Total CVEs
16312
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3551
public exploits
Unpatched
5448
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 64 |
CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the
|
| 64 |
CVE-2026-3729
A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the funct
|
| 64 |
CVE-2026-3732
A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects t
|
| 64 |
CVE-2024-5386
In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due
|
| 64 |
CVE-2020-36969
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenti
|
| 64 |
CVE-2021-47816
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerabil
|
| 64 |
CVE-2026-3678
A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function
|
| 64 |
CVE-2026-3679
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerab
|
| 64 |
CVE-2026-3814
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected
|
| 64 |
CVE-2026-3701
A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affect
|
| 64 |
CVE-2026-3700
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is
|
| 64 |
CVE-2026-3715
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the funct
|
| 64 |
CVE-2026-3698
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affect
|
| 64 |
CVE-2026-3699
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This i
|
| 64 |
CVE-2026-3815
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects
|
| 64 |
CVE-2026-30820
Flowise is a drag & drop user interface to build a customized large language mod
|
| 64 |
CVE-2020-37078
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the imp
|
| 64 |
CVE-2019-25536
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability t
|
| 64 |
CVE-2025-50189
Chamilo is a learning management system. Prior to version 1.11.30, the applicati
|
| 64 |
CVE-2018-25158
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows a
|
| 64 |
CVE-2026-26318
systeminformation is a System and OS information library for node.js. Versions p
|
| 64 |
CVE-2026-32051
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerabil
|
| 64 |
CVE-2026-26965
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 64 |
CVE-2020-37117
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins updat
|
| 64 |
CVE-2026-26064
calibre is a cross-platform e-book manager for viewing, converting, editing, and
|
| 64 |
CVE-2016-20025
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnera
|
| 64 |
CVE-2026-28770
Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi
|
| 64 |
CVE-2026-22861
iccDEV provides a set of libraries and tools that allow for the interaction, man
|
| 64 |
CVE-2026-25253
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value f
|
| 64 |
CVE-2026-4747
Each RPCSEC_GSS data packet is validated by a routine which checks a signature i
|
| 64 |
CVE-2025-65716
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allo
|
| 64 |
CVE-2021-47871
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that a
|
| 64 |
CVE-2026-29073
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /a
|
| 64 |
CVE-2019-25351
Centova Cast 3.2.11 contains a file download vulnerability that allows authentic
|
| 64 |
CVE-2026-25040
Budibase is a low code platform for creating internal tools, workflows, and admi
|
| 64 |
CVE-2026-27976
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior
|
| 64 |
CVE-2026-4493
A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted elemen
|
| 64 |
CVE-2026-4492
A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is
|
| 64 |
CVE-2026-27168
SAIL is a cross-platform library for loading and saving images with support for
|
| 64 |
CVE-2026-4490
A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the funct
|
| 64 |
CVE-2026-4489
A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability af
|
| 64 |
CVE-2026-4491
A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the fun
|
| 64 |
CVE-2026-4529
A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the fu
|
| 64 |
CVE-2026-4188
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected ele
|
| 64 |
CVE-2026-26955
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 64 |
CVE-2026-30840
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
|
| 64 |
CVE-2026-4214
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,
|
| 64 |
CVE-2026-4212
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L
|
| 64 |
CVE-2026-4211
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 64 |
CVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2
|
| 64 |
CVE-2026-4167
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the funct
|
| 64 |
CVE-2026-4566
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the fun
|
| 64 |
CVE-2026-28516
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulner
|
| 64 |
CVE-2019-25451
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows
|
| 64 |
CVE-2025-67645
OpenEMR is a free and open source electronic health records and medical practice
|
| 64 |
CVE-2026-4227
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impac
|
| 64 |
CVE-2026-4226
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element
|
| 64 |
CVE-2026-4487
A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impa
|
| 64 |
CVE-2026-4318
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is
|
| 64 |
CVE-2026-4488
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Af
|
| 64 |
CVE-2025-69213
OpenSTAManager is an open source management software for technical assistance an
|
| 64 |
CVE-2025-52468
Chamilo is a learning management system. Prior to version 1.11.30, an input vali
|
| 64 |
CVE-2026-25131
OpenEMR is a free and open source electronic health records and medical practice
|
| 64 |
CVE-2026-25232
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a
|
| 64 |
CVE-2026-22243
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulne
|
| 64 |
CVE-2025-69215
OpenSTAManager is an open source management software for technical assistance an
|
| 64 |
CVE-2026-2140
A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by
|
| 64 |
CVE-2019-25318
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allow
|
| 64 |
CVE-2024-55270
phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in stude
|
| 64 |
CVE-2026-1420
A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown functio
|
| 64 |
CVE-2026-2958
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected
|
| 64 |
CVE-2026-2962
A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects
|
| 64 |
CVE-2026-2885
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted ele
|
| 64 |
CVE-2026-2961
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the func
|
| 64 |
CVE-2026-2854
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_
|
| 64 |
CVE-2026-2882
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the fun
|
| 64 |
CVE-2026-2926
A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_
|
| 64 |
CVE-2026-2853
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the functi
|
| 64 |
CVE-2026-26065
calibre is a cross-platform e-book manager for viewing, converting, editing, and
|
| 64 |
CVE-2026-2959
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulner
|
| 64 |
CVE-2026-2856
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerabi
|
| 64 |
CVE-2026-2855
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the funct
|
| 64 |
CVE-2026-2881
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability af
|
| 64 |
CVE-2026-2925
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue
|
| 64 |
CVE-2026-2929
A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the funct
|
| 64 |
CVE-2026-2884
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element
|
| 64 |
CVE-2026-2857
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issu
|
| 64 |
CVE-2026-2927
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability af
|
| 64 |
CVE-2026-2960
A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the
|
| 64 |
CVE-2026-2871
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function f
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |