Total CVEs
16287
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3550
public exploits
Unpatched
5444
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 55 |
CVE-2026-34156
`##` Summary
NocoBase's Workflow Script Node executes user-supplied JavaScript
|
| 54 |
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql inje
|
| 54 |
CVE-2025-69971
FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-hel
|
| 53 |
CVE-2026-33478
## Summary
Multiple vulnerabilities in AVideo's CloneSite plugin chain together
|
| 52 |
CVE-2026-0761
Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code
|
| 52 |
CVE-2026-0768
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerabi
|
| 51 |
CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerabil
|
| 51 |
CVE-2026-0769
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnera
|
| 51 |
CVE-2025-64075
A path traversal vulnerability in the check_token function of Shenzhen Zhibotong
|
| 51 |
CVE-2026-0763
GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Re
|
| 51 |
CVE-2026-0760
Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data
|
| 51 |
CVE-2026-0764
GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vuln
|
| 50 |
CVE-2026-0848
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper
|
| 50 |
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Inject
|
| 50 |
CVE-2026-2635
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnera
|
| 50 |
CVE-2021-35402
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_l
|
| 50 |
CVE-2025-15061
Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Executio
|
| 50 |
CVE-2025-69828
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.
|
| 50 |
CVE-2025-15060
claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vuln
|
| 50 |
CVE-2026-0773
Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vuln
|
| 50 |
CVE-2025-68271
OpenC3 COSMOS provides the functionality needed to send commands to and receive
|
| 50 |
CVE-2026-27897
Vociferous provides cross-platform, offline speech-to-text with local AI refinem
|
| 50 |
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability i
|
| 50 |
CVE-2026-39337
ChurchCRM is an open-source church management system. Prior to 7.1.0, critical p
|
| 50 |
CVE-2026-32871
## Technical Description
The `OpenAPIProvider` in FastMCP exposes internal APIs
|
| 50 |
CVE-2026-22553
All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection
|
| 50 |
CVE-2026-31957
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune.
|
| 50 |
CVE-2025-47855
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerab
|
| 50 |
CVE-2026-23693
ElementsKit Elementor Addons - Advanced Widgets & Templates Addons for Elementor
|
| 50 |
CVE-2025-15379
A command injection vulnerability exists in MLflow's model serving container ini
|
| 50 |
CVE-2025-59818
This vulnerability allows authenticated attackers to execute arbitrary commands
|
| 50 |
CVE-2026-3611
The Honeywell IQ4x building management controller, exposes its full web-based HM
|
| 50 |
CVE-2026-2761
Sandbox escape in the Graphics: WebRender component. This vulnerability affects
|
| 50 |
CVE-2025-69770
A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPorta
|
| 50 |
CVE-2025-57792
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability c
|
| 50 |
CVE-2026-5128
A sensitive information exposure vulnerability exists in ArthurFiorette steam-tr
|
| 50 |
CVE-2026-34938
### Summary
`execute_code()` in `praisonai-agents` runs attacker-controlled Pyt
|
| 50 |
CVE-2025-61937
The vulnerability, if exploited, could allow an unauthenticated
miscreant to ac
|
| 50 |
CVE-2026-34162
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT
|
| 50 |
CVE-2026-3587
An unauthenticated remote attacker can exploit a hidden function in the CLI prom
|
| 50 |
CVE-2026-2768
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects F
|
| 50 |
CVE-2026-32169
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized a
|
| 50 |
CVE-2026-1633
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web mana
|
| 50 |
CVE-2025-40805
Affected devices do not properly enforce user authentication on specific API end
|
| 50 |
CVE-2026-31852
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions wor
|
| 50 |
CVE-2025-4320
Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for
|
| 50 |
CVE-2026-2577
The WhatsApp bridge component in Nanobot binds the WebSocket server to all netwo
|
| 50 |
CVE-2026-2776
Sandbox escape due to incorrect boundary conditions in the Telemetry component i
|
| 50 |
CVE-2026-2760
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender c
|
| 50 |
CVE-2026-2778
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML comp
|
| 50 |
CVE-2026-32186
Microsoft Bing Elevation of Privilege Vulnerability
|
| 50 |
CVE-2026-25725
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bub
|
| 50 |
CVE-2026-34208
### Summary
SandboxJS blocks direct assignment to global objects (for example `M
|
| 50 |
CVE-2026-33054
#### Summary
A Path Traversal vulnerability allows any user (or attacker) supply
|
| 50 |
CVE-2025-54328
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor,
|
| 50 |
CVE-2026-0794
ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerabilit
|
| 50 |
CVE-2026-33107
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized at
|
| 50 |
CVE-2026-32213
Improper authorization in Azure AI Foundry allows an unauthorized attacker to el
|
| 50 |
CVE-2026-33105
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthori
|
| 50 |
CVE-2026-26954
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to
|
| 50 |
CVE-2026-27211
Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0
|
| 50 |
CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vuln
|
| 50 |
CVE-2026-4745
Improper Control of Generation of Code ('Code Injection') vulnerability in dendi
|
| 50 |
CVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and
|
| 50 |
CVE-2026-30966
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 50 |
CVE-2026-4606
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components wi
|
| 50 |
CVE-2026-33494
## Description
Ory Oathkeeper is vulnerable to an authorization bypass via HTTP
|
| 50 |
CVE-2026-4746
Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/sr
|
| 50 |
CVE-2026-32737
### Impact
Due to a mis-written NetworkPolicy, a malicious actor can pivot from
|
| 50 |
CVE-2026-21708
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE)
|
| 50 |
CVE-2026-21718
An authentication bypass vulnerability exists in Copeland XWEB Pro
version 1.12
|
| 50 |
CVE-2026-34976
The `restoreTenant` admin mutation is missing from the authorization middleware
|
| 50 |
CVE-2026-4370
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from
|
| 50 |
CVE-2026-21962
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in pr
|
| 50 |
CVE-2026-0881
Sandbox escape in the Messaging System component. This vulnerability affects Fir
|
| 50 |
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain
|
| 50 |
CVE-2025-48611
In DeviceId of DeviceId.java, there is a possible desync in persistence due to a
|
| 50 |
CVE-2025-30412
Sensitive data disclosure and manipulation due to improper authentication. The f
|
| 50 |
CVE-2026-23800
Incorrect Privilege Assignment vulnerability in Modular DS modular-connector all
|
| 50 |
CVE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections
|
| 50 |
CVE-2026-4688
Sandbox escape due to use-after-free in the Disability Access APIs component. Th
|
| 50 |
CVE-2026-26222
Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes i
|
| 50 |
CVE-2026-4725
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This v
|
| 50 |
CVE-2025-30411
Sensitive data disclosure and manipulation due to improper authentication. The f
|
| 50 |
CVE-2026-5058
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulne
|
| 50 |
CVE-2026-5059
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. Th
|
| 50 |
CVE-2025-30416
Sensitive data disclosure and manipulation due to missing authorization. The fol
|
| 50 |
CVE-2025-15467
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
malic
|
| 50 |
CVE-2026-4692
Sandbox escape in the Responsive Design Mode component. This vulnerability affec
|
| 50 |
CVE-2026-4689
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPC
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |