Total CVEs
16497
last 90 days
Avg Priority
36.3
of max 220
KEV
39
actively exploited
POC
3218
public exploits
Unpatched
4323
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
Priority Distribution
| Priority | CVE |
|---|---|
| 32 |
CVE-2026-2924
The Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for Wor
|
| 32 |
CVE-2026-2840
The Email Encoder - Protect Email Addresses and Phone Numbers plugin for WordPre
|
| 32 |
CVE-2026-2986
The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-
|
| 32 |
CVE-2026-4852
The Image Source Control Lite - Show Image Credits and Captions plugin for WordP
|
| 32 |
CVE-2026-2602
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-1923
The Social Rocket - Social Sharing Plugin plugin for WordPress is vulnerable to
|
| 32 |
CVE-2026-3361
The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-4268
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to S
|
| 32 |
CVE-2026-4766
The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 32 |
CVE-2026-2156
A weakness has been identified in code-projects Online Student Management System
|
| 32 |
CVE-2026-28036
Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratat
|
| 32 |
CVE-2026-23803
Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Uplo
|
| 32 |
CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries (in
|
| 32 |
CVE-2025-69674
Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.
|
| 32 |
CVE-2026-2257
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Refere
|
| 32 |
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerab
|
| 32 |
CVE-2026-0688
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery
|
| 32 |
CVE-2026-2201
A security vulnerability has been detected in ZeroWdd studentmanager up to 21515
|
| 32 |
CVE-2026-3402
A security vulnerability has been detected in PHPGurukul Student Record Manageme
|
| 32 |
CVE-2026-2972
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects
|
| 32 |
CVE-2026-3403
A vulnerability was detected in PHPGurukul Student Record Management System 1.0.
|
| 32 |
CVE-2026-3170
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Ar
|
| 32 |
CVE-2026-2933
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the funct
|
| 32 |
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unkno
|
| 32 |
CVE-2026-24316
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing pu
|
| 32 |
CVE-2026-33223
### Background
NATS.io is a high performance open source pub-sub distributed co
|
| 32 |
CVE-2026-33246
### Background
NATS.io is a high performance open source pub-sub distributed co
|
| 32 |
CVE-2026-2934
A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impac
|
| 32 |
CVE-2026-2897
A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vul
|
| 32 |
CVE-2026-2214
A weakness has been identified in code-projects for Plugin 1.0. This affects an
|
| 32 |
CVE-2026-31953
Xibo is an open source digital signage platform with a web content management sy
|
| 32 |
CVE-2026-3716
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerabilit
|
| 32 |
CVE-2026-2222
A weakness has been identified in code-projects Online Reviewer System 1.0. Affe
|
| 32 |
CVE-2026-1572
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthor
|
| 32 |
CVE-2026-4088
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scrip
|
| 32 |
CVE-2026-1210
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hard
|
| 32 |
CVE-2026-24964
Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGa
|
| 32 |
CVE-2026-32353
Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress
|
| 32 |
CVE-2026-32357
Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blo
|
| 32 |
CVE-2026-39630
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images ge
|
| 32 |
CVE-2026-24362
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-
|
| 32 |
CVE-2026-28682
Gokapi is a self-hosted file sharing server with automatic expiration and encryp
|
| 32 |
CVE-2021-47856
Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vuln
|
| 32 |
CVE-2021-47908
Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the
|
| 32 |
CVE-2026-4801
The Page Builder Gutenberg Blocks - CoBlocks plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-4076
The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross
|
| 32 |
CVE-2026-4074
The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-
|
| 32 |
CVE-2026-0742
The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cro
|
| 32 |
CVE-2022-50951
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerabilit
|
| 32 |
CVE-2023-54343
QWE DL 2.0.1 mobile web application contains a persistent input validation vulne
|
| 32 |
CVE-2021-47885
Multiple payment terminal versions contain non-persistent cross-site scripting v
|
| 32 |
CVE-2026-0555
The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow.
|
| 32 |
CVE-2025-8072
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross
|
| 32 |
CVE-2026-2355
The My Calendar - Accessible Event Manager plugin for WordPress is vulnerable to
|
| 32 |
CVE-2026-0996
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2026-25601
A vulnerability was identified in MEPIS RM, an industrial
software product devel
|
| 32 |
CVE-2026-1268
The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-1252
The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Sit
|
| 32 |
CVE-2026-1613
The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
|
| 32 |
CVE-2025-12159
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-1611
The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2025-12803
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2025-13463
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2022-50952
Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site sc
|
| 32 |
CVE-2025-15267
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-1809
The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-4752
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mat
|
| 32 |
CVE-2026-33727
Pi-hole is a Linux network-level advertisement and Internet tracker blocking app
|
| 32 |
CVE-2026-1570
The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Store
|
| 32 |
CVE-2026-1608
The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 32 |
CVE-2026-0867
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-5428
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-4082
The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-1804
The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Sit
|
| 32 |
CVE-2026-4279
The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scrip
|
| 32 |
CVE-2026-4089
The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 32 |
CVE-2026-4125
The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-1821
The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-1893
The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-4085
The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-1826
The OpenPOS Lite - Point of Sale for WooCommerce plugin for WordPress is vulnera
|
| 32 |
CVE-2026-1853
The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Sit
|
| 32 |
CVE-2025-11185
The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to S
|
| 32 |
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2025-36436
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.
|
| 32 |
CVE-2026-1922
The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to
|
| 32 |
CVE-2026-2384
The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-6048
The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cro
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 744d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2312d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2125d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1739d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2242d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4990d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1210d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1012d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3767d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 914d |