Total CVEs
16581
last 90 days
Avg Priority
35.8
of max 220
KEV
35
actively exploited
POC
3153
public exploits
Unpatched
4129
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-39987
## Summary
Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
Priority Distribution
| Priority | CVE |
|---|---|
| 10 |
CVE-2026-3957
A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f
|
| 10 |
CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to ver
|
| 10 |
CVE-2026-3983
A security flaw has been discovered in Campcodes Division Regional Athletic Meet
|
| 10 |
CVE-2026-27949
Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerabil
|
| 10 |
CVE-2026-3984
A weakness has been identified in Campcodes Division Regional Athletic Meet Game
|
| 10 |
CVE-2026-6216
A security vulnerability has been detected in DbGate up to 7.1.4. This affects a
|
| 10 |
CVE-2026-3946
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown
|
| 10 |
CVE-2026-4973
A vulnerability was detected in SourceCodester Online Quiz System hasta 1.0. Aff
|
| 10 |
CVE-2026-4359
A compromised third party cloud server or man-in-the-middle attacker could send
|
| 10 |
CVE-2026-3720
A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. I
|
| 10 |
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This imp
|
| 10 |
CVE-2026-4355
A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknow
|
| 10 |
CVE-2026-4354
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impa
|
| 10 |
CVE-2026-27467
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below,
|
| 10 |
CVE-2026-27675
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function
|
| 10 |
CVE-2026-4471
A weakness has been identified in itsourcecode Online Frozen Foods Ordering Syst
|
| 10 |
CVE-2026-5148
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnera
|
| 10 |
CVE-2026-2709
A flaw has been found in busy up to 2.5.5. The affected element is an unknown fu
|
| 10 |
CVE-2026-5468
A security flaw has been discovered in Casdoor 2.356.0. This affects the functio
|
| 10 |
CVE-2026-3956
A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f
|
| 10 |
CVE-2026-4469
A vulnerability was identified in itsourcecode Online Frozen Foods Ordering Syst
|
| 10 |
CVE-2026-4473
A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.
|
| 10 |
CVE-2026-4957
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the funct
|
| 10 |
CVE-2026-4470
A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering
|
| 10 |
CVE-2026-29184
Backstage is an open framework for building developer portals. Prior to version
|
| 10 |
CVE-2026-7021
A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unkn
|
| 10 |
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has
|
| 10 |
CVE-2026-2273
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability
|
| 10 |
CVE-2026-21619
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerabili
|
| 10 |
CVE-2026-7318
A vulnerability was detected in elie mcp-project 0.1.0. The affected element is
|
| 10 |
CVE-2026-32970
OpenClaw before 2026.3.11 contains a credential fallback vulnerability where una
|
| 10 |
CVE-2025-32739
Improper conditions check in some firmware for some Intel(R) Graphics Drivers an
|
| 10 |
CVE-2026-1742
A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vu
|
| 10 |
CVE-2026-31996
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input valid
|
| 10 |
CVE-2026-41330
OpenClaw before 2026.3.31 contains an environment variable override vulnerabilit
|
| 10 |
CVE-2026-41357
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability
|
| 10 |
CVE-2026-32018
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in c
|
| 10 |
CVE-2026-0233
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital
|
| 10 |
CVE-2026-3721
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The af
|
| 10 |
CVE-2025-54505
A transient execution vulnerability within AMD CPUs may allow a local user-privi
|
| 10 |
CVE-2026-7083
A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6.
|
| 10 |
CVE-2025-13030
All versions of the package django-mdeditor are vulnerable to Missing Authentica
|
| 10 |
CVE-2026-7390
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory Syst
|
| 10 |
CVE-2026-7283
A security flaw has been discovered in SourceCodester Pharmacy Sales and Invento
|
| 10 |
CVE-2026-3964
A weakness has been identified in OpenAkita up to 1.24.3. This impacts the funct
|
| 10 |
CVE-2026-3959
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38
|
| 10 |
CVE-2026-4198
A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0.
|
| 10 |
CVE-2026-4433
An SSH misconfigurations exists in Tenable OT that led to the potential exfiltra
|
| 10 |
CVE-2026-1705
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by
|
| 10 |
CVE-2026-5647
A vulnerability was detected in code-projects Online Shoe Store 1.0. This affect
|
| 10 |
CVE-2026-2965
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.
|
| 10 |
CVE-2026-4474
A flaw has been found in itsourcecode University Management System 1.0. Impacted
|
| 10 |
CVE-2026-7297
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. T
|
| 10 |
CVE-2026-7296
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This a
|
| 10 |
CVE-2026-4165
A vulnerability has been found in Worksuite HR, CRM and Project Management up to
|
| 10 |
CVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts th
|
| 10 |
CVE-2026-4010
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130
|
| 10 |
CVE-2026-2903
A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check
|
| 10 |
CVE-2026-3382
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted elem
|
| 10 |
CVE-2026-2889
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the functi
|
| 10 |
CVE-2026-3393
A security vulnerability has been detected in jarikomppa soloud up to 20200207.
|
| 10 |
CVE-2026-3606
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vuln
|
| 10 |
CVE-2026-3407
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the fun
|
| 10 |
CVE-2026-2245
A vulnerability was identified in CCExtractor up to 183. This affects the functi
|
| 10 |
CVE-2026-3707
A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected eleme
|
| 10 |
CVE-2026-3994
A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the
|
| 10 |
CVE-2026-4009
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is
|
| 10 |
CVE-2026-4015
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin
|
| 10 |
CVE-2026-4016
A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this v
|
| 10 |
CVE-2026-2858
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the f
|
| 10 |
CVE-2026-3979
A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the funct
|
| 10 |
CVE-2026-3449
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorre
|
| 10 |
CVE-2026-3669
A security vulnerability has been detected in Freedom Factory dGEN1 up to 202602
|
| 10 |
CVE-2026-4012
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb4
|
| 10 |
CVE-2026-3675
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected
|
| 10 |
CVE-2026-3674
A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by t
|
| 10 |
CVE-2026-5185
A security flaw has been discovered in Nothings stb_image up to 2.30. This affec
|
| 10 |
CVE-2026-3384
A security vulnerability has been detected in ChaiScript up to 6.1.0. This impac
|
| 10 |
CVE-2026-3667
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The
|
| 10 |
CVE-2026-3796
A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. T
|
| 10 |
CVE-2026-5186
A weakness has been identified in Nothings stb up to 2.30. This impacts the func
|
| 10 |
CVE-2026-3670
A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected i
|
| 10 |
CVE-2026-3041
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20.
|
| 10 |
CVE-2026-3671
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this
|
| 10 |
CVE-2026-7027
A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unkn
|
| 10 |
CVE-2026-7038
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an
|
| 10 |
CVE-2026-6996
A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This a
|
| 10 |
CVE-2026-7000
A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by t
|
| 10 |
CVE-2026-7001
A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an un
|
| 10 |
CVE-2026-6999
A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 747d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2315d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2128d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1742d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2245d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4993d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1213d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1015d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3770d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 917d |