Total CVEs
16435
last 90 days
Avg Priority
36.8
of max 220
KEV
39
actively exploited
POC
3343
public exploits
Unpatched
4820
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 32 |
CVE-2026-0549
The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
|
| 32 |
CVE-2025-14445
The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2025-13738
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2025-13617
The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored C
|
| 32 |
CVE-2025-13048
The StatCounter - Free Real Time Visitor Stats plugin for WordPress is vulnerabl
|
| 32 |
CVE-2025-12117
The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via
|
| 32 |
CVE-2025-12116
The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via t
|
| 32 |
CVE-2026-2512
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-3998
The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 32 |
CVE-2026-1886
The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Sto
|
| 32 |
CVE-2026-5506
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t
|
| 32 |
CVE-2025-12122
The Popup Box - Easily Create WordPress Popups plugin for WordPress is vulnerabl
|
| 32 |
CVE-2022-50797
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site sc
|
| 32 |
CVE-2026-27684
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerabil
|
| 32 |
CVE-2026-2918
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Di
|
| 32 |
CVE-2026-3228
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-3498
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scri
|
| 32 |
CVE-2026-2501
The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-1851
The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-2480
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerabl
|
| 32 |
CVE-2026-1889
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-1093
The WPFAQBlock- FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vul
|
| 32 |
CVE-2026-1899
The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scri
|
| 32 |
CVE-2026-2496
The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Sc
|
| 32 |
CVE-2026-1396
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to S
|
| 32 |
CVE-2026-1854
The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripti
|
| 32 |
CVE-2026-1902
The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scri
|
| 32 |
CVE-2026-3350
The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-2481
The Beaver Builder Page Builder - Drag and Drop Website Builder plugin for WordP
|
| 32 |
CVE-2026-3333
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Sit
|
| 32 |
CVE-2026-2602
The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
|
| 32 |
CVE-2026-1607
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-1569
The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
|
| 32 |
CVE-2026-1575
The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr
|
| 32 |
CVE-2026-2924
The Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for Wor
|
| 32 |
CVE-2026-1825
The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 32 |
CVE-2026-4766
The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 32 |
CVE-2026-1824
The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored C
|
| 32 |
CVE-2026-2569
The Dear Flipbook - PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for
|
| 32 |
CVE-2026-2437
The WP Travel Engine - Tour Booking Plugin - Tour Operator Software plugin for W
|
| 32 |
CVE-2026-4268
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to S
|
| 32 |
CVE-2025-6229
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder,
|
| 32 |
CVE-2026-3005
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-1806
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerab
|
| 32 |
CVE-2026-0626
The WPFunnels - Easy Funnel Builder To Optimize Buyer Journeys And Get More Lead
|
| 32 |
CVE-2026-1574
The MyQtip - easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-0609
The Logo Slider - Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugi
|
| 32 |
CVE-2026-1908
The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-3311
The The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widget
|
| 32 |
CVE-2026-1914
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
|
| 32 |
CVE-2026-5717
The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-1911
The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 32 |
CVE-2026-1891
The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-3492
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 32 |
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and conta
|
| 32 |
CVE-2026-4871
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Si
|
| 32 |
CVE-2026-5508
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
|
| 32 |
CVE-2026-28558
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that al
|
| 32 |
CVE-2026-1822
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 32 |
CVE-2026-1820
The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored C
|
| 32 |
CVE-2026-1275
The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored
|
| 32 |
CVE-2026-3239
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site
|
| 32 |
CVE-2026-2949
The Xpro Addons - 140+ Widgets for Elementor plugin for WordPress is vulnerable
|
| 32 |
CVE-2026-28036
Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratat
|
| 32 |
CVE-2026-5372
An issue that allowed a SQL injection attack vector related to saved queries (in
|
| 32 |
CVE-2026-23803
Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Uplo
|
| 32 |
CVE-2026-0688
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery
|
| 32 |
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerab
|
| 32 |
CVE-2026-2257
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Refere
|
| 32 |
CVE-2025-69674
Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.
|
| 32 |
CVE-2026-33223
### Background
NATS.io is a high performance open source pub-sub distributed co
|
| 32 |
CVE-2026-33246
### Background
NATS.io is a high performance open source pub-sub distributed co
|
| 32 |
CVE-2026-24316
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing pu
|
| 32 |
CVE-2026-23885
Alchemy is an open source content management system engine written in Ruby on Ra
|
| 32 |
CVE-2026-1210
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cros
|
| 32 |
CVE-2026-1572
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthor
|
| 32 |
CVE-2026-40225
In udev in systemd before 260, local root execution can occur via malicious hard
|
| 32 |
CVE-2026-24964
Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGa
|
| 32 |
CVE-2026-32357
Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blo
|
| 32 |
CVE-2026-32353
Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress
|
| 32 |
CVE-2026-24362
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-
|
| 32 |
CVE-2026-39630
Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images ge
|
| 32 |
CVE-2026-28682
Gokapi is a self-hosted file sharing server with automatic expiration and encryp
|
| 32 |
CVE-2021-47908
Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the
|
| 32 |
CVE-2021-47856
Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vuln
|
| 32 |
CVE-2025-14525
A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest
|
| 32 |
CVE-2023-54343
QWE DL 2.0.1 mobile web application contains a persistent input validation vulne
|
| 32 |
CVE-2022-50951
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerabilit
|
| 32 |
CVE-2026-0742
The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cro
|
| 32 |
CVE-2021-47885
Multiple payment terminal versions contain non-persistent cross-site scripting v
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 735d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2303d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2116d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1730d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2233d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4981d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1201d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1003d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3758d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 905d |