Total CVEs
16317
last 90 days
Avg Priority
36.7
of max 220
KEV
39
actively exploited
POC
3341
public exploits
Unpatched
4795
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 34 |
CVE-2026-33990
## Summary
Docker Model Runner contains an SSRF vulnerability in its OCI registr
|
| 34 |
CVE-2025-36365
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.
|
| 34 |
CVE-2025-10010
The CPSD CryptoPro Secure Disk application boots a small Linux operating system
|
| 34 |
CVE-2026-33572
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly bro
|
| 34 |
CVE-2025-9520
An IDOR vulnerability exists in Omada Controllers that allows an attacker with A
|
| 34 |
CVE-2025-14973
The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and
|
| 34 |
CVE-2026-20024
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and C
|
| 34 |
CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS an
|
| 34 |
CVE-2025-41117
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and t
|
| 34 |
CVE-2026-33997
## Summary
A security vulnerability has been detected that allows [plugins](htt
|
| 34 |
CVE-2026-0119
In usim_SendMCCMNCIndMsg of usim_Registration.c, there is a possible out of boun
|
| 34 |
CVE-2026-30603
An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.164
|
| 34 |
CVE-2026-4482
The installer certificate files in the …/bootstrap/common/ssl folder do not seem
|
| 34 |
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers usin
|
| 34 |
CVE-2025-71176
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user
|
| 34 |
CVE-2025-47364
Memory corruption while calculating offset from partition start point.
|
| 34 |
CVE-2025-47363
Memory corruption when calculating oversized partition sizes without proper chec
|
| 34 |
CVE-2026-34864
Boundary-unlimited vulnerability in the application read module.
Impact: Success
|
| 34 |
CVE-2026-28547
Vulnerability of uninitialized pointer access in the scanning module. Impact: Su
|
| 34 |
CVE-2025-33216
NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface
|
| 34 |
CVE-2025-33215
NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component whe
|
| 34 |
CVE-2026-24918
Address read vulnerability in the communication module.
Impact: Successful explo
|
| 34 |
CVE-2026-32229
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO
|
| 34 |
CVE-2026-40574
### Impact
An authorization bypass exists in OAuth2 Proxy as part of the `email
|
| 34 |
CVE-2026-32223
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized at
|
| 34 |
CVE-2026-33220
Weblate is a web based localization tool. In versions prior to 5.17, the transla
|
| 34 |
CVE-2026-40253
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In ver
|
| 34 |
CVE-2025-31991
Rate Limiting for attempting a user login is not being properly enforced, making
|
| 34 |
CVE-2026-33623
### Summary
PinchTab `v0.8.4` contains a Windows-only command injection issue in
|
| 34 |
CVE-2026-23653
Improper neutralization of special elements used in a command ('command injectio
|
| 34 |
CVE-2026-26124
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate pr
|
| 34 |
CVE-2026-23651
Permissive regular expression in Azure Compute Gallery allows an authorized atta
|
| 34 |
CVE-2026-20099
A vulnerability in the web-based management interface of Cisco FXOS Software and
|
| 34 |
CVE-2026-24777
OpenProject is an open-source, web-based project management software. Prior to 1
|
| 34 |
CVE-2026-31833
Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authentic
|
| 34 |
CVE-2026-33549
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment
|
| 34 |
CVE-2025-48418
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6
|
| 34 |
CVE-2026-21522
Improper neutralization of special elements used in a command ('command injectio
|
| 34 |
CVE-2025-64340
Server names containing shell metacharacters (e.g., `&`) can cause command injec
|
| 34 |
CVE-2026-32948
### Summary
On Windows, sbt uses `Process("cmd", "/c", ...)` to run VCS commands
|
| 34 |
CVE-2026-26972
OpenClaw is a personal AI assistant. In versions 2026.1.12 through 2026.2.12, Op
|
| 34 |
CVE-2026-32496
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
|
| 34 |
CVE-2025-15316
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
|
| 34 |
CVE-2025-15315
Tanium addressed a local privilege escalation vulnerability in Tanium Module Ser
|
| 34 |
CVE-2024-14025
An SQL injection vulnerability has been reported to affect Video Station. If an
|
| 34 |
CVE-2026-26033
UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unq
|
| 34 |
CVE-2026-27008
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug in `downl
|
| 34 |
CVE-2026-21421
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-21424
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-29608
OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run nod
|
| 34 |
CVE-2025-13818
Local privilege escalation vulnerability via insecure temporary batch file execu
|
| 34 |
CVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh
|
| 34 |
CVE-2026-21426
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-20436
In wlan STA driver, there is a possible escalation of privilege due to a missing
|
| 34 |
CVE-2025-33231
NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s
|
| 34 |
CVE-2026-0027
In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due
|
| 34 |
CVE-2026-4105
A flaw was found in systemd. The systemd-machined service contains an Improper A
|
| 34 |
CVE-2026-1585
An unquoted Windows service executable path vulnerability in IJ Scan Utility for
|
| 34 |
CVE-2025-9909
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creati
|
| 34 |
CVE-2026-28728
Local privilege escalation due to DLL hijacking vulnerability. The following pro
|
| 34 |
CVE-2026-27774
Local privilege escalation due to DLL hijacking vulnerability. The following pro
|
| 34 |
CVE-2026-0940
A potential improper initialization vulnerability was reported in the BIOS of so
|
| 34 |
CVE-2026-22270
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-21423
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-34871
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA
|
| 34 |
CVE-2026-2809
Netskope was notified about a potential gap in its Endpoint DLP Module for Netsk
|
| 34 |
CVE-2026-25206
Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource
|
| 34 |
CVE-2025-32452
Uncontrolled search path for some AI Playground before version 2.6.1 beta within
|
| 34 |
CVE-2025-20070
Improper conditions check for the Intel(R) Optane(TM) PMem management software b
|
| 34 |
CVE-2026-39389
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
| 34 |
CVE-2026-32259
ImageMagick is free and open-source software used for editing and manipulating d
|
| 34 |
CVE-2025-9908
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansibl
|
| 34 |
CVE-2026-40224
In systemd 259 before 260, there is local privilege escalation in systemd-machin
|
| 34 |
CVE-2026-3091
An uncontrolled search path element vulnerability in Synology Presto Client befo
|
| 34 |
CVE-2026-0705
Local privilege escalation due to insecure folder permissions. The following pro
|
| 34 |
CVE-2026-21425
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through
|
| 34 |
CVE-2026-24510
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Im
|
| 34 |
CVE-2026-33271
Local privilege escalation due to insecure folder permissions. The following pro
|
| 34 |
CVE-2025-14917
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphe
|
| 34 |
CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-chec
|
| 34 |
CVE-2026-5165
A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) devic
|
| 34 |
CVE-2025-9907
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansibl
|
| 34 |
CVE-2026-27653
The installers for multiple products provided by Soliton Systems K.K. contain an
|
| 34 |
CVE-2026-5164
A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly v
|
| 34 |
CVE-2025-36522
Incorrect default permissions for some Intel(R) Chipset Software before version
|
| 34 |
CVE-2025-31655
Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool wit
|
| 34 |
CVE-2024-14024
An improper certificate validation vulnerability has been reported to affect Vid
|
| 34 |
CVE-2026-20440
In MAE, there is a possible out of bounds write due to a missing bounds check. T
|
| 34 |
CVE-2025-14740
Docker Desktop for Windows contains multiple incorrect permission assignment vul
|
| 34 |
CVE-2025-13918
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 P
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2302d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2115d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1729d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2232d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1002d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3757d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 904d |