Total CVEs
16434
last 90 days
Avg Priority
36.8
of max 220
KEV
39
actively exploited
POC
3342
public exploits
Unpatched
4820
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 41 |
CVE-2026-0994
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.Pa
|
| 41 |
CVE-2026-33072
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to
|
| 41 |
CVE-2026-33163
### Impact
When a `Parse.Cloud.afterLiveQueryEvent` trigger is registered for a
|
| 41 |
CVE-2026-34725
### Summary
A stored XSS vulnerability exists in DbGate because attacker-control
|
| 41 |
CVE-2026-33206
calibre is a cross-platform e-book manager for viewing, converting, editing, and
|
| 41 |
CVE-2025-25210
Improper input validation for some Server Firmware Update Utility(SysFwUpdt) bef
|
| 41 |
CVE-2026-27700
Hono is a Web application framework that provides support for any JavaScript run
|
| 41 |
CVE-2026-33941
## Summary
The Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.
|
| 41 |
CVE-2025-71057
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124
|
| 41 |
CVE-2026-30241
Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius f
|
| 41 |
CVE-2026-21990
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 41 |
CVE-2026-21988
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 41 |
CVE-2026-21987
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 41 |
CVE-2026-33748
### Impact
Insufficient validation of Git URL fragment subdir components (`<url>
|
| 41 |
CVE-2026-31921
Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for
|
| 41 |
CVE-2025-1395
Generation of Error Message Containing Sensitive Information vulnerability in Co
|
| 41 |
CVE-2026-32313
xmlseclibs is a library written in PHP for working with XML Encryption and Signa
|
| 41 |
CVE-2026-28562
wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics:
|
| 41 |
CVE-2026-34236
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From versio
|
| 41 |
CVE-2026-32600
xml-security is a library that implements XML signatures and encryption. Prior t
|
| 41 |
CVE-2026-24063
When a plugin is installed using the Arturia Software Center (MacOS), it also in
|
| 41 |
CVE-2026-23857
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contain
|
| 41 |
CVE-2026-33979
## Description
A vulnerability has been identified in express-xss-sanitizer (<=
|
| 41 |
CVE-2025-1924
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa
|
| 41 |
CVE-2026-34632
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vu
|
| 41 |
CVE-2026-24843
melange allows users to build apk packages using declarative pipelines. In versi
|
| 41 |
CVE-2026-33243
barebox is a bootloader. In barebox from version 2016.03.0 to before version 202
|
| 41 |
CVE-2026-4740
A flaw was found in Open Cluster Management (OCM), the technology underlying Red
|
| 41 |
CVE-2026-31839
Striae is a firearms examiner's comparison companion. A high-severity integrity
|
| 41 |
CVE-2026-30785
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Po
|
| 41 |
CVE-2025-59023
Crafted delegations or IP fragments can poison cached delegations in Recursor.
|
| 41 |
CVE-2026-25847
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was
|
| 41 |
CVE-2026-33810
When verifying a certificate chain containing excluded DNS constraints, these co
|
| 41 |
CVE-2026-40481
monetr is a budgeting application for recurring expenses. In versions 1.12.3 and
|
| 41 |
CVE-2026-28224
Firebird is an open-source relational database management system. In versions pr
|
| 41 |
CVE-2026-27890
Firebird is an open-source relational database management system. In versions pr
|
| 41 |
CVE-2026-34982
Vim is an open source, command line text editor. Prior to version 9.2.0276, a mo
|
| 41 |
CVE-2026-0762
GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution
|
| 41 |
CVE-2026-3179
The FTP Backup on the ADM does not properly sanitize filenames received from the
|
| 41 |
CVE-2026-27206
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In
|
| 41 |
CVE-2026-20761
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, w
|
| 41 |
CVE-2026-29091
Locutus brings stdlibs of other programming languages to JavaScript for educatio
|
| 41 |
CVE-2026-33037
WWBN AVideo is an open source video platform. In versions 25.0 and below, the of
|
| 41 |
CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1,
|
| 41 |
CVE-2026-2603
A flaw was found in Keycloak. A remote attacker could bypass security controls b
|
| 41 |
CVE-2025-67957
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-67946
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-67941
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-67940
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-67938
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-67615
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-67616
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69314
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69100
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69078
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69077
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69076
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69075
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69074
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69073
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69072
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69071
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69070
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69065
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69068
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69067
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69066
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69064
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69062
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69061
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69060
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69059
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69058
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69057
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69050
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69049
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69047
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69044
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69038
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69037
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69005
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-69004
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-68908
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2025-68510
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-3459
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is
|
| 41 |
CVE-2026-0726
The Nexter Extension - Site Enhancements Toolkit plugin for WordPress is vulnera
|
| 41 |
CVE-2026-34783
## Summary
A path traversal vulnerability in Ferret's `IO::FS::WRITE` standard
|
| 41 |
CVE-2025-69046
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22381
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
| 41 |
CVE-2026-22380
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2303d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2116d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1730d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2233d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4981d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1003d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3758d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 905d |