Security Dashboard

7d 14d 30d 90d
Total CVEs
16337
last 90 days
Avg Priority
36.5
of max 220
KEV
37
actively exploited
POC
3564
public exploits
Unpatched
5456
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

194
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for t
CRITICAL
185
CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain
CRITICAL
184
CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability
CRITICAL
180
CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerabil
CRITICAL
170
CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
164
CVE-2026-1281
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated rem
CRITICAL
160
CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that
HIGH
141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
137
CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthen
HIGH
134
CVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credentia
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
185 CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote
184 CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication
180 CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deseri
170 CVE-2026-1340
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve
160 CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypas
141 CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall M
137 CVE-2026-1603
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo
131 CVE-2026-27180
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote co
129 CVE-2026-27174
MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code executi
129 CVE-2022-25369
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new a
128 CVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated
126 CVE-2026-20963
Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
124 CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
123 CVE-2025-71243
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5
117 CVE-2026-33017
## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b
117 CVE-2026-3055
Insufficient input validation in NetScaler ADC and NetScaler Gateway when config
113 CVE-2026-20127
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle
113 CVE-2026-25108
FileZen contains an OS command injection vulnerability. When FileZen Antivirus C
112 CVE-2026-24858
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2
111 CVE-2026-27175
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS comman
109 CVE-2026-20700
A memory corruption issue was addressed with improved state management. This iss
109 CVE-2026-3502
TrueConf Client downloads application update code and applies it without perform
99 CVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker
98 CVE-2026-21509
Reliance on untrusted inputs in a security decision in Microsoft Office allows a
98 CVE-2026-21510
Protection mechanism failure in Windows Shell allows an unauthorized attacker to
96 CVE-2025-14558
The rtsol(8) and rtsold(8) programs do not validate the domain search list optio
93 CVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word all
92 CVE-2026-21519
Access of resource using incompatible type ('type confusion') in Desktop Window
92 CVE-2026-20045
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unif
92 CVE-2026-21533
Improper privilege management in Windows Remote Desktop allows an authorized att
90 CVE-2026-20079
A vulnerability in the web interface of Cisco Secure Firewall Management Center
87 CVE-2016-15057
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used
87 CVE-2025-69516
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/template
81 CVE-2020-37123
Pinger 1.0 contains a remote code execution vulnerability that allows attackers
73 CVE-2026-3301
A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affe
72 CVE-2019-25441
thesystem 1.0 contains a command injection vulnerability that allows unauthentic
71 CVE-2025-70327
TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerabi
71 CVE-2026-24105
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1
71 CVE-2025-29329
Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom
70 CVE-2020-37125
Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability th
70 CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a cr
70 CVE-2026-26478
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012
70 CVE-2025-10878
A SQL injection vulnerability exists in the login functionality of Fikir Odalari
70 CVE-2026-24101
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_mul
70 CVE-2026-24107
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the
70 CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated
70 CVE-2022-50919
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in
70 CVE-2022-50893
VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution v
70 CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/wor
70 CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration
70 CVE-2020-37090
School ERP Pro 1.0 contains a file upload vulnerability that allows students to
70 CVE-2025-65791
ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php. T
70 CVE-2025-67186
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability
70 CVE-2020-36911
Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows
70 CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice
70 CVE-2026-28411
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an u
70 CVE-2023-54339
Webgrind 1.1 contains a remote command execution vulnerability that allows unaut
70 CVE-2020-37027
Sickbeard alpha contains a remote command injection vulnerability that allows un
70 CVE-2021-47851
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows atta
70 CVE-2025-69985
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to
70 CVE-2020-37002
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote
70 CVE-2026-28775
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP
70 CVE-2025-67188
A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B2021011
70 CVE-2025-67084
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated att
70 CVE-2025-55423
A command injection vulnerability exists in the upnp_relay() function in multipl
70 CVE-2025-70982
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows
70 CVE-2023-54329
Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability
70 CVE-2020-37071
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allo
70 CVE-2021-47748
Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows
69 CVE-2025-66802
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote
69 CVE-2022-50910
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot
69 CVE-2025-69763
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the
69 CVE-2025-69762
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the
69 CVE-2025-69766
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the fo
69 CVE-2023-54335
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows att
69 CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter fro
69 CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1
69 CVE-2023-54330
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer over
69 CVE-2020-37094
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to
69 CVE-2020-37186
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows
69 CVE-2019-25321
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers
69 CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute ar
69 CVE-2020-36967
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the li
69 CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and pr
69 CVE-2025-70150
CodeAstro Membership Management System 1.0 contains a missing authentication vul
69 CVE-2020-37012
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthe
69 CVE-2023-7334
Changjetong T+ versions up to and including 16.x contain a .NET deserialization
69 CVE-2025-70457
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Imag
69 CVE-2020-37082
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows
69 CVE-2020-36948
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module th

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 730d
CVE-2019-19781 CRITICAL 9.8 223 2298d
CVE-2020-5902 CRITICAL 9.8 223 2111d
CVE-2021-35464 CRITICAL 9.8 223 1724d
CVE-2020-10189 CRITICAL 9.8 223 2227d
CVE-2012-4681 CRITICAL 9.8 223 4975d
CVE-2022-42475 CRITICAL 9.8 223 1196d
CVE-2023-3519 CRITICAL 9.8 223 997d
CVE-2015-7450 CRITICAL 9.8 222 3752d
CVE-2023-34048 CRITICAL 9.8 222 899d
1 / 61 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy