Security Dashboard

7d 14d 30d 90d
Total CVEs
16523
last 90 days
Avg Priority
36.6
of max 220
KEV
40
actively exploited
POC
3233
public exploits
Unpatched
4609
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
128
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
27 CVE-2026-32457
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (P
27 CVE-2026-32453
Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows
27 CVE-2026-32452
Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder
27 CVE-2026-32440
Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiti
27 CVE-2026-32439
Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows E
27 CVE-2026-32438
Missing Authorization vulnerability in vowelweb VW School Education vw-school-ed
27 CVE-2026-32437
Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows
27 CVE-2026-32436
Missing Authorization vulnerability in vowelweb VW Photography vw-photography al
27 CVE-2026-32435
Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows E
27 CVE-2026-32434
Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exp
27 CVE-2026-32432
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-
27 CVE-2026-32428
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup
27 CVE-2026-32427
Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-l
27 CVE-2026-32425
Missing Authorization vulnerability in linknacional Payment Gateway Pix For Give
27 CVE-2026-32421
Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline a
27 CVE-2026-32413
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permali
27 CVE-2026-32410
Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for Woo
27 CVE-2026-32409
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Plat
27 CVE-2026-32404
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-
27 CVE-2026-32402
Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider al
27 CVE-2026-32397
Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allow
27 CVE-2026-32396
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiti
27 CVE-2026-32395
Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder &#821
27 CVE-2026-32387
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-fo
27 CVE-2026-32383
Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting I
27 CVE-2026-32382
Missing Authorization vulnerability in raratheme Digital Download digital-downlo
27 CVE-2026-32381
Missing Authorization vulnerability in raratheme App Landing Page app-landing-pa
27 CVE-2026-32380
Missing Authorization vulnerability in raratheme Numinous numinous allows Exploi
27 CVE-2026-32379
Missing Authorization vulnerability in raratheme Rara Academic rara-academic all
27 CVE-2026-32378
Missing Authorization vulnerability in raratheme Book Landing Page book-landing-
27 CVE-2026-32377
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga a
27 CVE-2026-32376
Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting I
27 CVE-2026-32375
Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries a
27 CVE-2026-32374
Missing Authorization vulnerability in raratheme The Minimal the-minimal allows
27 CVE-2026-32371
Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allow
27 CVE-2026-32370
Missing Authorization vulnerability in raratheme Influencer influencer allows Ex
27 CVE-2026-32363
Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-in
27 CVE-2026-32362
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitor
27 CVE-2026-32350
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house
27 CVE-2026-32348
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows
27 CVE-2026-32347
Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-
27 CVE-2026-32346
Missing Authorization vulnerability in raratheme Travel Agency travel-agency all
27 CVE-2026-32345
Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portf
27 CVE-2026-32341
Missing Authorization vulnerability in raratheme Benevolent benevolent allows Ex
27 CVE-2026-32340
Missing Authorization vulnerability in raratheme Business One Page business-one-
27 CVE-2026-32339
Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes
27 CVE-2026-32338
Missing Authorization vulnerability in raratheme Construction Landing Page const
27 CVE-2026-32337
Missing Authorization vulnerability in raratheme Preschool and Kindergarten pres
27 CVE-2026-32336
Missing Authorization vulnerability in raratheme Rara Business rara-business all
27 CVE-2026-32335
Missing Authorization vulnerability in raratheme The Conference the-conference a
27 CVE-2026-32334
Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploi
27 CVE-2026-32332
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploi
27 CVE-2026-27936
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
27 CVE-2026-32329
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-r
27 CVE-2026-31916
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-
27 CVE-2026-31915
Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploi
27 CVE-2026-22560
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows use
27 CVE-2026-32147
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v
27 CVE-2026-28818
A logging issue was addressed with improved data redaction. This issue is fixed
27 CVE-2026-28862
A privacy issue was addressed with improved private data redaction for log entri
27 CVE-2026-28839
The issue was addressed with improved checks. This issue is fixed in macOS Sequo
27 CVE-2026-28824
An authorization issue was addressed with improved state management. This issue
27 CVE-2026-20113
A vulnerability in the web-based Cisco IOx application hosting environment manag
27 CVE-2026-2746
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicat
27 CVE-2026-27813
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a dat
27 CVE-2026-3525
Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) all
27 CVE-2026-3526
Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) all
27 CVE-2026-25598
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Action
27 CVE-2026-29909
MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in
27 CVE-2026-30280
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED
27 CVE-2026-6410
@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory
27 CVE-2026-1760
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs
27 CVE-2026-40778
Missing Authorization vulnerability in Majestic Support Majestic Support majesti
27 CVE-2026-40763
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-ele
27 CVE-2026-40742
Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-
27 CVE-2026-40737
Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COM
27 CVE-2026-40730
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer theme
27 CVE-2026-5624
A security flaw has been discovered in ProjectSend r2002. This vulnerability aff
27 CVE-2026-39716
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploit
27 CVE-2026-39715
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager
27 CVE-2026-39714
Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows
27 CVE-2026-39713
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate
27 CVE-2026-39707
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using C
27 CVE-2026-39706
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy all
27 CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl genera
27 CVE-2026-5083
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. T
27 CVE-2026-39705
Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-w
27 CVE-2026-39704
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automate
27 CVE-2026-39701
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting
27 CVE-2026-39700
Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting In

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 740d
CVE-2019-19781 CRITICAL 9.8 223 2307d
CVE-2020-5902 CRITICAL 9.8 223 2120d
CVE-2021-35464 CRITICAL 9.8 223 1734d
CVE-2020-10189 CRITICAL 9.8 223 2237d
CVE-2012-4681 CRITICAL 9.8 223 4985d
CVE-2022-42475 CRITICAL 9.8 223 1206d
CVE-2023-3519 CRITICAL 9.8 223 1007d
CVE-2015-7450 CRITICAL 9.8 222 3762d
CVE-2023-34048 CRITICAL 9.8 222 909d
Prev 62 / 80 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy