Total CVEs
16293
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3540
public exploits
Unpatched
5441
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 52 |
CVE-2020-37014
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user
|
| 52 |
CVE-2020-36996
PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in th
|
| 52 |
CVE-2019-25265
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerabilit
|
| 52 |
CVE-2020-37103
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that all
|
| 52 |
CVE-2019-25301
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability
|
| 52 |
CVE-2026-25805
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which
|
| 52 |
CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and
|
| 52 |
CVE-2019-25399
IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulner
|
| 52 |
CVE-2020-37003
Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerabilit
|
| 52 |
CVE-2024-54855
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static
|
| 52 |
CVE-2020-37022
OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the
|
| 52 |
CVE-2026-1410
A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impact
|
| 52 |
CVE-2019-25264
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that all
|
| 52 |
CVE-2019-25263
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerab
|
| 52 |
CVE-2020-36998
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scriptin
|
| 52 |
CVE-2021-47906
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the a
|
| 52 |
CVE-2020-37018
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that all
|
| 52 |
CVE-2021-47912
PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vul
|
| 52 |
CVE-2020-36960
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows a
|
| 52 |
CVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the v
|
| 52 |
CVE-2020-36966
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP
|
| 52 |
CVE-2019-25448
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows
|
| 52 |
CVE-2019-25316
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that all
|
| 52 |
CVE-2019-25315
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulne
|
| 52 |
CVE-2019-25311
thesystem version 1.0 contains a persistent cross-site scripting vulnerability t
|
| 52 |
CVE-2019-25404
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability
|
| 52 |
CVE-2019-25403
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability
|
| 52 |
CVE-2015-20119
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vu
|
| 52 |
CVE-2019-25373
OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows a
|
| 52 |
CVE-2019-25369
OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system
|
| 52 |
CVE-2018-25157
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allow
|
| 52 |
CVE-2021-47914
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability
|
| 52 |
CVE-2021-47917
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user
|
| 52 |
CVE-2020-36978
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripti
|
| 52 |
CVE-2020-36954
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vu
|
| 52 |
CVE-2020-36956
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodej
|
| 52 |
CVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allo
|
| 52 |
CVE-2021-47919
Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in t
|
| 52 |
CVE-2021-47834
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that
|
| 52 |
CVE-2020-36955
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site script
|
| 52 |
CVE-2019-25317
Kimai 2 contains a persistent cross-site scripting vulnerability that allows att
|
| 52 |
CVE-2026-4204
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,
|
| 52 |
CVE-2026-4210
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3
|
| 52 |
CVE-2026-3101
A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability aff
|
| 52 |
CVE-2026-2131
A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This v
|
| 52 |
CVE-2026-2135
A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element
|
| 52 |
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e3
|
| 52 |
CVE-2026-4205
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 52 |
CVE-2026-4206
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32
|
| 52 |
CVE-2026-4207
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 52 |
CVE-2026-3065
A vulnerability was detected in HummerRisk up to 1.5.0. This affects the functio
|
| 52 |
CVE-2026-3064
A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected b
|
| 52 |
CVE-2026-3066
A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the
|
| 52 |
CVE-2026-4209
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
|
| 52 |
CVE-2026-4203
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS
|
| 52 |
CVE-2026-2527
A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is
|
| 52 |
CVE-2026-2529
A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affect
|
| 52 |
CVE-2026-2528
A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by
|
| 52 |
CVE-2026-2956
A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This aff
|
| 52 |
CVE-2026-2526
A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the
|
| 52 |
CVE-2026-2535
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is t
|
| 52 |
CVE-2026-2530
A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affect
|
| 52 |
CVE-2026-2534
A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element
|
| 52 |
CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d
|
| 52 |
CVE-2026-2560
A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted e
|
| 52 |
CVE-2026-2823
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is t
|
| 52 |
CVE-2026-2824
A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_44
|
| 52 |
CVE-2026-3102
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affe
|
| 52 |
CVE-2026-2218
A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This affects an
|
| 52 |
CVE-2026-4543
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is
|
| 52 |
CVE-2026-4192
A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by
|
| 52 |
CVE-2026-1144
A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an
|
| 52 |
CVE-2026-1414
A vulnerability was determined in Sangfor Operation and Maintenance Security Man
|
| 52 |
CVE-2026-2193
A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this
|
| 52 |
CVE-2026-1544
A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the f
|
| 52 |
CVE-2026-2169
A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknow
|
| 52 |
CVE-2026-2168
A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_4
|
| 52 |
CVE-2026-2623
A flaw has been found in Blossom up to 1.17.1. This issue affects the function p
|
| 52 |
CVE-2026-3795
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the f
|
| 52 |
CVE-2026-3789
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function g
|
| 52 |
CVE-2026-3749
A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affec
|
| 52 |
CVE-2026-1145
A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulne
|
| 52 |
CVE-2026-1812
A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts
|
| 52 |
CVE-2026-1810
A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted el
|
| 52 |
CVE-2026-3748
A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the fu
|
| 52 |
CVE-2026-3067
A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the
|
| 52 |
CVE-2026-3289
A weakness has been identified in Sanluan PublicCMS 6.202506.d. This impacts the
|
| 52 |
CVE-2026-2008
A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060
|
| 52 |
CVE-2026-3051
A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected ele
|
| 52 |
CVE-2026-2076
A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |