Total CVEs
16586
last 90 days
Avg Priority
35.8
of max 220
KEV
35
actively exploited
POC
3158
public exploits
Unpatched
4124
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
119
CVE-2026-39987
## Summary
Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `
119
CVE-2026-3910
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker
119
CVE-2026-3909
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to per
Priority Distribution
| Priority | CVE |
|---|---|
| 0 |
CVE-2025-35960
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2026-41674
## Summary
The package serializes `DocumentType` node fields (`internalSubset`,
|
| 0 |
CVE-2025-32734
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-32733
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-11384
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-32090
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-32085
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2026-41673
## Summary
Seven recursive traversals in `lib/dom.js` operate without a depth l
|
| 0 |
CVE-2025-32082
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-32009
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-31942
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-31358
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-31145
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-30517
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-29869
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-27941
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-27928
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-27573
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2026-38949
Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the co
|
| 0 |
CVE-2025-27569
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-27251
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-26471
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-25049
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2026-39398
## Affected
openclaw-claude-bridge v1.1.0
## Issue
v1.1.0 spawns the Claude C
|
| 0 |
CVE-2025-24524
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-24518
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20007
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20038
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20066
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-24492
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20078
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20089
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20098
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-11381
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20107
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-31364
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-71226
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-71228
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-20110
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-13602
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This can
|
| 0 |
CVE-2025-13933
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-
|
| 0 |
CVE-2025-11383
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-13965
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-
|
| 0 |
CVE-2026-41174
## Summary
There is a vulnerability in Traefik's Kubernetes CRD provider cross-
|
| 0 |
CVE-2026-41263
## Summary
There is a timing side-channel vulnerability in Traefik's BasicAuth
|
| 0 |
CVE-2025-65134
In manikandan580 School-management-system 1.0, a reflected cross-site scripting
|
| 0 |
CVE-2025-6010
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2026-40912
## Summary
There is a high severity authentication bypass vulnerability in Trae
|
| 0 |
CVE-2026-40068
Claude Code used the git worktree `commondir` file when determining folder trust
|
| 0 |
CVE-2026-39858
## Summary
There is a high severity authentication bypass vulnerability in Trae
|
| 0 |
CVE-2026-35051
## Summary
There is a high-severity authentication bypass vulnerability in Trae
|
| 0 |
CVE-2026-33863
### Impact
Two unguarded prototype pollution paths exist, not covered by previou
|
| 0 |
CVE-2026-41486
# Remote Code Execution via Parquet Arrow Extension Type Deserialization
## Sum
|
| 0 |
CVE-2026-31677
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_
|
| 0 |
CVE-2026-33864
### Summary
A prototype pollution vulnerability exists in the latest version of
|
| 0 |
CVE-2026-31428
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 0 |
CVE-2026-31681
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 0 |
CVE-2026-31684
In the Linux kernel, the following vulnerability has been resolved:
net: sched:
|
| 0 |
CVE-2026-31427
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 0 |
CVE-2026-41163
Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/04/25. rce
|
| 0 |
CVE-2026-31425
In the Linux kernel, the following vulnerability has been resolved:
rds: ib: re
|
| 0 |
CVE-2026-31424
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 0 |
CVE-2026-31423
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 0 |
CVE-2026-31422
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 0 |
CVE-2026-31421
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 0 |
CVE-2026-31420
In the Linux kernel, the following vulnerability has been resolved:
bridge: mrp
|
| 0 |
CVE-2026-31418
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 0 |
CVE-2026-31416
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 0 |
CVE-2026-31415
In the Linux kernel, the following vulnerability has been resolved:
ipv6: avoid
|
| 0 |
CVE-2026-31280
An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.
|
| 0 |
CVE-2025-13337
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-33022
Rejected reason: The reporter agreed to not assign CVE ID
|
| 0 |
CVE-2025-71245
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-71246
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-71247
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-11382
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-71248
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-71249
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2025-71250
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2026-31400
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: fix
|
| 0 |
CVE-2026-31399
In the Linux kernel, the following vulnerability has been resolved:
nvdimm/bus:
|
| 0 |
CVE-2026-31395
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: fi
|
| 0 |
CVE-2026-31394
In the Linux kernel, the following vulnerability has been resolved:
mac80211: f
|
| 0 |
CVE-2026-31391
In the Linux kernel, the following vulnerability has been resolved:
crypto: atm
|
| 0 |
CVE-2026-31390
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix
|
| 0 |
CVE-2026-23475
In the Linux kernel, the following vulnerability has been resolved:
spi: fix st
|
| 0 |
CVE-2026-23474
In the Linux kernel, the following vulnerability has been resolved:
mtd: Avoid
|
| 0 |
CVE-2026-4114
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances all
|
| 0 |
CVE-2025-24300
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering
|
| 0 |
CVE-2026-4112
Improper neutralization of special elements used in an SQL command (“SQL Injecti
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 748d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2315d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2128d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1742d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2245d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4993d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1214d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1015d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3770d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 917d |