Total CVEs
16314
last 90 days
Avg Priority
36.8
of max 220
KEV
39
actively exploited
POC
3311
public exploits
Unpatched
4716
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 40 |
CVE-2025-4764
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 40 |
CVE-2026-6290
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plu
|
| 40 |
CVE-2025-59487
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver
|
| 40 |
CVE-2026-21523
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual S
|
| 40 |
CVE-2025-9974
The unified WEBUI application of the ONT/Beacon device contains an input handlin
|
| 40 |
CVE-2025-59891
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server
|
| 40 |
CVE-2025-59893
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server
|
| 40 |
CVE-2025-59894
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server
|
| 40 |
CVE-2025-59892
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server
|
| 40 |
CVE-2026-35589
nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site
|
| 40 |
CVE-2026-32014
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability w
|
| 40 |
CVE-2025-55041
MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functi
|
| 40 |
CVE-2026-31281
Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can i
|
| 40 |
CVE-2025-3839
A flaw was found in Epiphany, a tool that allows websites to open external URL h
|
| 40 |
CVE-2026-33183
### Impact
Users with MockResponse fixtures that use path traversal.
### Patche
|
| 40 |
CVE-2025-15558
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli
|
| 40 |
CVE-2025-62673
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver
|
| 40 |
CVE-2025-61983
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver
|
| 40 |
CVE-2025-62405
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver
|
| 40 |
CVE-2025-62404
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver
|
| 40 |
CVE-2025-7659
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2
|
| 40 |
CVE-2026-40321
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS
|
| 40 |
CVE-2026-25166
Deserialization of untrusted data in Windows System Image Manager allows an auth
|
| 40 |
CVE-2026-21569
This High severity XXE (XML External Entity Injection) vulnerability was introdu
|
| 40 |
CVE-2026-32768
### Impact
Due to a mis-written NetworkPolicy, a malicious actor can pivot from
|
| 40 |
CVE-2026-28364
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deser
|
| 40 |
CVE-2026-40149
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/ap
|
| 40 |
CVE-2026-24844
melange allows users to build apk packages using declarative pipelines. From ver
|
| 40 |
CVE-2025-30513
Race condition for some TDX Module within Ring 0: Hypervisor may allow an escala
|
| 40 |
CVE-2025-35998
Missing protection mechanism for alternate hardware interface in the Intel(R) Qu
|
| 40 |
CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier,
|
| 40 |
CVE-2025-65104
Firebird is an open-source relational database management system. In versions FB
|
| 39 |
CVE-2026-26208
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Exp
|
| 39 |
CVE-2025-33243
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem
|
| 39 |
CVE-2026-0634
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows
|
| 39 |
CVE-2025-33252
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem
|
| 39 |
CVE-2025-33247
NVIDIA Megatron LM contains a vulnerability in quantization configuration loadin
|
| 39 |
CVE-2025-33241
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem
|
| 39 |
CVE-2026-0596
A command injection vulnerability exists in mlflow/mlflow when serving a model w
|
| 39 |
CVE-2025-15350
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Cod
|
| 39 |
CVE-2025-15351
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Cod
|
| 39 |
CVE-2025-15348
Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code
|
| 39 |
CVE-2024-14026
A command injection vulnerability has been reported to affect several QNAP opera
|
| 39 |
CVE-2025-33250
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem
|
| 39 |
CVE-2025-33251
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem
|
| 39 |
CVE-2025-33253
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause rem
|
| 39 |
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function
|
| 39 |
CVE-2026-26162
Access of resource using incompatible type ('type confusion') in Windows OLE all
|
| 39 |
CVE-2025-60038
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an a
|
| 39 |
CVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is incl
|
| 39 |
CVE-2025-60037
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an a
|
| 39 |
CVE-2025-60036
A vulnerability has been identified in the UA.Testclient utility, which is inclu
|
| 39 |
CVE-2026-25187
Improper link resolution before file access ('link following') in Winlogon allow
|
| 39 |
CVE-2025-52365
A command injection vulnerability in the szc script of the ccurtsinger/stabilize
|
| 39 |
CVE-2026-26156
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to
|
| 39 |
CVE-2026-24157
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an at
|
| 39 |
CVE-2026-24159
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remot
|
| 39 |
CVE-2026-20841
Improper neutralization of special elements used in a command ('command injectio
|
| 39 |
CVE-2025-11002
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability.
|
| 39 |
CVE-2025-57283
The Node.js package browserstack-local 1.5.8 contains a command injection vulner
|
| 39 |
CVE-2026-26170
Improper input validation in Microsoft PowerShell allows an authorized attacker
|
| 39 |
CVE-2026-26161
Untrusted pointer dereference in Windows Sensor Data Service allows an authorize
|
| 39 |
CVE-2026-29144
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass
|
| 39 |
CVE-2026-29143
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authentica
|
| 39 |
CVE-2026-25063
gradle-completion provides Bash and Zsh completion support for Gradle. A command
|
| 39 |
CVE-2026-27907
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allo
|
| 39 |
CVE-2026-24765
PHPUnit is a testing framework for PHP. A vulnerability has been discovered in v
|
| 39 |
CVE-2026-27909
Use after free in Microsoft Windows Search Component allows an authorized attack
|
| 39 |
CVE-2026-2048
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T
|
| 39 |
CVE-2026-2045
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T
|
| 39 |
CVE-2026-35043
Commit ce53491 (March 24) fixed command injection via `system_packages` in Docke
|
| 39 |
CVE-2026-33874
Gematik Authenticator securely authenticates users for login to digital health a
|
| 39 |
CVE-2025-15059
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
|
| 39 |
CVE-2026-24287
External control of file name or path in Windows Kernel allows an authorized att
|
| 39 |
CVE-2026-0777
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. Th
|
| 39 |
CVE-2026-0758
mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vu
|
| 39 |
CVE-2026-2044
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability.
|
| 39 |
CVE-2026-4154
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This
|
| 39 |
CVE-2026-4150
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This
|
| 39 |
CVE-2026-2922
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerabil
|
| 39 |
CVE-2026-3084
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerabili
|
| 39 |
CVE-2026-4151
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This
|
| 39 |
CVE-2026-3086
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerabi
|
| 39 |
CVE-2026-2921
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. Thi
|
| 39 |
CVE-2026-2923
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability.
|
| 39 |
CVE-2026-24152
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attac
|
| 39 |
CVE-2026-24151
NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may
|
| 39 |
CVE-2025-33248
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script wher
|
| 39 |
CVE-2026-24289
Use after free in Windows Kernel allows an authorized attacker to elevate privil
|
| 39 |
CVE-2026-0797
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1732d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1005d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3760d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 907d |