Total CVEs
16339
last 90 days
Avg Priority
36.8
of max 220
KEV
42
actively exploited
POC
3311
public exploits
Unpatched
4725
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 39 |
CVE-2026-26141
Improper authentication in Azure Arc allows an authorized attacker to elevate pr
|
| 39 |
CVE-2026-27927
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32089
Use after free in Windows Speech Brokered Api allows an authorized attacker to e
|
| 39 |
CVE-2026-32857
Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) p
|
| 39 |
CVE-2026-32165
Use after free in Windows User Interface Core allows an authorized attacker to e
|
| 39 |
CVE-2026-20610
This issue was addressed with improved handling of symlinks. This issue is fixed
|
| 39 |
CVE-2026-32164
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-32163
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-27911
Concurrent execution using shared resource with improper synchronization ('race
|
| 39 |
CVE-2026-23073
In the Linux kernel, the following vulnerability has been resolved:
wifi: rsi:
|
| 39 |
CVE-2026-23105
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 39 |
CVE-2026-23083
In the Linux kernel, the following vulnerability has been resolved:
fou: Don't
|
| 39 |
CVE-2026-23103
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: Mak
|
| 39 |
CVE-2026-23089
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-a
|
| 39 |
CVE-2025-33246
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Eval
|
| 39 |
CVE-2026-21341
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-21346
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds writ
|
| 39 |
CVE-2026-21352
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write v
|
| 39 |
CVE-2026-21349
Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds wri
|
| 39 |
CVE-2026-27278
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are
|
| 39 |
CVE-2026-27276
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free
|
| 39 |
CVE-2026-27220
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are
|
| 39 |
CVE-2026-27292
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vu
|
| 39 |
CVE-2026-27309
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free
|
| 39 |
CVE-2026-27277
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free
|
| 39 |
CVE-2026-27283
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After F
|
| 39 |
CVE-2026-23208
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-a
|
| 39 |
CVE-2026-23221
In the Linux kernel, the following vulnerability has been resolved:
bus: fsl-mc
|
| 39 |
CVE-2026-23234
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix t
|
| 39 |
CVE-2026-23216
In the Linux kernel, the following vulnerability has been resolved:
scsi: targe
|
| 39 |
CVE-2026-23231
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2025-71238
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2x
|
| 39 |
CVE-2026-23111
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-23209
In the Linux kernel, the following vulnerability has been resolved:
macvlan: fi
|
| 39 |
CVE-2026-23222
In the Linux kernel, the following vulnerability has been resolved:
crypto: oma
|
| 39 |
CVE-2026-23198
In the Linux kernel, the following vulnerability has been resolved:
KVM: Don't
|
| 39 |
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local
|
| 39 |
CVE-2026-0538
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force
|
| 39 |
CVE-2026-25546
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godo
|
| 39 |
CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 39 |
CVE-2026-0875
A maliciously crafted MODEL file, when parsed through certain Autodesk products,
|
| 39 |
CVE-2026-0874
A maliciously crafted CATPART file, when parsed through certain Autodesk product
|
| 39 |
CVE-2026-0659
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or
|
| 39 |
CVE-2026-21343
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-21344
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-21347
Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow o
|
| 39 |
CVE-2026-34937
### Summary
`run_python()` in `praisonai` constructs a shell command string by
|
| 39 |
CVE-2026-20615
A path handling issue was addressed with improved validation. This issue is fixe
|
| 39 |
CVE-2026-21353
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or W
|
| 39 |
CVE-2026-21345
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-20614
A path handling issue was addressed with improved validation. This issue is fixe
|
| 39 |
CVE-2026-23092
In the Linux kernel, the following vulnerability has been resolved:
iio: dac: a
|
| 39 |
CVE-2026-23066
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix
|
| 39 |
CVE-2026-23068
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-sp
|
| 39 |
CVE-2026-23012
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/co
|
| 39 |
CVE-2026-23077
In the Linux kernel, the following vulnerability has been resolved:
mm/vma: fix
|
| 39 |
CVE-2026-34618
Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds w
|
| 39 |
CVE-2026-27273
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-27296
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflo
|
| 39 |
CVE-2026-27293
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer
|
| 39 |
CVE-2026-27274
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2025-70083
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecomman
|
| 39 |
CVE-2026-34628
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27298
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resour
|
| 39 |
CVE-2026-27275
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-27280
DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write v
|
| 39 |
CVE-2026-34630
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-27295
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds wr
|
| 39 |
CVE-2026-27279
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-27294
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds re
|
| 39 |
CVE-2026-34631
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write
|
| 39 |
CVE-2026-21362
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds w
|
| 39 |
CVE-2025-61982
An arbitrary code execution vulnerability exists in the Code Stream directive fu
|
| 39 |
CVE-2026-27267
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buff
|
| 39 |
CVE-2026-27271
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffe
|
| 39 |
CVE-2026-27297
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflo
|
| 39 |
CVE-2026-27272
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds w
|
| 39 |
CVE-2026-34627
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27284
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-27238
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27291
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-34629
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based
|
| 39 |
CVE-2026-27313
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-27289
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds rea
|
| 39 |
CVE-2026-33139
### Summary
PySpector versions `<= 0.1.6` are affected by a security validation
|
| 39 |
CVE-2026-27269
Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vul
|
| 39 |
CVE-2025-63421
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local at
|
| 39 |
CVE-2026-23184
In the Linux kernel, the following vulnerability has been resolved:
binder: fix
|
| 39 |
CVE-2026-23185
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwi
|
| 39 |
CVE-2026-23162
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/nvm:
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1733d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1006d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3760d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 908d |