Total CVEs
16325
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3563
public exploits
Unpatched
5452
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 9 |
CVE-2025-52649
HCL AION is affected by a vulnerability where certain identifiers may be predict
|
| 9 |
CVE-2026-34743
XZ Utils provide a general-purpose data-compression library plus command-line to
|
| 9 |
CVE-2026-34073
## Summary
In versions of cryptography prior to 46.0.5, DNS name constraints we
|
| 9 |
CVE-2025-61641
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate
|
| 8 |
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6
|
| 7 |
CVE-2026-4395
Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex()
|
| 7 |
CVE-2026-33402
Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 throug
|
| 7 |
CVE-2026-33161
### Summary
A low-privileged authenticated user can call `assets/image-editor`
|
| 7 |
CVE-2026-33423
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
|
| 6 |
CVE-2026-3230
Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest hand
|
| 6 |
CVE-2026-33284
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0
|
| 6 |
CVE-2025-61646
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate
|
| 6 |
CVE-2026-4159
1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted c
|
| 6 |
CVE-2026-3229
An integer overflow vulnerability existed in the static function wolfssl_add_to_
|
| 5 |
CVE-2026-34983
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is
|
| 5 |
CVE-2025-62843
An improper restriction of communication channel to intended endpoints vulnerabi
|
| 3 |
CVE-2026-33525
### Impact
**Official Weighted Severity Rating:** Low
This exploit is very unl
|
| 0 |
CVE-2026-32766
## Impact
In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX exte
|
| 0 |
CVE-2026-33168
### Impact
When a blank string is used as an HTML attribute name in Action View
|
| 0 |
CVE-2026-32266
Unauthenticated users can view a list of buckets the plugin has access to.
The
|
| 0 |
CVE-2026-33167
### Impact
The debug exceptions page does not properly escape exception messages
|
| 0 |
CVE-2026-33221
## Summary
The storage service's file upload handler trusts the client-provided
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4976d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3753d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |
Prev
8 / 8