Security Dashboard

7d 14d 30d 90d
Total CVEs
16499
last 90 days
Avg Priority
35.9
of max 220
KEV
37
actively exploited
POC
3155
public exploits
Unpatched
4126
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
CRITICAL
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-39987
## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
23 CVE-2026-20661
An authorization issue was addressed with improved state management. This issue
23 CVE-2026-32040
OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in
23 CVE-2026-31620
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y
23 CVE-2026-26070
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
23 CVE-2026-34382
Admidio is an open-source user management solution. From version 5.0.0 to before
23 CVE-2025-27769
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (A
23 CVE-2026-20435
In preloader, there is a possible read of device unique identifiers due to a log
23 CVE-2026-22625
Improper handling of filenames in certain HIKSEMI NAS products may lead to the e
23 CVE-2026-29084
Gokapi is a self-hosted file sharing server with automatic expiration and encryp
23 CVE-2026-20605
The issue was addressed with improved memory handling. This issue is fixed in ma
23 CVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-a
23 CVE-2026-24007
Tuleap is an Open Source Suite for management of software development and collab
23 CVE-2026-32904
OpenClaw before 2026.2.26 contains an authorization bypass vulnerability in grou
23 CVE-2026-3219
pip handles concatenated tar and ZIP files as ZIP files regardless of filename o
23 CVE-2026-3673
An authenticated attacker can store a crafted tag value in _user_tags and trigge
23 CVE-2026-25135
OpenEMR is a free and open source electronic health records and medical practice
23 CVE-2025-52626
A Potential Command Injection vulnerability in HCL AION.  An This can allow un
23 CVE-2026-22220
A lack of proper input validation in the HTTP processing path in TP-Link Archer
23 CVE-2026-25590
The GLPI Inventory Plugin handles network discovery, inventory, software deploym
23 CVE-2026-6060
A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncont
23 CVE-2025-52637
HCL AION is affected by a vulnerability where certain offering configurations ma
23 CVE-2026-6058
**UNSUPPORTED WHEN ASSIGNED** An improper encoding or escaping vulnerability in
23 CVE-2026-31063
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer ove
23 CVE-2026-31062
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow
23 CVE-2026-31065
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow
23 CVE-2026-31058
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer ove
23 CVE-2026-31066
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove
23 CVE-2026-31060
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove
23 CVE-2026-31061
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove
23 CVE-2026-34384
Admidio is an open-source user management solution. Prior to version 5.0.8, the
23 CVE-2026-33306
### Impact An integer overflow in the Java BCrypt implementation for JRuby can
23 CVE-2025-13064
A server-side injection was possible for a malicious admin to manipulate the app
22 CVE-2026-33326
# Summary `{field}.isFilterable` access control can be bypassed in `findMany`
22 CVE-2026-35376
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utilit
22 CVE-2026-39864
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.
22 CVE-2026-23685
Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attack
22 CVE-2026-27906
Improper input validation in Windows Hello allows an authorized attacker to bypa
22 CVE-2026-1304
The Membership Plugin - Restrict Content for WordPress is vulnerable to Stored C
22 CVE-2026-32220
Improper access control in Windows Virtualization-Based Security (VBS) Enclave a
22 CVE-2026-1047
The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Si
22 CVE-2026-1649
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scr
22 CVE-2026-1043
The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cr
22 CVE-2026-4161
The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cros
22 CVE-2026-2281
The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scri
22 CVE-2026-2027
The AMP Enhancer - Compatibility Layer for Official AMP Plugin for WordPress is
22 CVE-2025-13333
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected
22 CVE-2026-0735
The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site
22 CVE-2026-2489
The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross-Site Scrip
22 CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scrip
22 CVE-2025-15483
The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
22 CVE-2026-2716
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross
22 CVE-2026-0693
The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to St
22 CVE-2026-2121
The Weaver Show Posts plugin for WordPress is vulnerable to Stored Cross-Site Sc
22 CVE-2026-2289
The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
22 CVE-2026-3577
The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Sc
22 CVE-2026-3574
The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stor
22 CVE-2026-5383
An issue that could allow access to Explorer groups from outside of the authoriz
22 CVE-2026-1044
The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Sit
22 CVE-2025-62856
A path traversal vulnerability has been reported to affect File Station 5. If a
22 CVE-2026-5169
The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored
22 CVE-2025-12451
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scr
22 CVE-2026-2424
The Reward Video Ad for WordPress plugin for WordPress is vulnerable to Stored C
22 CVE-2026-33395
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
22 CVE-2026-6439
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting i
22 CVE-2026-25428
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp al
22 CVE-2026-1055
The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
22 CVE-2026-2498
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scrip
22 CVE-2026-22210
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows
22 CVE-2026-2002
The Forminator Forms - Contact Form, Payment Form & Custom Form Builder plugin f
22 CVE-2025-12037
The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to S
22 CVE-2026-32119
OpenEMR is a free and open source electronic health records and medical practice
22 CVE-2026-32237
Backstage is an open framework for building developer portals. Prior to 3.1.5, a
22 CVE-2026-2282
The Slidorion plugin for WordPress is vulnerable to Stored Cross-Site Scripting
22 CVE-2026-2499
The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scriptin
22 CVE-2026-2292
The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site S
22 CVE-2026-2838
The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Sto
22 CVE-2026-2396
The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross
22 CVE-2026-26998
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 an
22 CVE-2026-3354
The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting
22 CVE-2026-3353
The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cross-Site S
22 CVE-2026-2420
The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Sit
22 CVE-2026-1247
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
22 CVE-2026-1278
The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scri
22 CVE-2026-2837
The Ricerca - advanced search plugin for WordPress is vulnerable to Stored Cross
22 CVE-2026-4479
The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPre
22 CVE-2026-1071
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripti
22 CVE-2026-21007
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 R
22 CVE-2026-6712
The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scr
22 CVE-2026-2432
The CM Custom Reports - Flexible reporting to track what matters most plugin for
22 CVE-2026-4142
The Sentence To SEO (keywords, description and tags) plugin for WordPress is vul

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 747d
CVE-2019-19781 CRITICAL 9.8 223 2315d
CVE-2020-5902 CRITICAL 9.8 223 2128d
CVE-2021-35464 CRITICAL 9.8 223 1741d
CVE-2020-10189 CRITICAL 9.8 223 2244d
CVE-2012-4681 CRITICAL 9.8 223 4992d
CVE-2022-42475 CRITICAL 9.8 223 1213d
CVE-2023-3519 CRITICAL 9.8 223 1014d
CVE-2015-7450 CRITICAL 9.8 222 3769d
CVE-2023-34048 CRITICAL 9.8 222 916d
Prev 161 / 184 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy