Total CVEs
16321
last 90 days
Avg Priority
36.6
of max 220
KEV
38
actively exploited
POC
3375
public exploits
Unpatched
5343
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 51 |
CVE-2019-25356
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cros
|
| 51 |
CVE-2026-30238
Group-Office is an enterprise customer relationship management and groupware too
|
| 51 |
CVE-2019-25421
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilitie
|
| 51 |
CVE-2019-25427
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25423
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vuln
|
| 51 |
CVE-2019-25415
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2025-70297
A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and
|
| 51 |
CVE-2019-25417
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25429
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-24415
OpenSTAManager is an open source management software for technical assistance an
|
| 51 |
CVE-2026-29038
changedetection.io is a free open source web page change detection tool. Prior t
|
| 51 |
CVE-2026-30565
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2019-25420
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-30564
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2026-30566
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
|
| 51 |
CVE-2020-37152
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via th
|
| 51 |
CVE-2026-23727
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redi
|
| 51 |
CVE-2026-30526
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zo
|
| 51 |
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulne
|
| 51 |
CVE-2019-25393
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site
|
| 51 |
CVE-2015-20114
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerabi
|
| 51 |
CVE-2019-25372
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2026-24671
The Open eClass platform (formerly known as GUnet eClass) is a complete course m
|
| 51 |
CVE-2019-25371
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2025-69431
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link f
|
| 51 |
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS dev
|
| 51 |
CVE-2026-30237
Group-Office is an enterprise customer relationship management and groupware too
|
| 51 |
CVE-2026-27120
Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htm
|
| 51 |
CVE-2019-25418
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25428
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vuln
|
| 51 |
CVE-2026-27612
Repostat is a React component to fetch and display GitHub repository info. Prior
|
| 51 |
CVE-2019-25416
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-27645
changedetection.io is a free open source web page change detection tool. In vers
|
| 51 |
CVE-2019-25407
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25411
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25425
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25412
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-26023
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross si
|
| 51 |
CVE-2019-25426
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25424
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25324
RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the add
|
| 51 |
CVE-2019-25323
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outpu
|
| 51 |
CVE-2026-28350
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml
|
| 51 |
CVE-2026-28348
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml
|
| 51 |
CVE-2016-20036
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vu
|
| 51 |
CVE-2015-20116
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploa
|
| 51 |
CVE-2026-30563
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales
|
| 51 |
CVE-2026-32986
A Second-Order Cross-Site Scripting (XSS) vulnerability exists in Textpattern CM
|
| 51 |
CVE-2019-25410
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-31809
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG
|
| 51 |
CVE-2019-25370
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2026-30841
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
|
| 51 |
CVE-2019-25406
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2019-25409
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2026-31807
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG
|
| 51 |
CVE-2019-25294
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that al
|
| 51 |
CVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerabili
|
| 51 |
CVE-2020-37111
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php
|
| 51 |
CVE-2026-27176
MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting
|
| 51 |
CVE-2019-25386
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25449
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that all
|
| 51 |
CVE-2019-25378
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scr
|
| 51 |
CVE-2019-25381
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25383
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25380
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25384
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cros
|
| 51 |
CVE-2019-25385
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site
|
| 51 |
CVE-2026-1411
A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected
|
| 51 |
CVE-2025-64736
An out-of-bounds read vulnerability exists in the ABF parsing functionality of T
|
| 51 |
CVE-2021-47841
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows atta
|
| 51 |
CVE-2019-25375
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2019-25376
OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allow
|
| 51 |
CVE-2026-0521
A reflected cross-site scripting (XSS) vulnerability in the PDF export functiona
|
| 51 |
CVE-2021-47844
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers t
|
| 51 |
CVE-2026-24768
NocoDB is software for building databases as spreadsheets. Prior to version 0.30
|
| 51 |
CVE-2026-25651
client-certificate-auth is middleware for Node.js implementing client SSL certif
|
| 51 |
CVE-2026-23645
SiYuan is self-hosted, open source personal knowledge management software. Prior
|
| 51 |
CVE-2025-70849
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to
|
| 51 |
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side H
|
| 51 |
CVE-2026-25516
NiceGUI is a Python-based UI framework. The ui.markdown() component uses the mar
|
| 51 |
CVE-2026-23730
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redi
|
| 51 |
CVE-2026-23729
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redi
|
| 51 |
CVE-2026-23728
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redi
|
| 51 |
CVE-2026-23726
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redi
|
| 51 |
CVE-2021-47836
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allow
|
| 51 |
CVE-2026-30830
Defuddle cleans up HTML pages. Prior to version 0.9.0, the _findContentBySchemaT
|
| 51 |
CVE-2026-0749
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
|
| 51 |
CVE-2025-70958
Multiple reflected cross-site scripting (XSS) vulnerabilities in the installatio
|
| 51 |
CVE-2026-25154
LocalSend is a free, open-source app that allows users to share files and messag
|
| 51 |
CVE-2026-25578
Navidrome is an open source web-based music collection server and streamer. Prio
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 733d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2301d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2114d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1728d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2231d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4979d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1199d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1001d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3756d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 903d |