Total CVEs
17852
last 90 days
Avg Priority
34.1
of max 220
KEV
31
actively exploited
POC
2281
public exploits
Unpatched
3557
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
Priority Distribution
| Priority | CVE |
|---|---|
| 50 |
CVE-2026-42160
Data Space Portal is an open-source Software as a Service (SaaS) solution design
|
| 50 |
CVE-2026-9152
A missing authentication vulnerability exists in the Altium 365 SearchService. A
|
| 50 |
CVE-2026-47280
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized a
|
| 50 |
CVE-2026-35431
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management
|
| 50 |
CVE-2026-32186
Microsoft Bing Elevation of Privilege Vulnerability
|
| 50 |
CVE-2026-34208
### Summary
SandboxJS blocks direct assignment to global objects (for example `M
|
| 50 |
CVE-2026-28353
Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabiliti
|
| 50 |
CVE-2026-33054
#### Summary
A Path Traversal vulnerability allows any user (or attacker) supply
|
| 50 |
CVE-2025-54328
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor,
|
| 50 |
CVE-2026-33107
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized at
|
| 50 |
CVE-2026-32213
Improper authorization in Azure AI Foundry allows an unauthorized attacker to el
|
| 50 |
CVE-2026-33105
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthori
|
| 50 |
CVE-2026-33844
Improper input validation in Azure Managed Instance for Apache Cassandra allows
|
| 50 |
CVE-2025-15036
A path traversal vulnerability exists in the `extract_archive_to_dir` function w
|
| 50 |
CVE-2026-26954
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to
|
| 50 |
CVE-2026-44006
### Summary
It is possible to reach `BaseHandler.getPrototypeOf`, which can be
|
| 50 |
CVE-2026-43997
### Summary
It is possible to obtain the host `Object`, https://github.com/patr
|
| 50 |
CVE-2026-4745
Improper Control of Generation of Code ('Code Injection') vulnerability in dendi
|
| 50 |
CVE-2026-44329
### Summary
free5GC's SMF mounts the `UPI` management route group without OAuth2
|
| 50 |
CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vuln
|
| 50 |
CVE-2026-45087
# GHSA: Unauthenticated Remote Code Execution via `found-action` in Dalfox Serve
|
| 50 |
CVE-2026-44005
### Summary
vm2's bridge exposes mutable proxies for real host-realm intrinsic p
|
| 50 |
CVE-2026-45444
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift
|
| 50 |
CVE-2026-41070
# Summary
When `openvpn-auth-oauth2` is deployed in the **experimental plugin m
|
| 50 |
CVE-2026-4606
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components wi
|
| 50 |
CVE-2026-30966
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 50 |
CVE-2026-33494
## Description
Ory Oathkeeper is vulnerable to an authorization bypass via HTTP
|
| 50 |
CVE-2026-4746
Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/sr
|
| 50 |
CVE-2026-32737
### Impact
Due to a mis-written NetworkPolicy, a malicious actor can pivot from
|
| 50 |
CVE-2026-21708
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE)
|
| 50 |
CVE-2026-44327
### Summary
free5GC's NEF mounts the `nnef-oam` route group without inbound OAut
|
| 50 |
CVE-2026-4370
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from
|
| 50 |
CVE-2026-34976
The `restoreTenant` admin mutation is missing from the authorization middleware
|
| 50 |
CVE-2026-3325
SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” par
|
| 50 |
CVE-2026-42287
Emlog is an open source website building system. Prior to version 2.6.11, direct
|
| 50 |
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to
|
| 50 |
CVE-2025-48611
In DeviceId of DeviceId.java, there is a possible desync in persistence due to a
|
| 50 |
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain
|
| 50 |
CVE-2026-34865
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitat
|
| 50 |
CVE-2026-4688
Sandbox escape due to use-after-free in the Disability Access APIs component. Th
|
| 50 |
CVE-2026-4725
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This v
|
| 50 |
CVE-2026-46595
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server
|
| 50 |
CVE-2025-15638
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of lib
|
| 50 |
CVE-2026-5058
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulne
|
| 50 |
CVE-2026-42996
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer
|
| 50 |
CVE-2026-5059
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. Th
|
| 50 |
CVE-2026-44523
#### Summary
No minimum length or entropy is enforced on the `JWT_SECRET` confi
|
| 50 |
CVE-2026-4692
Sandbox escape in the Responsive Design Mode component. This vulnerability affec
|
| 50 |
CVE-2026-30836
⚠️ **Limited Disclosure - Full Details Pending**
A critical security vulnerabil
|
| 50 |
CVE-2026-46339
## Summary
9router exposes two unauthenticated API endpoints that, when chained
|
| 50 |
CVE-2026-46412
## Summary
Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compr
|
| 50 |
CVE-2026-34909
A malicious actor with access to the network could exploit a Path Traversal vuln
|
| 50 |
CVE-2026-46695
#### Summary
Boxlite is a sandbox service that allows users to create lightweig
|
| 50 |
CVE-2026-43898
### Summary
Sandbox-defined functions expose `Function.caller`, allowing sandbox
|
| 50 |
CVE-2026-44330
### Summary
free5GC's NEF mounts the `nnef-pfdmanagement` route group without in
|
| 50 |
CVE-2026-46840
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). S
|
| 50 |
CVE-2026-36767
A path traversal vulnerability in the /content/images/add endpoint of shopizer v
|
| 50 |
CVE-2026-34910
A malicious actor with access to the network could exploit an Improper Input Val
|
| 50 |
CVE-2026-33712
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview cha
|
| 50 |
CVE-2026-20223
A vulnerability in the access validation of internal REST APIs of Cisco Sec
|
| 50 |
CVE-2026-34908
A malicious actor with access to the network could exploit an Improper Access Co
|
| 50 |
CVE-2026-34838
Group-Office is an enterprise customer relationship management and groupware too
|
| 50 |
CVE-2026-21667
A vulnerability allowing an authenticated domain user to perform remote code exe
|
| 50 |
CVE-2026-21666
A vulnerability allowing an authenticated domain user to perform remote code exe
|
| 50 |
CVE-2026-27130
Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 a
|
| 50 |
CVE-2026-35031
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 c
|
| 50 |
CVE-2026-41512
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0
|
| 50 |
CVE-2026-20186
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authentic
|
| 50 |
CVE-2026-20147
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem
|
| 50 |
CVE-2026-32306
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 50 |
CVE-2026-20180
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authentic
|
| 50 |
CVE-2026-21669
A vulnerability allowing an authenticated domain user to perform remote code exe
|
| 50 |
CVE-2026-32604
Spinnaker is an open source, multi-cloud continuous delivery platform. In versio
|
| 50 |
CVE-2026-42364
An os command injection vulnerability exists in the DdnsSetting.cgi functionalit
|
| 50 |
CVE-2026-39842
### Summary
The OpenRemote IoT platform's rules engine contains two interrelated
|
| 50 |
CVE-2026-43999
## Summary
NodeVM's `builtin` allowlist can be bypassed when the `module` builti
|
| 50 |
CVE-2026-34612
Kestra is an open-source, event-driven orchestration platform. Prior to version
|
| 50 |
CVE-2026-44050
In Netatalk 2.0.0 through 4.4.2, heap buffer overflow in cnid daemon comm_rcv().
|
| 50 |
CVE-2026-28466
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in w
|
| 50 |
CVE-2025-66956
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Assec
|
| 50 |
CVE-2026-32938
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, t
|
| 50 |
CVE-2026-40411
Improper input validation in Azure Virtual Network Gateway allows an authorized
|
| 50 |
CVE-2026-39888
## Summary
`execute_code()` in `praisonaiagents.tools.python_tools` defaults to
|
| 50 |
CVE-2026-21515
Exposure of sensitive information to an unauthorized actor in Azure IOT Central
|
| 50 |
CVE-2026-42196
### Impact
`S3FileMiddleware` is vulnerable to relative path traversal attacks,
|
| 50 |
CVE-2026-40342
Firebird is an open-source relational database management system. In versions pr
|
| 50 |
CVE-2026-42454
Termix is a web-based server management platform with SSH terminal, tunneling, a
|
| 50 |
CVE-2026-40933
### Summary
Due to unsafe serialization of stdio commands in the MCP adapter, an
|
| 50 |
CVE-2026-26137
Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allo
|
| 50 |
CVE-2026-34571
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 776d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2344d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2157d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1771d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2274d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 5021d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1242d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1044d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3799d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 946d |