Total CVEs
16287
last 90 days
Avg Priority
36.7
of max 220
KEV
42
actively exploited
POC
3308
public exploits
Unpatched
4708
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 31 |
CVE-2026-29969
A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.aspx endpoin
|
| 31 |
CVE-2026-2026
A vulnerability has been identified where weak file permissions in the Nessus Ag
|
| 31 |
CVE-2026-40340
libgphoto2 is a camera access and control library. Versions up to and including
|
| 31 |
CVE-2026-20978
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allow
|
| 31 |
CVE-2026-22614
The encryption mechanism used in Eaton's EasySoft project file was insecure and
|
| 31 |
CVE-2026-34852
Stack overflow vulnerability in the media platform.
Impact: Successful exploitat
|
| 31 |
CVE-2026-3635
Summary
When trustProxy is configured with a restrictive trust function (e.g., a
|
| 31 |
CVE-2025-61645
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 31 |
CVE-2025-67652
An attacker with access to the project file could use the exposed
credentials t
|
| 31 |
CVE-2026-25854
Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in
|
| 31 |
CVE-2026-24924
Vulnerability of improper permission control in the print module.
Impact: Succes
|
| 30 |
CVE-2026-32903
OpenClaw before 2026.3.2 contains a symlink traversal vulnerability in stageSand
|
| 30 |
CVE-2026-33343
### Impact
_What kind of vulnerability is it? Who is impacted?_
An authenticate
|
| 30 |
CVE-2026-3644
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Mor
|
| 30 |
CVE-2026-1776
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a
|
| 30 |
CVE-2026-35670
OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that a
|
| 30 |
CVE-2026-32700
### Impact
A race condition in Devise's Confirmable module allows an attacker t
|
| 30 |
CVE-2026-33952
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
|
| 30 |
CVE-2026-32017
OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability i
|
| 30 |
CVE-2026-30231
Flare is a Next.js-based, self-hostable file sharing platform that integrates wi
|
| 30 |
CVE-2026-34765
### Impact
When a renderer calls `window.open()` with a target name, Electron di
|
| 30 |
CVE-2026-3446
When calling base64.b64decode() or related functions the decoding process would
|
| 30 |
CVE-2026-20136
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisc
|
| 30 |
CVE-2026-32022
OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerab
|
| 30 |
CVE-2026-28214
Firebird is an open-source relational database management system. In versions pr
|
| 30 |
CVE-2026-35622
OpenClaw before 2026.3.22 contains an improper authentication verification vulne
|
| 30 |
CVE-2026-5446
In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identic
|
| 30 |
CVE-2026-4619
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attack
|
| 30 |
CVE-2026-1079
A native messaging host vulnerability in Pega Browser Extension (PBE) affects us
|
| 30 |
CVE-2026-28460
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability i
|
| 30 |
CVE-2026-32033
OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerability wher
|
| 30 |
CVE-2026-34210
### Impact
The `stripe/charge` payment method did not check Stripe's `Idempoten
|
| 30 |
CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can tr
|
| 30 |
CVE-2025-68649
An improper limitation of a pathname to a restricted directory ('path traversal'
|
| 30 |
CVE-2025-49784
An improper neutralization of special elements used in an sql command ('sql inje
|
| 30 |
CVE-2026-26060
### Summary
A vulnerability in Fleet’s password management logic could allow pr
|
| 30 |
CVE-2026-32037
OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chai
|
| 30 |
CVE-2026-35658
OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in
|
| 30 |
CVE-2026-32023
OpenClaw versions prior to 2026.2.24 contain an approval gating bypass vulnerabi
|
| 30 |
CVE-2025-12624
Active access tokens are not revoked or invalidated when a user account is locke
|
| 30 |
CVE-2026-34511
OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter i
|
| 30 |
CVE-2026-20008
A vulnerability in a small subset of CLI commands that are used on Cisco Secure
|
| 30 |
CVE-2026-22615
Due to improper
input validation in one of the Eaton Intelligent Power Protector
|
| 30 |
CVE-2025-61624
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
|
| 30 |
CVE-2026-21985
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 30 |
CVE-2026-21963
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 30 |
CVE-2026-20982
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privile
|
| 30 |
CVE-2026-4224
When an Expat parser with a registered ElementDeclHandler parses an inline
docum
|
| 30 |
CVE-2026-39670
Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview v
|
| 30 |
CVE-2026-20063
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authentic
|
| 30 |
CVE-2025-24851
Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller
|
| 30 |
CVE-2025-48508
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow
|
| 30 |
CVE-2025-27243
Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 b
|
| 30 |
CVE-2025-27560
Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platfor
|
| 30 |
CVE-2026-20044
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Ce
|
| 30 |
CVE-2025-15554
Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allo
|
| 30 |
CVE-2025-46310
This issue was addressed through improved state management. This issue is fixed
|
| 30 |
CVE-2026-20092
A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual A
|
| 30 |
CVE-2025-15553
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allow
|
| 30 |
CVE-2025-15552
Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows
|
| 30 |
CVE-2026-5774
Improper synchronization of the userTokens map in the API server in Canonical Ju
|
| 30 |
CVE-2026-39810
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7
|
| 30 |
CVE-2026-5525
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in
|
| 30 |
CVE-2026-1386
A UNIX symbolic link following issue in the jailer component in Firecracker vers
|
| 30 |
CVE-2026-31997
OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path
|
| 30 |
CVE-2026-40091
### Impact
When SpiceDB starts with log level `info`, the startup `"configuratio
|
| 30 |
CVE-2026-20016
A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall
|
| 30 |
CVE-2025-36238
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51,
|
| 30 |
CVE-2026-20017
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authentic
|
| 30 |
CVE-2026-24919
Out-of-bounds write vulnerability in the DFX module.
Impact: Successful exploita
|
| 30 |
CVE-2026-3260
A flaw was found in Undertow. A remote attacker could exploit this vulnerability
|
| 30 |
CVE-2026-20018
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Managemen
|
| 30 |
CVE-2026-28464
OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for
|
| 30 |
CVE-2024-31119
Improper neutralization of input during web page generation ('cross-site scripti
|
| 30 |
CVE-2026-28465
OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authen
|
| 30 |
CVE-2026-27629
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3,
|
| 30 |
CVE-2024-35644
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site
|
| 30 |
CVE-2024-52387
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
|
| 30 |
CVE-2026-32770
### Impact
A remote attacker can crash the Parse Server by subscribing to a Liv
|
| 30 |
CVE-2026-22548
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual ser
|
| 30 |
CVE-2026-22262
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack bu
|
| 30 |
CVE-2026-26189
Trivy Action runs Trivy as GitHub action to scan a Docker container image for vu
|
| 30 |
CVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Preren
|
| 30 |
CVE-2026-3337
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthen
|
| 30 |
CVE-2026-40265
### Summary
A broken access control vulnerability allows unauthenticated users t
|
| 30 |
CVE-2026-27571
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native me
|
| 30 |
CVE-2026-31875
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 30 |
CVE-2025-66199
Issue summary: A TLS 1.3 connection using certificate compression can be
forced
|
| 30 |
CVE-2026-34760
vLLM is an inference and serving engine for large language models (LLMs). From v
|
| 30 |
CVE-2026-2415
Emails sent by pretix can utilize placeholders that will be filled with customer
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1733d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1006d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3760d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 908d |