Security Dashboard

7d 14d 30d 90d
Total CVEs
16345
last 90 days
Avg Priority
36.7
of max 220
KEV
41
actively exploited
POC
3306
public exploits
Unpatched
4710
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
128
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
44 CVE-2025-12821
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery
44 CVE-2026-22354
Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category
44 CVE-2025-69328
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Re
44 CVE-2026-23544
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allo
44 CVE-2026-22473
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic de
44 CVE-2026-22345
Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery - Lig
44 CVE-2025-69294
Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshop
44 CVE-2025-68531
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons
44 CVE-2026-35582
### Summary `Executrix.getCommand()` constructs shell commands by substituting
44 CVE-2026-27379
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts socia
44 CVE-2026-32973
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where
44 CVE-2025-68526
Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box mod
44 CVE-2026-23798
Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting
44 CVE-2025-68853
Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact
44 CVE-2026-27338
Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone
44 CVE-2026-1862
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote a
44 CVE-2026-22384
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes
44 CVE-2026-27914
Improper access control in Microsoft Management Console allows an authorized att
44 CVE-2026-22346
Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive S
44 CVE-2026-5027
The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter fro
44 CVE-2026-29056
Kanboard is project management software focused on Kanban methodology. Prior to
44 CVE-2026-33310
### Summary The shell() syntax within parameter default values appears to be aut
44 CVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built
44 CVE-2025-15330
Tanium addressed an improper input validation vulnerability in Deploy.
44 CVE-2026-22790
EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugM
44 CVE-2026-28210
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX
44 CVE-2025-12845
The Tablesome Table - Contact Form DB - WPForms, CF7, Gravity, Forminator, Fluen
44 CVE-2025-70887
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate
44 CVE-2025-69219
A user with access to the DB could craft a database entry that would result in e
44 CVE-2026-21672
A vulnerability allowing local privilege escalation on Windows-based Veeam Backu
44 CVE-2026-32693
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set"
44 CVE-2026-5884
Insufficient validation of untrusted input in Media in Google Chrome prior to 14
44 CVE-2026-24358
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Maste
44 CVE-2025-66138
Missing Authorization vulnerability in merkulove Motionger for Elementor motiong
44 CVE-2025-66137
Missing Authorization vulnerability in merkulove Searcher for Elementor searcher
44 CVE-2026-24356
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploitin
44 CVE-2026-24440
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) a
44 CVE-2025-66136
Missing Authorization vulnerability in merkulove Carter for Elementor carter-ele
44 CVE-2025-66135
Missing Authorization vulnerability in merkulove Imager for Elementor imager-ele
44 CVE-2026-23974
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorre
44 CVE-2026-22481
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio
44 CVE-2026-22472
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-for
44 CVE-2025-63018
Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incor
44 CVE-2025-62106
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system
44 CVE-2025-5805
Missing Authorization vulnerability in Ninetheme Electron electron allows Exploi
44 CVE-2025-54002
Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting I
44 CVE-2026-26359
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of
44 CVE-2025-50007
Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Pri
44 CVE-2025-49375
Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows E
44 CVE-2025-69293
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user
44 CVE-2025-69292
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membe
44 CVE-2025-69183
Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Direct
44 CVE-2025-69182
Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory
44 CVE-2026-24534
Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manage
44 CVE-2025-67966
Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawye
44 CVE-2026-5465
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress i
44 CVE-2026-5879
Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prio
44 CVE-2025-12345
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a
44 CVE-2025-12062
The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory &
44 CVE-2026-24380
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-cal
44 CVE-2026-24368
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploi
44 CVE-2025-57707
An improper neutralization of directives in statically saved code ('Static Code
44 CVE-2026-5144
The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalat
44 CVE-2026-24869
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerabili
44 CVE-2026-26172
Concurrent execution using shared resource with improper synchronization ('race
44 CVE-2026-33053
**Detection Method:** Kolega.dev Deep Code Scan | Attribute | Value | |---|---|
44 CVE-2026-24428
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) c
44 CVE-2026-20616
An out-of-bounds write issue was addressed with improved bounds checking. This i
44 CVE-2026-3666
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion i
44 CVE-2026-25445
Deserialization of Untrusted Data vulnerability in Membership Software WishList
44 CVE-2026-32513
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List
44 CVE-2026-25859
Wekan versions prior to 8.20 allow non-administrative users to access migration
44 CVE-2026-28228
OpenOlat is an open source web-based e-learning platform for teaching, learning,
44 CVE-2026-4451
Insufficient validation of untrusted input in Navigation in Google Chrome prior
44 CVE-2026-35567
ChurchCRM is an open-source church management system. Prior to 7.1.0, the NewRol
44 CVE-2026-31854
Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visite
44 CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, T
44 CVE-2026-33618
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformCon
44 CVE-2026-33991
WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the
44 CVE-2026-39891
## Summary Direct insertion of unescaped user input into template-rendering tool
44 CVE-2026-2769
Use-after-free in the Storage: IndexedDB component. This vulnerability affects F
44 CVE-2024-50619
Vulnerabilities in the My Account and User Management components in CIPPlanner C
44 CVE-2026-22765
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authori
44 CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to
44 CVE-2025-4521
The IDonate - Blood Donation, Request And Donor Management System plugin for Wor
44 CVE-2025-13603
The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrar
44 CVE-2026-3978
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an
44 CVE-2026-30917
Bucket is a MediaWiki extension to store and retrieve structured data on article
44 CVE-2025-50881
The `flow/admin/moniteur.php` script in Use It Flow administration website befor
44 CVE-2026-24283
Heap-based buffer overflow in Windows File Server allows an authorized attacker

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 739d
CVE-2019-19781 CRITICAL 9.8 223 2306d
CVE-2020-5902 CRITICAL 9.8 223 2119d
CVE-2021-35464 CRITICAL 9.8 223 1733d
CVE-2020-10189 CRITICAL 9.8 223 2236d
CVE-2012-4681 CRITICAL 9.8 223 4984d
CVE-2022-42475 CRITICAL 9.8 223 1205d
CVE-2023-3519 CRITICAL 9.8 223 1006d
CVE-2015-7450 CRITICAL 9.8 222 3761d
CVE-2023-34048 CRITICAL 9.8 222 908d
Prev 51 / 182 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy