Total CVEs
17716
last 90 days
Avg Priority
34.3
of max 220
KEV
31
actively exploited
POC
2291
public exploits
Unpatched
3560
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
Priority Distribution
| Priority | CVE |
|---|---|
| 51 |
CVE-2026-30561
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30560
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30558
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30570
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 51 |
CVE-2026-30571
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester In
|
| 51 |
CVE-2026-30556
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30559
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2019-25502
Simple Job Script contains a cross-site scripting vulnerability that allows unau
|
| 51 |
CVE-2026-5776
The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses
|
| 51 |
CVE-2026-44166
A pre-hijacking issue was discovered with the OAuth2 autolinking by [Alardiians]
|
| 51 |
CVE-2026-28772
A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.c
|
| 51 |
CVE-2026-28771
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi en
|
| 51 |
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware too
|
| 51 |
CVE-2026-24415
OpenSTAManager is an open source management software for technical assistance an
|
| 51 |
CVE-2026-30566
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-29038
changedetection.io is a free open source web page change detection tool. Prior t
|
| 51 |
CVE-2026-31013
Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (
|
| 51 |
CVE-2026-30564
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30565
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30526
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zo
|
| 51 |
CVE-2015-20114
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerabi
|
| 51 |
CVE-2026-30237
Group-Office is an enterprise customer relationship management and groupware too
|
| 51 |
CVE-2026-28350
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml
|
| 51 |
CVE-2026-28348
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml
|
| 51 |
CVE-2016-20036
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vu
|
| 51 |
CVE-2015-20116
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploa
|
| 51 |
CVE-2026-30563
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales
|
| 51 |
CVE-2026-31809
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG
|
| 51 |
CVE-2026-31807
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG
|
| 51 |
CVE-2026-30841
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
|
| 51 |
CVE-2026-40500
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery
|
| 51 |
CVE-2025-64736
An out-of-bounds read vulnerability exists in the ABF parsing functionality of T
|
| 51 |
CVE-2026-30830
Defuddle cleans up HTML pages. Prior to version 0.9.0, the _findContentBySchemaT
|
| 50 |
CVE-2026-32057
OpenClaw versions prior to 2026.2.25 contain an authentication bypass vulnerabil
|
| 50 |
CVE-2026-41950
Dify before version 1.14.0 contains an authorization bypass vulnerability that a
|
| 50 |
CVE-2026-5677
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Im
|
| 50 |
CVE-2026-5678
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The aff
|
| 50 |
CVE-2026-5688
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 50 |
CVE-2026-5692
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts
|
| 50 |
CVE-2026-5176
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. A
|
| 50 |
CVE-2026-6158
A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the fu
|
| 50 |
CVE-2026-32045
OpenClaw versions prior to 2026.2.21 incorrectly apply tokenless Tailscale heade
|
| 50 |
CVE-2026-29076
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library
|
| 50 |
CVE-2026-30247
WeKnora is an LLM-powered framework designed for deep document understanding and
|
| 50 |
CVE-2026-27801
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, former
|
| 50 |
CVE-2026-6815
An arbitrary file write vulnerability exists in Casdoor's Local File System stor
|
| 50 |
CVE-2025-15363
The Get Use APIs WordPress plugin before 2.0.10 executes imported JSON, which c
|
| 50 |
CVE-2026-26311
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5,
|
| 50 |
CVE-2026-26310
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5,
|
| 49 |
CVE-2026-4497
A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected
|
| 49 |
CVE-2026-7385
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to co
|
| 49 |
CVE-2026-3881
The Performance Monitor WordPress plugin through 1.0.6 does not validate a param
|
| 49 |
CVE-2026-3696
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected
|
| 49 |
CVE-2026-7593
A security vulnerability has been detected in Sunwood-ai-labs command-executor-m
|
| 49 |
CVE-2026-7058
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted elem
|
| 49 |
CVE-2026-5012
A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the func
|
| 49 |
CVE-2026-5741
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The i
|
| 49 |
CVE-2026-7220
A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc510
|
| 49 |
CVE-2026-7785
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94
|
| 49 |
CVE-2026-7066
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154
|
| 49 |
CVE-2026-7812
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391
|
| 49 |
CVE-2026-7215
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue
|
| 49 |
CVE-2026-7698
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.
|
| 49 |
CVE-2026-6980
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba41
|
| 49 |
CVE-2026-9367
A vulnerability was determined in NousResearch hermes-agent up to 5157f5427f1948
|
| 48 |
CVE-2026-7446
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects
|
| 48 |
CVE-2026-7061
A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affe
|
| 48 |
CVE-2026-5973
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is t
|
| 48 |
CVE-2026-7443
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affecte
|
| 48 |
CVE-2026-7062
A security vulnerability has been detected in Intina47 context-sync up to 2.0.0.
|
| 48 |
CVE-2026-5333
A security flaw has been discovered in DefaultFuction Content-Management-System
|
| 48 |
CVE-2026-6130
A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the functi
|
| 48 |
CVE-2026-5972
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This iss
|
| 48 |
CVE-2026-30227
MimeKit is a C# library which may be used for the creation and parsing of messag
|
| 48 |
CVE-2026-4499
A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the functio
|
| 48 |
CVE-2026-7064
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue a
|
| 48 |
CVE-2026-7416
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affec
|
| 48 |
CVE-2026-3794
A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects som
|
| 48 |
CVE-2026-8305
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element i
|
| 48 |
CVE-2026-7633
A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impa
|
| 48 |
CVE-2026-7723
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown
|
| 48 |
CVE-2026-6579
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This im
|
| 48 |
CVE-2026-6588
A weakness has been identified in serge-chat serge up to 1.4TB. The impacted ele
|
| 48 |
CVE-2026-7630
A vulnerability has been found in innocommerce InnoShop up to 0.7.8. The affecte
|
| 48 |
CVE-2026-7714
A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affec
|
| 48 |
CVE-2026-5258
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _ge
|
| 48 |
CVE-2026-8321
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affect
|
| 48 |
CVE-2026-6568
A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects
|
| 48 |
CVE-2026-9351
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16
|
| 48 |
CVE-2026-6129
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4.
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3798d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |