Total CVEs
16293
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3540
public exploits
Unpatched
5441
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 19 |
CVE-2026-37977
A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resou
|
| 18 |
CVE-2026-40097
Step CA is an online certificate authority for secure, automated certificate man
|
| 18 |
CVE-2026-40184
TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded pho
|
| 18 |
CVE-2025-55275
HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using
|
| 18 |
CVE-2026-40194
phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1
|
| 18 |
CVE-2026-32722
## Summary
Prior to Memray 1.19.2, Memray rendered the command line of the trac
|
| 18 |
CVE-2026-31863
Anytype Heart is the middleware library for Anytype. The challenge-based authent
|
| 18 |
CVE-2026-0995
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under cert
|
| 18 |
CVE-2026-24509
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Im
|
| 18 |
CVE-2026-5115
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta de
|
| 18 |
CVE-2026-32018
OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in c
|
| 18 |
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in
|
| 18 |
CVE-2026-2345
Proctorio Chrome Extension is a browser extension used for online proctoring. Th
|
| 18 |
CVE-2026-32909
OpenClaw before 2026.2.19 contains a command injection vulnerability in tools.ex
|
| 18 |
CVE-2025-55249
HCL AION is affected by a Missing Security Response Headers vulnerability. The a
|
| 18 |
CVE-2026-23738
Asterisk is an open source private branch exchange and telephony toolkit. Prior
|
| 18 |
CVE-2025-1823
IBM Jazz Reporting Service could allow an authenticated user on the host network
|
| 18 |
CVE-2025-2134
IBM Jazz Reporting Service could allow an authenticated user on the network to a
|
| 18 |
CVE-2025-27550
IBM Jazz Reporting Service could allow an authenticated user on the host network
|
| 18 |
CVE-2026-1161
A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the f
|
| 18 |
CVE-2026-1136
A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a
|
| 18 |
CVE-2026-4175
A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected ele
|
| 18 |
CVE-2026-24048
Backstage is an open framework for building developer portals, and @backstage/ba
|
| 18 |
CVE-2026-3946
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown
|
| 18 |
CVE-2026-3983
A security flaw has been discovered in Campcodes Division Regional Athletic Meet
|
| 18 |
CVE-2026-3984
A weakness has been identified in Campcodes Division Regional Athletic Meet Game
|
| 18 |
CVE-2026-20137
In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and
|
| 18 |
CVE-2026-4354
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impa
|
| 18 |
CVE-2026-2825
A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This imp
|
| 18 |
CVE-2026-4355
A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknow
|
| 18 |
CVE-2026-3720
A security flaw has been discovered in 1024-lab/lab1024 SmartAdmin up to 3.29. I
|
| 18 |
CVE-2025-52603
HCL Connections is vulnerable to information disclosure. In a very specific use
|
| 18 |
CVE-2026-1147
A vulnerability was found in SourceCodester/Patrick Mvuma Patients Waiting Area
|
| 18 |
CVE-2026-1146
A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting
|
| 18 |
CVE-2026-33422
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
|
| 18 |
CVE-2026-2709
A flaw has been found in busy up to 2.5.5. The affected element is an unknown fu
|
| 18 |
CVE-2026-1282
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6
|
| 18 |
CVE-2026-24310
Due to missing authorization check in SAP NetWeaver Application Server for ABAP,
|
| 18 |
CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.
|
| 18 |
CVE-2025-58409
Software installed and run as a non-privileged user may conduct improper GPU sys
|
| 18 |
CVE-2026-25764
OpenProject is an open-source, web-based project management software. Prior to v
|
| 18 |
CVE-2026-33426
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
|
| 18 |
CVE-2025-36411
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow a
|
| 18 |
CVE-2025-67852
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login fl
|
| 18 |
CVE-2025-14594
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11
|
| 18 |
CVE-2025-12704
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef
|
| 18 |
CVE-2026-3721
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The af
|
| 18 |
CVE-2026-1406
A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038c
|
| 18 |
CVE-2026-0798
Gitea may send release notification emails for private repositories to users who
|
| 18 |
CVE-2026-22281
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 throug
|
| 18 |
CVE-2026-35679
Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under cert
|
| 18 |
CVE-2026-35400
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app
|
| 18 |
CVE-2025-55270
HCL Aftermarket DPC is affected by Improper Input Validation which allows an att
|
| 18 |
CVE-2026-40077
Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in t
|
| 17 |
CVE-2026-23686
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java,
|
| 17 |
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment
|
| 17 |
CVE-2026-0519
In Secure Access 12.70 and prior to 14.20, the logging
subsystem may write an u
|
| 17 |
CVE-2026-21422
Dell PowerScale OneFS, versions 9.10.0.0 through 9.10.1.5 and versions 9.11.0.0
|
| 17 |
CVE-2025-68467
Dark Reader is an accessibility browser extension that makes web pages colors da
|
| 17 |
CVE-2026-33404
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level
|
| 17 |
CVE-2026-2271
A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker c
|
| 17 |
CVE-2026-21249
External control of file name or path in Windows NTLM allows an unauthorized att
|
| 17 |
CVE-2026-33529
# Authenticated Path Traversal to RCE via Configuration Import
## Summary
An a
|
| 17 |
CVE-2026-20730
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows
|
| 17 |
CVE-2026-28864
This issue was addressed with improved permissions checking. This issue is fixed
|
| 17 |
CVE-2026-28893
A privacy issue was addressed with improved handling of temporary files. This is
|
| 17 |
CVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts th
|
| 17 |
CVE-2025-26474
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause informatio
|
| 17 |
CVE-2025-15320
Tanium addressed a denial of service vulnerability in Tanium Client.
|
| 17 |
CVE-2025-15535
A security flaw has been discovered in nicbarker clay up to 0.14. This affects t
|
| 17 |
CVE-2026-22978
In the Linux kernel, the following vulnerability has been resolved:
wifi: avoid
|
| 17 |
CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved:
net/handsha
|
| 17 |
CVE-2026-20684
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 17 |
CVE-2025-12343
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backe
|
| 17 |
CVE-2026-4010
A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130
|
| 17 |
CVE-2026-2889
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the functi
|
| 17 |
CVE-2026-22760
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Imprope
|
| 17 |
CVE-2026-3407
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the fun
|
| 17 |
CVE-2026-2903
A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check
|
| 17 |
CVE-2026-0965
A flaw was found in libssh where it can attempt to open arbitrary files during c
|
| 17 |
CVE-2026-3382
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted elem
|
| 17 |
CVE-2026-2245
A vulnerability was identified in CCExtractor up to 183. This affects the functi
|
| 17 |
CVE-2026-3606
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vuln
|
| 17 |
CVE-2026-3393
A security vulnerability has been detected in jarikomppa soloud up to 20200207.
|
| 17 |
CVE-2025-15567
Insufficient protection mechanisms in the Health Module may lead to partial info
|
| 17 |
CVE-2026-20601
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 17 |
CVE-2026-21786
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnam
|
| 17 |
CVE-2026-20646
A logging issue was addressed with improved data redaction. This issue is fixed
|
| 17 |
CVE-2026-2858
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the f
|
| 17 |
CVE-2026-27007
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHa
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |