Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
17716
last 90 days
Avg Priority
34.3
of max 220
KEV
31
actively exploited
POC
2291
public exploits
Unpatched
3560
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
69 CVE-2026-24112
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24109
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24111
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24115
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the
69 CVE-2026-33032
### Summary The nginx-ui MCP (Model Context Protocol) integration exposes two HT
69 CVE-2026-21992
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware
69 CVE-2026-32760
## Summary Any unauthenticated visitor can register a full administrator account
69 CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26712
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26701
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26707
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26704
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26695
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection i
69 CVE-2026-26709
code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection i
69 CVE-2026-26711
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26696
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection i
69 CVE-2026-26702
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26706
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26713
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26705
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26708
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26710
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26694
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in
69 CVE-2025-70821
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceIm
69 CVE-2025-50192
Chamilo is a learning management system. Prior to version 1.11.30, there is a ti
69 CVE-2025-50190
Chamilo is a learning management system. Prior to version 1.11.30, there is an e
69 CVE-2026-30533
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
69 CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
69 CVE-2026-27012
OpenSTAManager is an open source management software for technical assistance an
69 CVE-2026-28802
Authlib is a Python library which builds OAuth and OpenID Connect servers. From
69 CVE-2026-30824
Flowise is a drag & drop user interface to build a customized large language mod
69 CVE-2026-30530
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
68 CVE-2026-28792
Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI d
68 CVE-2026-28495
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) b
68 CVE-2026-25146
OpenEMR is a free and open source electronic health records and medical practice
68 CVE-2025-69969
A lack of authentication and authorization mechanisms in the Bluetooth Low Energ
68 CVE-2026-34205
Home Assistant is open source home automation software that puts local control a
68 CVE-2026-6722
Pre-NVD disclosure via GitHub release 'PHP 8.2.31' (php/php-src). The PHP develo
68 CVE-2026-28446
OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and
67 CVE-2026-33696
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.
67 CVE-2026-41922
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-43944
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
67 CVE-2026-33660
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.
67 CVE-2026-28517
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injectio
67 CVE-2026-23696
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vul
67 CVE-2026-1678
dns_unpack_name() caches the buffer tailroom once and reuses it while appending
67 CVE-2026-41242
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In vers
67 CVE-2026-33579
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /
67 CVE-2026-41923
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerab
67 CVE-2025-71275
A critical security vulnerability exists in Zimbra Collaboration Suite (ZCS) Pos
67 CVE-2026-41925
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-41926
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-22679
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthentica
67 CVE-2026-6942
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerabi
67 CVE-2026-35022
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection v
67 CVE-2026-29014
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injec
67 CVE-2019-25468
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allo
67 CVE-2026-41924
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in
67 CVE-2026-23751
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versi
67 CVE-2019-25471
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows at
67 CVE-2019-25487
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that al
67 CVE-2016-20026
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache To
67 CVE-2026-29000
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication by
67 CVE-2026-44643
Angular Expressions provides expressions for the Angular.JS web framework as a s
67 CVE-2016-20049
JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability
67 CVE-2018-25159
Epross AVCON6 systems management platform contains an object-graph navigation la
67 CVE-2016-20030
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows u
67 CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability th
67 CVE-2026-41948
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows
67 CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure
67 CVE-2019-25568
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows
67 CVE-2026-30562
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
67 CVE-2026-26210
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in
67 CVE-2026-29183
SiYuan is a personal knowledge management system. Prior to version 3.5.9, an una
67 CVE-2025-60949
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployme
67 CVE-2026-41947
Dify version 1.14.1 and prior contains an authorization bypass vulnerability tha
67 CVE-2026-25921
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwri
66 CVE-2026-41468
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component con
66 CVE-2026-39920
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the A
66 CVE-2026-41462
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection v
66 CVE-2026-24444
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con
66 CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_mo
66 CVE-2026-26279
Froxlor is open source server administration software. Prior to 2.3.4, a typo in
66 CVE-2026-41179
### Summary The RC endpoint `operations/fsinfo` is exposed without `AuthRequired
66 CVE-2026-41176
### Summary The RC endpoint `options/set` is exposed without `AuthRequired: true
66 CVE-2026-27760
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in
66 CVE-2026-28697
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-bet
66 CVE-2026-25769
Wazuh is a free and open source platform used for threat prevention, detection,

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d
Prev 2 / 19 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy