Total CVEs
16291
last 90 days
Avg Priority
36.8
of max 220
KEV
42
actively exploited
POC
3307
public exploits
Unpatched
4716
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 47 |
CVE-2026-32499
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 47 |
CVE-2026-40317
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In
|
| 47 |
CVE-2026-31845
A pre-authenticated reflected cross-site scripting (XSS) vulnerability exists in
|
| 47 |
CVE-2026-3147
A vulnerability was found in libvips up to 8.18.0. This affects the function vip
|
| 47 |
CVE-2026-3281
A vulnerability was detected in libvips 8.19.0. This affects the function vips_b
|
| 47 |
CVE-2025-13920
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information
|
| 47 |
CVE-2026-28827
A parsing issue in the handling of directory paths was addressed with improved p
|
| 47 |
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download
|
| 47 |
CVE-2017-20221
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request
|
| 47 |
CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that all
|
| 47 |
CVE-2026-24422
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, mu
|
| 47 |
CVE-2026-27824
calibre is a cross-platform e-book manager for viewing, converting, editing, and
|
| 47 |
CVE-2025-12781
When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decod
|
| 47 |
CVE-2026-20688
A path handling issue was addressed with improved validation. This issue is fixe
|
| 47 |
CVE-2016-20028
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability tha
|
| 47 |
CVE-2026-27480
Static Web Server (SWS) is a production-ready web server suitable for static web
|
| 47 |
CVE-2026-5318
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function
|
| 47 |
CVE-2026-4968
A vulnerability was determined in SourceCodester Diary App 1.0. The affected ele
|
| 47 |
CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unk
|
| 47 |
CVE-2026-3137
A security vulnerability has been detected in CodeAstro Food Ordering System 1.0
|
| 47 |
CVE-2026-4971
A weakness has been identified in SourceCodester Note Taking App up to 1.0. This
|
| 47 |
CVE-2026-32917
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in t
|
| 47 |
CVE-2015-20117
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vul
|
| 47 |
CVE-2026-6589
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects
|
| 47 |
CVE-2026-2148
A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected i
|
| 47 |
CVE-2026-2147
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknow
|
| 47 |
CVE-2020-37096
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in th
|
| 47 |
CVE-2026-3145
A flaw has been found in libvips up to 8.18.0. The affected element is the funct
|
| 47 |
CVE-2026-4744
Out-of-bounds Read vulnerability in rizonesoft Notepad3 (scintilla/oniguruma/sr
|
| 47 |
CVE-2026-27593
Statmatic is a Laravel and Git powered content management system (CMS). Prior to
|
| 47 |
CVE-2015-20113
Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and p
|
| 47 |
CVE-2026-4963
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affec
|
| 47 |
CVE-2016-20035
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability
|
| 47 |
CVE-2026-3713
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerab
|
| 47 |
CVE-2026-6598
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3.
|
| 47 |
CVE-2026-32046
OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration v
|
| 47 |
CVE-2026-2653
A security flaw has been discovered in admesh up to 0.98.5. This issue affects t
|
| 47 |
CVE-2025-39666
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46
|
| 47 |
CVE-2026-5546
A flaw has been found in Campcodes Complete Online Learning Management System 1.
|
| 47 |
CVE-2026-5826
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issu
|
| 47 |
CVE-2026-5825
A vulnerability was detected in code-projects Simple Laundry System 1.0. This vu
|
| 47 |
CVE-2026-4216
A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. Th
|
| 47 |
CVE-2026-5126
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this is
|
| 47 |
CVE-2025-32058
The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communica
|
| 47 |
CVE-2026-6119
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected
|
| 47 |
CVE-2026-32915
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allow
|
| 47 |
CVE-2026-1418
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the
|
| 47 |
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulner
|
| 47 |
CVE-2026-6587
A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affe
|
| 47 |
CVE-2026-5319
A security vulnerability has been detected in itsourcecode Payroll Management Sy
|
| 47 |
CVE-2026-5630
A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted el
|
| 47 |
CVE-2020-37106
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerabil
|
| 47 |
CVE-2026-5552
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5553
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affe
|
| 47 |
CVE-2026-5583
A security vulnerability has been detected in PHPGurukul Online Shopping Portal
|
| 47 |
CVE-2026-5636
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1.
|
| 47 |
CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted
|
| 47 |
CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project
|
| 47 |
CVE-2026-5578
A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability
|
| 47 |
CVE-2025-14813
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the
|
| 47 |
CVE-2026-5580
A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an
|
| 47 |
CVE-2026-5529
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerabili
|
| 47 |
CVE-2026-20407
In wlan STA driver, there is a possible escalation of privilege due to a missing
|
| 47 |
CVE-2026-6348
WinMatrix agent developed by Simopro Technology has a Missing Authentication vul
|
| 47 |
CVE-2025-58190
The html.Parse function in golang.org/x/net/html has an infinite parsing loop wh
|
| 47 |
CVE-2026-3817
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Manag
|
| 47 |
CVE-2020-37046
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request f
|
| 47 |
CVE-2025-15570
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the functi
|
| 47 |
CVE-2026-1346
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
|
| 47 |
CVE-2026-6109
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impa
|
| 47 |
CVE-2026-5321
A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is s
|
| 47 |
CVE-2026-40959
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a c
|
| 47 |
CVE-2026-0106
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a mi
|
| 47 |
CVE-2026-26309
Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5,
|
| 46 |
CVE-2026-6576
A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The aff
|
| 46 |
CVE-2026-6190
A vulnerability was found in itsourcecode Construction Management System 1.0. Th
|
| 46 |
CVE-2026-6487
A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown functio
|
| 46 |
CVE-2026-5659
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is
|
| 46 |
CVE-2026-6488
A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc
|
| 46 |
CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.
|
| 46 |
CVE-2026-6583
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This
|
| 46 |
CVE-2026-6649
A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some u
|
| 46 |
CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This
|
| 46 |
CVE-2026-6584
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vuln
|
| 46 |
CVE-2026-5671
A vulnerability was determined in Cyber-III Student-Management-System up to 1a93
|
| 46 |
CVE-2026-6496
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is
|
| 46 |
CVE-2026-6636
A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612
|
| 46 |
CVE-2026-6489
A security flaw has been discovered in QueryMine sms up to 7ab5a9ea1962096111345
|
| 46 |
CVE-2026-6585
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This
|
| 46 |
CVE-2026-5803
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1733d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4984d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1006d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3761d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 908d |