Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
17679
last 90 days
Avg Priority
34.3
of max 220
KEV
31
actively exploited
POC
2298
public exploits
Unpatched
3539
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
109 CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized
108 CVE-2026-9082
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
92 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
92 CVE-2026-32202
Protection mechanism failure in Windows Shell allows an unauthorized attacker to
89 CVE-2026-34926
A directory traversal vulnerability in the Apex One (on-premise) server could al
63 CVE-2026-2673
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected pref
55 CVE-2026-2256
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 an
55 CVE-2025-71257
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentica
55 CVE-2026-6594
A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unk
55 CVE-2018-25184
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows u
55 CVE-2013-20005
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows
55 CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that al
55 CVE-2026-6860
A TCP client can perform a TLS handshake and present the server name extension w
55 CVE-2018-25174
ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that allows at
55 CVE-2018-25177
Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that
55 CVE-2018-25198
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local atta
55 CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deleti
55 CVE-2019-25463
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vu
55 CVE-2019-25485
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Prefe
55 CVE-2019-25476
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that all
55 CVE-2019-25469
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number
55 CVE-2019-25477
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows
55 CVE-2019-25475
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that a
55 CVE-2019-25484
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register
55 CVE-2019-25474
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows
55 CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project no
54 CVE-2026-2745
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11
54 CVE-2026-33741
EspoCRM is an open source customer relationship management application. Versions
54 CVE-2026-28338
PMD is an extensible multilanguage static code analyzer. Prior to version 7.22.0
54 CVE-2025-15433
The Shared Files WordPress plugin before 1.7.58 allows users with a role as low
54 CVE-2026-2994
Concrete CMS below version 9.4.8 is subject to CSRF by a Rogue Administrator usi
54 CVE-2025-15441
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepa
54 CVE-2026-1724
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 bef
54 CVE-2016-20031
ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in
54 CVE-2019-25464
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username fiel
53 CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output
53 CVE-2026-3008
Successful exploitation of the string injection vulnerability could allow an att
53 CVE-2026-28769
A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script
53 CVE-2026-33033
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4
53 CVE-2025-14545
The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote
53 CVE-2026-30858
WeKnora is an LLM-powered framework designed for deep document understanding and
53 CVE-2026-1660
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3
53 CVE-2026-30523
A Business Logic vulnerability exists in SourceCodester Loan Management System v
53 CVE-2026-28467
OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulner
53 CVE-2026-30233
OliveTin gives access to predefined shell commands from a web interface. Prior t
53 CVE-2026-28781
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-bet
53 CVE-2026-32245
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC
53 CVE-2026-28412
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `Director
53 CVE-2026-28492
File Browser provides a file managing interface within a specified directory and
53 CVE-2026-32053
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook e
53 CVE-2025-3922
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4
53 CVE-2025-13436
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7
53 CVE-2025-0186
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6
53 CVE-2026-28685
Kimai is a web-based multi-user time-tracking application. Prior to version 2.51
53 CVE-2026-25877
Chartbrew is an open-source web application that can connect directly to databas
53 CVE-2026-3784
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a se
53 CVE-2026-32704
### Summary `POST /api/template/renderSprig` lacks `model.CheckAdminRole`, allow
53 CVE-2026-42220
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.
53 CVE-2025-15488
The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary sh
53 CVE-2026-4432
The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly v
53 CVE-2026-4079
The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape use
53 CVE-2026-5337
During the analysis, it was identified that authenticated attackers with Subscri
53 CVE-2025-6016
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 b
53 CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v
53 CVE-2025-13078
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10
53 CVE-2026-1900
The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible RE
53 CVE-2026-28490
## 1. Executive Summary A cryptographic padding oracle vulnerability was identi
53 CVE-2026-32054
OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability i
53 CVE-2026-27734
Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authe
53 CVE-2026-28354
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #
53 CVE-2026-32043
OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnera
52 CVE-2026-30522
A Business Logic vulnerability exists in SourceCodester Loan Management System v
52 CVE-2026-41141
EspoCRM is an open source customer relationship management application. Prior to
52 CVE-2026-32052
OpenClaw versions prior to 2026.2.24 contain a command injection vulnerability i
52 CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and
52 CVE-2015-20119
Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vu
52 CVE-2026-4822
A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affecte
52 CVE-2026-4824
A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Aff
52 CVE-2026-6421
A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. Thi
52 CVE-2026-4962
A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this
52 CVE-2026-7832
A security flaw has been discovered in IObit Advanced SystemCare 19. This affect
52 CVE-2026-3484
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d
52 CVE-2026-32896
OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler contains a pass
52 CVE-2026-27605
Chartbrew is an open-source web application that can connect directly to databas
52 CVE-2026-29786
node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be
52 CVE-2025-62718
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.
52 CVE-2026-31014
Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request
52 CVE-2026-33720
n8n is an open source workflow automation platform. Prior to version 2.8.0, when
52 CVE-2026-33724
n8n is an open source workflow automation platform. Prior to version 2.5.0, when
51 CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d
1 / 79 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy