Total CVEs
17702
last 90 days
Avg Priority
34.4
of max 220
KEV
31
actively exploited
POC
2284
public exploits
Unpatched
3558
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
Priority Distribution
| Priority | CVE |
|---|---|
| 66 |
CVE-2026-29065
changedetection.io is a free open source web page change detection tool. Prior t
|
| 66 |
CVE-2025-50199
Chamilo is a learning management system. Prior to version 1.11.30, there is a bl
|
| 66 |
CVE-2026-39912
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication token
|
| 66 |
CVE-2026-31071
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack au
|
| 66 |
CVE-2026-33656
EspoCRM is an open source customer relationship management application. Prior to
|
| 66 |
CVE-2026-33475
Langflow is a tool for building and deploying AI-powered agents and workflows. A
|
| 66 |
CVE-2026-29188
File Browser provides a file managing interface within a specified directory and
|
| 66 |
CVE-2026-30832
Soft Serve is a self-hostable Git server for the command line. From version 0.6.
|
| 66 |
CVE-2026-45091
sealed-env is a cross-stack, zero-trust secret management library for Node.js an
|
| 59 |
CVE-2026-35546
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This
|
| 59 |
CVE-2026-33352
### Summary
An unauthenticated SQL injection vulnerability exists in `objects/c
|
| 58 |
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could al
|
| 57 |
CVE-2026-6074
A path traversal condition in Intrado 911 Emergency Gateway could allow an attac
|
| 57 |
CVE-2026-25192
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to
|
| 57 |
CVE-2026-2417
A Missing Authentication for Critical Function vulnerability in Pharos Controls
|
| 57 |
CVE-2026-29796
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to
|
| 57 |
CVE-2026-40630
A vulnerability in
SenseLive
X3050’s web management interface allows unauthor
|
| 57 |
CVE-2026-1579
The MAVLink communication protocol does not require cryptographic
authenticatio
|
| 57 |
CVE-2025-13926
An attacker could use data obtained by sniffing the network traffic to
forge pa
|
| 57 |
CVE-2026-25775
A vulnerability in SenseLive X3050’s remote management service allows firmware r
|
| 57 |
CVE-2026-40620
A vulnerability in SenseLive X3050’s embedded management service allows full adm
|
| 57 |
CVE-2026-35503
A vulnerability in SenseLive X3050’s web management interface allows authenticat
|
| 57 |
CVE-2026-3356
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass t
|
| 57 |
CVE-2026-5387
The vulnerability, if exploited, could allow an unauthenticated miscreant to per
|
| 57 |
CVE-2026-32956
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based
|
| 57 |
CVE-2026-39462
A vulnerability exists in SenseLive X3050’s web management interface in which pa
|
| 57 |
CVE-2026-6284
An attacker with network access to the PLC is able to brute force discover passw
|
| 56 |
CVE-2025-14815
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric
|
| 56 |
CVE-2025-14816
Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi El
|
| 56 |
CVE-2026-27843
A vulnerability exists in SenseLive X3050's web management interface that allows
|
| 56 |
CVE-2026-32644
Specific firmware versions of Milesight AIOT cameras use SSL certificates with d
|
| 56 |
CVE-2026-24060
Service information is not encrypted when transmitted as BACnet packets
over th
|
| 55 |
CVE-2026-42826
Exposure of sensitive information to an unauthorized actor in Azure DevOps allow
|
| 55 |
CVE-2026-34156
`##` Summary
NocoBase's Workflow Script Node executes user-supplied JavaScript
|
| 55 |
CVE-2026-42898
Improper control of generation of code ('code injection') in Microsoft Dynamics
|
| 55 |
CVE-2026-42823
Improper access control in Azure Logic Apps allows an authorized attacker to ele
|
| 55 |
CVE-2026-33109
Improper access control in Azure Managed Instance for Apache Cassandra allows an
|
| 54 |
CVE-2026-41089
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker
|
| 54 |
CVE-2026-4670
Authentication bypass by primary weakness vulnerability in Progress Software MOV
|
| 54 |
CVE-2026-41096
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attac
|
| 54 |
CVE-2026-39813
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 thro
|
| 53 |
CVE-2026-35428
Improper neutralization of special elements used in a command ('command injectio
|
| 53 |
CVE-2026-33823
Improper authorization in Microsoft Teams allows an authorized attacker to discl
|
| 53 |
CVE-2026-33478
## Summary
Multiple vulnerabilities in AVideo's CloneSite plugin chain together
|
| 53 |
CVE-2026-5965
NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowi
|
| 52 |
CVE-2026-40379
Exposure of sensitive information to an unauthorized actor in Azure Entra ID all
|
| 52 |
CVE-2026-40402
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate pri
|
| 51 |
CVE-2026-31843
The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerabili
|
| 51 |
CVE-2026-41103
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for
|
| 51 |
CVE-2026-42833
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) al
|
| 51 |
CVE-2026-33453
Improperly Controlled Modification of Dynamically-Determined Object Attributes v
|
| 51 |
CVE-2026-33117
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a
|
| 51 |
CVE-2026-2743
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppM
|
| 50 |
CVE-2026-0848
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper
|
| 50 |
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Inject
|
| 50 |
CVE-2026-41553
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to
|
| 50 |
CVE-2026-8054
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 50 |
CVE-2026-38360
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.
|
| 50 |
CVE-2025-15060
claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vuln
|
| 50 |
CVE-2026-2031
An Improper Access Control vulnerability in several internal API endpoints for G
|
| 50 |
CVE-2026-40412
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows a
|
| 50 |
CVE-2026-26015
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before v
|
| 50 |
CVE-2026-27897
Vociferous provides cross-platform, offline speech-to-text with local AI refinem
|
| 50 |
CVE-2026-33819
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attac
|
| 50 |
CVE-2026-42288
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix fo
|
| 50 |
CVE-2026-41104
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an
|
| 50 |
CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerabil
|
| 50 |
CVE-2026-39337
ChurchCRM is an open-source church management system. Prior to 7.1.0, critical p
|
| 50 |
CVE-2026-32871
## Technical Description
The `OpenAPIProvider` in FastMCP exposes internal APIs
|
| 50 |
CVE-2026-31957
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune.
|
| 50 |
CVE-2026-34234
CtrlPanel is open-source billing software for hosting providers. In versions 1.1
|
| 50 |
CVE-2026-37541
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.00
|
| 50 |
CVE-2026-6213
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker t
|
| 50 |
CVE-2026-41679
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents
|
| 50 |
CVE-2026-40911
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YP
|
| 50 |
CVE-2026-42369
GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surve
|
| 50 |
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of
|
| 50 |
CVE-2026-42298
Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Re
|
| 50 |
CVE-2026-3611
The Honeywell IQ4x building management controller, exposes its full web-based HM
|
| 50 |
CVE-2026-42869
SOCFortress CoPilot focuses on providing a single pane of glass for all your sec
|
| 50 |
CVE-2026-5128
A sensitive information exposure vulnerability exists in ArthurFiorette steam-tr
|
| 50 |
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequat
|
| 50 |
CVE-2026-34938
### Summary
`execute_code()` in `praisonai-agents` runs attacker-controlled Pyt
|
| 50 |
CVE-2026-8153
OS command injection in Dashboard Server interface in Universal Robots PolyScope
|
| 50 |
CVE-2026-34162
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT
|
| 50 |
CVE-2026-3587
An unauthenticated remote attacker can exploit a hidden function in the CLI prom
|
| 50 |
CVE-2026-32169
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized a
|
| 50 |
CVE-2026-42822
Improper authentication in Azure Local Disconnected Operations allows an unautho
|
| 50 |
CVE-2026-40281
## Vulnerability Details
**CWE**: CWE-20 - Improper Input Validation
The metad
|
| 50 |
CVE-2026-31852
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions wor
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3799d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |