Total CVEs
16359
last 90 days
Avg Priority
36.7
of max 220
KEV
39
actively exploited
POC
3333
public exploits
Unpatched
4726
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 31 |
CVE-2026-34540
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-35406
### Impact
A truncated TCP DNS query followed by a connection reset causes aard
|
| 31 |
CVE-2026-34546
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34541
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34547
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34549
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34542
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34539
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-40312
ImageMagick is free and open-source software used for editing and manipulating d
|
| 31 |
CVE-2025-36364
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally w
|
| 31 |
CVE-2025-12708
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be ob
|
| 31 |
CVE-2026-33817
Index out-of-range when encountering a branch page with zero elements in go.etcd
|
| 31 |
CVE-2026-34536
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34533
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34552
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34535
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34534
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34537
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34555
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34556
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34550
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2026-34551
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 31 |
CVE-2025-41762
An unauthenticated attacker can abuse the weak hash of the backup generated by t
|
| 31 |
CVE-2025-36051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensiti
|
| 31 |
CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the
nscd cl
|
| 31 |
CVE-2025-64646
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive info
|
| 31 |
CVE-2025-36353
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.
|
| 31 |
CVE-2026-0012
In setHideSensitive of ExpandableNotificationRow.java, there is a possible conta
|
| 31 |
CVE-2025-43238
An integer overflow was addressed with improved input validation. This issue is
|
| 31 |
CVE-2026-0015
In multiple locations of AppOpsService.java, there is a possible persistent deni
|
| 31 |
CVE-2026-0014
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent d
|
| 31 |
CVE-2026-0005
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible pa
|
| 31 |
CVE-2025-58344
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
|
| 31 |
CVE-2025-58340
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
|
| 31 |
CVE-2026-0049
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent de
|
| 31 |
CVE-2025-36123
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.
|
| 31 |
CVE-2026-28544
Race condition vulnerability in the printing module. Impact: Successful exploita
|
| 31 |
CVE-2026-28539
Data processing vulnerability in the certificate management module. Impact: Succ
|
| 31 |
CVE-2026-41030
In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers t
|
| 31 |
CVE-2025-13044
IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names,
|
| 31 |
CVE-2025-48587
In multiple functions of ProfilingService.java, there is a possible persistent d
|
| 31 |
CVE-2025-48585
In multiple functions of ProfilingService.java, there is a possible persistent d
|
| 31 |
CVE-2026-24915
Out-of-bounds read issue in the media subsystem.
Impact: Successful exploitation
|
| 31 |
CVE-2026-24920
Permission control vulnerability in the AMS module.
Impact: Successful exploitat
|
| 31 |
CVE-2026-33753
### Summary
An Authorization Bypass vulnerability in `rfc3161-client`'s signatu
|
| 31 |
CVE-2026-1695
An XSS vulnerability affects the OAuth web services used by the WebVue, WebSched
|
| 31 |
CVE-2026-1698
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler w
|
| 31 |
CVE-2026-33035
## Summary
AVideo contains a reflected XSS vulnerability that allows unauthenti
|
| 31 |
CVE-2025-14063
The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross
|
| 31 |
CVE-2026-22176
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability i
|
| 31 |
CVE-2025-13676
The JustClick registration plugin for WordPress is vulnerable to Reflected Cross
|
| 31 |
CVE-2026-1127
The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross
|
| 31 |
CVE-2026-21443
OpenEMR is a free and open source electronic health records and medical practice
|
| 31 |
CVE-2026-1666
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site
|
| 31 |
CVE-2026-2830
The WP All Import - Drag & Drop Import for CSV, XML, Excel & Google Sheets plugi
|
| 31 |
CVE-2026-1838
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting
|
| 31 |
CVE-2026-5226
The Optimole - Optimize Images in Real Time plugin for WordPress is vulnerable t
|
| 31 |
CVE-2026-1706
The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cro
|
| 31 |
CVE-2026-33622
### Summary
PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execut
|
| 31 |
CVE-2026-28222
Wagtail is an open source content management system built on Django. Prior to ve
|
| 31 |
CVE-2026-1795
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site S
|
| 31 |
CVE-2026-1754
The personal-authors-category plugin for WordPress is vulnerable to Reflected Cr
|
| 31 |
CVE-2026-28223
Wagtail is an open source content management system built on Django. Prior to ve
|
| 31 |
CVE-2025-36066
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00
|
| 31 |
CVE-2026-1796
The StyleBidet plugin for WordPress is vulnerable to Reflected Cross-Site Script
|
| 31 |
CVE-2026-1792
The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting
|
| 31 |
CVE-2026-0788
ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability.
|
| 31 |
CVE-2026-4394
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script
|
| 31 |
CVE-2026-3572
The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery
|
| 31 |
CVE-2026-26169
Buffer over-read in Windows Kernel Memory allows an authorized attacker to discl
|
| 31 |
CVE-2026-2506
The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site S
|
| 31 |
CVE-2026-2502
The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Si
|
| 31 |
CVE-2025-33135
IBM Financial Transaction Manager for ACH Services and Check Services for Multi-
|
| 31 |
CVE-2026-1404
The Ultimate Member - User Profile, Registration, Login, Member Directory, Conte
|
| 31 |
CVE-2026-27210
Pannellum is a lightweight, free, and open source panorama viewer for the web. I
|
| 31 |
CVE-2026-2277
The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Script
|
| 31 |
CVE-2026-0512
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationsh
|
| 31 |
CVE-2026-34614
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cro
|
| 31 |
CVE-2026-21331
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cro
|
| 31 |
CVE-2026-0561
The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site S
|
| 31 |
CVE-2025-14076
The iXML - Google XML sitemap generator plugin for WordPress is vulnerable to Re
|
| 31 |
CVE-2025-11706
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Si
|
| 31 |
CVE-2025-12473
The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting
|
| 31 |
CVE-2025-13910
The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cro
|
| 31 |
CVE-2026-27469
Isso is a lightweight commenting server written in Python and JavaScript. In com
|
| 31 |
CVE-2026-4146
The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Sc
|
| 31 |
CVE-2026-1986
The FloristPress for Woo - Customize your eCommerce store for your Florist plugi
|
| 31 |
CVE-2026-1647
The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Sc
|
| 31 |
CVE-2025-46320
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homep
|
| 31 |
CVE-2026-1696
Some HTTP security headers are not properly set by the web server when sending r
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2305d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2118d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1732d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2235d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1005d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3760d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 907d |