Total CVEs
16346
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3574
public exploits
Unpatched
5453
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 58 |
CVE-2026-0750
Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal
|
| 58 |
CVE-2026-0889
Denial-of-service in the DOM: Service Workers component. This vulnerability affe
|
| 58 |
CVE-2025-66720
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/amp
|
| 58 |
CVE-2025-63649
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_
|
| 58 |
CVE-2025-70999
A GPU device-ID validation flaw in the flow.cuda.get_device_capability() compone
|
| 58 |
CVE-2025-69908
An unauthenticated information disclosure vulnerability in Newgen OmniApp allows
|
| 58 |
CVE-2026-25499
Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prio
|
| 58 |
CVE-2026-30798
Insufficient Verification of Data Authenticity, Improper Handling of Exceptional
|
| 58 |
CVE-2025-70986
Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unaut
|
| 58 |
CVE-2026-22782
RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha
|
| 58 |
CVE-2026-25474
OpenClaw is a personal AI assistant. In versions 2026.1.30 and below, if channel
|
| 58 |
CVE-2025-70251
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage para
|
| 58 |
CVE-2025-70244
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage para
|
| 58 |
CVE-2025-70242
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage para
|
| 58 |
CVE-2021-47865
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers
|
| 58 |
CVE-2026-33484
### Summary
The `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves ima
|
| 58 |
CVE-2025-71031
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. T
|
| 58 |
CVE-2026-25791
Sliver is a command and control framework that uses a custom Wireguard netstack.
|
| 58 |
CVE-2021-47815
Nsauditor 3.2.3 contains a denial of service vulnerability in the registration c
|
| 58 |
CVE-2021-47814
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers
|
| 58 |
CVE-2021-47793
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows at
|
| 58 |
CVE-2021-47791
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities
|
| 58 |
CVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated
|
| 58 |
CVE-2026-25961
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, Sumatra
|
| 58 |
CVE-2026-25541
Bytes is a utility library for working with bytes. From version 1.2.1 to before
|
| 58 |
CVE-2026-33497
### Summary
In the download_profile_picture function of the /profile_pictures/{f
|
| 58 |
CVE-2026-30827
express-rate-limit is a basic rate-limiting middleware for Express. In versions
|
| 58 |
CVE-2026-30837
Elysia is a Typescript framework for request validation, type inference, OpenAPI
|
| 58 |
CVE-2020-37122
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability th
|
| 58 |
CVE-2021-47831
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attacker
|
| 58 |
CVE-2021-47827
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashRE
|
| 58 |
CVE-2021-47818
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that all
|
| 58 |
CVE-2020-37107
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers
|
| 58 |
CVE-2021-47813
Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows
|
| 58 |
CVE-2021-47797
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allow
|
| 58 |
CVE-2021-47789
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulner
|
| 58 |
CVE-2026-29039
changedetection.io is a free open source web page change detection tool. Prior t
|
| 58 |
CVE-2020-37109
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows
|
| 58 |
CVE-2020-37038
Code Blocks 20.03 contains a denial of service vulnerability that allows attacke
|
| 58 |
CVE-2020-37039
Frigate 2.02 contains a denial of service vulnerability that allows attackers to
|
| 58 |
CVE-2020-37155
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input
|
| 58 |
CVE-2021-47786
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows a
|
| 58 |
CVE-2021-47821
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attacke
|
| 58 |
CVE-2025-70307
A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attacker
|
| 58 |
CVE-2025-63912
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to
|
| 58 |
CVE-2026-22863
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:cr
|
| 58 |
CVE-2026-26308
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5,
|
| 57 |
CVE-2026-1125
A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue
|
| 57 |
CVE-2026-4840
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affe
|
| 57 |
CVE-2026-6123
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromA
|
| 57 |
CVE-2026-4565
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function
|
| 57 |
CVE-2026-5212
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 57 |
CVE-2026-4486
A vulnerability was found in D-Link DIR-513 1.10. This affects the function form
|
| 57 |
CVE-2026-32242
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 57 |
CVE-2026-4976
A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerab
|
| 57 |
CVE-2021-47778
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnera
|
| 57 |
CVE-2025-70093
An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via
|
| 57 |
CVE-2025-68621
Trilium Notes is an open-source, cross-platform hierarchical note taking applica
|
| 57 |
CVE-2025-68141
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the
|
| 57 |
CVE-2025-68136
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the m
|
| 57 |
CVE-2026-6121
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is t
|
| 57 |
CVE-2026-6122
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is
|
| 57 |
CVE-2026-5036
A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects
|
| 57 |
CVE-2026-4552
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the fun
|
| 57 |
CVE-2026-4902
A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function
|
| 57 |
CVE-2026-5021
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPU
|
| 57 |
CVE-2026-6120
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fro
|
| 57 |
CVE-2026-4903
A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the f
|
| 57 |
CVE-2026-5830
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the funct
|
| 57 |
CVE-2026-4551
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the
|
| 57 |
CVE-2026-6124
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects
|
| 57 |
CVE-2026-5046
A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function fo
|
| 57 |
CVE-2026-5156
A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function
|
| 57 |
CVE-2026-4904
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the
|
| 57 |
CVE-2026-4535
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affect
|
| 57 |
CVE-2026-5045
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the fun
|
| 57 |
CVE-2026-5154
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element
|
| 57 |
CVE-2026-4906
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is
|
| 57 |
CVE-2026-4961
A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulner
|
| 57 |
CVE-2026-4960
A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the functio
|
| 57 |
CVE-2026-5604
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element
|
| 57 |
CVE-2026-6016
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the
|
| 57 |
CVE-2026-5152
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function for
|
| 57 |
CVE-2026-4534
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlE
|
| 57 |
CVE-2026-5204
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function f
|
| 57 |
CVE-2026-5609
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerabilit
|
| 57 |
CVE-2026-4905
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function for
|
| 57 |
CVE-2026-5567
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the funct
|
| 57 |
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the functio
|
| 57 |
CVE-2026-5024
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the functio
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |