Total CVEs
16489
last 90 days
Avg Priority
36.4
of max 220
KEV
39
actively exploited
POC
3231
public exploits
Unpatched
4328
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
Priority Distribution
| Priority | CVE |
|---|---|
| 32 |
CVE-2026-34862
Race condition vulnerability in the power consumption statistics module.
Impact:
|
| 32 |
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missin
|
| 32 |
CVE-2026-35374
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utilit
|
| 32 |
CVE-2026-35355
The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time
|
| 32 |
CVE-2026-35356
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install util
|
| 32 |
CVE-2026-5682
A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Andro
|
| 32 |
CVE-2026-41389
OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containme
|
| 32 |
CVE-2026-35154
Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2
|
| 32 |
CVE-2026-7103
A vulnerability was determined in code-projects Chat System 1.0. Affected is an
|
| 32 |
CVE-2026-7020
A security flaw has been discovered in Ollama up to 0.20.2. This affects the fun
|
| 31 |
CVE-2026-0829
The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenti
|
| 31 |
CVE-2026-22721
VMware Aria Operations contains a privilege escalation vulnerability. A maliciou
|
| 31 |
CVE-2026-25169
Divide by zero in Microsoft Graphics Component allows an unauthorized attacker t
|
| 31 |
CVE-2026-28867
This issue was addressed with improved authentication. This issue is fixed in iO
|
| 31 |
CVE-2025-46606
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 31 |
CVE-2025-46605
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 31 |
CVE-2026-26283
ImageMagick is free and open-source software used for editing and manipulating d
|
| 31 |
CVE-2026-32072
Improper authentication in Windows Active Directory allows an unauthorized attac
|
| 31 |
CVE-2026-25971
ImageMagick is free and open-source software used for editing and manipulating d
|
| 31 |
CVE-2026-26066
ImageMagick is free and open-source software used for editing and manipulating d
|
| 31 |
CVE-2026-25168
Null pointer dereference in Microsoft Graphics Component allows an unauthorized
|
| 31 |
CVE-2025-62349
Salt contains an authentication protocol version downgrade weakness that can all
|
| 31 |
CVE-2026-28822
A type confusion issue was addressed with improved memory handling. This issue i
|
| 31 |
CVE-2026-20637
A use after free issue was addressed with improved memory management. This issue
|
| 31 |
CVE-2026-40115
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe
|
| 31 |
CVE-2025-58341
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
|
| 31 |
CVE-2026-27846
Due to missing authentication, a user with physical access to the device can mis
|
| 31 |
CVE-2025-58342
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
|
| 31 |
CVE-2026-28950
A logging issue was addressed with improved data redaction. This issue is fixed
|
| 31 |
CVE-2026-28866
This issue was addressed with improved validation of symlinks. This issue is fix
|
| 31 |
CVE-2026-28841
A buffer overflow was addressed with improved size validation. This issue is fix
|
| 31 |
CVE-2026-20699
A downgrade issue affecting Intel-based Mac computers was addressed with additio
|
| 31 |
CVE-2026-34385
Fleet is open source device management software. Prior to 4.81.0, a second-order
|
| 31 |
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of t
|
| 31 |
CVE-2026-29066
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI de
|
| 31 |
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via a
|
| 31 |
CVE-2025-62439
An Improper Verification of Source of a Communication Channel vulnerability [CWE
|
| 31 |
CVE-2025-15622
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Spa
|
| 31 |
CVE-2026-20695
An information disclosure issue was addressed with improved memory management. T
|
| 31 |
CVE-2026-20651
A privacy issue was addressed with improved handling of temporary files. This is
|
| 31 |
CVE-2025-66676
An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Servi
|
| 31 |
CVE-2026-6386
In order to apply a particular protection key to an address range, the kernel mu
|
| 31 |
CVE-2026-40117
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file
|
| 31 |
CVE-2026-28889
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 31 |
CVE-2025-61147
strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault
|
| 31 |
CVE-2025-69648
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when
|
| 31 |
CVE-2026-25204
Deserialization of untrusted data vulnerability in Samsung Open Source Escarogt
|
| 31 |
CVE-2026-28833
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 31 |
CVE-2026-29628
A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader
|
| 31 |
CVE-2026-3778
The application does not detect or guard against cyclic PDF object references wh
|
| 31 |
CVE-2025-69647
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when
|
| 31 |
CVE-2026-35480
The DAG-CBOR decoder uses collection sizes declared in CBOR headers as Go preall
|
| 31 |
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_s
|
| 31 |
CVE-2026-30006
XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff
|
| 31 |
CVE-2026-30007
XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file
|
| 31 |
CVE-2026-40608
Next AI Draw.io is a next.js web application that integrates AI capabilities wit
|
| 31 |
CVE-2026-29976
Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allow
|
| 31 |
CVE-2026-31053
A double free vulnerability exists in librz/bin/format/le/le.c in the function l
|
| 31 |
CVE-2026-40312
ImageMagick is free and open-source software used for editing and manipulating d
|
| 31 |
CVE-2026-34549
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34550
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34551
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34552
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34533
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34534
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34535
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34536
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34537
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34539
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2025-36364
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally w
|
| 31 |
CVE-2025-12708
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be ob
|
| 31 |
CVE-2026-34540
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34546
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-33817
Index out-of-range when encountering a branch page with zero elements in go.etcd
|
| 31 |
CVE-2026-34541
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34542
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-35406
### Impact
A truncated TCP DNS query followed by a connection reset causes aard
|
| 31 |
CVE-2026-34554
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34547
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34548
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-40169
ImageMagick is free and open-source software used for editing and manipulating d
|
| 31 |
CVE-2026-34556
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34555
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2025-64646
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive info
|
| 31 |
CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the
nscd cl
|
| 31 |
CVE-2025-36051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensiti
|
| 31 |
CVE-2025-41762
An unauthenticated attacker can abuse the weak hash of the backup generated by t
|
| 31 |
CVE-2026-0012
In setHideSensitive of ExpandableNotificationRow.java, there is a possible conta
|
| 31 |
CVE-2025-36353
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.
|
| 31 |
CVE-2025-43238
An integer overflow was addressed with improved input validation. This issue is
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 745d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2312d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2125d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1739d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2242d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4990d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1211d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1012d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3767d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 914d |