Total CVEs
16330
last 90 days
Avg Priority
36.7
of max 220
KEV
39
actively exploited
POC
3340
public exploits
Unpatched
4798
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 34 |
CVE-2025-32060
The system suffers from the absence of a kernel module signature verification. I
|
| 34 |
CVE-2025-35999
Incorrect permission assignment for critical resource for some System Firmware U
|
| 34 |
CVE-2026-34863
Out-of-bounds write vulnerability in the file system.
Impact: Successful exploit
|
| 34 |
CVE-2025-20106
Uncontrolled search path in some software installer for some VTune(TM) Profiler
|
| 34 |
CVE-2026-20441
In MAE, there is a possible out of bounds write due to a missing bounds check. T
|
| 34 |
CVE-2026-20443
In display, there is a possible memory corruption due to use after free. This co
|
| 34 |
CVE-2026-20444
In display, there is a possible memory corruption due to a missing bounds check.
|
| 34 |
CVE-2026-20425
In display, there is a possible out of bounds write due to a missing bounds chec
|
| 34 |
CVE-2026-20426
In display, there is a possible out of bounds write due to a missing bounds chec
|
| 34 |
CVE-2026-20427
In display, there is a possible escalation of privilege due to a missing bounds
|
| 34 |
CVE-2026-20428
In display, there is a possible out of bounds write due to a missing bounds chec
|
| 34 |
CVE-2026-20413
In imgsys, there is a possible out of bounds write due to a missing bounds check
|
| 34 |
CVE-2025-36511
Incorrect default permissions for some Intel(R) Memory and Storage Tool before v
|
| 34 |
CVE-2025-32453
Incorrect default permissions for some Intel(R) Graphics Driver software within
|
| 34 |
CVE-2025-32092
Insecure inherited permissions for some Intel(R) Graphics Software before versio
|
| 34 |
CVE-2025-22849
Incorrect default permissions for the Intel(R) Optane(TM) PMem management softwa
|
| 34 |
CVE-2026-20414
In imgsys, there is a possible escalation of privilege due to use after free. Th
|
| 34 |
CVE-2026-20410
In imgsys, there is a possible out of bounds write due to a missing bounds check
|
| 34 |
CVE-2026-25691
A improper limitation of a pathname to a restricted directory ('path traversal')
|
| 34 |
CVE-2026-35074
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-35073
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2
|
| 34 |
CVE-2026-35153
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-23779
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 34 |
CVE-2026-35072
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release
|
| 34 |
CVE-2026-32901
OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.
|
| 34 |
CVE-2026-39809
A improper neutralization of special elements used in an sql command ('sql injec
|
| 34 |
CVE-2026-0390
Reliance on untrusted inputs in a security decision in Windows Boot Loader allow
|
| 33 |
CVE-2026-27794
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Pri
|
| 33 |
CVE-2026-2462
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail
|
| 33 |
CVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the fun
|
| 33 |
CVE-2026-22284
Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Imprope
|
| 33 |
CVE-2025-15312
Tanium addressed an improper output sanitization vulnerability in Tanium Applian
|
| 33 |
CVE-2026-34515
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
|
| 33 |
CVE-2026-30897
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8
|
| 33 |
CVE-2026-24640
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet
|
| 33 |
CVE-2026-32003
OpenClaw versions prior to 2026.2.22 contain an environment variable injection v
|
| 33 |
CVE-2026-34388
Fleet is open source device management software. Prior to 4.81.0, a denial-of-se
|
| 33 |
CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.
|
| 33 |
CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55
|
| 33 |
CVE-2026-32694
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permission
|
| 33 |
CVE-2026-21010
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows
|
| 33 |
CVE-2026-33182
### Impact
Users providing user generated input into the `resolveEndpoint` metho
|
| 33 |
CVE-2026-34391
Fleet is open source device management software. Prior to 4.81.1, a vulnerabilit
|
| 33 |
CVE-2025-68609
A vulnerability in Palantir's Aries service allowed unauthenticated access to lo
|
| 33 |
CVE-2025-15324
Tanium addressed a documentation issue in Engage.
|
| 33 |
CVE-2026-35197
dye is a portable and respectful color library for shell scripts. Prior to 1.1.1
|
| 33 |
CVE-2026-28801
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. P
|
| 33 |
CVE-2026-24126
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management co
|
| 33 |
CVE-2026-20981
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allow
|
| 33 |
CVE-2026-27189
OpenSift is an AI study tool that sifts through large datasets using semantic se
|
| 33 |
CVE-2026-27102
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 t
|
| 33 |
CVE-2025-14604
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through
|
| 33 |
CVE-2026-28549
Race condition vulnerability in the permission management service. Impact: Succe
|
| 33 |
CVE-2026-21419
Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an I
|
| 33 |
CVE-2026-20202
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splu
|
| 33 |
CVE-2026-4837
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic fo
|
| 33 |
CVE-2026-35479
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.
|
| 33 |
CVE-2025-46607
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 33 |
CVE-2025-43937
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sens
|
| 33 |
CVE-2025-46641
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu
|
| 33 |
CVE-2022-50950
Webile 1.0.1 contains a directory traversal vulnerability that allows remote att
|
| 33 |
CVE-2026-33334
Vikunja is an open-source self-hosted task management platform. Starting in vers
|
| 33 |
CVE-2026-26122
Initialization of a resource with an insecure default in Azure Compute Gallery a
|
| 33 |
CVE-2026-2421
The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to
|
| 33 |
CVE-2026-2548
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_
|
| 33 |
CVE-2021-47921
Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability
|
| 33 |
CVE-2026-33336
Vikunja is an open-source self-hosted task management platform. Starting in vers
|
| 33 |
CVE-2026-3689
OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulner
|
| 33 |
CVE-2026-34401
XML Notepad is a Windows program that provides a simple intuitive User Interface
|
| 33 |
CVE-2026-28394
OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability i
|
| 33 |
CVE-2026-28395
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network bind
|
| 33 |
CVE-2026-20405
In Modem, there is a possible system crash due to a missing bounds check. This c
|
| 33 |
CVE-2026-30942
Flare is a Next.js-based, self-hostable file sharing platform that integrates wi
|
| 33 |
CVE-2025-57785
A Double Free in XSLT `show_index` has been identified in Hiawatha webserver ver
|
| 33 |
CVE-2026-20422
In Modem, there is a possible system crash due to improper input validation. Thi
|
| 33 |
CVE-2026-25689
An improper neutralization of argument delimiters in a command ('argument inject
|
| 33 |
CVE-2026-25723
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code fail
|
| 33 |
CVE-2026-21864
Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module)
|
| 33 |
CVE-2026-20406
In Modem, there is a possible system crash due to an uncaught exception. This co
|
| 33 |
CVE-2025-48722
A NULL pointer dereference vulnerability has been reported to affect Qsync Centr
|
| 33 |
CVE-2025-47209
A NULL pointer dereference vulnerability has been reported to affect Qsync Centr
|
| 33 |
CVE-2025-30266
A NULL pointer dereference vulnerability has been reported to affect Qsync Centr
|
| 33 |
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in th
|
| 33 |
CVE-2026-2899
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing A
|
| 33 |
CVE-2026-1355
A Missing Authorization vulnerability was identified in GitHub Enterprise Server
|
| 33 |
CVE-2025-13587
The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable
|
| 33 |
CVE-2024-56208
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
|
| 33 |
CVE-2026-2436
A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-
|
| 33 |
CVE-2026-26120
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized atta
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2302d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2115d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1729d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2232d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1002d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3757d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 904d |