Total CVEs
16204
last 90 days
Avg Priority
36.4
of max 220
KEV
40
actively exploited
POC
3234
public exploits
Unpatched
4280
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
128
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi
Priority Distribution
| Priority | CVE |
|---|---|
| 38 |
CVE-2026-29129
Configured cipher preference order not preserved vulnerability in Apache Tomcat.
|
| 38 |
CVE-2026-34904
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media
|
| 38 |
CVE-2026-34896
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction,
|
| 38 |
CVE-2025-50655
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-50654
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-50663
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2026-4693
Incorrect boundary conditions in the Audio/Video: Playback component. This vulne
|
| 38 |
CVE-2026-5086
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing att
|
| 38 |
CVE-2025-50652
An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id par
|
| 38 |
CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default
|
| 38 |
CVE-2025-54324
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor,
|
| 38 |
CVE-2026-28837
A logic issue was addressed with improved checks. This issue is fixed in macOS T
|
| 38 |
CVE-2026-4707
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab
|
| 38 |
CVE-2026-24308
Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5
|
| 38 |
CVE-2026-33282
## Summary
Ella Core panics when processing a malformed NGAP LocationReport mes
|
| 38 |
CVE-2026-4706
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab
|
| 38 |
CVE-2026-25140
apko allows users to build and publish OCI container images built from apk packa
|
| 38 |
CVE-2025-62188
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exis
|
| 38 |
CVE-2025-67841
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmi
|
| 38 |
CVE-2026-4437
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that sp
|
| 38 |
CVE-2026-24880
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
|
| 38 |
CVE-2026-4709
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerabil
|
| 38 |
CVE-2026-41564
CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state aft
|
| 38 |
CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI AP
|
| 38 |
CVE-2025-50650
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade
|
| 38 |
CVE-2026-31987
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act
|
| 38 |
CVE-2026-4685
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab
|
| 38 |
CVE-2025-50649
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2024-55027
Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe creden
|
| 38 |
CVE-2026-32287
Boolean XPath expressions that evaluate to true can cause an infinite loop in lo
|
| 38 |
CVE-2026-5088
Apache::API::Password versions through v0.5.2 for Perl can generate insecure ran
|
| 38 |
CVE-2026-4686
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerab
|
| 38 |
CVE-2026-28842
The issue was addressed with improved bounds checks. This issue is fixed in macO
|
| 38 |
CVE-2025-50653
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-46597
Bitcoin Core 0.13.0 through 29.x has an integer overflow.
|
| 38 |
CVE-2026-28377
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintex
|
| 38 |
CVE-2025-50667
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-50660
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-50644
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-59440
An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor,
|
| 38 |
CVE-2025-50673
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2026-39304
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apa
|
| 38 |
CVE-2025-52222
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G
|
| 38 |
CVE-2025-50669
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G
|
| 38 |
CVE-2025-50672
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2026-34483
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
|
| 38 |
CVE-2026-30403
There is an arbitrary file read vulnerability in the test connection function of
|
| 38 |
CVE-2026-30080
OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity pro
|
| 38 |
CVE-2026-27519
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior
|
| 38 |
CVE-2026-21720
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Grava
|
| 38 |
CVE-2026-4699
Incorrect boundary conditions in the Layout: Text and Fonts component. This vuln
|
| 38 |
CVE-2026-21863
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.
|
| 38 |
CVE-2026-28779
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is
|
| 38 |
CVE-2025-50659
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-50668
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2026-24683
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_inp
|
| 38 |
CVE-2026-24682
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2026-24681
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2026-24680
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2025-50646
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insuf
|
| 38 |
CVE-2026-24678
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2026-24676
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2026-24675
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2026-24491
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2026-23948
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2026-30404
The backend database management connection test feature in wgcloud v3.6.3 has a
|
| 38 |
CVE-2026-34487
Insertion of Sensitive Information into Log File vulnerability in the cloud memb
|
| 38 |
CVE-2025-57835
An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor,
|
| 38 |
CVE-2025-66597
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corpo
|
| 38 |
CVE-2026-6756
Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefo
|
| 38 |
CVE-2025-50657
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-50662
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2026-26275
httpsig-hyper is a hyper extension for http message signatures. An issue was dis
|
| 38 |
CVE-2025-50647
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specificall
|
| 38 |
CVE-2025-50648
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade
|
| 38 |
CVE-2026-20622
A privacy issue was addressed with improved handling of temporary files. This is
|
| 38 |
CVE-2026-22888
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which
|
| 38 |
CVE-2026-33002
Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (b
|
| 38 |
CVE-2026-25762
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.
|
| 38 |
CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc auto
|
| 38 |
CVE-2026-25026
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiti
|
| 38 |
CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vuln
|
| 38 |
CVE-2026-32498
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-regist
|
| 38 |
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configurat
|
| 38 |
CVE-2026-32495
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms
|
| 38 |
CVE-2026-27073
Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se a
|
| 38 |
CVE-2025-56421
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote
|
| 38 |
CVE-2026-23482
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the fi
|
| 38 |
CVE-2026-5438
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP reque
|
| 38 |
CVE-2025-45058
D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the f
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 741d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2309d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2122d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1735d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2238d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4986d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1207d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1008d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3763d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 910d |