Total CVEs
16351
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3574
public exploits
Unpatched
5453
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 59 |
CVE-2020-37045
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the Net
|
| 59 |
CVE-2020-36977
Wondershare Driver Install Service contains an unquoted service path vulnerabili
|
| 59 |
CVE-2020-36982
Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in
|
| 59 |
CVE-2019-25281
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in m
|
| 59 |
CVE-2019-25292
Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerabilit
|
| 59 |
CVE-2026-1680
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT
|
| 59 |
CVE-2020-36975
EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerabili
|
| 59 |
CVE-2020-36953
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the
|
| 59 |
CVE-2020-37062
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows l
|
| 59 |
CVE-2020-36976
Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulne
|
| 59 |
CVE-2019-25307
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windo
|
| 59 |
CVE-2021-47833
WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiH
|
| 59 |
CVE-2021-47829
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its
|
| 59 |
CVE-2021-47825
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability
|
| 59 |
CVE-2021-47823
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that a
|
| 59 |
CVE-2020-36952
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that al
|
| 59 |
CVE-2021-47810
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSv
|
| 59 |
CVE-2021-47809
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability i
|
| 59 |
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windo
|
| 59 |
CVE-2021-47806
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows
|
| 59 |
CVE-2021-47805
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Window
|
| 59 |
CVE-2021-47792
Remote Mouse 4.002 contains an unquoted service path vulnerability that allows l
|
| 59 |
CVE-2021-47790
Active WebCam 11.5 contains an unquoted service path vulnerability that allows l
|
| 59 |
CVE-2021-47787
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple syst
|
| 59 |
CVE-2021-47780
Macro Expert 4.7 contains an unquoted service path vulnerability that allows loc
|
| 59 |
CVE-2020-36930
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its bi
|
| 59 |
CVE-2020-36929
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in
|
| 59 |
CVE-2020-36927
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in
|
| 59 |
CVE-2020-37048
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service pa
|
| 59 |
CVE-2026-24071
It was found that the XPC service offered by the privileged helper of Native Acc
|
| 59 |
CVE-2021-47767
10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path
|
| 59 |
CVE-2020-37037
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that
|
| 59 |
CVE-2026-27905
BentoML is a Python library for building online serving systems optimized for AI
|
| 59 |
CVE-2020-37047
Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerabi
|
| 59 |
CVE-2019-25306
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability
|
| 59 |
CVE-2019-25308
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikog
|
| 59 |
CVE-2020-36928
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_
|
| 59 |
CVE-2019-25309
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerabilit
|
| 59 |
CVE-2026-25582
iccDEV provides a set of libraries and tools that allow for the interaction, man
|
| 59 |
CVE-2026-29127
The IDC SFX2100 Satellite Receiver sets overly permissive file system permission
|
| 59 |
CVE-2019-25267
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allow
|
| 59 |
CVE-2019-25276
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerabil
|
| 59 |
CVE-2026-33352
### Summary
An unauthenticated SQL injection vulnerability exists in `objects/c
|
| 59 |
CVE-2025-40552
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass
|
| 59 |
CVE-2021-47850
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote atta
|
| 59 |
CVE-2022-40620
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Sy
|
| 59 |
CVE-2026-30822
Flowise is a drag & drop user interface to build a customized large language mod
|
| 59 |
CVE-2026-23881
Kyverno is a policy engine designed for cloud native platform engineering teams.
|
| 59 |
CVE-2026-32064
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc
|
| 59 |
CVE-2026-22219
Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vu
|
| 59 |
CVE-2026-27479
Wallos is an open-source, self-hostable personal subscription tracker. Versions
|
| 59 |
CVE-2026-25991
Tandoor Recipes is an application for managing recipes, planning meals, and buil
|
| 59 |
CVE-2026-23477
Rocket.Chat is an open-source, secure, fully customizable communications platfor
|
| 59 |
CVE-2026-2995
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 bef
|
| 58 |
CVE-2025-63652
A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of mo
|
| 58 |
CVE-2025-63653
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c)
|
| 58 |
CVE-2025-63657
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c)
|
| 58 |
CVE-2025-63650
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of
|
| 58 |
CVE-2025-63656
An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of
|
| 58 |
CVE-2025-63655
A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_htt
|
| 58 |
CVE-2025-63651
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of
|
| 58 |
CVE-2018-25181
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticate
|
| 58 |
CVE-2025-25652
In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components
|
| 58 |
CVE-2026-26829
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-s
|
| 58 |
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows una
|
| 58 |
CVE-2026-25116
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and pri
|
| 58 |
CVE-2026-26724
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Manageme
|
| 58 |
CVE-2025-70963
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative d
|
| 58 |
CVE-2026-32055
OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in w
|
| 58 |
CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1
|
| 58 |
CVE-2019-25333
Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability t
|
| 58 |
CVE-2026-26340
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and pr
|
| 58 |
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could al
|
| 58 |
CVE-2026-27013
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.j
|
| 58 |
CVE-2026-25802
New API is a large language mode (LLM) gateway and artificial intelligence (AI)
|
| 58 |
CVE-2026-28403
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `Director
|
| 58 |
CVE-2026-26010
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by th
|
| 58 |
CVE-2021-47802
Tenda D151 and D301 routers contain an unauthenticated configuration download vu
|
| 58 |
CVE-2026-24892
openITCOCKPIT is an open source monitoring tool built for different monitoring e
|
| 58 |
CVE-2020-37015
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnera
|
| 58 |
CVE-2026-2152
A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unk
|
| 58 |
CVE-2022-50932
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerab
|
| 58 |
CVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its buil
|
| 58 |
CVE-2019-25352
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that
|
| 58 |
CVE-2026-3696
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected
|
| 58 |
CVE-2020-37041
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css e
|
| 58 |
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow un
|
| 58 |
CVE-2025-69252
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source p
|
| 58 |
CVE-2020-37150
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /w
|
| 58 |
CVE-2021-47751
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a director
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |