Total CVEs
16581
last 90 days
Avg Priority
35.8
of max 220
KEV
35
actively exploited
POC
3156
public exploits
Unpatched
4122
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-39987
## Summary
Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
Priority Distribution
| Priority | CVE |
|---|---|
| 0 |
CVE-2026-23200
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix E
|
| 0 |
CVE-2025-48515
Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader co
|
| 0 |
CVE-2025-67475
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 0 |
CVE-2026-23201
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix o
|
| 0 |
CVE-2025-59902
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker
|
| 0 |
CVE-2026-23188
In the Linux kernel, the following vulnerability has been resolved:
net: usb: r
|
| 0 |
CVE-2026-23199
In the Linux kernel, the following vulnerability has been resolved:
procfs: avo
|
| 0 |
CVE-2026-23177
In the Linux kernel, the following vulnerability has been resolved:
mm, shmem:
|
| 0 |
CVE-2026-1341
Avation Light Engine Pro exposes its configuration and control interface without
|
| 0 |
CVE-2026-23179
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp:
|
| 0 |
CVE-2026-1703
When pip is installing and extracting a maliciously crafted wheel archive, files
|
| 0 |
CVE-2025-67478
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associate
|
| 0 |
CVE-2025-41023
An authentication bypass vulnerability has been found in Thesamur's AutoGPT. Thi
|
| 0 |
CVE-2025-11261
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 0 |
CVE-2026-1227
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exi
|
| 0 |
CVE-2025-6597
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate
|
| 0 |
CVE-2025-67483
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 0 |
CVE-2025-67477
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 0 |
CVE-2025-67481
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 0 |
CVE-2025-67482
Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox
|
| 0 |
CVE-2026-1960
Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebo
|
| 0 |
CVE-2026-1953
Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerabilit
|
| 0 |
CVE-2026-2832
Certain Samsung MultiXpress Multifunction Printers may be vulnerable to informat
|
| 0 |
CVE-2026-1721
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in
|
| 0 |
CVE-2025-67479
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This
|
| 0 |
CVE-2025-40701
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vu
|
| 0 |
CVE-2025-6596
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 0 |
CVE-2025-29867
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in H
|
| 0 |
CVE-2025-40986
Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerabi
|
| 0 |
CVE-2026-1959
Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the
'desc
|
| 0 |
CVE-2026-23740
Asterisk is an open source private branch exchange and telephony toolkit. Prior
|
| 0 |
CVE-2026-2738
Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a
|
| 0 |
CVE-2026-23038
In the Linux kernel, the following vulnerability has been resolved:
pnfs/flexfi
|
| 0 |
CVE-2026-24471
continuwuity is a Matrix homeserver written in Rust. This vulnerability allows a
|
| 0 |
CVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion.
|
| 0 |
CVE-2023-31323
Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass
|
| 0 |
CVE-2026-1664
Summary
An Insecure Direct Object Reference has been found to exist in `createH
|
| 0 |
CVE-2026-1775
The Labkotec LID-3300IP has an existing vulnerability in the ice detector softwa
|
| 0 |
CVE-2025-71269
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do n
|
| 0 |
CVE-2026-23264
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm
|
| 0 |
CVE-2026-23263
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zc
|
| 0 |
CVE-2026-23261
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: re
|
| 0 |
CVE-2026-23260
In the Linux kernel, the following vulnerability has been resolved:
regmap: map
|
| 0 |
CVE-2026-23259
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw
|
| 0 |
CVE-2026-23255
In the Linux kernel, the following vulnerability has been resolved:
net: add pr
|
| 0 |
CVE-2026-23254
In the Linux kernel, the following vulnerability has been resolved:
net: gro: f
|
| 0 |
CVE-2025-71270
In the Linux kernel, the following vulnerability has been resolved:
LoongArch:
|
| 0 |
CVE-2025-71268
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix
|
| 0 |
CVE-2026-23333
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 0 |
CVE-2026-23251
In the Linux kernel, the following vulnerability has been resolved:
xfs: only c
|
| 0 |
CVE-2026-23250
In the Linux kernel, the following vulnerability has been resolved:
xfs: check
|
| 0 |
CVE-2026-23249
In the Linux kernel, the following vulnerability has been resolved:
xfs: check
|
| 0 |
CVE-2026-23244
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix m
|
| 0 |
CVE-2026-23313
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix p
|
| 0 |
CVE-2026-23310
In the Linux kernel, the following vulnerability has been resolved:
bpf/bonding
|
| 0 |
CVE-2026-23308
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: eq
|
| 0 |
CVE-2025-12811
Improper Inconsistent Interpretation of
HTTP Requests ('HTTP Request Smuggling')
|
| 0 |
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allow
|
| 0 |
CVE-2026-30704
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotecte
|
| 0 |
CVE-2026-29856
An issue in the VirtualHost configuration handling/parser component of aaPanel v
|
| 0 |
CVE-2026-29858
A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local
|
| 0 |
CVE-2026-23301
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SDCA:
|
| 0 |
CVE-2026-23297
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix c
|
| 0 |
CVE-2026-23295
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxd
|
| 0 |
CVE-2026-23285
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix n
|
| 0 |
CVE-2026-23283
In the Linux kernel, the following vulnerability has been resolved:
regulator:
|
| 0 |
CVE-2026-31429
In the Linux kernel, the following vulnerability has been resolved:
net: skb: f
|
| 0 |
CVE-2024-14027
In the Linux kernel, the following vulnerability has been resolved:
fs/xattr: m
|
| 0 |
CVE-2026-0229
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feat
|
| 0 |
CVE-2026-23835
LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3,
|
| 0 |
CVE-2025-0031
A use after free in the SEV firmware could allow a malicous hypervisor to activa
|
| 0 |
CVE-2026-23265
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix t
|
| 0 |
CVE-2026-23276
In the Linux kernel, the following vulnerability has been resolved:
net: add xm
|
| 0 |
CVE-2026-23277
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 0 |
CVE-2026-23282
In the Linux kernel, the following vulnerability has been resolved:
smb: client
|
| 0 |
CVE-2026-23252
In the Linux kernel, the following vulnerability has been resolved:
xfs: get ri
|
| 0 |
CVE-2026-23247
In the Linux kernel, the following vulnerability has been resolved:
tcp: secure
|
| 0 |
CVE-2026-2276
Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, w
|
| 0 |
CVE-2025-29952
Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) fir
|
| 0 |
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerabili
|
| 0 |
CVE-2026-23299
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth:
|
| 0 |
CVE-2026-23320
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget
|
| 0 |
CVE-2025-48509
Missing Checks in certain functions related to RMP initialization can allow a lo
|
| 0 |
CVE-2025-0029
Improper handling of error condition during host-induced faults can allow a loca
|
| 0 |
CVE-2026-21627
The vulnerability was rooted in how the Tassos Framework plugin handled specific
|
| 0 |
CVE-2026-23305
In the Linux kernel, the following vulnerability has been resolved:
accel/rocke
|
| 0 |
CVE-2026-23311
In the Linux kernel, the following vulnerability has been resolved:
perf/core:
|
| 0 |
CVE-2026-23302
In the Linux kernel, the following vulnerability has been resolved:
net: annota
|
| 0 |
CVE-2025-13348
An improper access control vulnerability exists in ASUS Secure Delete Driver of
|
| 0 |
CVE-2025-29949
Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loa
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 748d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2315d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2128d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1742d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2245d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4993d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1214d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1015d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3770d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 917d |