Total CVEs
16290
last 90 days
Avg Priority
36.8
of max 220
KEV
42
actively exploited
POC
3307
public exploits
Unpatched
4716
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 39 |
CVE-2026-21326
After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
|
| 39 |
CVE-2026-21329
After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
|
| 39 |
CVE-2026-20423
In wlan STA driver, there is a possible out of bounds write due to a missing bou
|
| 39 |
CVE-2025-1789
Local privilege escalation in Genetec Update Service. An authenticated, low-priv
|
| 39 |
CVE-2026-30902
Improper Privilege Management in certain Zoom Clients for Windows may allow an a
|
| 39 |
CVE-2026-21320
After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
|
| 39 |
CVE-2026-31795
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-28727
Local privilege escalation due to insecure Unix socket permissions. The followin
|
| 39 |
CVE-2026-20611
An out-of-bounds access issue was addressed with improved bounds checking. This
|
| 39 |
CVE-2026-27806
## Summary
The Orbit agent's FileVault disk encryption key rotation flow on col
|
| 39 |
CVE-2026-1284
An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure i
|
| 39 |
CVE-2026-21351
After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
|
| 39 |
CVE-2026-21323
After Effects versions 25.6 and earlier are affected by a Use After Free vulnera
|
| 39 |
CVE-2026-21312
Audition versions 25.3 and earlier are affected by an out-of-bounds write vulner
|
| 39 |
CVE-2026-21334
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-21335
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bou
|
| 39 |
CVE-2026-21327
After Effects versions 25.6 and earlier are affected by an out-of-bounds write v
|
| 39 |
CVE-2026-0383
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacke
|
| 39 |
CVE-2026-20626
This issue was addressed with improved checks. This issue is fixed in macOS Sequ
|
| 39 |
CVE-2026-21342
Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds
|
| 39 |
CVE-2026-21318
After Effects versions 25.6 and earlier are affected by an out-of-bounds write v
|
| 39 |
CVE-2026-27750
Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerabil
|
| 39 |
CVE-2026-21328
After Effects versions 25.6 and earlier are affected by an out-of-bounds write v
|
| 39 |
CVE-2026-5397
It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninter
|
| 39 |
CVE-2026-31792
iccDEV provides a set of libraries and tools for working with ICC color manageme
|
| 39 |
CVE-2026-1283
A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading proce
|
| 39 |
CVE-2026-25203
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat
|
| 39 |
CVE-2026-30874
OpenWrt Project is a Linux operating system targeting embedded devices. In versi
|
| 39 |
CVE-2025-33234
NVIDIA runx contains a vulnerability where an attacker could cause a code inject
|
| 39 |
CVE-2025-14821
A flaw was found in libssh. This vulnerability allows local man-in-the-middle at
|
| 39 |
CVE-2025-47385
Memory Corruption when accessing trusted execution environment without proper pr
|
| 39 |
CVE-2025-61731
Building a malicious file with cmd/go can cause can cause a write to an attacker
|
| 39 |
CVE-2026-21321
After Effects versions 25.6 and earlier are affected by an Integer Overflow or W
|
| 39 |
CVE-2026-21357
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based
|
| 39 |
CVE-2025-71145
In the Linux kernel, the following vulnerability has been resolved:
usb: phy: i
|
| 39 |
CVE-2026-21330
After Effects versions 25.6 and earlier are affected by an Access of Resource Us
|
| 39 |
CVE-2025-4960
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver in
|
| 39 |
CVE-2026-25143
melange allows users to build apk packages using declarative pipelines. From ver
|
| 39 |
CVE-2026-27310
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-27311
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2025-71162
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 39 |
CVE-2026-27312
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer O
|
| 39 |
CVE-2026-0661
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force
|
| 39 |
CVE-2026-28211
The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA d
|
| 39 |
CVE-2025-48567
In multiple locations, there is a possible bypass of a file path filter designed
|
| 39 |
CVE-2026-0537
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force
|
| 39 |
CVE-2025-47389
Memory corruption when buffer copy operation fails due to integer overflow durin
|
| 39 |
CVE-2025-47391
Memory corruption while processing a frame request from user.
|
| 39 |
CVE-2026-25655
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The
|
| 39 |
CVE-2026-23715
A vulnerability has been identified in Simcenter Femap (All versions < V2512), S
|
| 39 |
CVE-2026-21376
Memory Corruption when accessing an output buffer without validating its size du
|
| 39 |
CVE-2026-21371
Memory Corruption when retrieving output buffer with insufficient size validatio
|
| 39 |
CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during m
|
| 39 |
CVE-2026-21374
Memory Corruption when processing auxiliary sensor input/output control commands
|
| 39 |
CVE-2025-15310
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint To
|
| 39 |
CVE-2026-0662
A maliciously crafted project directory, when opening a max file in Autodesk 3ds
|
| 39 |
CVE-2026-0032
In multiple functions of mem_protect.c, there is a possible out-of-bounds write
|
| 39 |
CVE-2025-48653
In loadDataAndPostValue of multiple files, there is a possible way to obscure pe
|
| 39 |
CVE-2026-20983
Improper export of android application components in Samsung Dialer prior to SMR
|
| 39 |
CVE-2025-9711
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the pr
|
| 39 |
CVE-2026-20979
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows
|
| 39 |
CVE-2025-15319
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint To
|
| 39 |
CVE-2025-47390
Memory corruption while preprocessing IOCTL request in JPEG driver.
|
| 39 |
CVE-2025-48654
In onStart of CompanionDeviceManagerService.java, there is a possible confused d
|
| 39 |
CVE-2026-22923
A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mo
|
| 39 |
CVE-2026-22619
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading
|
| 39 |
CVE-2025-33219
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel mo
|
| 39 |
CVE-2025-33218
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mod
|
| 39 |
CVE-2025-33217
NVIDIA Display Driver for Windows contains a vulnerability where an attacker cou
|
| 39 |
CVE-2025-33220
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where
|
| 39 |
CVE-2025-47358
Memory Corruption when user space address is modified and passed to mem_free API
|
| 39 |
CVE-2025-47359
Memory Corruption when multiple threads simultaneously access a memory free API.
|
| 39 |
CVE-2025-47397
Memory Corruption when initiating GPU memory mapping using scatter-gather lists
|
| 39 |
CVE-2026-0026
In removePermission of PermissionManagerServiceImpl.java, there is a possible wa
|
| 39 |
CVE-2025-47398
Memory Corruption while deallocating graphics processing unit memory buffers due
|
| 39 |
CVE-2026-3888
Local privilege escalation in snapd on Linux allows local attackers to get root
|
| 39 |
CVE-2025-47399
Memory Corruption while processing IOCTL call to update sensor property settings
|
| 39 |
CVE-2026-0660
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause
|
| 39 |
CVE-2025-48646
In executeRequest of ActivityStarter.java, there is a possible launch anywhere d
|
| 39 |
CVE-2025-48578
In multiple functions of MediaProvider.java, there is a possible way to bypass t
|
| 39 |
CVE-2025-11547
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attac
|
| 39 |
CVE-2026-23717
A vulnerability has been identified in Simcenter Femap (All versions < V2512), S
|
| 39 |
CVE-2026-23716
A vulnerability has been identified in Simcenter Femap (All versions < V2512), S
|
| 39 |
CVE-2026-23718
A vulnerability has been identified in Simcenter Femap (All versions < V2512), S
|
| 39 |
CVE-2026-23719
A vulnerability has been identified in Simcenter Femap (All versions < V2512), S
|
| 39 |
CVE-2026-23720
A vulnerability has been identified in Simcenter Femap (All versions < V2512), S
|
| 39 |
CVE-2025-48613
In VBMeta, there is a possible way to modify and resign VBMeta using a test key,
|
| 39 |
CVE-2025-36568
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7
|
| 39 |
CVE-2026-5726
ASDA-Soft Stack-based Buffer Overflow Vulnerability
|
| 39 |
CVE-2026-0023
In createSessionInternal of PackageInstallerService.java, there is a possible wa
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1733d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4984d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1006d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3761d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 908d |