Security Dashboard

7d 14d 30d 90d
Total CVEs
16329
last 90 days
Avg Priority
36.5
of max 220
KEV
40
actively exploited
POC
3198
public exploits
Unpatched
4326
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
124
CVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
36 CVE-2026-40482
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 ha
36 CVE-2026-4947
Addressed a potential insecure direct object reference (IDOR) vulnerability in t
36 CVE-2025-68069
Missing Authorization vulnerability in wpWax Directorist directorist allows Expl
36 CVE-2026-34602
Chamilo LMS is an open-source learning management system. In versions prior to 2
36 CVE-2026-1999
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Ente
36 CVE-2026-40185
TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authori
36 CVE-2026-22664
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vuln
36 CVE-2026-38528
Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via th
36 CVE-2026-35631
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating inte
36 CVE-2026-35621
OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where th
36 CVE-2026-32976
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowin
36 CVE-2026-34060
**Summary** The `rubyLsp.branch` VS Code workspace setting was interpolated wit
36 CVE-2026-41189
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1
36 CVE-2026-33217
### Background NATS.io is a high performance open source pub-sub distributed co
36 CVE-2026-41191
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1
36 CVE-2026-35644
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that
36 CVE-2026-33706
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated
36 CVE-2026-40591
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1
36 CVE-2026-32930
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an
36 CVE-2026-3445
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User
36 CVE-2026-41190
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1
36 CVE-2025-71201
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix
36 CVE-2026-23318
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a
36 CVE-2026-23315
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76:
36 CVE-2026-20687
A use after free issue was addressed with improved memory management. This issue
36 CVE-2026-33775
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadB
36 CVE-2026-1264
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.
36 CVE-2026-5429
Unsanitized input during web page generation in the Kiro Agent webview in Kiro I
36 CVE-2025-3756
A vulnerability exists in the command handling of the IEC 61850 communication st
36 CVE-2026-23204
In the Linux kernel, the following vulnerability has been resolved: net/sched:
36 CVE-2026-40865
Horilla is a free and open source Human Resource Management System (HRMS). In 1.
36 CVE-2025-71231
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa
36 CVE-2026-34204
## Impact _What kind of vulnerability is it? Who is impacted?_ A flaw in `extr
36 CVE-2026-4345
A maliciously crafted HTML payload, stored in a design name and exported to CSV,
36 CVE-2026-33797
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Juno
36 CVE-2026-35657
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the
36 CVE-2026-4344
A maliciously crafted HTML payload in a component name, when displayed during th
36 CVE-2026-4369
A maliciously crafted HTML payload in an assembly variant name, when displayed d
36 CVE-2026-28402
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake pro
36 CVE-2025-15606
A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W
36 CVE-2026-33723
WWBN AVideo is an open source video platform. In versions up to and including 26
36 CVE-2026-5444
A heap buffer overflow vulnerability exists in the PAM image parsing logic. When
36 CVE-2026-21005
Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attack
36 CVE-2026-40926
WWBN AVideo is an open source video platform. In versions 29.0 and prior, three
36 CVE-2026-23269
In the Linux kernel, the following vulnerability has been resolved: apparmor: v
36 CVE-2026-28482
OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsan
36 CVE-2026-23327
In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: v
36 CVE-2026-23325
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76:
36 CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts
36 CVE-2026-29643
XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae
36 CVE-2025-13776
Multiple Finka programs use hard-coded Firebird database credentials (shared acr
36 CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the (illegal) node p
36 CVE-2026-34120
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS
36 CVE-2026-24369
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploi
36 CVE-2026-34119
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS
36 CVE-2026-34118
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS
36 CVE-2026-5441
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of
36 CVE-2026-32501
Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-co
36 CVE-2025-55045
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attacker
36 CVE-2026-28477
OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vu
36 CVE-2026-32706
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The
36 CVE-2026-26317
OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhos
36 CVE-2026-33781
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pac
36 CVE-2026-25960
vLLM is an inference and serving engine for large language models (LLMs). The SS
36 CVE-2026-33780
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer
36 CVE-2026-41057
WWBN AVideo is an open source video platform. In versions 29.0 and below, the CO
36 CVE-2026-33020
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. V
36 CVE-2026-34122
A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520W
36 CVE-2026-3622
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper
36 CVE-2025-54502
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM
36 CVE-2026-5053
NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. T
36 CVE-2025-59969
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnera
36 CVE-2026-28281
InstantCMS is a free and open source content management system. Prior to 2.18.1,
36 CVE-2026-25640
Pydantic AI is a Python agent framework for building applications and workflows
36 CVE-2026-35444
SDL_image is a library to load images of various formats as SDL surfaces. In do_
36 CVE-2026-39973
Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 a
36 CVE-2025-11791
Sensitive information disclosure and manipulation due to insufficient authorizat
36 CVE-2026-28494
ImageMagick is free and open-source software used for editing and manipulating d
36 CVE-2026-33987
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
36 CVE-2025-68153
Juju is an open source application orchestration engine that enables any applica
36 CVE-2026-33019
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. V
36 CVE-2026-35176
openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-
36 CVE-2025-15396
The Library Viewer WordPress plugin before 3.2.0 does not sanitise and escape so
36 CVE-2025-14316
The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise a
36 CVE-2026-33982
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio
36 CVE-2026-6066
ConnectWise has released a security update for ConnectWise Automate™ that addres
36 CVE-2026-20606
This issue was addressed by removing the vulnerable code. This issue is fixed in
36 CVE-2026-20641
A privacy issue was addressed with improved checks. This issue is fixed in watch
36 CVE-2026-2915
HP System Event Utility might allow denial of service with elevated arbitrary fi
36 CVE-2024-32537
Cross-Site request forgery (CSRF) vulnerability in joshuae1974 Flash Video Playe

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 741d
CVE-2019-19781 CRITICAL 9.8 223 2309d
CVE-2020-5902 CRITICAL 9.8 223 2122d
CVE-2021-35464 CRITICAL 9.8 223 1736d
CVE-2020-10189 CRITICAL 9.8 223 2239d
CVE-2012-4681 CRITICAL 9.8 223 4987d
CVE-2022-42475 CRITICAL 9.8 223 1207d
CVE-2023-3519 CRITICAL 9.8 223 1009d
CVE-2015-7450 CRITICAL 9.8 222 3764d
CVE-2023-34048 CRITICAL 9.8 222 911d
Prev 65 / 67 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy