Security Dashboard

7d 14d 30d 90d
Total CVEs
16433
last 90 days
Avg Priority
36.8
of max 220
KEV
39
actively exploited
POC
3346
public exploits
Unpatched
4815
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
CRITICAL
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
42 CVE-2026-3223
Arbitrary file write & potential privilege escalation exploiting zip slip vulner
42 CVE-2026-0025
In hasImage of Notification.java, there is a possible way to reveal information
42 CVE-2026-0020
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way t
42 CVE-2026-35641
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in
42 CVE-2026-0047
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for
42 CVE-2026-0037
In multiple functions of ffa.c, there is a possible memory corruption due to a l
42 CVE-2026-0035
In createRequest of MediaProvider.java, there is a possible way for an app to ga
42 CVE-2026-0021
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible
42 CVE-2026-0013
In setupLayout of PickActivity.java, there is a possible way to start any activi
42 CVE-2026-0010
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write
42 CVE-2026-0008
In multiple locations, there is a possible privilege escalation due to a confus
42 CVE-2025-48619
In multiple functions of ContentProvider.java, there is a possible way for an ap
42 CVE-2025-32313
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due
42 CVE-2026-0118
In oobconfig, there is a possible bypass of carrier restrictions due to a logic
42 CVE-2025-69627
Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability
42 CVE-2026-33747
### Impact When using a custom BuildKit frontend, the frontend can craft an API
42 CVE-2025-36384
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem ac
42 CVE-2026-28518
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path tra
42 CVE-2026-0123
In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out
42 CVE-2026-0117
In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due
42 CVE-2026-24930
UAF concurrency vulnerability in the graphics module. Impact: Successful exploit
42 CVE-2026-0107
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of
42 CVE-2025-48579
In multiple functions of MediaProvider.java, there is a possible external storag
42 CVE-2025-48582
In multiple locations, there is a possible way to delete media without the MANAG
42 CVE-2025-48574
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an
42 CVE-2026-24926
Out-of-bounds write vulnerability in the camera module. Impact: Successful explo
42 CVE-2026-40931
**1. Executive Summary** This report documents a critical security research find
42 CVE-2026-4266
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an at
42 CVE-2025-32355
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle inco
42 CVE-2025-14213
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerabi
42 CVE-2026-32725
SciTokens C++ is a minimal library for creating and using SciTokens from C or C+
42 CVE-2026-0980
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller
42 CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable
42 CVE-2026-5264
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can s
42 CVE-2026-0708
A flaw was found in libucl. A remote attacker could exploit this by providing a
42 CVE-2026-29075
Mesa is an open-source Python library for agent-based modeling, simulating compl
42 CVE-2026-22897
A command injection vulnerability has been reported to affect QuNetSwitch. The r
42 CVE-2026-28476
OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulne
42 CVE-2026-6442
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior
42 CVE-2026-6328
Improper input validation, Improper verification of cryptographic signature vuln
42 CVE-2026-30461
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote
42 CVE-2026-0562
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows
42 CVE-2026-3549
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extens
42 CVE-2026-27203
eBay API MCP Server is an open source local MCP server providing AI assistants w
42 CVE-2025-10913
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
42 CVE-2026-34524
## Summary A Path Traversal vulnerability in chat endpoints allows an authentica
42 CVE-2026-39884
## Summary The `port_forward` tool in `mcp-server-kubernetes` constructs a kube
42 CVE-2026-33980
### Summary adx-mcp-server (<= latest, commit 48b2933) contains KQL (Kusto Quer
42 CVE-2026-27803
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, former
42 CVE-2026-27802
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, former
42 CVE-2026-34221
A prototype pollution vulnerability exists in the `Utils.merge` helper used inte
42 CVE-2026-1619
Authorization Bypass Through User-Controlled Key vulnerability in Universal Soft
42 CVE-2026-34072
Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, l
42 CVE-2026-31939
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path t
42 CVE-2026-33407
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
42 CVE-2026-25083
GROWI OpenAI thread/message API endpoints do not perform authorization. Affected
42 CVE-2026-35394
### Summary The `mobile_open_url` tool in mobile-mcp passes user-supplied URLs
42 CVE-2026-34780
### Impact Apps that pass `VideoFrame` objects (from the WebCodecs API) across t
42 CVE-2026-28451
OpenClaw versions prior to 2026.2.14 contain server-side request forgery vulnera
42 CVE-2026-31998
OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulner
42 CVE-2025-15617
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workfl
42 CVE-2026-4064
Missing authorization checks on multiple gRPC service endpoints in PowerShell Un
42 CVE-2026-34576
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST
42 CVE-2026-32110
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/netwo
42 CVE-2026-40899
DataEase is an open-source data visualization and analytics platform. Versions 2
42 CVE-2026-34719
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0
42 CVE-2026-24148
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization
42 CVE-2026-1313
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Reque
42 CVE-2026-35595
## Summary A user with Write-level access to a project can escalate their permi
42 CVE-2026-35618
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 s
42 CVE-2025-13777
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, A
42 CVE-2025-13779
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev
42 CVE-2026-0603
A flaw was found in Hibernate. A remote attacker with low privileges could explo
42 CVE-2026-6311
Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.77
42 CVE-2026-6304
Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a re
42 CVE-2026-6310
Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote
42 CVE-2026-6309
Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote
42 CVE-2026-6314
Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a re
42 CVE-2026-33779
An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web o
42 CVE-2026-2751
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.
42 CVE-2026-33981
### Summary The `jq:` and `jqraw:` include filter expressions allow use of the
42 CVE-2026-33210
### Impact A format string injection vulnerability than that lead to denial of
42 CVE-2026-32146
Improper path validation vulnerability in the Gleam compiler's handling of git d
42 CVE-2026-32759
## Summary The TUS resumable upload handler parses the `Upload-Length` header as
42 CVE-2025-10174
Cleartext Transmission of Sensitive Information vulnerability in Pan Software &
42 CVE-2025-67601
A vulnerability has been identified within Rancher Manager, where using self-sig
42 CVE-2026-6297
Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an atta
42 CVE-2026-32902
OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in
42 CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unaut
42 CVE-2026-35478
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 735d
CVE-2019-19781 CRITICAL 9.8 223 2303d
CVE-2020-5902 CRITICAL 9.8 223 2116d
CVE-2021-35464 CRITICAL 9.8 223 1730d
CVE-2020-10189 CRITICAL 9.8 223 2233d
CVE-2012-4681 CRITICAL 9.8 223 4981d
CVE-2022-42475 CRITICAL 9.8 223 1201d
CVE-2023-3519 CRITICAL 9.8 223 1003d
CVE-2015-7450 CRITICAL 9.8 222 3758d
CVE-2023-34048 CRITICAL 9.8 222 905d
Prev 30 / 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy