Total CVEs
16384
last 90 days
Avg Priority
36.8
of max 220
KEV
39
actively exploited
POC
3347
public exploits
Unpatched
4810
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 51 |
CVE-2019-25397
IPFire 2.21 Core Update 127 contains multiple reflected cross-site scripting vul
|
| 51 |
CVE-2019-25396
IPFire 2.21 Core Update 127 contains a reflected cross-site scripting vulnerabil
|
| 51 |
CVE-2026-23847
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vu
|
| 51 |
CVE-2025-54817
A reflected cross-site scripting (xss) vulnerability exists in the autoPurge fun
|
| 51 |
CVE-2025-36556
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser func
|
| 51 |
CVE-2025-46270
A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStu
|
| 51 |
CVE-2025-53854
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Rout
|
| 51 |
CVE-2025-54157
A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedD
|
| 51 |
CVE-2025-54495
A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjo
|
| 51 |
CVE-2025-54778
A reflected cross-site scripting (xss) vulnerability exists in the existingUser
|
| 51 |
CVE-2025-54814
A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopur
|
| 51 |
CVE-2025-54853
A reflected cross-site scripting (xss) vulnerability exists in the modifyUser fu
|
| 51 |
CVE-2025-54861
A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercio
|
| 51 |
CVE-2025-57786
A reflected cross-site scripting (xss) vulnerability exists in the notifynewstud
|
| 51 |
CVE-2025-57881
A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail f
|
| 51 |
CVE-2025-58080
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App
|
| 51 |
CVE-2025-70791
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of M
|
| 51 |
CVE-2025-70792
Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of M
|
| 51 |
CVE-2026-28771
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi en
|
| 51 |
CVE-2026-28772
A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.c
|
| 51 |
CVE-2019-25356
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cros
|
| 51 |
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware too
|
| 51 |
CVE-2026-29038
changedetection.io is a free open source web page change detection tool. Prior t
|
| 51 |
CVE-2019-25421
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilitie
|
| 51 |
CVE-2019-25417
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25420
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25427
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25429
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-30566
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30565
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2025-70297
A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and
|
| 51 |
CVE-2026-30564
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-24415
OpenSTAManager is an open source management software for technical assistance an
|
| 51 |
CVE-2019-25423
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vuln
|
| 51 |
CVE-2019-25415
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2020-37152
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via th
|
| 51 |
CVE-2026-30526
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zo
|
| 51 |
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulne
|
| 51 |
CVE-2019-25393
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site
|
| 51 |
CVE-2019-25371
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2015-20114
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerabi
|
| 51 |
CVE-2026-24671
The Open eClass platform (formerly known as GUnet eClass) is a complete course m
|
| 51 |
CVE-2019-25372
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2025-69431
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link f
|
| 51 |
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS dev
|
| 51 |
CVE-2026-26023
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross si
|
| 51 |
CVE-2019-25411
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25412
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-27645
changedetection.io is a free open source web page change detection tool. In vers
|
| 51 |
CVE-2026-27612
Repostat is a React component to fetch and display GitHub repository info. Prior
|
| 51 |
CVE-2026-27120
Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htm
|
| 51 |
CVE-2019-25407
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25416
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25418
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25424
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25425
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25426
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25428
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vuln
|
| 51 |
CVE-2026-30237
Group-Office is an enterprise customer relationship management and groupware too
|
| 51 |
CVE-2026-28348
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml
|
| 51 |
CVE-2019-25324
RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the add
|
| 51 |
CVE-2019-25323
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outpu
|
| 51 |
CVE-2026-28350
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml
|
| 51 |
CVE-2015-20116
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploa
|
| 51 |
CVE-2016-20036
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vu
|
| 51 |
CVE-2026-30563
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales
|
| 51 |
CVE-2026-31809
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG
|
| 51 |
CVE-2019-25406
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25409
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25370
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2026-30841
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
|
| 51 |
CVE-2019-25410
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25294
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that al
|
| 51 |
CVE-2026-31807
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG
|
| 51 |
CVE-2026-27176
MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting
|
| 51 |
CVE-2020-37111
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php
|
| 51 |
CVE-2019-25378
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scr
|
| 51 |
CVE-2026-40500
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery
|
| 51 |
CVE-2019-25380
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25384
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25449
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that all
|
| 51 |
CVE-2019-25383
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25386
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25381
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25385
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site
|
| 51 |
CVE-2026-1411
A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected
|
| 51 |
CVE-2025-64736
An out-of-bounds read vulnerability exists in the ABF parsing functionality of T
|
| 51 |
CVE-2019-25375
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2019-25376
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2303d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2116d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1730d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2233d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4980d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1003d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3758d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 905d |