Total CVEs
16545
last 90 days
Avg Priority
35.9
of max 220
KEV
35
actively exploited
POC
3153
public exploits
Unpatched
4129
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-39987
## Summary
Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
Priority Distribution
| Priority | CVE |
|---|---|
| 11 |
CVE-2026-28422
Vim is an open source, command line text editor. Prior to version 9.2.0078, a st
|
| 11 |
CVE-2026-4195
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,
|
| 11 |
CVE-2026-4465
A flaw has been found in D-Link DIR-513 1.10. The impacted element is an unknown
|
| 11 |
CVE-2026-4196
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 11 |
CVE-2026-4197
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32
|
| 11 |
CVE-2026-5528
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp
|
| 11 |
CVE-2026-2563
A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533
|
| 11 |
CVE-2026-2561
A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Thi
|
| 11 |
CVE-2026-2562
A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533
|
| 11 |
CVE-2026-2697
An Indirect Object Reference (IDOR) in Security Center allows an authenticated r
|
| 11 |
CVE-2026-3739
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue
|
| 11 |
CVE-2026-35038
Signal K Server is a server application that runs on a central hub in a boat. Pr
|
| 11 |
CVE-2026-1005
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause
|
| 11 |
CVE-2026-3965
A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affe
|
| 11 |
CVE-2026-2536
A vulnerability was determined in opencc JFlow up to 20260129. This affects the
|
| 11 |
CVE-2026-2863
A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 428
|
| 11 |
CVE-2025-11571
Vulnerable endpoints accept user-controlled input through a URL in JSON format w
|
| 11 |
CVE-2026-34224
### Impact
An attacker who possesses a valid authentication provider token and
|
| 11 |
CVE-2026-3209
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects
|
| 11 |
CVE-2026-5338
A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected e
|
| 11 |
CVE-2026-5778
Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause
|
| 11 |
CVE-2026-1977
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server
|
| 11 |
CVE-2026-3961
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3.
|
| 11 |
CVE-2026-3188
A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-b
|
| 11 |
CVE-2026-2930
A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is
|
| 11 |
CVE-2026-2864
A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm
|
| 11 |
CVE-2026-2665
A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c
|
| 11 |
CVE-2026-40878
mailcow: dockerized is an open source groupware/email suite based on docker. In
|
| 11 |
CVE-2026-30812
Improper Neutralization of Input During Web Page Generation vulnerability allows
|
| 11 |
CVE-2026-32607
Discourse is an open-source discussion platform. From versions 2026.1.0-latest t
|
| 11 |
CVE-2026-2954
A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function impo
|
| 11 |
CVE-2026-4794
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.
|
| 11 |
CVE-2026-3955
A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by t
|
| 11 |
CVE-2026-2216
A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the f
|
| 11 |
CVE-2026-3733
A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unk
|
| 11 |
CVE-2026-7305
A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected elem
|
| 11 |
CVE-2026-5772
A 1-byte stack buffer over-read was identified in the MatchDomainName function (
|
| 11 |
CVE-2026-7142
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is th
|
| 11 |
CVE-2026-3682
A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. T
|
| 11 |
CVE-2026-3697
A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted ele
|
| 11 |
CVE-2026-3968
A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affec
|
| 11 |
CVE-2026-3725
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by thi
|
| 11 |
CVE-2026-3967
A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this is
|
| 11 |
CVE-2026-3992
A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1.
|
| 11 |
CVE-2026-2558
A flaw has been found in GeekAI up to 4.2.4. The affected element is the functio
|
| 11 |
CVE-2026-35200
### Impact
A file can be uploaded with a filename extension that passes the fil
|
| 11 |
CVE-2026-2860
A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and pro
|
| 11 |
CVE-2026-6019
http.cookies.Morsel.js_output() returns an inline <script> snippet and only esca
|
| 11 |
CVE-2026-25729
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and
|
| 11 |
CVE-2026-34248
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
|
| 11 |
CVE-2026-33624
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 11 |
CVE-2026-3616
A vulnerability was detected in DefaultFuction Jeson Customer Relationship Manag
|
| 11 |
CVE-2026-7107
A weakness has been identified in code-projects Invoice System in Laravel 1.0. T
|
| 11 |
CVE-2026-1879
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. Thi
|
| 11 |
CVE-2026-5670
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61
|
| 11 |
CVE-2026-3958
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue aff
|
| 11 |
CVE-2026-3962
A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b
|
| 11 |
CVE-2026-3951
A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. A
|
| 11 |
CVE-2026-3683
A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the
|
| 11 |
CVE-2026-7150
A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114d
|
| 11 |
CVE-2026-3681
A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects
|
| 11 |
CVE-2026-3966
A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107.
|
| 11 |
CVE-2026-2943
A vulnerability was identified in SapneshNaik Student Management System up to f4
|
| 11 |
CVE-2026-7129
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory Syst
|
| 11 |
CVE-2026-3797
A security vulnerability has been detected in Tiandy Video Surveillance System 视
|
| 11 |
CVE-2026-3982
A vulnerability was determined in itsourcecode University Management System 1.0.
|
| 11 |
CVE-2026-2122
A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts
|
| 11 |
CVE-2026-3993
A security vulnerability has been detected in itsourcecode Payroll Management Sy
|
| 11 |
CVE-2026-5315
A vulnerability was determined in Nothings stb up to 1.26. The affected element
|
| 11 |
CVE-2026-3610
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affe
|
| 11 |
CVE-2026-5240
A security vulnerability has been detected in code-projects BloodBank Managing S
|
| 11 |
CVE-2026-7200
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0.
|
| 11 |
CVE-2026-5623
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affe
|
| 11 |
CVE-2026-6215
A weakness has been identified in DbGate up to 7.1.4. The impacted element is th
|
| 11 |
CVE-2026-5205
A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulner
|
| 11 |
CVE-2026-3990
A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected
|
| 11 |
CVE-2026-5313
A vulnerability has been found in Nothings stb up to 2.30. This issue affects th
|
| 11 |
CVE-2026-2553
A security flaw has been discovered in tushar-2223 Hotel-Management-System up to
|
| 11 |
CVE-2026-7230
A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected e
|
| 11 |
CVE-2025-40894
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashbo
|
| 11 |
CVE-2026-4407
Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation
|
| 11 |
CVE-2026-2963
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affect
|
| 11 |
CVE-2026-4241
A vulnerability was identified in itsourcecode College Management System 1.0. Th
|
| 11 |
CVE-2026-4614
A vulnerability was determined in itsourcecode sanitize or validate this input 1
|
| 11 |
CVE-2026-5823
A weakness has been identified in itsourcecode Construction Management System 1.
|
| 11 |
CVE-2026-5675
A vulnerability was found in itsourcecode Construction Management System 1.0. Th
|
| 11 |
CVE-2026-4472
A security vulnerability has been detected in itsourcecode Online Frozen Foods O
|
| 11 |
CVE-2026-2663
A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7
|
| 11 |
CVE-2026-3054
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unk
|
| 11 |
CVE-2026-5467
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is som
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 747d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2315d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2128d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1742d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2245d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4993d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1213d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1015d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3770d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 917d |