Security Dashboard

7d 14d 30d 90d
Total CVEs
16125
last 90 days
Avg Priority
36.3
of max 220
KEV
39
actively exploited
POC
3213
public exploits
Unpatched
4240
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
CRITICAL
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
37 CVE-2026-23364
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Comp
37 CVE-2026-20004
A vulnerability in the TLS library of Cisco IOS XE Software could allow an unaut
37 CVE-2026-20051
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing o
37 CVE-2025-70045
An issue pertaining to CWE-295: Improper Certificate Validation was discovered i
37 CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered i
37 CVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key discl
37 CVE-2026-24281
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse D
37 CVE-2026-5984
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the funct
37 CVE-2026-20074
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-
37 CVE-2026-2450
.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions
37 CVE-2026-20033
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could all
37 CVE-2026-20010
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-
37 CVE-2026-5795
In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication chec
37 CVE-2026-27579
CollabPlatform is a full-stack, real-time doc collaboration platform. In all ver
37 CVE-2026-4428
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 cause
37 CVE-2026-4371
A malicious mail server could send malformed strings with negative lengths, caus
37 CVE-2025-33088
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge
37 CVE-2026-33896
## Summary `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstr
37 CVE-2026-34359
## Summary `ManagedWebAccessUtils.getServer()` uses `String.startsWith()` to ma
37 CVE-2026-2713
IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a l
37 CVE-2026-41035
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value
37 CVE-2026-25207
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo
37 CVE-2026-32775
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data
37 CVE-2026-25205
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows
37 CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verif
37 CVE-2025-71263
In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer o
37 CVE-2026-35099
Lakeside SysTrack Agent 11 before 11.2.1.28 has a race condition with resultant
37 CVE-2026-24123
BentoML is a Python library for building online serving systems optimized for AI
37 CVE-2026-41015
radare2 before 9236f44, when configured on UNIX without SSL, allows command inje
37 CVE-2026-32887
## Versions - `effect`: 3.19.15 - `@effect/rpc`: 0.72.1 - `@effect/platform`: 0
37 CVE-2025-48630
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access
37 CVE-2026-0112
In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a rac
37 CVE-2025-15607
A command injection vulnerability on AX53 v1 occurs in mscd debug functionality
37 CVE-2026-35535
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgr
37 CVE-2025-48577
In multiple functions of KeyguardViewMediator.java, there is a possible lockscre
37 CVE-2025-48568
In multiple locations, there is a possible lockscreen bypass due to a race condi
37 CVE-2026-5686
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerabili
37 CVE-2026-33608
An attacker can send a notify request that causes a new secondary domain to be a
37 CVE-2026-5687
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects th
37 CVE-2026-22173
OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability i
37 CVE-2026-22227
A command injection vulnerability may be exploited after the admin's authenticat
37 CVE-2026-22226
A command injection vulnerability may be exploited after the admin's authenticat
37 CVE-2026-22224
A command injection vulnerability may be exploited after the admin's authenticat
37 CVE-2026-22225
A command injection vulnerability may be exploited after the admin's authenticat
37 CVE-2026-2629
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c9
37 CVE-2026-3839
Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability
37 CVE-2025-14675
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due t
37 CVE-2026-2991
The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is
37 CVE-2026-30616
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO comm
37 CVE-2025-10679
The ReviewX - WooCommerce Product Reviews with Multi-Criteria, Reminder Emails,
37 CVE-2026-0832
The New User Approve plugin for WordPress is vulnerable to unauthorized access o
37 CVE-2026-1740
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the functio
37 CVE-2026-32149
Improper input validation in Windows Hyper-V allows an authorized attacker to ex
37 CVE-2026-28279
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command
37 CVE-2026-4982
A user with permission "update world" in any Venueless world is able to exfiltra
37 CVE-2026-32594
Parse Server is an open source backend that can be deployed to any infrastructur
37 CVE-2025-14560
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1
37 CVE-2026-33492
## Summary AVideo's `_session_start()` function accepts arbitrary session IDs v
37 CVE-2026-3200
A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is
37 CVE-2026-2940
A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3
37 CVE-2025-27821
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This iss
37 CVE-2026-0595
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9
37 CVE-2026-2549
A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1
37 CVE-2026-35489
Tandoor Recipes is an application for managing recipes, planning meals, and buil
37 CVE-2025-40905
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default so
37 CVE-2026-24156
NVIDIA DALI contains a vulnerability where an attacker could cause a deserializa
37 CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterpr
37 CVE-2026-3395
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval
37 CVE-2026-2174
A security flaw has been discovered in code-projects Contact Management System 1
37 CVE-2026-20748
The WebSocket backend uses charging station identifiers to uniquely associate se
37 CVE-2026-3877
A reflected cross-site scripting (XSS) vulnerability in the dashboard search fun
37 CVE-2026-33045
Home Assistant is open source home automation software that puts local control a
37 CVE-2026-1345
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
37 CVE-2026-27764
The WebSocket backend uses charging station identifiers to uniquely associate se
37 CVE-2025-68043
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allow
37 CVE-2026-27396
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro all
37 CVE-2026-24912
The WebSocket backend uses charging station identifiers to uniquely associate se
37 CVE-2026-33044
Home Assistant is open source home automation software that puts local control a
37 CVE-2026-26290
The WebSocket backend uses charging station identifiers to uniquely associate s
37 CVE-2026-20895
The WebSocket backend uses charging station identifiers to uniquely associate s
37 CVE-2026-6752
Incorrect boundary conditions in the WebRTC component. This vulnerability was fi
37 CVE-2026-25711
The WebSocket backend uses charging station identifiers to uniquely associate s
37 CVE-2026-3025
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.
37 CVE-2026-25778
The WebSocket backend uses charging station identifiers to uniquely associate s
37 CVE-2026-27647
The WebSocket backend uses charging station identifiers to uniquely associate s
37 CVE-2026-27652
The WebSocket backend uses charging station identifiers to uniquely associate s
37 CVE-2026-4194
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS
37 CVE-2026-33881
Windmill is an open-source developer platform for internal code: APIs, backgroun
37 CVE-2025-33042
Improper Control of Generation of Code ('Code Injection') vulnerability in Apach
37 CVE-2026-6751
Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerabilit

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 741d
CVE-2019-19781 CRITICAL 9.8 223 2309d
CVE-2020-5902 CRITICAL 9.8 223 2122d
CVE-2021-35464 CRITICAL 9.8 223 1736d
CVE-2020-10189 CRITICAL 9.8 223 2239d
CVE-2012-4681 CRITICAL 9.8 223 4986d
CVE-2022-42475 CRITICAL 9.8 223 1207d
CVE-2023-3519 CRITICAL 9.8 223 1009d
CVE-2015-7450 CRITICAL 9.8 222 3763d
CVE-2023-34048 CRITICAL 9.8 222 911d
Prev 56 / 65 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy