Total CVEs
16353
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3574
public exploits
Unpatched
5453
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 46 |
CVE-2026-5203
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the func
|
| 46 |
CVE-2025-60948
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A
|
| 46 |
CVE-2026-5417
A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affect
|
| 46 |
CVE-2026-4875
A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0
|
| 46 |
CVE-2026-5370
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the
|
| 46 |
CVE-2021-47905
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in
|
| 46 |
CVE-2018-25132
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability th
|
| 46 |
CVE-2026-4969
A vulnerability was identified in code-projects Social Networking Site 1.0. The
|
| 46 |
CVE-2026-5325
A vulnerability was determined in SourceCodester Simple Customer Relationship Ma
|
| 46 |
CVE-2026-4835
A security vulnerability has been detected in code-projects Accounting System 1.
|
| 46 |
CVE-2026-5249
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function
|
| 46 |
CVE-2026-4626
A vulnerability has been found in projectworlds Lawyer Management System 1.0. Th
|
| 46 |
CVE-2026-4995
A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulne
|
| 46 |
CVE-2026-4596
A vulnerability was identified in projectworlds Lawyer Management System 1.0. Th
|
| 46 |
CVE-2026-5253
A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulne
|
| 46 |
CVE-2026-5332
A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects
|
| 46 |
CVE-2026-5838
A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulne
|
| 46 |
CVE-2026-5839
A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue
|
| 46 |
CVE-2026-5840
A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impac
|
| 46 |
CVE-2026-4994
A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the fu
|
| 46 |
CVE-2018-25116
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability
|
| 46 |
CVE-2026-5576
A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affec
|
| 46 |
CVE-2026-5568
A vulnerability has been found in Akaunting up to 3.1.21. This issue affects som
|
| 46 |
CVE-2026-5252
A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unkn
|
| 46 |
CVE-2026-5254
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. A
|
| 46 |
CVE-2026-6162
A vulnerability has been found in PHPGurukul Company Visitor Management System 2
|
| 46 |
CVE-2026-5679
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B2022
|
| 46 |
CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability
|
| 46 |
CVE-2026-5683
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerabi
|
| 46 |
CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0.
|
| 46 |
CVE-2025-15632
A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an u
|
| 46 |
CVE-2026-5810
A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected
|
| 45 |
CVE-2022-50891
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that
|
| 45 |
CVE-2026-2555
A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects th
|
| 45 |
CVE-2026-30959
OneUptime is a solution for monitoring and managing online services. The resend-
|
| 45 |
CVE-2026-3404
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown f
|
| 45 |
CVE-2026-26005
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in
|
| 45 |
CVE-2026-1195
A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function r
|
| 45 |
CVE-2026-4583
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Af
|
| 45 |
CVE-2026-4582
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PL
|
| 45 |
CVE-2026-25228
Signal K Server is a server application that runs on a central hub in a boat. Pr
|
| 45 |
CVE-2026-27710
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior
|
| 45 |
CVE-2025-61145
libtiff up to v4.7.1 was discovered to contain a double free via the component t
|
| 45 |
CVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of S
|
| 45 |
CVE-2025-68277
OpenEMR is a free and open source electronic health records and medical practice
|
| 45 |
CVE-2026-24766
NocoDB is software for building databases as spreadsheets. Prior to version 0.30
|
| 45 |
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vu
|
| 45 |
CVE-2026-25964
Tandoor Recipes is an application for managing recipes, planning meals, and buil
|
| 45 |
CVE-2026-26697
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection i
|
| 45 |
CVE-2026-26698
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection i
|
| 45 |
CVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up
|
| 45 |
CVE-2026-25511
Group-Office is an enterprise customer relationship management and groupware too
|
| 45 |
CVE-2026-24767
NocoDB is software for building databases as spreadsheets. Prior to version 0.30
|
| 44 |
CVE-2026-1690
A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This af
|
| 44 |
CVE-2026-5023
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8
|
| 44 |
CVE-2026-5619
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This
|
| 44 |
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by t
|
| 44 |
CVE-2026-25743
OpenEMR is a free and open source electronic health records and medical practice
|
| 44 |
CVE-2026-5125
A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by t
|
| 44 |
CVE-2026-5833
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up
|
| 44 |
CVE-2026-5007
A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is t
|
| 44 |
CVE-2022-50906
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows a
|
| 44 |
CVE-2026-4253
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the f
|
| 44 |
CVE-2026-32896
OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler contains a pass
|
| 44 |
CVE-2026-5602
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the
|
| 44 |
CVE-2026-5603
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The aff
|
| 44 |
CVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x
|
| 44 |
CVE-2026-25488
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC
|
| 44 |
CVE-2026-25487
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC
|
| 44 |
CVE-2025-14557
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 44 |
CVE-2026-27963
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-sit
|
| 44 |
CVE-2025-50186
Chamilo is a learning management system. Prior to version 1.11.30, a stored cros
|
| 44 |
CVE-2026-25486
Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5
|
| 44 |
CVE-2025-52470
Chamilo is a learning management system. Prior to version 1.11.30, a stored cros
|
| 44 |
CVE-2026-30568
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 44 |
CVE-2026-4972
A security vulnerability has been detected in code-projects Online Reviewer Syst
|
| 44 |
CVE-2026-5836
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected
|
| 44 |
CVE-2026-5643
A vulnerability was identified in Cyber-III Student-Management-System up to 1a93
|
| 44 |
CVE-2026-4909
A weakness has been identified in code-projects Exam Form Submission 1.0/7.php.
|
| 44 |
CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is
|
| 44 |
CVE-2026-4899
A security flaw has been discovered in code-projects Online Food Ordering System
|
| 44 |
CVE-2026-4616
A security flaw has been discovered in bolo-blog 까지 2.6.4. The affected element
|
| 44 |
CVE-2026-5835
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this v
|
| 44 |
CVE-2026-6003
A security vulnerability has been detected in code-projects Simple IT Discussion
|
| 44 |
CVE-2026-5106
A flaw has been found in code-projects Exam Form Submission 1.0. The impacted el
|
| 44 |
CVE-2026-5644
A security flaw has been discovered in Cyber-III Student-Management-System up to
|
| 44 |
CVE-2026-5209
A security vulnerability has been detected in SourceCodester Leave Application S
|
| 44 |
CVE-2026-1430
The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape som
|
| 44 |
CVE-2026-32065
OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulner
|
| 44 |
CVE-2026-3240
In Concrete CMS below version 9.4.8, a user with permission to edit a page with
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 731d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1197d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |