Security Dashboard

7d 14d 30d 90d
Total CVEs
16507
last 90 days
Avg Priority
36.9
of max 220
KEV
37
actively exploited
POC
3186
public exploits
Unpatched
4297
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
CRITICAL
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-39987
## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
27 CVE-2026-32383
Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting I
27 CVE-2026-39649
Missing Authorization vulnerability in themebeez Royale News royale-news allows
27 CVE-2026-32382
Missing Authorization vulnerability in raratheme Digital Download digital-downlo
27 CVE-2026-39505
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting
27 CVE-2026-32329
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-r
27 CVE-2026-40742
Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-
27 CVE-2026-39648
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Ex
27 CVE-2026-32332
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploi
27 CVE-2026-39509
Missing Authorization vulnerability in wpWax Directorist directorist allows Expl
27 CVE-2026-32334
Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploi
27 CVE-2026-32335
Missing Authorization vulnerability in raratheme The Conference the-conference a
27 CVE-2026-32336
Missing Authorization vulnerability in raratheme Rara Business rara-business all
27 CVE-2026-39608
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-ga
27 CVE-2026-32362
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitor
27 CVE-2026-32363
Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-in
27 CVE-2026-39610
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allo
27 CVE-2026-39624
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploit
27 CVE-2026-32370
Missing Authorization vulnerability in raratheme Influencer influencer allows Ex
27 CVE-2026-39612
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Explo
27 CVE-2026-39616
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Downl
27 CVE-2026-39622
Missing Authorization vulnerability in acmethemes Education Base education-base
27 CVE-2026-32371
Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allow
27 CVE-2026-28824
An authorization issue was addressed with improved state management. This issue
27 CVE-2026-1760
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs
27 CVE-2026-32439
Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows E
27 CVE-2026-39715
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager
27 CVE-2026-27936
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
27 CVE-2026-32436
Missing Authorization vulnerability in vowelweb VW Photography vw-photography al
27 CVE-2026-39714
Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows
27 CVE-2026-5624
A security flaw has been discovered in ProjectSend r2002. This vulnerability aff
27 CVE-2026-32435
Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows E
27 CVE-2026-32438
Missing Authorization vulnerability in vowelweb VW School Education vw-school-ed
27 CVE-2026-39713
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate
27 CVE-2026-25598
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Action
27 CVE-2026-30280
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED
27 CVE-2026-32434
Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exp
27 CVE-2026-22560
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows use
27 CVE-2026-28818
A logging issue was addressed with improved data redaction. This issue is fixed
27 CVE-2026-3526
Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) all
27 CVE-2026-3525
Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) all
27 CVE-2026-39707
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using C
27 CVE-2026-39706
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy all
27 CVE-2026-32440
Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiti
27 CVE-2026-32432
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-
27 CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-w
27 CVE-2026-32428
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup
27 CVE-2026-32427
Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-l
27 CVE-2026-39704
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automate
27 CVE-2026-32437
Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows
27 CVE-2026-32425
Missing Authorization vulnerability in linknacional Payment Gateway Pix For Give
27 CVE-2026-39701
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting
27 CVE-2026-2746
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicat
27 CVE-2026-39700
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting In
27 CVE-2026-39699
Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-wo
27 CVE-2026-39698
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt
27 CVE-2026-39697
Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI
27 CVE-2026-32421
Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline a
27 CVE-2026-39694
Missing Authorization vulnerability in NSquared Simply Schedule Appointments sim
27 CVE-2026-39691
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box
27 CVE-2026-39690
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block aut
27 CVE-2026-27813
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
27 CVE-2026-39689
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-comme
27 CVE-2026-39688
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-en
27 CVE-2026-39687
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle D
27 CVE-2026-39685
Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer al
27 CVE-2026-39682
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-m
27 CVE-2026-39680
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator d
27 CVE-2026-39678
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System bookin
27 CVE-2026-32413
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permali
27 CVE-2026-39676
Missing Authorization vulnerability in Shahjada Download Manager download-manage
27 CVE-2026-32452
Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder
27 CVE-2026-32453
Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows
27 CVE-2026-32410
Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for Woo
27 CVE-2026-32409
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Plat
27 CVE-2026-39675
Missing Authorization vulnerability in webmuehle Court Reservation court-reserva
27 CVE-2026-32404
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-
27 CVE-2026-32402
Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider al
27 CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl genera
27 CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. T
27 CVE-2026-39673
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allow
27 CVE-2026-32457
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (P
27 CVE-2026-32397
Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allow
27 CVE-2026-39672
Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Ra
27 CVE-2026-28862
A privacy issue was addressed with improved private data redaction for log entri
27 CVE-2026-32396
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiti
27 CVE-2026-39535
Missing Authorization vulnerability in fullworks Display Eventbrite Events widge
27 CVE-2026-29909
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in
27 CVE-2026-32350
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house
27 CVE-2026-39643
Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPa
27 CVE-2026-39543
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploitin

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 746d
CVE-2019-19781 CRITICAL 9.8 223 2314d
CVE-2020-5902 CRITICAL 9.8 223 2127d
CVE-2021-35464 CRITICAL 9.8 223 1741d
CVE-2020-10189 CRITICAL 9.8 223 2244d
CVE-2012-4681 CRITICAL 9.8 223 4991d
CVE-2022-42475 CRITICAL 9.8 223 1212d
CVE-2023-3519 CRITICAL 9.8 223 1014d
CVE-2015-7450 CRITICAL 9.8 222 3769d
CVE-2023-34048 CRITICAL 9.8 222 916d
Prev 153 / 184 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy