Total CVEs
16315
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3552
public exploits
Unpatched
5449
CRIT/HIGH without patch
How is Priority Score calculated?
Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:
KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low
40-80 Medium
80-120 High
120+ Critical
Patch Now — Known Exploited Vulnerabilities
194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
Priority Distribution
| Priority | CVE |
|---|---|
| 160 |
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypas
|
| 137 |
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo
|
| 113 |
CVE-2026-25108
FileZen contains an OS command injection vulnerability. When FileZen Antivirus C
|
| 109 |
CVE-2026-20700
A memory corruption issue was addressed with improved state management. This iss
|
| 109 |
CVE-2026-3502
TrueConf Client downloads application update code and applies it without perform
|
| 99 |
CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker
|
| 98 |
CVE-2026-21509
Reliance on untrusted inputs in a security decision in Microsoft Office allows a
|
| 98 |
CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to
|
| 96 |
CVE-2025-14558
The rtsol(8) and rtsold(8) programs do not validate the domain search list optio
|
| 93 |
CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word all
|
| 92 |
CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window
|
| 92 |
CVE-2026-20045
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unif
|
| 92 |
CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized att
|
| 87 |
CVE-2025-69516
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/template
|
| 67 |
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnera
|
| 65 |
CVE-2026-6026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 65 |
CVE-2026-5852
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
|
| 65 |
CVE-2026-5995
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacte
|
| 65 |
CVE-2026-6113
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-6112
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte
|
| 65 |
CVE-2026-5851
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 65 |
CVE-2026-6025
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
|
| 65 |
CVE-2026-5996
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-6028
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-5853
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 65 |
CVE-2026-6115
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the
|
| 65 |
CVE-2026-6114
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
|
| 65 |
CVE-2026-6029
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec
|
| 65 |
CVE-2026-6116
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vu
|
| 65 |
CVE-2026-5850
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This af
|
| 65 |
CVE-2026-5994
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 65 |
CVE-2026-6027
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This is
|
| 65 |
CVE-2026-5993
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vu
|
| 65 |
CVE-2026-5997
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impac
|
| 65 |
CVE-2022-50936
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerabi
|
| 65 |
CVE-2026-5854
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected
|
| 65 |
CVE-2026-4252
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue
|
| 65 |
CVE-2026-4567
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is
|
| 65 |
CVE-2021-47758
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code e
|
| 65 |
CVE-2026-28773
The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Data
|
| 65 |
CVE-2026-4181
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an
|
| 65 |
CVE-2021-47757
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code e
|
| 64 |
CVE-2026-5975
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The imp
|
| 64 |
CVE-2026-5976
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th
|
| 64 |
CVE-2026-5978
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191
|
| 64 |
CVE-2026-5977
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This im
|
| 64 |
CVE-2020-37032
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-
|
| 64 |
CVE-2021-47888
Textpattern versions prior to 4.8.3 contain an authenticated remote code executi
|
| 64 |
CVE-2021-47904
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Imag
|
| 64 |
CVE-2026-25857
Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command
|
| 64 |
CVE-2021-47770
OpenPLC v3 contains an authenticated remote code execution vulnerability that al
|
| 64 |
CVE-2022-50898
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remo
|
| 64 |
CVE-2026-25888
Chartbrew is an open-source web application that can connect directly to databas
|
| 64 |
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files
|
| 64 |
CVE-2022-50909
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability
|
| 64 |
CVE-2026-1324
A vulnerability was identified in Sangfor Operation and Maintenance Management S
|
| 64 |
CVE-2021-47903
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injecti
|
| 64 |
CVE-2020-37009
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution v
|
| 64 |
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the S
|
| 64 |
CVE-2025-70151
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to a
|
| 64 |
CVE-2020-37113
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restr
|
| 64 |
CVE-2025-68707
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with
|
| 64 |
CVE-2026-2616
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted ele
|
| 64 |
CVE-2026-1686
A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue aff
|
| 64 |
CVE-2026-28774
An OS Command Injection vulnerability exists in the web-based Traceroute diagnos
|
| 64 |
CVE-2026-26736
TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-base
|
| 64 |
CVE-2026-4558
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function s
|
| 64 |
CVE-2026-1156
A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected
|
| 64 |
CVE-2026-1158
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Thi
|
| 64 |
CVE-2026-1155
A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by t
|
| 64 |
CVE-2026-1328
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted
|
| 64 |
CVE-2026-1143
A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This af
|
| 64 |
CVE-2026-1157
A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This aff
|
| 64 |
CVE-2021-47794
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that
|
| 64 |
CVE-2026-1329
A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the funct
|
| 64 |
CVE-2026-26732
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based b
|
| 64 |
CVE-2026-26731
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based b
|
| 64 |
CVE-2026-2086
A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by t
|
| 64 |
CVE-2020-37023
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated
|
| 64 |
CVE-2026-3271
A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP
|
| 64 |
CVE-2026-3400
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by
|
| 64 |
CVE-2025-69212
OpenSTAManager is an open source management software for technical assistance an
|
| 64 |
CVE-2021-47788
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerabilit
|
| 64 |
CVE-2026-1137
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue
|
| 64 |
CVE-2026-24780
AutoGPT is a platform that allows users to create, deploy, and manage continuous
|
| 64 |
CVE-2020-36942
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated us
|
| 64 |
CVE-2026-2139
A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by
|
| 64 |
CVE-2026-2138
A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the
|
| 64 |
CVE-2026-2137
A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impact
|
| 64 |
CVE-2026-3167
A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element
|
Oldest Unpatched Critical/High CVEs
| CVE | Severity | CVSS | Priority | Days Open |
|---|---|---|---|---|
| CVE-2024-3400 | CRITICAL | 10.0 | 224 | 730d |
| CVE-2019-19781 | CRITICAL | 9.8 | 223 | 2298d |
| CVE-2020-5902 | CRITICAL | 9.8 | 223 | 2111d |
| CVE-2021-35464 | CRITICAL | 9.8 | 223 | 1725d |
| CVE-2020-10189 | CRITICAL | 9.8 | 223 | 2228d |
| CVE-2012-4681 | CRITICAL | 9.8 | 223 | 4975d |
| CVE-2022-42475 | CRITICAL | 9.8 | 223 | 1196d |
| CVE-2023-3519 | CRITICAL | 9.8 | 223 | 998d |
| CVE-2015-7450 | CRITICAL | 9.8 | 222 | 3752d |
| CVE-2023-34048 | CRITICAL | 9.8 | 222 | 900d |
1 / 49
Next