Total CVEs
16484
last 90 days
Avg Priority
36.8
of max 220
KEV
38
actively exploited
POC
3217
public exploits
Unpatched
4332
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
Priority Distribution
| Priority | CVE |
|---|---|
| 28 |
CVE-2026-34867
Double free vulnerability in the multi-mode input system.
Impact: Successful exp
|
| 28 |
CVE-2026-28452
OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability i
|
| 28 |
CVE-2026-29612
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buff
|
| 28 |
CVE-2026-20806
Access of resource using incompatible type ('type confusion') in Windows COM all
|
| 28 |
CVE-2023-1289
### Summary
Specially crafted SVG file make segmentation fault and generate tras
|
| 28 |
CVE-2026-22568
Improper neutralization of special elements in user-supplied input within the ZI
|
| 28 |
CVE-2026-0967
A flaw was found in libssh. A remote attacker, by controlling client configurati
|
| 28 |
CVE-2026-23093
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: smbd
|
| 28 |
CVE-2026-3719
A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3
|
| 28 |
CVE-2026-6067
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due
|
| 28 |
CVE-2026-5311
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3
|
| 28 |
CVE-2026-25186
Exposure of sensitive information to an unauthorized actor in Windows Accessibil
|
| 28 |
CVE-2026-0636
Improper neutralization of special elements used in an LDAP query ('LDAP injecti
|
| 28 |
CVE-2026-32212
Improper link resolution before file access ('link following') in Universal Plug
|
| 28 |
CVE-2026-21258
Improper input validation in Microsoft Office Excel allows an unauthorized attac
|
| 28 |
CVE-2026-25180
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attack
|
| 28 |
CVE-2026-27931
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose in
|
| 28 |
CVE-2026-21294
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15,
|
| 28 |
CVE-2026-23063
In the Linux kernel, the following vulnerability has been resolved:
uacce: ensu
|
| 28 |
CVE-2026-21293
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15,
|
| 28 |
CVE-2026-27930
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose in
|
| 28 |
CVE-2026-2636
This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of
|
| 28 |
CVE-2026-5986
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted
|
| 28 |
CVE-2026-29043
HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can
|
| 28 |
CVE-2026-0745
The User Language Switch plugin for WordPress is vulnerable to Server-Side Reque
|
| 28 |
CVE-2026-5527
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. A
|
| 28 |
CVE-2026-41136
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an
|
| 28 |
CVE-2026-24282
Out-of-bounds read in Push Message Routing Service allows an authorized attacker
|
| 28 |
CVE-2026-32084
Exposure of sensitive information to an unauthorized actor in Windows File Explo
|
| 28 |
CVE-2026-32216
Null pointer dereference in Windows Redirected Drive Buffering allows an authori
|
| 28 |
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can
|
| 28 |
CVE-2026-28503
Tandoor Recipes is an application for managing recipes, planning meals, and buil
|
| 28 |
CVE-2026-26123
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized a
|
| 28 |
CVE-2026-41130
Craft CMS is a content management system (CMS). In versions on the 4.x branch th
|
| 28 |
CVE-2025-36074
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security V
|
| 28 |
CVE-2026-23636
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior
|
| 28 |
CVE-2026-34302
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (compone
|
| 28 |
CVE-2026-23085
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic
|
| 28 |
CVE-2026-23108
In the Linux kernel, the following vulnerability has been resolved:
can: usb_8d
|
| 28 |
CVE-2025-71191
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 28 |
CVE-2025-71180
In the Linux kernel, the following vulnerability has been resolved:
counter: in
|
| 28 |
CVE-2026-23091
In the Linux kernel, the following vulnerability has been resolved:
intel_th: f
|
| 28 |
CVE-2026-23090
In the Linux kernel, the following vulnerability has been resolved:
slimbus: co
|
| 28 |
CVE-2026-33103
Improper access control in Microsoft Dynamics 365 (on-premises) allows an author
|
| 28 |
CVE-2026-32214
Improper access control in Universal Plug and Play (upnp.dll) allows an authoriz
|
| 28 |
CVE-2025-71186
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 28 |
CVE-2026-23096
In the Linux kernel, the following vulnerability has been resolved:
uacce: fix
|
| 28 |
CVE-2026-23019
In the Linux kernel, the following vulnerability has been resolved:
net: marvel
|
| 28 |
CVE-2026-23060
In the Linux kernel, the following vulnerability has been resolved:
crypto: aut
|
| 28 |
CVE-2026-23061
In the Linux kernel, the following vulnerability has been resolved:
can: kvaser
|
| 28 |
CVE-2026-23064
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 28 |
CVE-2026-23097
In the Linux kernel, the following vulnerability has been resolved:
migrate: co
|
| 28 |
CVE-2026-28561
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that al
|
| 28 |
CVE-2025-71185
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 28 |
CVE-2025-71188
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 28 |
CVE-2026-23084
In the Linux kernel, the following vulnerability has been resolved:
be2net: Fix
|
| 28 |
CVE-2026-28560
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that al
|
| 28 |
CVE-2026-41177
Squidex is an open source headless content management system and content managem
|
| 28 |
CVE-2026-23021
In the Linux kernel, the following vulnerability has been resolved:
net: usb: p
|
| 28 |
CVE-2026-23020
In the Linux kernel, the following vulnerability has been resolved:
net: 3com:
|
| 28 |
CVE-2026-23080
In the Linux kernel, the following vulnerability has been resolved:
can: mcba_u
|
| 28 |
CVE-2026-32181
Improper privilege management in Microsoft Windows allows an authorized attacker
|
| 28 |
CVE-2026-23026
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 28 |
CVE-2026-23075
In the Linux kernel, the following vulnerability has been resolved:
can: esd_us
|
| 28 |
CVE-2026-23087
In the Linux kernel, the following vulnerability has been resolved:
scsi: xen:
|
| 28 |
CVE-2026-23237
In the Linux kernel, the following vulnerability has been resolved:
platform/x8
|
| 28 |
CVE-2025-71233
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoi
|
| 28 |
CVE-2025-71235
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2x
|
| 28 |
CVE-2026-23124
In the Linux kernel, the following vulnerability has been resolved:
ipv6: annot
|
| 28 |
CVE-2026-23190
In the Linux kernel, the following vulnerability has been resolved:
ASoC: amd:
|
| 28 |
CVE-2026-23164
In the Linux kernel, the following vulnerability has been resolved:
rocker: fix
|
| 28 |
CVE-2026-23120
In the Linux kernel, the following vulnerability has been resolved:
l2tp: avoid
|
| 28 |
CVE-2026-23220
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix
|
| 28 |
CVE-2026-23119
In the Linux kernel, the following vulnerability has been resolved:
bonding: pr
|
| 28 |
CVE-2026-23121
In the Linux kernel, the following vulnerability has been resolved:
mISDN: anno
|
| 28 |
CVE-2025-71232
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2x
|
| 28 |
CVE-2026-23150
In the Linux kernel, the following vulnerability has been resolved:
nfc: llcp:
|
| 28 |
CVE-2026-23125
In the Linux kernel, the following vulnerability has been resolved:
sctp: move
|
| 28 |
CVE-2025-71236
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2x
|
| 28 |
CVE-2025-71237
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: Fix
|
| 28 |
CVE-2026-23146
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth:
|
| 28 |
CVE-2026-23228
In the Linux kernel, the following vulnerability has been resolved:
smb: server
|
| 28 |
CVE-2026-23133
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath10
|
| 28 |
CVE-2026-23229
In the Linux kernel, the following vulnerability has been resolved:
crypto: vir
|
| 28 |
CVE-2026-23170
In the Linux kernel, the following vulnerability has been resolved:
drm/imx/tve
|
| 28 |
CVE-2026-3563
Improper input validation in the apps and endpoints configuration in PowerShell
|
| 28 |
CVE-2026-23145
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix i
|
| 28 |
CVE-2026-3347
The Multi Functional Flexi Lightbox plugin for WordPress is vulnerable to Stored
|
| 28 |
CVE-2026-28852
A stack overflow was addressed with improved input validation. This issue is fix
|
| 28 |
CVE-2025-15314
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 745d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2313d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2126d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1740d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2243d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4991d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1211d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1013d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3768d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 915d |