Total CVEs
16140
last 90 days
Avg Priority
36.4
of max 220
KEV
40
actively exploited
POC
3230
public exploits
Unpatched
4262
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
128
CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executi
Priority Distribution
| Priority | CVE |
|---|---|
| 38 |
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an
|
| 38 |
CVE-2026-25396
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooComme
|
| 38 |
CVE-2026-40046
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ
|
| 38 |
CVE-2026-32515
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows
|
| 38 |
CVE-2026-27520
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209
|
| 38 |
CVE-2026-5087
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl gene
|
| 38 |
CVE-2026-25309
Missing Authorization vulnerability in PublishPress PublishPress Authors publish
|
| 38 |
CVE-2026-32284
The msgpack decoder fails to properly validate the input buffer length when proc
|
| 38 |
CVE-2026-34876
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vuln
|
| 38 |
CVE-2026-5439
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc auto
|
| 38 |
CVE-2026-3932
Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.
|
| 38 |
CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation
|
| 38 |
CVE-2025-14513
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11
|
| 38 |
CVE-2026-33241
## Summary
Salvo's form data parsing implementations (`form_data()` method and `
|
| 38 |
CVE-2026-3608
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-
|
| 38 |
CVE-2026-21626
Access control settings for forum post custom fields are not applied to the JSON
|
| 38 |
CVE-2026-33174
### Impact
When serving files through Active Storage's `Blobs::ProxyController`,
|
| 38 |
CVE-2026-28479
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache
|
| 38 |
CVE-2026-22727
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below,
|
| 38 |
CVE-2026-1092
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10
|
| 38 |
CVE-2026-28400
Docker Model Runner (DMR) is software used to manage, run, and deploy AI models
|
| 38 |
CVE-2026-33176
### Impact
Active Support number helpers accept strings containing scientific no
|
| 38 |
CVE-2025-8590
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE
|
| 38 |
CVE-2026-25819
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b
|
| 38 |
CVE-2026-4697
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul
|
| 38 |
CVE-2026-4695
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul
|
| 38 |
CVE-2026-4714
Incorrect boundary conditions in the Audio/Video component. This vulnerability a
|
| 38 |
CVE-2026-28855
A permissions issue was addressed with additional restrictions. This issue is fi
|
| 38 |
CVE-2026-4708
Incorrect boundary conditions in the Graphics component. This vulnerability affe
|
| 38 |
CVE-2026-30946
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 38 |
CVE-2026-24783
soroban-fixed-point-math is a fixed-point math library for Soroban smart contact
|
| 38 |
CVE-2024-55271
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpguru
|
| 38 |
CVE-2026-4525
If a Vault auth mount is configured to pass through the "Authorization" header,
|
| 38 |
CVE-2026-4719
Incorrect boundary conditions in the Graphics: Text component. This vulnerabilit
|
| 38 |
CVE-2026-24684
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0
|
| 38 |
CVE-2025-66598
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corpo
|
| 38 |
CVE-2026-4704
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects
|
| 38 |
CVE-2026-32228
UI / API User with asset materialize permission could trigger dags they had no a
|
| 38 |
CVE-2026-2145
A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted e
|
| 38 |
CVE-2026-26324
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF
|
| 38 |
CVE-2026-4713
Incorrect boundary conditions in the Graphics component. This vulnerability affe
|
| 38 |
CVE-2026-30925
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 38 |
CVE-2026-4933
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions all
|
| 38 |
CVE-2026-4684
Race condition, use-after-free in the Graphics: WebRender component. This vulner
|
| 38 |
CVE-2026-21710
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a re
|
| 38 |
CVE-2026-5807
Vault is vulnerable to a denial-of-service condition where an unauthenticated at
|
| 38 |
CVE-2026-35042
## Summary
`fast-jwt` does not validate the `crit` (Critical) Header Parameter
|
| 38 |
CVE-2026-27516
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior
|
| 38 |
CVE-2025-52026
An information disclosure vulnerability exists in the /srvs/membersrv/getCashier
|
| 38 |
CVE-2026-5437
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM m
|
| 38 |
CVE-2026-32597
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does
|
| 38 |
CVE-2026-2547
A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element i
|
| 38 |
CVE-2026-30947
Parse Server is an open source backend that can be deployed to any infrastructur
|
| 38 |
CVE-2026-2261
Due to a programming error, blocklistd leaks a socket descriptor for each advers
|
| 38 |
CVE-2026-2219
It was discovered that dpkg-deb (a component of dpkg, the Debian package managem
|
| 38 |
CVE-2026-29054
Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.
|
| 38 |
CVE-2026-28505
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. P
|
| 38 |
CVE-2026-32256
# Summary
music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/Asf
|
| 38 |
CVE-2026-1669
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras v
|
| 38 |
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C.
|
| 38 |
CVE-2026-31923
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
|
| 38 |
CVE-2026-29072
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late
|
| 38 |
CVE-2026-27980
## Summary
The default Next.js image optimization disk cache (`/_next/image`) di
|
| 38 |
CVE-2026-27880
The OpenFeature feature toggle evaluation endpoint reads unbounded values into m
|
| 38 |
CVE-2026-34240
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to vers
|
| 38 |
CVE-2026-35246
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 38 |
CVE-2026-35251
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 38 |
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulner
|
| 38 |
CVE-2026-1700
A weakness has been identified in projectworlds House Rental and Property Listin
|
| 38 |
CVE-2026-35230
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 38 |
CVE-2026-35242
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp
|
| 38 |
CVE-2026-4712
Information disclosure in the Widget: Cocoa component. This vulnerability affect
|
| 38 |
CVE-2026-22566
An Improper Access Control vulnerability could allow a malicious actor with acce
|
| 38 |
CVE-2026-22565
An Improper Input Validation vulnerability could allow a malicious actor with ac
|
| 38 |
CVE-2026-30332
A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena E
|
| 38 |
CVE-2025-15576
If two sibling jails are restricted to separate filesystem trees, which is to sa
|
| 38 |
CVE-2026-32838
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the w
|
| 38 |
CVE-2026-25564
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR)
|
| 38 |
CVE-2026-25563
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR)
|
| 38 |
CVE-2026-25561
WeKan versions prior to 8.19 contain an authorization weakness in the attachment
|
| 38 |
CVE-2026-1421
A vulnerability has been found in code-projects Online Examination System 1.0. A
|
| 38 |
CVE-2026-33266
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.
The r
|
| 38 |
CVE-2025-40537
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials
|
| 38 |
CVE-2026-35467
The stored API keys in temporary browser client is not marked as protected allow
|
| 38 |
CVE-2026-4247
When a challenge ACK is to be sent tcp_respond() constructs and sends the challe
|
| 38 |
CVE-2026-22998
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: f
|
| 38 |
CVE-2026-4512
The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or es
|
| 38 |
CVE-2025-50671
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2025-50670
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro
|
| 38 |
CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the f
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 741d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2309d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2122d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1735d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2238d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4986d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1207d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 1008d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3763d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 910d |