Security Dashboard

7d 14d 30d 90d
Total CVEs
16301
last 90 days
Avg Priority
36.8
of max 220
KEV
41
actively exploited
POC
3306
public exploits
Unpatched
4707
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
128
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
27 CVE-2026-22569
An incorrect startup configuration of affected versions of Zscaler Client Connec
27 CVE-2026-25388
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allow
27 CVE-2026-25391
Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation al
27 CVE-2026-27387
Missing Authorization vulnerability in designinvento DirectoryPress directorypre
27 CVE-2026-25473
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting I
27 CVE-2026-23804
Missing Authorization vulnerability in BBR Plugins Better Business Reviews bette
27 CVE-2025-10912
Authorization Bypass Through User-Controlled Key vulnerability in Saastech Clean
27 CVE-2026-40155
The Auth0 Next.js SDK is a library for implementing user authentication in Next.
27 CVE-2026-25311
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-
27 CVE-2026-2099
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability,
27 CVE-2026-0999
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail
27 CVE-2026-23499
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to version
27 CVE-2026-26269
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buff
27 CVE-2026-34442
FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor
27 CVE-2026-1509
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordP
27 CVE-2026-33291
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
27 CVE-2026-33312
Vikunja is an open-source self-hosted task management platform. Starting in vers
27 CVE-2025-14797
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site
27 CVE-2026-2997
Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulne
27 CVE-2026-1927
The Greenshift - animation and page builder blocks plugin for WordPress is vulne
27 CVE-2026-21788
HCL Connections is vulnerable to a cross-site scripting attack where an attacker
27 CVE-2026-24961
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandb
27 CVE-2026-2712
The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of fun
27 CVE-2026-22358
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician -
27 CVE-2026-2284
The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to M
27 CVE-2026-34475
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain u
27 CVE-2026-22341
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-T
27 CVE-2026-33628
## Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.
27 CVE-2026-35565
Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache St
27 CVE-2026-4438
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that sp
27 CVE-2026-27639
Mercator is an open source web application designed to enable mapping of informa
27 CVE-2026-34903
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Inc
27 CVE-2026-2879
The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Refere
27 CVE-2026-32587
Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting I
27 CVE-2026-35602
## Summary The Vikunja file import endpoint uses the attacker-controlled `Size`
27 CVE-2026-33406
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level
27 CVE-2025-14274
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Store
27 CVE-2026-4335
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cros
27 CVE-2026-29840
JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerab
27 CVE-2026-31832
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken obj
27 CVE-2026-32104
StudioCMS is a server-side-rendered, Astro native, headless content management s
27 CVE-2026-32562
Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page
27 CVE-2026-34213
Docmost is open-source collaborative wiki and documentation software. Starting i
27 CVE-2026-34071
Stirling-PDF is a locally hosted web application that allows you to perform vari
27 CVE-2026-23808
A vulnerability has been identified in a standardized wireless roaming protocol
27 CVE-2026-20108
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN M
27 CVE-2021-47911
Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabiliti
27 CVE-2026-5895
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55
27 CVE-2025-13983
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripti
27 CVE-2025-68643
Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in th
27 CVE-2026-24559
Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Int
27 CVE-2025-47500
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
27 CVE-2026-1469
Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulnerability
27 CVE-2026-24355
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
27 CVE-2026-22349
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
27 CVE-2026-2127
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized
27 CVE-2026-23516
CVAT is an open source interactive video and image annotation tool for computer
27 CVE-2025-65923
A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV
27 CVE-2026-24558
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
27 CVE-2025-69289
Discourse is an open source discussion platform. A privilege escalation vulnerab
27 CVE-2025-63026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
27 CVE-2025-49336
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
27 CVE-2026-1103
The AIKTP plugin for WordPress is vulnerable to unauthorized modification of dat
27 CVE-2025-59896
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contai
27 CVE-2025-59897
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contai
27 CVE-2025-59898
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contai
27 CVE-2025-59899
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contai
27 CVE-2025-59900
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contai
27 CVE-2026-24550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
27 CVE-2026-34753
### Summary A Server Side Request Forgery (SSRF) vulnerability in `download_byt
27 CVE-2026-27948
Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows
27 CVE-2025-14289
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote
27 CVE-2026-23619
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23605
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-26357
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutrali
27 CVE-2026-23614
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23606
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23618
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23609
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23615
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23610
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23611
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23607
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-4829
Improper authentication in the external OAuth authentication flow in Devolutions
27 CVE-2026-23616
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23617
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23861
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neu
27 CVE-2026-23608
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23612
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti
27 CVE-2026-23613
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripti

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 739d
CVE-2019-19781 CRITICAL 9.8 223 2306d
CVE-2020-5902 CRITICAL 9.8 223 2119d
CVE-2021-35464 CRITICAL 9.8 223 1733d
CVE-2020-10189 CRITICAL 9.8 223 2236d
CVE-2012-4681 CRITICAL 9.8 223 4984d
CVE-2022-42475 CRITICAL 9.8 223 1204d
CVE-2023-3519 CRITICAL 9.8 223 1006d
CVE-2015-7450 CRITICAL 9.8 222 3761d
CVE-2023-34048 CRITICAL 9.8 222 908d
Prev 50 / 78 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy