Total CVEs
16584
last 90 days
Avg Priority
35.8
of max 220
KEV
35
actively exploited
POC
3156
public exploits
Unpatched
4124
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-39987
## Summary
Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
Priority Distribution
| Priority | CVE |
|---|---|
| 0 |
CVE-2025-71239
In the Linux kernel, the following vulnerability has been resolved:
audit: add
|
| 0 |
CVE-2026-23241
In the Linux kernel, the following vulnerability has been resolved:
audit: add
|
| 0 |
CVE-2026-23176
In the Linux kernel, the following vulnerability has been resolved:
platform/x8
|
| 0 |
CVE-2026-23206
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switc
|
| 0 |
CVE-2025-71220
In the Linux kernel, the following vulnerability has been resolved:
smb/server:
|
| 0 |
CVE-2026-23182
In the Linux kernel, the following vulnerability has been resolved:
spi: tegra:
|
| 0 |
CVE-2026-23202
In the Linux kernel, the following vulnerability has been resolved:
spi: tegra2
|
| 0 |
CVE-2025-71222
In the Linux kernel, the following vulnerability has been resolved:
wifi: wlcor
|
| 0 |
CVE-2025-71224
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80
|
| 0 |
CVE-2024-21953
Improper input validation in IOMMU could allow a malicious hypervisor to reconfi
|
| 0 |
CVE-2026-30825
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.
|
| 0 |
CVE-2025-15080
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi E
|
| 0 |
CVE-2025-20064
Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) ref
|
| 0 |
CVE-2026-31873
Unhead is a document head and template manager. Prior to 2.1.11, The link.href c
|
| 0 |
CVE-2025-20105
Improper input validation in some UEFI firmware SMM module for the Intel(R) refe
|
| 0 |
CVE-2026-2514
In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exi
|
| 0 |
CVE-2025-65078
An untrusted search path vulnerability has been identified in the Embedded Solut
|
| 0 |
CVE-2025-66447
Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone c
|
| 0 |
CVE-2026-31897
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0
|
| 0 |
CVE-2026-26226
beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection iss
|
| 0 |
CVE-2026-1578
HP App for Android is potentially vulnerable to cross-site scripting (XSS) when
|
| 0 |
CVE-2026-23183
In the Linux kernel, the following vulnerability has been resolved:
cgroup/dmem
|
| 0 |
CVE-2025-71265
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3:
|
| 0 |
CVE-2026-32752
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
|
| 0 |
CVE-2026-29792
Feathersjs is a framework for creating web APIs and real-time applications with
|
| 0 |
CVE-2026-23307
In the Linux kernel, the following vulnerability has been resolved:
can: ems_us
|
| 0 |
CVE-2026-2541
The Micca KE700 system relies on a 6-bit portion of an identifier for authentica
|
| 0 |
CVE-2026-23052
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Do
|
| 0 |
CVE-2026-23045
In the Linux kernel, the following vulnerability has been resolved:
net/ena: fi
|
| 0 |
CVE-2026-23043
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix
|
| 0 |
CVE-2026-23044
In the Linux kernel, the following vulnerability has been resolved:
PM: hiberna
|
| 0 |
CVE-2026-23041
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fi
|
| 0 |
CVE-2025-20096
Improper input validation in the UEFI firmware for some Intel Reference Platform
|
| 0 |
CVE-2025-20068
Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) r
|
| 0 |
CVE-2026-1226
CWE‑94: Improper Control of Generation of Code vulnerability exists that could c
|
| 0 |
CVE-2026-23106
In the Linux kernel, the following vulnerability has been resolved:
timekeeping
|
| 0 |
CVE-2026-23107
In the Linux kernel, the following vulnerability has been resolved:
arm64/fpsim
|
| 0 |
CVE-2026-23051
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu:
|
| 0 |
CVE-2026-23048
In the Linux kernel, the following vulnerability has been resolved:
udp: call s
|
| 0 |
CVE-2025-11598
In mObywatel iOS application an unauthorized user can use the App Switcher to vi
|
| 0 |
CVE-2026-23034
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/
|
| 0 |
CVE-2025-20027
Improper input validation in the UEFI WheaERST module for some Intel(R) referenc
|
| 0 |
CVE-2026-23042
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix a
|
| 0 |
CVE-2026-23036
In the Linux kernel, the following vulnerability has been resolved:
btrfs: rele
|
| 0 |
CVE-2025-71192
In the Linux kernel, the following vulnerability has been resolved:
ALSA: ac97:
|
| 0 |
CVE-2026-1966
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleart
|
| 0 |
CVE-2026-23040
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80
