Total CVEs
17716
last 90 days
Avg Priority
34.3
of max 220
KEV
31
actively exploited
POC
2291
public exploits
Unpatched
3560
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
Priority Distribution
| Priority | CVE |
|---|---|
| 64 |
CVE-2024-51348
A stack-based buffer overflow vulnerability in the P2P API service in BS Product
|
| 64 |
CVE-2018-25194
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated
|
| 64 |
CVE-2026-3400
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by
|
| 64 |
CVE-2026-30855
WeKnora is an LLM-powered framework designed for deep document understanding and
|
| 64 |
CVE-2026-32042
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vu
|
| 64 |
CVE-2026-3726
A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function
|
| 64 |
CVE-2024-58341
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthe
|
| 64 |
CVE-2026-3808
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element
|
| 64 |
CVE-2026-3801
A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerabil
|
| 64 |
CVE-2018-25175
Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauth
|
| 64 |
CVE-2018-25188
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unaut
|
| 64 |
CVE-2026-4213
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS
|
| 64 |
CVE-2026-21262
Improper access control in SQL Server allows an authorized attacker to elevate p
|
| 64 |
CVE-2018-25173
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticat
|
| 64 |
CVE-2018-25172
Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated
|
| 64 |
CVE-2018-25167
Net-Billetterie 2.9 contains an SQL injection vulnerability in the login paramet
|
| 64 |
CVE-2018-25166
Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows un
|
| 64 |
CVE-2018-25197
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthentica
|
| 64 |
CVE-2019-25507
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows
|
| 64 |
CVE-2019-25504
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenti
|
| 64 |
CVE-2018-25163
BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated
|
| 64 |
CVE-2018-25189
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username
|
| 64 |
CVE-2018-25179
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticat
|
| 64 |
CVE-2018-25182
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allo
|
| 64 |
CVE-2026-3807
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impact
|
| 64 |
CVE-2026-3379
A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects
|
| 64 |
CVE-2026-3378
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqosse
|
| 64 |
CVE-2026-3399
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerabi
|
| 64 |
CVE-2026-3377
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is th
|
| 64 |
CVE-2026-3398
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function f
|
| 64 |
CVE-2026-3380
A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function
|
| 64 |
CVE-2026-3376
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by th
|
| 64 |
CVE-2026-3732
A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects t
|
| 64 |
CVE-2026-3804
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerabilit
|
| 64 |
CVE-2026-3768
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by th
|
| 64 |
CVE-2026-3677
A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function from
|
| 64 |
CVE-2026-3810
A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the f
|
| 64 |
CVE-2026-3811
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the functi
|
| 64 |
CVE-2026-3803
A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the funct
|
| 64 |
CVE-2026-3728
A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects th
|
| 64 |
CVE-2026-3802
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue
|
| 64 |
CVE-2026-3729
A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the funct
|
| 64 |
CVE-2026-3769
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is th
|
| 64 |
CVE-2026-3799
A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formS
|
| 64 |
CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the
|
| 64 |
CVE-2026-3678
A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function
|
| 64 |
CVE-2026-3679
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerab
|
| 64 |
CVE-2026-3698
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affect
|
| 64 |
CVE-2026-3699
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This i
|
| 64 |
CVE-2026-3815
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects
|
| 64 |
CVE-2026-3814
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected
|
| 64 |
CVE-2026-3700
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is
|
| 64 |
CVE-2026-3715
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the funct
|
| 64 |
CVE-2026-3701
A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affect
|
| 64 |
CVE-2018-25176
Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthent
|
| 64 |
CVE-2018-25208
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated att
|
| 64 |
CVE-2026-30820
Flowise is a drag & drop user interface to build a customized large language mod
|
| 64 |
CVE-2019-25534
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows u
|
| 64 |
CVE-2025-50189
Chamilo is a learning management system. Prior to version 1.11.30, the applicati
|
| 64 |
CVE-2019-25535
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows u
|
| 64 |
CVE-2019-25509
XooDigital Latest contains an SQL injection vulnerability that allows unauthenti
|
| 64 |
CVE-2019-25479
Inout RealEstate contains an SQL injection vulnerability that allows unauthentic
|
| 64 |
CVE-2019-25481
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauth
|
| 64 |
CVE-2019-25536
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability t
|
| 64 |
CVE-2019-25537
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerabi
|
| 64 |
CVE-2019-25642
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauth
|
| 64 |
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthe
|
| 64 |
CVE-2018-25171
EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attac
|
| 64 |
CVE-2019-25530
uHotelBooking System contains an SQL injection vulnerability that allows unauthe
|
| 64 |
CVE-2026-32051
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerabil
|
| 64 |
CVE-2026-4747
Each RPCSEC_GSS data packet is validated by a routine which checks a signature i
|
| 64 |
CVE-2026-28770
Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi
|
| 64 |
CVE-2026-29073
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /a
|
| 64 |
CVE-2018-25161
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that al
|
| 64 |
CVE-2026-4214
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,
|
| 64 |
CVE-2026-4211
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 64 |
CVE-2026-30840
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
|
| 64 |
CVE-2026-4212
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L
|
| 64 |
CVE-2026-28516
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulner
|
| 64 |
CVE-2026-4226
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element
|
| 64 |
CVE-2026-4227
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impac
|
| 64 |
CVE-2025-52468
Chamilo is a learning management system. Prior to version 1.11.30, an input vali
|
| 64 |
CVE-2026-30531
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
|
| 64 |
CVE-2018-25170
DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticate
|
| 64 |
CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin
|
| 64 |
CVE-2026-29172
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3
|
| 64 |
CVE-2026-3727
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the
|
| 64 |
CVE-2026-30223
OliveTin gives access to predefined shell commands from a web interface. Prior t
|
| 64 |
CVE-2016-20034
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that
|
| 64 |
CVE-2026-30823
Flowise is a drag & drop user interface to build a customized large language mod
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3798d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |