Total CVEs
16261
last 90 days
Avg Priority
36.8
of max 220
KEV
42
actively exploited
POC
3307
public exploits
Unpatched
4704
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 39 |
CVE-2026-21382
Memory Corruption when handling power management requests with improperly sized
|
| 39 |
CVE-2026-21375
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-21373
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-22980
In the Linux kernel, the following vulnerability has been resolved:
nfsd: provi
|
| 39 |
CVE-2023-20548
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor
|
| 39 |
CVE-2025-46691
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Impro
|
| 39 |
CVE-2026-24016
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc
|
| 39 |
CVE-2026-5054
NoMachine External Control of File Path Local Privilege Escalation Vulnerability
|
| 39 |
CVE-2026-0956
There is a memory corruption vulnerability due to an out-of-bounds read when loa
|
| 39 |
CVE-2026-0955
There is a memory corruption vulnerability due to an out-of-bounds read when loa
|
| 39 |
CVE-2026-0957
There is a memory corruption vulnerability due to an out-of-bounds write when lo
|
| 39 |
CVE-2026-0954
There is a memory corruption vulnerability due to an out-of-bounds write when lo
|
| 39 |
CVE-2026-33156
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, Scree
|
| 39 |
CVE-2026-2998
ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing au
|
| 39 |
CVE-2026-20658
A package validation issue was addressed by blocking the vulnerable package. Thi
|
| 39 |
CVE-2026-25676
The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL sea
|
| 39 |
CVE-2026-4295
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supp
|
| 39 |
CVE-2026-24873
Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects l
|
| 39 |
CVE-2026-24875
Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affect
|
| 39 |
CVE-2025-15595
Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.
|
| 39 |
CVE-2026-33491
Zen C is a systems programming language that compiles to human-readable GNU C/C1
|
| 39 |
CVE-2026-26050
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 c
|
| 39 |
CVE-2025-71157
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core:
|
| 39 |
CVE-2025-71156
In the Linux kernel, the following vulnerability has been resolved:
gve: defer
|
| 39 |
CVE-2026-23268
In the Linux kernel, the following vulnerability has been resolved:
apparmor: f
|
| 39 |
CVE-2025-48503
A DLL hijacking vulnerability in the AMD Software Installer could allow an attac
|
| 39 |
CVE-2026-30985
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-26959
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fai
|
| 39 |
CVE-2026-30896
The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic L
|
| 39 |
CVE-2026-2664
An out of bounds read vulnerability in the grpcfuse kernel module present in the
|
| 39 |
CVE-2026-24018
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLi
|
| 39 |
CVE-2026-21322
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu
|
| 39 |
CVE-2026-21324
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu
|
| 39 |
CVE-2026-21325
After Effects versions 25.6 and earlier are affected by an out-of-bounds read vu
|
| 39 |
CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil
|
| 39 |
CVE-2026-23025
In the Linux kernel, the following vulnerability has been resolved:
mm/page_all
|
| 39 |
CVE-2025-69604
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker t
|
| 39 |
CVE-2026-33092
Local privilege escalation due to improper handling of environment variables. Th
|
| 39 |
CVE-2026-30979
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-30983
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-30987
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-31796
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-39853
osslsigncode is a tool that implements Authenticode signing and timestamping. Pr
|
| 39 |
CVE-2026-23648
Glory RBG-100 recycler systems using the ISPK-08 software component contain mult
|
| 39 |
CVE-2026-2914
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow poten
|
| 39 |
CVE-2026-23703
The installer of FinalCode Client provided by Digital Arts Inc. contains an inco
|
| 39 |
CVE-2026-0870
MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. D
|
| 39 |
CVE-2026-23856
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell
|
| 39 |
CVE-2026-32708
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the
|
| 39 |
CVE-2025-47376
Memory Corruption when concurrent access to shared buffer occurs during IOCTL ca
|
| 39 |
CVE-2025-64301
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Af
|
| 39 |
CVE-2025-66342
A type confusion vulnerability exists in the EMF functionality of Canva Affinity
|
| 39 |
CVE-2026-27940
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gg
|
| 39 |
CVE-2025-15561
An attacker can exploit the update behavior of the WorkTime monitoring daemon to
|
| 39 |
CVE-2025-47375
Memory corruption while handling different IOCTL calls from the user-space simul
|
| 39 |
CVE-2026-40176
### Impact
The `Perforce::generateP4Command()` method constructed shell commands
|
| 39 |
CVE-2026-28261
Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, ver
|
| 39 |
CVE-2026-26101
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows
|
| 39 |
CVE-2025-47373
Memory Corruption when accessing buffers with invalid length during TA invocatio
|
| 39 |
CVE-2026-27287
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read v
|
| 39 |
CVE-2025-66374
CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to
|
| 39 |
CVE-2026-4756
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This iss
|
| 39 |
CVE-2026-33847
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerab
|
| 39 |
CVE-2025-47379
Memory Corruption when concurrent access to shared buffer occurs due to improper
|
| 39 |
CVE-2026-30978
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-33851
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerab
|
| 39 |
CVE-2025-47377
Memory Corruption when accessing a buffer after it has been freed while processi
|
| 39 |
CVE-2023-31324
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor
|
| 39 |
CVE-2025-47381
Memory Corruption while processing IOCTL calls when concurrent access to shared
|
| 39 |
CVE-2025-59603
Memory Corruption when processing invalid user address with nonstandard buffer a
|
| 39 |
CVE-2026-3991
Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.
|
| 39 |
CVE-2025-59600
Memory Corruption when adding user-supplied data without checking available buff
|
| 39 |
CVE-2026-23599
A local privilege-escalation vulnerability has been discovered in the HPE Aruba
|
| 39 |
CVE-2026-30900
Improper Check of minimum version in update functionality of certain Zoom Client
|
| 39 |
CVE-2026-33850
Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affec
|
| 39 |
CVE-2026-25866
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vul
|
| 39 |
CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-fr
|
| 39 |
CVE-2026-26102
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows
|
| 39 |
CVE-2026-3775
The application's update service, when checking for updates, loads certain syste
|
| 39 |
CVE-2025-47386
Memory Corruption while invoking IOCTL calls when concurrent access to shared bu
|
| 39 |
CVE-2026-24062
The "Privileged Helper" component of the Arturia Software Center (MacOS) does no
|
| 39 |
CVE-2026-30902
Improper Privilege Management in certain Zoom Clients for Windows may allow an a
|
| 39 |
CVE-2026-21351
After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
|
| 39 |
CVE-2026-1361
ASDA-Soft Stack-based Buffer Overflow Vulnerability
|
| 39 |
CVE-2026-20423
In wlan STA driver, there is a possible out of bounds write due to a missing bou
|
| 39 |
CVE-2025-1789
Local privilege escalation in Genetec Update Service. An authenticated, low-priv
|
| 39 |
CVE-2026-20611
An out-of-bounds access issue was addressed with improved bounds checking. This
|
| 39 |
CVE-2026-28727
Local privilege escalation due to insecure Unix socket permissions. The followin
|
| 39 |
CVE-2026-31795
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-27806
## Summary
The Orbit agent's FileVault disk encryption key rotation flow on col
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1733d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4983d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1006d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3761d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 908d |