Total CVEs
16288
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3553
public exploits
Unpatched
5442
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 50 |
CVE-2026-30836
⚠️ **Limited Disclosure - Full Details Pending**
A critical security vulnerabil
|
| 50 |
CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.
|
| 50 |
CVE-2026-0759
Katana Network Development Starter Kit executeCommand Command Injection Remote C
|
| 50 |
CVE-2026-0756
github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulne
|
| 50 |
CVE-2025-15063
Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerabilit
|
| 50 |
CVE-2026-34838
Group-Office is an enterprise customer relationship management and groupware too
|
| 50 |
CVE-2026-21667
A vulnerability allowing an authenticated domain user to perform remote code exe
|
| 50 |
CVE-2026-21666
A vulnerability allowing an authenticated domain user to perform remote code exe
|
| 50 |
CVE-2026-22844
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before
|
| 50 |
CVE-2025-57795
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file d
|
| 50 |
CVE-2026-26009
Catalyst is a platform built for enterprise game server hosts, game communities,
|
| 50 |
CVE-2025-50857
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /mod
|
| 50 |
CVE-2026-32306
OneUptime is a solution for monitoring and managing online services. Prior to 10
|
| 50 |
CVE-2026-27112
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to b
|
| 50 |
CVE-2026-21669
A vulnerability allowing an authenticated domain user to perform remote code exe
|
| 50 |
CVE-2026-0787
ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerabi
|
| 50 |
CVE-2026-27577
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.
|
| 50 |
CVE-2026-34612
Kestra is an open-source, event-driven orchestration platform. Prior to version
|
| 50 |
CVE-2026-23836
HotCRP is conference review software. A problem introduced in April 2024 in vers
|
| 50 |
CVE-2026-22871
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, ther
|
| 50 |
CVE-2026-2095
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allo
|
| 50 |
CVE-2026-0963
An input neutralization vulnerability in the File Operations API Endpoint compon
|
| 50 |
CVE-2026-22797
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before
|
| 50 |
CVE-2026-26030
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execu
|
| 50 |
CVE-2026-28466
OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in w
|
| 50 |
CVE-2026-28363
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be b
|
| 50 |
CVE-2026-22237
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal A
|
| 50 |
CVE-2025-66956
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Assec
|
| 50 |
CVE-2026-2039
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerabilit
|
| 50 |
CVE-2026-2038
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability
|
| 50 |
CVE-2026-32938
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, t
|
| 50 |
CVE-2026-27495
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.
|
| 50 |
CVE-2026-26137
Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allo
|
| 50 |
CVE-2026-34571
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
| 50 |
CVE-2026-22903
An unauthenticated remote attacker can send a crafted HTTP request containing an
|
| 50 |
CVE-2026-27494
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.
|
| 50 |
CVE-2026-32731
**Reported:** 2026-03-08
**Status:** patched and released in version 3.5.3 of
|
| 50 |
CVE-2026-24479
HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC
|
| 50 |
CVE-2026-33945
Incus is a system container and virtual machine manager. Incus instances have an
|
| 50 |
CVE-2026-27965
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to
|
| 50 |
CVE-2026-25592
Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and m
|
| 50 |
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTo
|
| 50 |
CVE-2026-27591
Winter is a free, open-source content management system (CMS) based on the Larav
|
| 50 |
CVE-2025-68910
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blo
|
| 50 |
CVE-2025-68909
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blo
|
| 50 |
CVE-2025-67968
Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes R
|
| 50 |
CVE-2026-25115
n8n is an open source workflow automation platform. Prior to version 2.4.8, a vu
|
| 50 |
CVE-2025-68986
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miio
|
| 50 |
CVE-2025-67979
Improper Control of Generation of Code ('Code Injection') vulnerability in Weste
|
| 50 |
CVE-2026-29789
Vito is a self-hosted web application that helps manage servers and deploy PHP a
|
| 50 |
CVE-2026-22390
Improper Control of Generation of Code ('Code Injection') vulnerability in Build
|
| 50 |
CVE-2025-14502
The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local Fi
|
| 50 |
CVE-2026-0933
SummaryA command injection vulnerability (CWE-78) has been found to exist in the
|
| 50 |
CVE-2026-24304
Improper access control in Azure Resource Manager allows an authorized attacker
|
| 50 |
CVE-2025-68553
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lend
|
| 50 |
CVE-2026-34569
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
|
| 50 |
CVE-2025-68554
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keen
|
| 50 |
CVE-2025-69403
Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes B
|
| 50 |
CVE-2026-24960
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Char
|
| 50 |
CVE-2026-33897
Incus is a system container and virtual machine manager. Prior to version 6.23.0
|
| 50 |
CVE-2026-3059
SGLang's multimodal generation module is vulnerable to unauthenticated remote co
|
| 50 |
CVE-2025-68549
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wigu
|
| 50 |
CVE-2026-32525
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmo
|
| 50 |
CVE-2026-27044
Improper Control of Generation of Code ('Code Injection') vulnerability in Total
|
| 50 |
CVE-2026-25366
Improper Control of Generation of Code ('Code Injection') vulnerability in Theme
|
| 50 |
CVE-2025-68555
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutr
|
| 50 |
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database
|
| 50 |
CVE-2026-34717
OpenProject is an open-source, web-based project management software. Prior to v
|
| 50 |
CVE-2026-32536
Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green
|
| 50 |
CVE-2026-39355
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken ac
|
| 50 |
CVE-2026-25049
n8n is an open source workflow automation platform. Prior to versions 1.123.17 a
|
| 50 |
CVE-2026-25345
Improper Validation of Specified Quantity in Input vulnerability in GalleryCreat
|
| 50 |
CVE-2026-3422
U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerab
|
| 50 |
CVE-2026-1868
GitLab has remediated a vulnerability in the Duo Workflow Service component of G
|
| 50 |
CVE-2026-32621
Apollo Federation is an architecture for declaratively composing APIs into a uni
|
| 50 |
CVE-2026-2749
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Cent
|
| 50 |
CVE-2025-70830
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template
|
| 50 |
CVE-2026-0791
ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remot
|
| 50 |
CVE-2026-0793
ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Ex
|
| 50 |
CVE-2026-0792
ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Rem
|
| 50 |
CVE-2026-25053
n8n is an open source workflow automation platform. Prior to versions 1.123.10 a
|
| 50 |
CVE-2025-62878
A malicious user can manipulate the parameters.pathPattern to create PersistentV
|
| 50 |
CVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel
|
| 50 |
CVE-2026-22907
An attacker may gain unauthorized access to the host filesystem, potentially all
|
| 50 |
CVE-2026-25763
OpenProject is an open-source, web-based project management software. Prior to v
|
| 50 |
CVE-2026-2743
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppM
|
| 50 |
CVE-2025-62056
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes New
|
| 50 |
CVE-2025-62050
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blo
|
| 50 |
CVE-2026-25052
n8n is an open source workflow automation platform. Prior to versions 1.123.18 a
|
| 50 |
CVE-2026-32523
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |