Security Dashboard

7d 14d 30d 90d
Total CVEs
16496
last 90 days
Avg Priority
36.9
of max 220
KEV
36
actively exploited
POC
3240
public exploits
Unpatched
4320
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
CRITICAL
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-39987
## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
27 CVE-2026-41194
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1
27 CVE-2021-47920
WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search p
27 CVE-2026-1636
A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge th
27 CVE-2026-34777
### Impact When an iframe requests `fullscreen`, `pointerLock`, `keyboardLock`,
27 CVE-2025-56605
A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php
27 CVE-2026-24050
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some a
27 CVE-2025-63743
Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management sy
27 CVE-2025-69848
NetBox is an open-source infrastructure resource modeling and IP address managem
27 CVE-2026-40948
The Keycloak authentication manager in `apache-airflow-providers-keycloak` did n
27 CVE-2025-12575
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 bef
27 CVE-2025-14282
A flaw was found in Dropbear. When running in multi-user mode and authenticating
27 CVE-2026-30927
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/e
27 CVE-2026-25054
n8n is an open source workflow automation platform. Prior to versions 1.123.9 an
27 CVE-2025-14895
The PopupKit plugin for WordPress is vulnerable to authorization bypass in all v
27 CVE-2026-0811
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site
27 CVE-2026-21393
Movable Type contains a stored cross-site scripting vulnerability in Edit Commen
27 CVE-2026-3191
The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery
27 CVE-2026-25051
n8n is an open source workflow automation platform. Prior to version 1.123.2, a
27 CVE-2026-41355
OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in
27 CVE-2026-35603
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, C
27 CVE-2026-27016
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Ve
27 CVE-2026-1312
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4
27 CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti
27 CVE-2026-22875
Movable Type contains a stored cross-site scripting vulnerability in Export Site
27 CVE-2026-1287
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4
27 CVE-2026-25566
WeKan versions prior to 8.19 contain an authorization vulnerability in card move
27 CVE-2026-1251
The SupportCandy - Helpdesk & Customer Support Ticket System plugin for WordPres
27 CVE-2026-25574
Payload is a free and open source headless content management system. Prior to 3
27 CVE-2026-41360
OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dl
27 CVE-2026-6515
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2
27 CVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5
27 CVE-2026-25028
Missing Authorization vulnerability in Element Invader ElementInvader Addons for
27 CVE-2026-3591
A use-after-return vulnerability exists in the `named` server when handling DNS
27 CVE-2026-25935
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.v
27 CVE-2025-69693
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60de
27 CVE-2025-70033
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page
27 CVE-2026-0632
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Si
27 CVE-2026-27792
Seerr is an open-source media request and discovery manager for Jellyfin, Plex,
27 CVE-2026-2951
The Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin for W
27 CVE-2026-34247
WWBN AVideo is an open source video platform. In versions up to and including 26
27 CVE-2025-14778
A flaw was found in Keycloak. A significant Broken Access Control vulnerability
27 CVE-2026-5363
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (u
27 CVE-2026-23568
An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Clie
27 CVE-2026-39603
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography
27 CVE-2026-32420
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipr
27 CVE-2026-39634
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio gr
27 CVE-2026-32328
Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony
27 CVE-2026-39710
Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensio
27 CVE-2026-40483
ChurchCRM is an open-source church management system. In versions prior to 7.2.0
27 CVE-2026-26270
InvoicePlane is a self-hosted open source application for managing invoices, cli
27 CVE-2026-39635
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine gra
27 CVE-2026-1447
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery i
27 CVE-2026-33726
### Impact Ingress [Network Policies](https://docs.cilium.io/en/stable/network/
27 CVE-2026-3063
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.11
27 CVE-2026-1880
An Incorrect Permission Assignment for Critical Resource vulnerability in the AS
27 CVE-2025-64166
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-sit
27 CVE-2026-23601
A vulnerability has been identified in the wireless encryption handling of Wi-Fi
27 CVE-2025-32453
Incorrect default permissions for some Intel(R) Graphics Driver software within
27 CVE-2025-32092
Insecure inherited permissions for some Intel(R) Graphics Software before versio
27 CVE-2026-3428
A Download of Code Without Integrity Check vulnerability in the update modules i
27 CVE-2026-39112
Cross Site Scripting vulnerability in Apartment Visitors Management System Apart
27 CVE-2026-4465
A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown
27 CVE-2026-35052
### Impact Users hosting D-Tale publicly while using a redis or shelf storage la
27 CVE-2026-21310
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15,
27 CVE-2025-10753
The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable
27 CVE-2025-14461
The Xendit Payment plugin for WordPress is vulnerable to unauthorized order stat
27 CVE-2026-1305
The Japanized for WooCommerce plugin for WordPress is vulnerable to Improper Aut
27 CVE-2026-4281
The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Mi
27 CVE-2026-5528
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp
27 CVE-2026-20995
Exposure of sensitive functionality to an unauthorized actor in Smart Switch pri
27 CVE-2026-20997
Improper verification of cryptographic signature in Smart Switch prior to versio
27 CVE-2026-21282
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15,
27 CVE-2026-3646
The LTL Freight Quotes - R+L Carriers Edition plugin for WordPress is vulnerable
27 CVE-2026-4664
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authe
27 CVE-2026-32702
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in
27 CVE-2026-25798
ImageMagick is free and open-source software used for editing and manipulating d
27 CVE-2026-2681
A flaw was found in the blst cryptographic library. This out-of-bounds stack wri
27 CVE-2026-3594
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Inf
27 CVE-2026-33672
### Impact picomatch is vulnerable to a **method injection vulnerability (CWE-13
27 CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could
27 CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClien
27 CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This iss
27 CVE-2026-31995
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulne
27 CVE-2025-64074
A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong
27 CVE-2025-14294
The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized
27 CVE-2025-13864
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauth
27 CVE-2026-0950
The Spectra Gutenberg Blocks - Website Builder for the Block Editor plugin for W
27 CVE-2026-1926
The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthor
27 CVE-2026-3335
The Canto plugin for WordPress is vulnerable to Missing Authorization in all ver
27 CVE-2026-28428
Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an auth

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 746d
CVE-2019-19781 CRITICAL 9.8 223 2314d
CVE-2020-5902 CRITICAL 9.8 223 2126d
CVE-2021-35464 CRITICAL 9.8 223 1740d
CVE-2020-10189 CRITICAL 9.8 223 2243d
CVE-2012-4681 CRITICAL 9.8 223 4991d
CVE-2022-42475 CRITICAL 9.8 223 1212d
CVE-2023-3519 CRITICAL 9.8 223 1013d
CVE-2015-7450 CRITICAL 9.8 222 3768d
CVE-2023-34048 CRITICAL 9.8 222 915d
Prev 145 / 184 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy