Total CVEs
16315
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3552
public exploits
Unpatched
5449
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 70 |
CVE-2026-27574
OneUptime is a solution for monitoring and managing online services. In versions
|
| 70 |
CVE-2026-27941
OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1,
|
| 70 |
CVE-2026-22039
Kyverno is a policy engine designed for cloud native platform engineering teams.
|
| 70 |
CVE-2026-30887
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 70 |
CVE-2025-70982
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows
|
| 70 |
CVE-2026-30956
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 70 |
CVE-2023-54329
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability
|
| 70 |
CVE-2020-37071
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allo
|
| 70 |
CVE-2021-47748
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows
|
| 70 |
CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a
|
| 70 |
CVE-2026-30921
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 70 |
CVE-2026-24849
OpenEMR is a free and open source electronic health records and medical practice
|
| 70 |
CVE-2026-24908
OpenEMR is a free and open source electronic health records and medical practice
|
| 69 |
CVE-2022-50910
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot
|
| 69 |
CVE-2025-69766
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the fo
|
| 69 |
CVE-2025-69763
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the
|
| 69 |
CVE-2025-69762
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the
|
| 69 |
CVE-2026-2699
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthentica
|
| 69 |
CVE-2023-54335
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows att
|
| 69 |
CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter fro
|
| 69 |
CVE-2026-27966
Langflow is a tool for building and deploying AI-powered agents and workflows. P
|
| 69 |
CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1
|
| 69 |
CVE-2023-54330
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer over
|
| 69 |
CVE-2020-37094
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to
|
| 69 |
CVE-2020-37186
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows
|
| 69 |
CVE-2019-25321
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers
|
| 69 |
CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute ar
|
| 69 |
CVE-2020-36967
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the li
|
| 69 |
CVE-2026-26190
Milvus is an open-source vector database built for generative AI applications. P
|
| 69 |
CVE-2025-70150
CodeAstro Membership Management System 1.0 contains a missing authentication vul
|
| 69 |
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and pr
|
| 69 |
CVE-2020-37012
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthe
|
| 69 |
CVE-2025-70457
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Imag
|
| 69 |
CVE-2023-7334
Changjetong T+ versions up to and including 16.x contain a .NET deserialization
|
| 69 |
CVE-2020-37082
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows
|
| 69 |
CVE-2020-36948
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module th
|
| 69 |
CVE-2021-47900
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability t
|
| 69 |
CVE-2020-36962
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact fo
|
| 69 |
CVE-2020-37075
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard
|
| 69 |
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability tha
|
| 69 |
CVE-2020-37070
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attac
|
| 69 |
CVE-2022-50922
Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allo
|
| 69 |
CVE-2019-25364
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER comma
|
| 69 |
CVE-2020-37120
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM serv
|
| 69 |
CVE-2020-36961
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerabili
|
| 69 |
CVE-2025-63624
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart wate
|
| 69 |
CVE-2026-25505
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D p
|
| 69 |
CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a r
|
| 69 |
CVE-2021-47891
Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that al
|
| 69 |
CVE-2019-25361
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST com
|
| 69 |
CVE-2019-25327
Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the use
|
| 69 |
CVE-2019-25319
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remo
|
| 69 |
CVE-2019-25365
ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file
|
| 69 |
CVE-2019-25468
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allo
|
| 69 |
CVE-2026-2686
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203.
|
| 69 |
CVE-2025-67187
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4
|
| 69 |
CVE-2026-26273
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authent
|
| 69 |
CVE-2026-27590
Caddy is an extensible server platform that uses TLS by default. Prior to versio
|
| 69 |
CVE-2022-50912
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension saniti
|
| 69 |
CVE-2026-27637
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
|
| 69 |
CVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerabili
|
| 69 |
CVE-2020-37095
Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability
|
| 69 |
CVE-2025-61506
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated
|
| 69 |
CVE-2026-3703
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_4
|
| 69 |
CVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 69 |
CVE-2026-23883
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 69 |
CVE-2026-4164
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Del
|
| 69 |
CVE-2025-70998
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain
|
| 69 |
CVE-2026-2017
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by t
|
| 69 |
CVE-2025-64111
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due
|
| 69 |
CVE-2021-47812
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote atta
|
| 69 |
CVE-2025-57529
YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in
|
| 69 |
CVE-2026-4163
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects th
|
| 69 |
CVE-2019-25471
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows at
|
| 69 |
CVE-2026-27005
Chartbrew is an open-source web application that can connect directly to databas
|
| 69 |
CVE-2026-4585
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up
|
| 69 |
CVE-2026-4170
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerabil
|
| 69 |
CVE-2020-37153
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and
|
| 69 |
CVE-2019-25487
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that al
|
| 69 |
CVE-2026-26725
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remot
|
| 69 |
CVE-2025-69764
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the fo
|
| 69 |
CVE-2026-27743
The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated
|
| 69 |
CVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 69 |
CVE-2026-23533
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 69 |
CVE-2026-23530
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 69 |
CVE-2026-22869
Eigent is a multi-agent Workforce. A critical security vulnerability in the CI w
|
| 69 |
CVE-2020-37000
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allow
|
| 69 |
CVE-2026-1162
A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the
|
| 69 |
CVE-2026-28292
`simple-git`, an interface for running git commands in any node.js application,
|
| 69 |
CVE-2020-37069
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the N
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |