Security Dashboard

7d 14d 30d 90d
Total CVEs
16544
last 90 days
Avg Priority
35.8
of max 220
KEV
35
actively exploited
POC
3152
public exploits
Unpatched
4128
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
CRITICAL
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-39987
## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
CRITICAL
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
HIGH
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
HIGH

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
14 CVE-2026-24641
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet For
14 CVE-2026-1791
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Netwo
14 CVE-2026-33160
### Summary An unauthenticated user can call `assets/generate-transform` with a
14 CVE-2026-23859
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enf
14 CVE-2026-3339
The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Travers
14 CVE-2026-34514
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
14 CVE-2026-34519
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
14 CVE-2026-34520
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
14 CVE-2026-37598
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitr
14 CVE-2026-34947
Discourse is an open-source discussion platform. From versions 2026.1.0-latest t
14 CVE-2025-14551
In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials durin
14 CVE-2025-15480
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user cr
14 CVE-2026-33879
Federated Learning and Interoperability Platform (FLIP) is an open-source platfo
14 CVE-2026-34513
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
14 CVE-2026-34517
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
14 CVE-2026-34518
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
14 CVE-2026-34762
## Summary The `PUT /api/v1/subscriber/{imsi}` API accepts an IMSI identifier f
14 CVE-2025-31966
HCL Sametime is vulnerable to broken server-side validation. While the applicati
14 CVE-2025-14270
The OneClick Chat to Order plugin for WordPress is vulnerable to authorization b
14 CVE-2026-6416
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
14 CVE-2025-66487
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequenc
14 CVE-2025-13459
IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a
14 CVE-2025-15321
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
14 CVE-2026-29185
Backstage is an open framework for building developer portals. Prior to version
14 CVE-2026-26979
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20
14 CVE-2026-28227
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20
14 CVE-2026-26964
Windmill is an open-source developer platform for internal code: APIs, backgroun
14 CVE-2026-2543
A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerab
14 CVE-2026-27153
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20
14 CVE-2026-33394
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
14 CVE-2026-37592
Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL i
14 CVE-2026-34203
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to
14 CVE-2026-29104
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (C
14 CVE-2026-6392
Tanium addressed an information disclosure vulnerability in Threat Response.
14 CVE-2026-27316
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.
14 CVE-2026-3911
A flaw was found in Keycloak. An authenticated user with the view-users role cou
14 CVE-2026-22001
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: In
14 CVE-2026-5375
An issue that could allow a user with access to a credential to view sensitive f
14 CVE-2026-27769
Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were corr
14 CVE-2026-32717
AnythingLLM is an application that turns pieces of content into context that any
14 CVE-2026-6408
Tanium addressed an information disclosure vulnerability in Tanium Server.
14 CVE-2026-32638
## Summary The REST API `getUsers` endpoint in StudioCMS uses the attacker-cont
14 CVE-2026-27151
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20
14 CVE-2026-1272
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misc
14 CVE-2026-36941
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injecti
14 CVE-2026-22717
Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any plat
14 CVE-2026-37602
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL In
14 CVE-2026-37601
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL In
14 CVE-2026-36923
Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the f
14 CVE-2026-37600
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL In
14 CVE-2026-37597
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera
14 CVE-2026-37595
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera
14 CVE-2026-36947
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera
14 CVE-2026-37594
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera
14 CVE-2026-36938
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injecti
14 CVE-2026-37593
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera
14 CVE-2026-37591
Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL i
14 CVE-2026-37590
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL I
14 CVE-2026-36922
Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the
14 CVE-2026-37596
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera
14 CVE-2026-37589
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL I
14 CVE-2026-36872
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /libr
14 CVE-2026-36873
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /libr
14 CVE-2026-36943
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera
14 CVE-2026-36944
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera
14 CVE-2026-36945
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera
14 CVE-2026-36937
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injecti
14 CVE-2026-36874
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /libr
14 CVE-2026-36946
Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera
14 CVE-2026-36919
Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the
14 CVE-2026-36942
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injecti
14 CVE-2026-36920
Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the
14 CVE-2026-39510
Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image
14 CVE-2026-32445
Missing Authorization vulnerability in Elementor Elementor Website Builder eleme
14 CVE-2025-61643
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate
14 CVE-2026-2419
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in a
14 CVE-2026-36952
Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injectio
14 CVE-2026-36950
Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injectio
14 CVE-2026-25517
Wagtail is an open source content management system built on Django. Prior to ve
14 CVE-2026-1518
A flaw was found in Keycloak’s CIBA feature where insufficient validation of cli
14 CVE-2026-1831
The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to
14 CVE-2025-13881
A flaw was found in Keycloak Admin API. This vulnerability allows an administrat
14 CVE-2026-4916
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2
14 CVE-2026-4292
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
14 CVE-2026-41659
## Summary The member assignment DataTables endpoint (`members_assignment_data.
13 CVE-2026-7102
A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromW
13 CVE-2026-22735
Spring MVC and WebFlux applications are vulnerable to stream corruption when usi
13 CVE-2026-21725
A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-the
13 CVE-2025-55277
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerabi
13 CVE-2025-55274
HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability.

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 747d
CVE-2019-19781 CRITICAL 9.8 223 2315d
CVE-2020-5902 CRITICAL 9.8 223 2128d
CVE-2021-35464 CRITICAL 9.8 223 1742d
CVE-2020-10189 CRITICAL 9.8 223 2245d
CVE-2012-4681 CRITICAL 9.8 223 4993d
CVE-2022-42475 CRITICAL 9.8 223 1213d
CVE-2023-3519 CRITICAL 9.8 223 1015d
CVE-2015-7450 CRITICAL 9.8 222 3770d
CVE-2023-34048 CRITICAL 9.8 222 917d
Prev 173 / 184 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy