Total CVEs
16337
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3564
public exploits
Unpatched
5456
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 70 |
CVE-2026-27728
OneUptime is a solution for monitoring and managing online services. Prior to ve
|
| 70 |
CVE-2025-67186
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability
|
| 70 |
CVE-2020-36911
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows
|
| 70 |
CVE-2026-30957
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 70 |
CVE-2026-28794
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere t
|
| 70 |
CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice
|
| 70 |
CVE-2026-30861
WeKnora is an LLM-powered framework designed for deep document understanding and
|
| 70 |
CVE-2026-28411
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an u
|
| 70 |
CVE-2023-54339
Webgrind 1.1 contains a remote command execution vulnerability that allows unaut
|
| 70 |
CVE-2020-37027
Sickbeard alpha contains a remote command injection vulnerability that allows un
|
| 70 |
CVE-2026-29042
Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Pri
|
| 70 |
CVE-2021-47851
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows atta
|
| 70 |
CVE-2026-30860
WeKnora is an LLM-powered framework designed for deep document understanding and
|
| 70 |
CVE-2025-69985
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to
|
| 70 |
CVE-2020-37002
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote
|
| 70 |
CVE-2026-27626
OliveTin gives access to predefined shell commands from a web interface. In vers
|
| 70 |
CVE-2026-27606
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and
|
| 70 |
CVE-2026-28775
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP
|
| 70 |
CVE-2026-24841
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior
|
| 70 |
CVE-2025-67188
A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B2021011
|
| 70 |
CVE-2026-27702
Budibase is a low code platform for creating internal tools, workflows, and admi
|
| 70 |
CVE-2026-28517
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injectio
|
| 70 |
CVE-2026-33309
### Summary
While reviewing the recent patch for **CVE-2025-68478** (External C
|
| 70 |
CVE-2025-67084
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated att
|
| 70 |
CVE-2025-55423
A command injection vulnerability exists in the upnp_relay() function in multipl
|
| 70 |
CVE-2026-27574
OneUptime is a solution for monitoring and managing online services. In versions
|
| 70 |
CVE-2026-27941
OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1,
|
| 70 |
CVE-2026-22039
Kyverno is a policy engine designed for cloud native platform engineering teams.
|
| 70 |
CVE-2026-30887
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 70 |
CVE-2025-70982
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows
|
| 70 |
CVE-2026-30956
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 70 |
CVE-2023-54329
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability
|
| 70 |
CVE-2020-37071
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allo
|
| 70 |
CVE-2021-47748
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows
|
| 70 |
CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a
|
| 70 |
CVE-2026-30921
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 70 |
CVE-2026-24849
OpenEMR is a free and open source electronic health records and medical practice
|
| 70 |
CVE-2026-24908
OpenEMR is a free and open source electronic health records and medical practice
|
| 69 |
CVE-2025-66802
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote
|
| 69 |
CVE-2022-50910
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot
|
| 69 |
CVE-2025-69766
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the fo
|
| 69 |
CVE-2025-69762
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the
|
| 69 |
CVE-2025-69763
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the
|
| 69 |
CVE-2026-2699
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthentica
|
| 69 |
CVE-2023-54335
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows att
|
| 69 |
CVE-2026-27966
Langflow is a tool for building and deploying AI-powered agents and workflows. P
|
| 69 |
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter fro
|
| 69 |
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1
|
| 69 |
CVE-2023-54330
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer over
|
| 69 |
CVE-2020-37094
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to
|
| 69 |
CVE-2020-37186
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows
|
| 69 |
CVE-2019-25321
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers
|
| 69 |
CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute ar
|
| 69 |
CVE-2020-36967
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the li
|
| 69 |
CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. P
|
| 69 |
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and pr
|
| 69 |
CVE-2025-70150
CodeAstro Membership Management System 1.0 contains a missing authentication vul
|
| 69 |
CVE-2020-37012
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthe
|
| 69 |
CVE-2025-70457
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Imag
|
| 69 |
CVE-2023-7334
Changjetong T+ versions up to and including 16.x contain a .NET deserialization
|
| 69 |
CVE-2020-37082
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows
|
| 69 |
CVE-2020-36948
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module th
|
| 69 |
CVE-2021-47900
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability t
|
| 69 |
CVE-2020-36962
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact fo
|
| 69 |
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability tha
|
| 69 |
CVE-2020-36961
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerabili
|
| 69 |
CVE-2019-25364
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER comma
|
| 69 |
CVE-2020-37120
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM serv
|
| 69 |
CVE-2020-37075
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard
|
| 69 |
CVE-2020-37070
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attac
|
| 69 |
CVE-2022-50922
Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allo
|
| 69 |
CVE-2025-63624
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart wate
|
| 69 |
CVE-2026-25505
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D p
|
| 69 |
CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a r
|
| 69 |
CVE-2021-47891
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that al
|
| 69 |
CVE-2019-25361
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST com
|
| 69 |
CVE-2019-25365
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file
|
| 69 |
CVE-2019-25319
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remo
|
| 69 |
CVE-2019-25327
Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the use
|
| 69 |
CVE-2019-25468
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allo
|
| 69 |
CVE-2026-2686
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203.
|
| 69 |
CVE-2025-67187
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4
|
| 69 |
CVE-2026-26273
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authent
|
| 69 |
CVE-2026-27590
Caddy is an extensible server platform that uses TLS by default. Prior to versio
|
| 69 |
CVE-2022-50912
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension saniti
|
| 69 |
CVE-2026-27637
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
|
| 69 |
CVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerabili
|
| 69 |
CVE-2020-37095
Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability
|
| 69 |
CVE-2025-61506
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated
|
| 69 |
CVE-2026-3703
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_4
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1724d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2227d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 997d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 899d |