Total CVEs
16478
last 90 days
Avg Priority
36.6
of max 220
KEV
40
actively exploited
POC
3230
public exploits
Unpatched
4741
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
128
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi
Priority Distribution
| Priority | CVE |
|---|---|
| 43 |
CVE-2026-6482
The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege
|
| 43 |
CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI
|
| 43 |
CVE-2026-4731
Integer Overflow or Wraparound vulnerability in artraweditor ART (rtengine mod
|
| 43 |
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the
|
| 43 |
CVE-2026-0207
A vulnerability exists in FlashBlade whereby sensitive information may be logged
|
| 43 |
CVE-2025-14459
A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerabili
|
| 43 |
CVE-2026-41295
OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allow
|
| 43 |
CVE-2026-32680
The installer of RATOC RAID Monitoring Manager for Windows allows to customize t
|
| 43 |
CVE-2026-1342
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify
|
| 43 |
CVE-2026-41294
OpenClaw before 2026.3.28 loads the current working directory .env file before t
|
| 43 |
CVE-2026-40031
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that ena
|
| 43 |
CVE-2025-15605
A hardcoded cryptographic key within the configuration mechanism on TP-Link Arch
|
| 43 |
CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_ht
|
| 43 |
CVE-2026-32261
The Webhooks plugin renders user-supplied template content through Twig’s `rende
|
| 43 |
CVE-2026-22676
Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerab
|
| 43 |
CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module
|
| 43 |
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observ
|
| 43 |
CVE-2026-4145
During an internal security assessment, a potential vulnerability was discovered
|
| 43 |
CVE-2026-25656
A vulnerability has been identified in SINEC NMS (All versions), User Management
|
| 42 |
CVE-2026-5789
Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnera
|
| 42 |
CVE-2026-34975
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0,
|
| 42 |
CVE-2026-34885
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
|
| 42 |
CVE-2025-41359
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36,
|
| 42 |
CVE-2026-40568
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to
|
| 42 |
CVE-2026-40614
PJSIP is a free and open source multimedia communication library written in C. I
|
| 42 |
CVE-2026-21997
Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life
|
| 42 |
CVE-2025-12107
Due to the use of a vulnerable third-party Velocity template engine, a malicious
|
| 42 |
CVE-2025-59711
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of use
|
| 42 |
CVE-2025-13478
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Li
|
| 42 |
CVE-2026-27182
Saturn Remote Mouse Server contains a command injection vulnerability that allow
|
| 42 |
CVE-2024-56373
DAG Author (who already has quite a lot of permissions) could manipulate databas
|
| 42 |
CVE-2026-26110
Access of resource using incompatible type ('type confusion') in Microsoft Offic
|
| 42 |
CVE-2026-28485
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authenti
|
| 42 |
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versi
|
| 42 |
CVE-2026-0710
A flaw was found in SIPp. A remote attacker could exploit this by sending specia
|
| 42 |
CVE-2025-70560
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule l
|
| 42 |
CVE-2026-34545
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-26113
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacke
|
| 42 |
CVE-2026-32221
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorize
|
| 42 |
CVE-2026-26109
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to
|
| 42 |
CVE-2026-27306
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Inpu
|
| 42 |
CVE-2026-33791
An OS Command Injection vulnerability in the CLI processing of Juniper Networks
|
| 42 |
CVE-2026-32091
Concurrent execution using shared resource with improper synchronization ('race
|
| 42 |
CVE-2026-30811
Missing Authorization vulnerability allows Exposure of Sensitive Information via
|
| 42 |
CVE-2026-4857
IdentityIQ 8.5, all
IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4,
|
| 42 |
CVE-2026-21915
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks
|
| 42 |
CVE-2026-32162
Acceptance of extraneous untrusted data with trusted data in Windows COM allows
|
| 42 |
CVE-2026-34377
---
# CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data
## S
|
| 42 |
CVE-2026-23172
In the Linux kernel, the following vulnerability has been resolved:
net: wwan:
|
| 42 |
CVE-2026-0038
In multiple functions of mem_protect.c, there is a possible way to execute arbit
|
| 42 |
CVE-2026-0122
In multiple places, there is a possible out of bounds write due to memory corrup
|
| 42 |
CVE-2026-25593
OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated loca
|
| 42 |
CVE-2026-40287
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerab
|
| 42 |
CVE-2026-40030
parseusbs before 1.9 contains an OS command injection vulnerability where the vo
|
| 42 |
CVE-2026-40113
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs
|
| 42 |
CVE-2026-0031
In multiple functions of mem_protect.c, there is a possible out of bounds write
|
| 42 |
CVE-2026-0028
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds w
|
| 42 |
CVE-2026-0030
In __host_check_page_state_range of mem_protect.c, there is a possible out of bo
|
| 42 |
CVE-2026-30279
An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel T
|
| 42 |
CVE-2025-70798
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded
|
| 42 |
CVE-2026-30277
An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Pri
|
| 42 |
CVE-2025-30650
A Missing Authentication for Critical Function vulnerability in command processi
|
| 42 |
CVE-2025-70802
Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardco
|
| 42 |
CVE-2026-0029
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logi
|
| 42 |
CVE-2026-28832
An out-of-bounds read was addressed with improved bounds checking. This issue is
|
| 42 |
CVE-2026-21882
theshit is a command-line utility that automatically detects and fixes common mi
|
| 42 |
CVE-2026-30290
An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6
|
| 42 |
CVE-2026-28821
A validation issue existed in the entitlement verification. This issue was addre
|
| 42 |
CVE-2026-4255
A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Win
|
| 42 |
CVE-2026-26306
The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely
|
| 42 |
CVE-2026-23995
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-base
|
| 42 |
CVE-2025-54756
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series
|
| 42 |
CVE-2026-32928
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co
|
| 42 |
CVE-2026-32925
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co
|
| 42 |
CVE-2026-28760
The installer of RATOC RAID Monitoring Manager for Windows searches the current
|
| 42 |
CVE-2026-40250
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-4732
Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndfile-modif
|
| 42 |
CVE-2026-40244
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-35570
OpenClaude is an open-source coding-agent command line interface for cloud and l
|
| 42 |
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-35205
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm w
|
| 42 |
CVE-2026-30292
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer AP
|
| 42 |
CVE-2026-33253
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services wit
|
| 42 |
CVE-2026-34544
OpenEXR provides the specification and reference implementation of the EXR file
|
| 42 |
CVE-2026-4788
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information
|
| 42 |
CVE-2026-30287
An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner
|
| 42 |
CVE-2026-32929
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!ge
|
| 42 |
CVE-2026-28704
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file i
|
| 42 |
CVE-2026-32927
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in
|
| 42 |
CVE-2026-30291
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Edi
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 739d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2307d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2120d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1734d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2237d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4985d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1205d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1007d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3762d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 909d |