Total CVEs
16346
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3574
public exploits
Unpatched
5453
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-25757
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to v
|
| 47 |
CVE-2025-15538
A security vulnerability has been detected in Open Asset Import Library Assimp u
|
| 47 |
CVE-2025-15537
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue aff
|
| 47 |
CVE-2025-15534
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this
|
| 47 |
CVE-2026-1979
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exe
|
| 47 |
CVE-2026-1890
The LeadConnector WordPress plugin before 3.0.22 does not have authorization in
|
| 47 |
CVE-2026-4530
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts a
|
| 47 |
CVE-2020-37007
Liman 0.7 contains a cross-site request forgery vulnerability that allows attack
|
| 47 |
CVE-2020-37144
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that a
|
| 47 |
CVE-2026-5597
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown pa
|
| 47 |
CVE-2018-25174
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows at
|
| 47 |
CVE-2018-25177
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that
|
| 47 |
CVE-2026-3281
A vulnerability was detected in libvips 8.19.0. This affects the function vips_b
|
| 47 |
CVE-2026-1002
The Vert.x Web static handler component cache can be manipulated to deny the acc
|
| 47 |
CVE-2026-3147
A vulnerability was found in libvips up to 8.18.0. This affects the function vip
|
| 47 |
CVE-2025-13920
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information
|
| 47 |
CVE-2026-24422
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, mu
|
| 47 |
CVE-2026-1110
A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fd
|
| 47 |
CVE-2026-1109
A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420
|
| 47 |
CVE-2026-1108
A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad6528
|
| 47 |
CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that all
|
| 47 |
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download
|
| 47 |
CVE-2025-12781
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decod
|
| 47 |
CVE-2026-27824
calibre is a cross-platform e-book manager for viewing, converting, editing, and
|
| 47 |
CVE-2026-23829
Mailpit is an email testing tool and API for developers. Prior to version 1.28.3
|
| 47 |
CVE-2026-5318
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function
|
| 47 |
CVE-2026-27480
Static Web Server (SWS) is a production-ready web server suitable for static web
|
| 47 |
CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unk
|
| 47 |
CVE-2026-3137
A security vulnerability has been detected in CodeAstro Food Ordering System 1.0
|
| 47 |
CVE-2015-20117
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vul
|
| 47 |
CVE-2026-4971
A weakness has been identified in SourceCodester Note Taking App up to 1.0. This
|
| 47 |
CVE-2026-4968
A vulnerability was determined in SourceCodester Diary App 1.0. The affected ele
|
| 47 |
CVE-2021-47776
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that al
|
| 47 |
CVE-2020-37096
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in th
|
| 47 |
CVE-2026-3145
A flaw has been found in libvips up to 8.18.0. The affected element is the funct
|
| 47 |
CVE-2026-2147
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknow
|
| 47 |
CVE-2026-2148
A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected i
|
| 47 |
CVE-2015-20113
Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and p
|
| 47 |
CVE-2016-20035
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability
|
| 47 |
CVE-2026-4963
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affec
|
| 47 |
CVE-2026-3713
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerab
|
| 47 |
CVE-2026-2653
A security flaw has been discovered in admesh up to 0.98.5. This issue affects t
|
| 47 |
CVE-2026-32046
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration v
|
| 47 |
CVE-2026-5826
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issu
|
| 47 |
CVE-2026-6119
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected
|
| 47 |
CVE-2026-5546
A flaw has been found in Campcodes Complete Online Learning Management System 1.
|
| 47 |
CVE-2026-5126
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this is
|
| 47 |
CVE-2026-4216
A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. Th
|
| 47 |
CVE-2026-5825
A vulnerability was detected in code-projects Simple Laundry System 1.0. This vu
|
| 47 |
CVE-2026-5630
A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted el
|
| 47 |
CVE-2026-1418
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the
|
| 47 |
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulner
|
| 47 |
CVE-2025-15533
A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this
|
| 47 |
CVE-2026-5319
A security vulnerability has been detected in itsourcecode Payroll Management Sy
|
| 47 |
CVE-2021-47800
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allow
|
| 47 |
CVE-2020-37106
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerabil
|
| 47 |
CVE-2026-5552
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5583
A security vulnerability has been detected in PHPGurukul Online Shopping Portal
|
| 47 |
CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
|
| 47 |
CVE-2026-5636
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5553
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affe
|
| 47 |
CVE-2026-5529
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerabili
|
| 47 |
CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted
|
| 47 |
CVE-2026-5578
A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability
|
| 47 |
CVE-2026-5580
A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an
|
| 47 |
CVE-2026-3817
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Manag
|
| 47 |
CVE-2025-58190
The html.Parse function in golang.org/x/net/html has an infinite parsing loop wh
|
| 47 |
CVE-2020-37046
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request f
|
| 47 |
CVE-2021-47820
Ubee EVW327 contains a cross-site request forgery vulnerability that allows atta
|
| 47 |
CVE-2025-15570
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the functi
|
| 47 |
CVE-2026-6109
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impa
|
| 47 |
CVE-2026-5321
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is s
|
| 47 |
CVE-2026-26309
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5,
|
| 46 |
CVE-2026-5803
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27
|
| 46 |
CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a93
|
| 46 |
CVE-2026-6159
A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affect
|
| 46 |
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0
|
| 46 |
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Managemen
|
| 46 |
CVE-2026-6143
A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affect
|
| 46 |
CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.
|
| 46 |
CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This
|
| 46 |
CVE-2026-6150
A vulnerability has been found in code-projects Simple Laundry System 1.0. This
|
| 46 |
CVE-2026-5659
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is
|
| 46 |
CVE-2026-5339
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the
|
| 46 |
CVE-2026-5041
A vulnerability was identified in code-projects Chamber of Commerce Membership M
|
| 46 |
CVE-2026-5331
A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part
|
| 46 |
CVE-2026-32852
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vuln
|
| 46 |
CVE-2026-32851
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vuln
|
| 46 |
CVE-2026-32850
MailEnable versions prior to 10.55 contain a reflected cross-site scripting vuln
|
| 46 |
CVE-2026-5848
A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected elem
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |