Total CVEs
16302
last 90 days
Avg Priority
36.8
of max 220
KEV
41
actively exploited
POC
3305
public exploits
Unpatched
4708
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
128
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi
Priority Distribution
| Priority | CVE |
|---|---|
| 28 |
CVE-2026-23157
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do n
|
| 28 |
CVE-2025-15318
Tanium addressed an arbitrary file deletion vulnerability in End-User Notificati
|
| 28 |
CVE-2025-71160
In the Linux kernel, the following vulnerability has been resolved:
netfilter:
|
| 28 |
CVE-2026-20655
An authorization issue was addressed with improved state management. This issue
|
| 28 |
CVE-2026-6245
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_
|
| 28 |
CVE-2025-70347
An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to
|
| 28 |
CVE-2026-29111
systemd, a system and service manager, (as PID 1) hits an assert and freezes exe
|
| 28 |
CVE-2024-54192
An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service
|
| 28 |
CVE-2026-20161
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an
|
| 28 |
CVE-2025-71158
In the Linux kernel, the following vulnerability has been resolved:
gpio: mpsse
|
| 28 |
CVE-2026-22999
In the Linux kernel, the following vulnerability has been resolved:
net/sched:
|
| 28 |
CVE-2025-71161
In the Linux kernel, the following vulnerability has been resolved:
dm-verity:
|
| 28 |
CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously
|
| 28 |
CVE-2026-39392
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
| 28 |
CVE-2026-26104
A flaw was found in the udisks storage management daemon that allows unprivilege
|
| 28 |
CVE-2026-20986
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows loca
|
| 28 |
CVE-2025-48651
N/A
|
| 28 |
CVE-2026-24413
Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prio
|
| 28 |
CVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) s
|
| 28 |
CVE-2025-71163
In the Linux kernel, the following vulnerability has been resolved:
dmaengine:
|
| 28 |
CVE-2026-22990
In the Linux kernel, the following vulnerability has been resolved:
libceph: re
|
| 28 |
CVE-2025-58348
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
|
| 28 |
CVE-2026-20977
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 all
|
| 28 |
CVE-2026-22997
In the Linux kernel, the following vulnerability has been resolved:
net: can: j
|
| 28 |
CVE-2025-58347
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear
|
| 28 |
CVE-2026-27004
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-
|
| 28 |
CVE-2026-24116
Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to v
|
| 28 |
CVE-2025-58379
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local auth
|
| 28 |
CVE-2026-22991
In the Linux kernel, the following vulnerability has been resolved:
libceph: ma
|
| 28 |
CVE-2026-39984
### Authorization bypass via certificate bag manipulation in sigstore/timestamp-
|
| 28 |
CVE-2025-48644
In multiple locations, there is a possible persistent denial of service due to i
|
| 28 |
CVE-2025-15469
Issue summary: The 'openssl dgst' command-line tool silently truncates input
dat
|
| 28 |
CVE-2026-31802
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm)
|
| 28 |
CVE-2026-25145
melange allows users to build apk packages using declarative pipelines. From ver
|
| 28 |
CVE-2026-20415
In imgsys, there is a possible memory corruption due to improper locking. This c
|
| 28 |
CVE-2026-20625
A parsing issue in the handling of directory paths was addressed with improved p
|
| 28 |
CVE-2026-22276
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior
|
| 28 |
CVE-2025-48642
In jump_to_payload of payload.rs, there is a possible information disclosure due
|
| 28 |
CVE-2026-24846
malcontent discovers supply-chain compromises through. context, differential ana
|
| 28 |
CVE-2026-24414
The Icinga PowerShell Framework provides configuration and check possibilities t
|
| 28 |
CVE-2025-12699
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. At
|
| 28 |
CVE-2026-24927
Out-of-bounds access vulnerability in the frequency modulation module.
Impact: S
|
| 28 |
CVE-2025-70795
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an ad
|
| 28 |
CVE-2026-39390
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
| 28 |
CVE-2025-55264
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Cha
|
| 28 |
CVE-2026-5600
A new API endpoint introduced in pretix 2025 that is supposed to
return all che
|
| 28 |
CVE-2026-34403
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.
|
| 27 |
CVE-2026-5355
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this i
|
| 27 |
CVE-2026-32629
### Summary
An unauthenticated attacker can submit a guest FAQ with an email add
|
| 27 |
CVE-2026-5831
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impa
|
| 27 |
CVE-2026-6141
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up t
|
| 27 |
CVE-2026-5547
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected i
|
| 27 |
CVE-2026-22808
fleetdm/fleet is open source device management software. Prior to versions 4.78.
|
| 27 |
CVE-2025-66168
Apache ActiveMQ does not properly validate the remaining length field which may
|
| 27 |
CVE-2026-4271
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerab
|
| 27 |
CVE-2026-32139
Dataease is an open source data visualization analysis tool. In DataEase 2.10.19
|
| 27 |
CVE-2026-26003
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can d
|
| 27 |
CVE-2026-1489
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case
|
| 27 |
CVE-2026-2266
An improper neutralization of input vulnerability was identified in GitHub Enter
|
| 27 |
CVE-2026-4324
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability
|
| 27 |
CVE-2026-4914
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated
|
| 27 |
CVE-2026-2863
A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 428
|
| 27 |
CVE-2025-36094
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.
|
| 27 |
CVE-2026-3358
The Tutor LMS - eLearning and online course solution plugin for WordPress is vul
|
| 27 |
CVE-2026-33119
User interface (ui) misrepresentation of critical information in Microsoft Edge
|
| 27 |
CVE-2026-4124
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all ve
|
| 27 |
CVE-2022-50942
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that
|
| 27 |
CVE-2025-69287
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps
|
| 27 |
CVE-2026-3103
A logic error in the remove_password() function in Checkmk GmbH's Checkmk versio
|
| 27 |
CVE-2026-2864
A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm
|
| 27 |
CVE-2026-2694
The The Events Calendar plugin for WordPress is vulnerable to unauthorized modif
|
| 27 |
CVE-2026-1987
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Objec
|
| 27 |
CVE-2026-32001
OpenClaw versions prior to 2026.2.22 contain an authentication bypass vulnerabil
|
| 27 |
CVE-2026-33299
OpenEMR is a free and open source electronic health records and medical practice
|
| 27 |
CVE-2026-26952
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level
|
| 27 |
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain
|
| 27 |
CVE-2026-33400
Wallos is an open-source, self-hostable personal subscription tracker. Prior to
|
| 27 |
CVE-2026-25021
Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-de
|
| 27 |
CVE-2025-66139
Missing Authorization vulnerability in merkulove Audier For Elementor audier-ele
|
| 27 |
CVE-2026-24990
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Expl
|
| 27 |
CVE-2025-66141
Missing Authorization vulnerability in merkulove Scroller scroller allows Exploi
|
| 27 |
CVE-2025-66142
Missing Authorization vulnerability in merkulove Comparimager for Elementor comp
|
| 27 |
CVE-2025-66143
Missing Authorization vulnerability in merkulove Crumber crumber-elementor allow
|
| 27 |
CVE-2026-25739
Indico is an event management system that uses Flask-Multipass, a multi-backend
|
| 27 |
CVE-2026-32753
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
|
| 27 |
CVE-2026-31879
Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, a
|
| 27 |
CVE-2026-33051
The revision/draft context menu in the element editor renders the creator’s `ful
|
| 27 |
CVE-2026-2732
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modi
|
| 27 |
CVE-2026-32507
Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux a
|
| 27 |
CVE-2026-32511
Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allow
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 738d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2306d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2119d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1733d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2236d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4984d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1204d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1006d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3761d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 908d |