|
| 0 |
CVE-2026-23046
In the Linux kernel, the following vulnerability has been resolved:
virtio_net:
|
| 0 |
CVE-2026-23054
In the Linux kernel, the following vulnerability has been resolved:
net: hv_net
|
| 0 |
CVE-2026-23039
In the Linux kernel, the following vulnerability has been resolved:
drm/gud: fi
|
| 0 |
CVE-2025-71193
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-q
|
| 0 |
CVE-2026-23102
In the Linux kernel, the following vulnerability has been resolved:
arm64/fpsim
|
| 0 |
CVE-2026-27118
SvelteKit is a framework for rapidly developing robust, performant web applicati
|
| 0 |
CVE-2025-6927
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate
|
| 0 |
CVE-2026-0872
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Window
|
| 0 |
CVE-2026-23059
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2x
|
| 0 |
CVE-2025-71195
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 0 |
CVE-2025-71198
In the Linux kernel, the following vulnerability has been resolved:
iio: imu: s
|
| 0 |
CVE-2026-1232
A medium-severity vulnerability has been identified in BeyondTrust Privilege Man
|
| 0 |
CVE-2026-23291
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533:
|
| 0 |
CVE-2026-23292
In the Linux kernel, the following vulnerability has been resolved:
scsi: targe
|
| 0 |
CVE-2026-23309
In the Linux kernel, the following vulnerability has been resolved:
tracing: Ad
|
| 0 |
CVE-2026-23057
In the Linux kernel, the following vulnerability has been resolved:
vsock/virti
|
| 0 |
CVE-2026-23050
In the Linux kernel, the following vulnerability has been resolved:
pNFS: Fix a
|
| 0 |
CVE-2026-23197
In the Linux kernel, the following vulnerability has been resolved:
i2c: imx: p
|
| 0 |
CVE-2026-23304
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix N
|
| 0 |
CVE-2026-23300
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6:
|
| 0 |
CVE-2026-23055
In the Linux kernel, the following vulnerability has been resolved:
i2c: riic:
|
| 0 |
CVE-2026-23174
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: h
|
| 0 |
CVE-2026-23303
In the Linux kernel, the following vulnerability has been resolved:
smb: client
|
| 0 |
CVE-2026-23257
In the Linux kernel, the following vulnerability has been resolved:
net: liquid
|
| 0 |
CVE-2026-23194
In the Linux kernel, the following vulnerability has been resolved:
rust_binder
|
| 0 |
CVE-2026-23258
In the Linux kernel, the following vulnerability has been resolved:
net: liquid
|
| 0 |
CVE-2025-71266
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3:
|
| 0 |
CVE-2026-23187
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: i
|
| 0 |
CVE-2025-71267
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3:
|
| 0 |
CVE-2026-23262
In the Linux kernel, the following vulnerability has been resolved:
gve: Fix st
|
| 0 |
CVE-2026-23181
In the Linux kernel, the following vulnerability has been resolved:
btrfs: sync
|
| 0 |
CVE-2026-23289
In the Linux kernel, the following vulnerability has been resolved:
IB/mthca: A
|
| 0 |
CVE-2026-23053
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix a
|
| 0 |
CVE-2026-23312
In the Linux kernel, the following vulnerability has been resolved:
net: usb: k
|
| 0 |
CVE-2026-23290
In the Linux kernel, the following vulnerability has been resolved:
net: usb: p
|
| 0 |
CVE-2026-31412
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget
|
| 0 |
CVE-2026-23293
In the Linux kernel, the following vulnerability has been resolved:
net: vxlan:
|
| 0 |
CVE-2026-23296
In the Linux kernel, the following vulnerability has been resolved:
scsi: core:
|
| 0 |
CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved:
can: ucan:
|
| 0 |
CVE-2026-23196
In the Linux kernel, the following vulnerability has been resolved:
HID: Intel-
|
| 0 |
CVE-2026-23203
In the Linux kernel, the following vulnerability has been resolved:
net: cpsw_n
|
| 0 |
CVE-2026-23267
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix I
|
| 0 |
CVE-2026-23266
In the Linux kernel, the following vulnerability has been resolved:
fbdev: riva
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 748d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2315d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2128d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1742d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2245d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4993d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1214d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1015d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3770d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 917d |