Total CVEs
16359
last 90 days
Avg Priority
36.7
of max 220
KEV
39
actively exploited
POC
3333
public exploits
Unpatched
4726
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 36 |
CVE-2026-1743
A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 0
|
| 36 |
CVE-2026-4590
A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted eleme
|
| 36 |
CVE-2026-1751
A vulnerability has been discovered in GitLab CE/EE affecting all versions start
|
| 36 |
CVE-2026-4584
A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affe
|
| 35 |
CVE-2026-27171
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_g
|
| 34 |
CVE-2026-1588
A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element i
|
| 34 |
CVE-2026-24140
MyTube is a self-hosted downloader and player for several video websites. Versio
|
| 34 |
CVE-2026-25120
Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, th
|
| 34 |
CVE-2026-26883
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26884
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26885
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26886
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL In
|
| 34 |
CVE-2026-26890
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26887
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26888
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26889
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
|
| 34 |
CVE-2026-26891
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL
|
| 33 |
CVE-2026-32058
OpenClaw versions prior to 2026.2.26 contain an approval context-binding weaknes
|
| 33 |
CVE-2026-27632
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1
|
| 33 |
CVE-2026-2656
A flaw has been found in ChaiScript up to 6.1.0. This affects the function chais
|
| 33 |
CVE-2026-2655
A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is
|
| 33 |
CVE-2026-2913
A vulnerability was determined in libvips up to 8.19.0. The affected element is
|
| 33 |
CVE-2026-4250
A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health u
|
| 33 |
CVE-2026-4251
A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Aff
|
| 33 |
CVE-2026-4217
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on An
|
| 33 |
CVE-2026-4242
A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up t
|
| 33 |
CVE-2026-4218
A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is
|
| 32 |
CVE-2026-1532
A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element
|
| 32 |
CVE-2026-1520
A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue
|
| 32 |
CVE-2026-2939
A vulnerability was found in itsourcecode Student Management System 1.0. The imp
|
| 32 |
CVE-2026-4544
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unk
|
| 32 |
CVE-2026-1971
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the
|
| 32 |
CVE-2026-2932
A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted elem
|
| 32 |
CVE-2026-1744
A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by thi
|
| 32 |
CVE-2026-4356
A flaw has been found in itsourcecode University Management System 1.0. Affected
|
| 32 |
CVE-2026-4168
A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown
|
| 32 |
CVE-2026-4575
A flaw has been found in code-projects Exam Form Submission 1.0. This issue affe
|
| 32 |
CVE-2026-4578
A vulnerability was determined in code-projects Exam Form Submission 1.0. The im
|
| 32 |
CVE-2026-4577
A vulnerability was found in code-projects Exam Form Submission 1.0. The affecte
|
| 32 |
CVE-2026-4576
A vulnerability has been found in code-projects Exam Form Submission 1.0. Impact
|
| 32 |
CVE-2026-4225
A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is
|
| 32 |
CVE-2026-2156
A weakness has been identified in code-projects Online Student Management System
|
| 32 |
CVE-2026-2201
A security vulnerability has been detected in ZeroWdd studentmanager up to 21515
|
| 32 |
CVE-2026-2972
A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects
|
| 32 |
CVE-2026-3403
A vulnerability was detected in PHPGurukul Student Record Management System 1.0.
|
| 32 |
CVE-2026-3402
A security vulnerability has been detected in PHPGurukul Student Record Manageme
|
| 32 |
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unkno
|
| 32 |
CVE-2026-2934
A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impac
|
| 32 |
CVE-2026-3170
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Ar
|
| 32 |
CVE-2026-2933
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the funct
|
| 32 |
CVE-2026-3716
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This vulnerabilit
|
| 32 |
CVE-2026-2222
A weakness has been identified in code-projects Online Reviewer System 1.0. Affe
|
| 32 |
CVE-2026-2897
A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vul
|
| 32 |
CVE-2026-2214
A weakness has been identified in code-projects for Plugin 1.0. This affects an
|
| 32 |
CVE-2026-4958
A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the functio
|
| 32 |
CVE-2026-4582
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PL
|
| 32 |
CVE-2026-6611
A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects
|
| 31 |
CVE-2026-4394
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 31 |
CVE-2026-6000
A vulnerability was found in code-projects Online Library Management System 1.0.
|
| 31 |
CVE-2026-5960
A weakness has been identified in code-projects Patient Record Management System
|
| 31 |
CVE-2026-5847
A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impa
|
| 31 |
CVE-2025-11187
Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation
which c
|
| 30 |
CVE-2026-1409
A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00
|
| 30 |
CVE-2026-5420
A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.2
|
| 30 |
CVE-2026-5310
A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. Thi
|
| 30 |
CVE-2026-4823
A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by
|
| 30 |
CVE-2026-1408
A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This
|
| 30 |
CVE-2026-1407
A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55.
|
| 30 |
CVE-2026-4541
A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknow
|
| 30 |
CVE-2025-66199
Issue summary: A TLS 1.3 connection using certificate compression can be
forced
|
| 30 |
CVE-2026-5456
A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on A
|
| 30 |
CVE-2026-4993
A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts a
|
| 30 |
CVE-2026-5462
A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android
|
| 30 |
CVE-2026-5457
A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to
|
| 30 |
CVE-2026-5452
A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vul
|
| 30 |
CVE-2026-5471
A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on
|
| 30 |
CVE-2026-5454
A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted
|
| 30 |
CVE-2026-5453
A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.3
|
| 30 |
CVE-2026-5458
A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on An
|
| 30 |
CVE-2026-5455
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affec
|
| 28 |
CVE-2025-15469
Issue summary: The 'openssl dgst' command-line tool silently truncates input
dat
|
| 27 |
CVE-2026-28421
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have
|
| 24 |
CVE-2026-4406
The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scr
|
| 22 |
CVE-2026-28420
Vim is an open source, command line text editor. Prior to version 9.2.0076, a he
|
| 20 |
CVE-2026-25069
SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a
|
| 20 |
CVE-2020-37087
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site script
|
| 20 |
CVE-2023-7335
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in
|
| 20 |
CVE-2026-24797
Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/
|
| 20 |
CVE-2026-27167
Gradio is an open-source Python package designed for quick prototyping. Starting
|
| 20 |
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2305d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2118d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1732d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2235d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1005d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3760d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 907d |