Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
17716
last 90 days
Avg Priority
34.3
of max 220
KEV
31
actively exploited
POC
2291
public exploits
Unpatched
3560
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
67 CVE-2019-25568
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows
67 CVE-2026-30562
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sa
67 CVE-2026-26210
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in
67 CVE-2026-29183
SiYuan is a personal knowledge management system. Prior to version 3.5.9, an una
67 CVE-2025-60949
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployme
67 CVE-2026-41947
Dify version 1.14.1 and prior contains an authorization bypass vulnerability tha
67 CVE-2026-25921
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwri
66 CVE-2026-41468
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component con
66 CVE-2026-24444
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con
66 CVE-2026-41462
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection v
66 CVE-2026-39920
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the A
66 CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_mo
66 CVE-2026-26279
Froxlor is open source server administration software. Prior to 2.3.4, a typo in
66 CVE-2026-41179
### Summary The RC endpoint `operations/fsinfo` is exposed without `AuthRequired
66 CVE-2026-41176
### Summary The RC endpoint `options/set` is exposed without `AuthRequired: true
66 CVE-2026-27760
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in
66 CVE-2026-28697
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-bet
66 CVE-2026-25769
Wazuh is a free and open source platform used for threat prevention, detection,
66 CVE-2026-2701
Authenticated user can upload a malicious file to the server and execute it, whi
66 CVE-2025-66945
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x.
66 CVE-2026-31816
Budibase is a low code platform for creating internal tools, workflows, and admi
66 CVE-2026-29065
changedetection.io is a free open source web page change detection tool. Prior t
66 CVE-2025-50199
Chamilo is a learning management system. Prior to version 1.11.30, there is a bl
66 CVE-2026-39912
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication token
66 CVE-2026-31071
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack au
66 CVE-2026-33656
EspoCRM is an open source customer relationship management application. Prior to
66 CVE-2026-33475
Langflow is a tool for building and deploying AI-powered agents and workflows. A
66 CVE-2026-29188
File Browser provides a file managing interface within a specified directory and
66 CVE-2026-30832
Soft Serve is a self-hostable Git server for the command line. From version 0.6.
66 CVE-2026-45091
sealed-env is a cross-stack, zero-trust secret management library for Node.js an
65 CVE-2026-5997
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impac
65 CVE-2026-6155
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted elem
65 CVE-2026-6156
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
65 CVE-2026-6026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
65 CVE-2026-6027
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This is
65 CVE-2026-6154
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
65 CVE-2026-6114
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
65 CVE-2026-6029
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
65 CVE-2026-6195
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
65 CVE-2026-6140
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts
65 CVE-2026-6028
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
65 CVE-2026-6139
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This af
65 CVE-2026-5975
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The imp
65 CVE-2026-5852
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
65 CVE-2026-5851
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
65 CVE-2026-5976
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
65 CVE-2026-7823
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Aff
65 CVE-2026-5977
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This im
65 CVE-2026-6116
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vu
65 CVE-2026-5850
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
65 CVE-2026-6113
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
65 CVE-2026-7154
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This aff
65 CVE-2026-5996
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
65 CVE-2026-7155
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005
65 CVE-2026-6131
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by
65 CVE-2026-5993
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vu
65 CVE-2026-5978
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
65 CVE-2026-6025
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
65 CVE-2026-7037
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Thi
65 CVE-2026-6115
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the
65 CVE-2026-6138
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted ele
65 CVE-2026-5994
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
65 CVE-2026-7538
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This iss
65 CVE-2026-5995
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacte
65 CVE-2026-6112
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
65 CVE-2026-6132
A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
65 CVE-2026-5853
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
65 CVE-2026-7240
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vul
65 CVE-2026-5854
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
65 CVE-2026-4164
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Del
65 CVE-2026-4163
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects th
65 CVE-2026-4585
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up
65 CVE-2026-4170
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerabil
65 CVE-2026-4252
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue
65 CVE-2026-4567
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is
65 CVE-2026-7747
A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected
65 CVE-2026-7719
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The
65 CVE-2026-28773
The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Data
65 CVE-2026-4181
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an
65 CVE-2026-7854
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affecte
65 CVE-2026-7853
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the fun
65 CVE-2026-43639
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerabili
65 CVE-2026-5787
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7
65 CVE-2026-4092
Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to p
64 CVE-2026-7137
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005
64 CVE-2026-7140
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted
64 CVE-2026-7138
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulne
64 CVE-2026-7139
A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affect
64 CVE-2026-7834
A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This i
64 CVE-2026-7125
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d
Prev 3 / 197 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy