d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 913d |