Security Dashboard

7d 14d 30d 90d
Total CVEs
16542
last 90 days
Avg Priority
35.9
of max 220
KEV
35
actively exploited
POC
3153
public exploits
Unpatched
4128
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
CRITICAL
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
119
CVE-2026-39987
## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
CRITICAL
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
HIGH
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
HIGH

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
11 CVE-2026-5467
A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is som
11 CVE-2026-4476
A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200
11 CVE-2026-4563
A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerabilit
11 CVE-2026-39349
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to
11 CVE-2026-5476
A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is th
11 CVE-2026-3479
pkgutil.get_data() did not validate the resource argument as documented, allowin
11 CVE-2025-7741
Hardcoded Password Vulnerability have been found in CENTUM. Affected products co
11 CVE-2026-5624
A security flaw has been discovered in ProjectSend r2002. This vulnerability aff
11 CVE-2026-2676
A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01da
11 CVE-2026-5344
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected
11 CVE-2026-7108
A security vulnerability has been detected in code-projects Invoice System in La
11 CVE-2026-28526
BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Co
11 CVE-2026-28527
BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Co
11 CVE-2026-7084
A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the
11 CVE-2026-28528
BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Br
11 CVE-2026-2985
A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7
11 CVE-2026-2819
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulne
11 CVE-2026-27183
OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulne
11 CVE-2026-6586
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impa
11 CVE-2026-5705
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affect
11 CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted
11 CVE-2026-5579
A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue aff
11 CVE-2026-6874
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts
11 CVE-2026-6991
A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted eleme
11 CVE-2026-0115
In Trusted Execution Environment, there is a possible key leak due to side chann
11 CVE-2026-1835
A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a
11 CVE-2026-5572
A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03
10 CVE-2026-5958
When sed is invoked with both -i (in-place edit) and --follow-symlinks, the func
10 CVE-2026-41398
OpenClaw before 2026.4.2 contains an improper access control vulnerability in th
10 CVE-2026-40556
GNU nano creates the user’s ~/.local directory with overly permissive permission
10 CVE-2025-13957
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause inf
10 CVE-2026-4467
A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown f
10 CVE-2026-4466
A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unkn
10 CVE-2026-4468
A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unkno
10 CVE-2026-1286
CWE-502: Deserialization of untrusted data vulnerability exists that could lead
10 CVE-2026-23739
Asterisk is an open source private branch exchange and telephony toolkit. Prior
10 CVE-2025-11739
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause
10 CVE-2026-4044
A vulnerability was detected in projectsend up to r1945. This affects the functi
10 CVE-2026-4285
A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b9
10 CVE-2025-13901
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could ca
10 CVE-2025-13902
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site
10 CVE-2025-9292
A permissive web security configuration may allow cross-origin restrictions enfo
10 CVE-2026-5987
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d
10 CVE-2026-33073
Discourse is an open-source discussion platform. From versions 2026.1.0-latest t
10 CVE-2026-30977
RenderBlocking is a MediaWiki extension that allows interface administrators to
10 CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. T
10 CVE-2023-31044
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11
10 CVE-2026-1517
A vulnerability was identified in iomad up to 5.0. Affected is an unknown functi
10 CVE-2026-3455
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scr
10 CVE-2026-33674
### Impact Fix improper use of validation framework ### Patches Patched in 8.2.
10 CVE-2026-40264
OpenBao is an open source identity-based secrets management system. OpenBao's na
10 CVE-2026-4284
A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b9
10 CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to ver
10 CVE-2026-3957
A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f
10 CVE-2026-3946
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown
10 CVE-2026-27949
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerabil
10 CVE-2026-3983
A security flaw has been discovered in Campcodes Division Regional Athletic Meet
10 CVE-2026-3984
A weakness has been identified in Campcodes Division Regional Athletic Meet Game
10 CVE-2026-4973
A vulnerability was detected in SourceCodester Online Quiz System hasta 1.0. Aff
10 CVE-2026-6216
A security vulnerability has been detected in DbGate up to 7.1.4. This affects a
10 CVE-2026-4359
A compromised third party cloud server or man-in-the-middle attacker could send
10 CVE-2026-4355
A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknow
10 CVE-2026-4354
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impa
10 CVE-2026-3720
A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. I
10 CVE-2026-27467
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below,
10 CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This imp
10 CVE-2026-27675
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function
10 CVE-2026-5468
A security flaw has been discovered in Casdoor 2.356.0. This affects the functio
10 CVE-2026-3956
A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f
10 CVE-2026-4471
A weakness has been identified in itsourcecode Online Frozen Foods Ordering Syst
10 CVE-2026-4470
A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering
10 CVE-2026-4957
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the funct
10 CVE-2026-2709
A flaw has been found in busy up to 2.5.5. The affected element is an unknown fu
10 CVE-2026-4469
A vulnerability was identified in itsourcecode Online Frozen Foods Ordering Syst
10 CVE-2026-4473
A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.
10 CVE-2026-5148
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnera
10 CVE-2026-7021
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unkn
10 CVE-2026-29184
Backstage is an open framework for building developer portals. Prior to version
10 CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has
10 CVE-2026-2273
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability
10 CVE-2026-21619
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerabili
10 CVE-2026-7318
A vulnerability was detected in elie mcp-project 0.1.0. The affected element is
10 CVE-2026-32970
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where una
10 CVE-2025-32739
Improper conditions check in some firmware for some Intel(R) Graphics Drivers an
10 CVE-2026-1742
A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vu
10 CVE-2026-31996
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input valid
10 CVE-2026-41357
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability
10 CVE-2026-32018
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in c
10 CVE-2026-41330
OpenClaw before 2026.3.31 contains an environment variable override vulnerabilit
10 CVE-2026-3721
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The af

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 747d
CVE-2019-19781 CRITICAL 9.8 223 2315d
CVE-2020-5902 CRITICAL 9.8 223 2128d
CVE-2021-35464 CRITICAL 9.8 223 1742d
CVE-2020-10189 CRITICAL 9.8 223 2245d
CVE-2012-4681 CRITICAL 9.8 223 4993d
CVE-2022-42475 CRITICAL 9.8 223 1213d
CVE-2023-3519 CRITICAL 9.8 223 1015d
CVE-2015-7450 CRITICAL 9.8 222 3770d
CVE-2023-34048 CRITICAL 9.8 222 917d
Prev 176 / 184 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy