Security Dashboard

7d 14d 30d 90d
Total CVEs
16433
last 90 days
Avg Priority
36.8
of max 220
KEV
39
actively exploited
POC
3345
public exploits
Unpatched
4819
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
CRITICAL
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
42 CVE-2026-32902
OpenClaw before 2026.3.1 contains a server-side request forgery vulnerability in
42 CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unaut
41 CVE-2026-22022
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based
41 CVE-2026-34578
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNs
41 CVE-2026-29046
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to vers
41 CVE-2025-13192
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, an
41 CVE-2026-3324
Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to auth
41 CVE-2026-21227
Improper limitation of a pathname to a restricted directory ('path traversal') i
41 CVE-2026-2293
A NestJS application using @nestjs/platform-fastify can allow bypass of authenti
41 CVE-2026-28406
kaniko is a tool to build container images from a Dockerfile, inside a container
41 CVE-2026-26337
Hyland Alfresco Transformation Service allows unauthenticated attackers to achie
41 CVE-2026-21535
Improper access control in Microsoft Teams allows an unauthorized attacker to di
41 CVE-2026-34363
### Impact When multiple clients subscribe to the same class via LiveQuery, the
41 CVE-2026-34215
### Impact The verify password endpoint returns unsanitized authentication data
41 CVE-2026-40163
Saltcorn is an extensible, open source, no-code database application builder. Pr
41 CVE-2026-35091
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wr
41 CVE-2026-33942
Saloon is a PHP library that gives users tools to build API integrations and SDK
41 CVE-2026-24790
The underlying PLC of the device can be remotely influenced, without proper safe
41 CVE-2026-2818
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot f
41 CVE-2026-39363
### Summary [`server.fs`](https://vite.dev/config/server-options#server-fs-stri
41 CVE-2026-39429
### Summary The cache server is directly exposed by the root shard and has no a
41 CVE-2025-69042
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
41 CVE-2025-69043
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
41 CVE-2025-69040
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
41 CVE-2026-40193
### Summary The `auth.ldap` module constructs LDAP search filters and DN string
41 CVE-2026-34045
Podman Desktop is a graphical tool for developing on containers and Kubernetes.
41 CVE-2026-35525
### Summary LiquidJS enforces partial and layout root restrictions using the re
41 CVE-2026-30845
Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 throug
41 CVE-2026-28677
OpenSift is an AI study tool that sifts through large datasets using semantic se
41 CVE-2026-32138
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker,
41 CVE-2026-2007
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unk
41 CVE-2026-35604
File Browser is a file managing interface for uploading, deleting, previewing, r
41 CVE-2026-30230
Flare is a Next.js-based, self-hostable file sharing platform that integrates wi
41 CVE-2026-5208
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authen
41 CVE-2026-32296
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without prope
41 CVE-2026-27468
Mastodon is a free, open-source social network server based on ActivityPub. FASP
41 CVE-2026-25794
ImageMagick is free and open-source software used for editing and manipulating d
41 CVE-2026-28135
Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Roy
41 CVE-2026-34042
act's built-in actions/cache server listens to connections on all interfaces and
41 CVE-2026-21532
Azure Function Information Disclosure Vulnerability
41 CVE-2026-34219
## Description ### Summary The Rust libp2p Gossipsub implementation contains a r
41 CVE-2026-27124
## Summary While testing the *GitHubProvider* OAuth integration, which allows au
41 CVE-2026-29872
A cross-session information disclosure vulnerability exists in the awesome-llm-a
41 CVE-2026-33946
### Summary The Ruby SDK's [streamable_http_transport.rb](https://github.com/mo
41 CVE-2026-0805
An input neutralization vulnerability in the Backup Configuration component of C
41 CVE-2026-33508
### Impact Parse Server's LiveQuery component does not enforce the `requestComp
41 CVE-2026-32877
Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0
41 CVE-2026-34573
Parse Server is an open source backend that can be deployed to any infrastructur
41 CVE-2026-34784
Parse Server is an open source backend that can be deployed to any infrastructur
41 CVE-2026-28416
Gradio is an open-source Python package designed for quick prototyping. Prior to
41 CVE-2025-67956
Missing Authorization vulnerability in wpeverest User Registration user-registra
41 CVE-2026-31824
Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time
41 CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 3
41 CVE-2026-1117
A vulnerability in the `lollms_generation_events.py` component of parisneo/lollm
41 CVE-2026-34593
## Summary `Ash.Type.Module.cast_input/2` unconditionally creates a new Erlang
41 CVE-2026-5477
An integer overflow existed in the wolfCrypt CMAC implementation, that could be
41 CVE-2026-4828
Improper authentication in the OAuth login functionality in Devolutions Server 2
41 CVE-2026-4924
Improper authentication in the two-factor authentication (2FA) feature in Devo
41 CVE-2026-32030
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in t
41 CVE-2026-22733
Spring Boot applications with Actuator can be vulnerable to an "Authentication B
41 CVE-2025-9986
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne
41 CVE-2026-22731
Spring Boot applications with Actuator can be vulnerable to an "Authentication B
41 CVE-2026-35457
### Summary The rendezvous server stores pagination cookies without bounds. An u
41 CVE-2026-21956
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
41 CVE-2026-21955
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
41 CVE-2026-32829
lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In vers
41 CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (
41 CVE-2026-40168
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/s
41 CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applicati
41 CVE-2026-32316
jq is a command-line JSON processor. An integer overflow vulnerability exists th
41 CVE-2026-23989
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the G
41 CVE-2025-7389
A vulnerability in the AdminServer component of OpenEdge on all supported platfo
41 CVE-2026-32278
# Security Advisory - Form Plugin (Stored XSS) ## Summary A Stored Cross-site
41 CVE-2025-40932
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apa
41 CVE-2026-27826
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (C
41 CVE-2026-33009
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
41 CVE-2026-2992
The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is
41 CVE-2026-28255
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, an
41 CVE-2025-67977
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-t
41 CVE-2026-32763
### Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON pa
41 CVE-2026-34375
WWBN AVideo is an open source video platform. In versions up to and including 26
41 CVE-2026-31788
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd
41 CVE-2026-32616
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the appl
41 CVE-2026-29193
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.
41 CVE-2025-13002
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
41 CVE-2026-4984
The Twilio integration webhook handler accepts any POST request without validati
41 CVE-2026-22171
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in t
41 CVE-2021-35484
Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user t
41 CVE-2026-32811
### Summary When using heimdall in envoy gRPC decision API mode, wrong encoding
41 CVE-2026-0994
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.Pa

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 735d
CVE-2019-19781 CRITICAL 9.8 223 2303d
CVE-2020-5902 CRITICAL 9.8 223 2116d
CVE-2021-35464 CRITICAL 9.8 223 1730d
CVE-2020-10189 CRITICAL 9.8 223 2233d
CVE-2012-4681 CRITICAL 9.8 223 4981d
CVE-2022-42475 CRITICAL 9.8 223 1201d
CVE-2023-3519 CRITICAL 9.8 223 1003d
CVE-2015-7450 CRITICAL 9.8 222 3758d
CVE-2023-34048 CRITICAL 9.8 222 905d
Prev 31 / 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy