Skip to main content

Security Dashboard

7d 14d 30d 90d
Total CVEs
17679
last 90 days
Avg Priority
34.3
of max 220
KEV
31
actively exploited
POC
2298
public exploits
Unpatched
3539
CRIT/HIGH without patch
How is Priority Score calculated?

Priority Score is a composite risk metric (0-220) combining multiple real-world threat signals:

KEV +50
CISA Known Exploited Vulnerability — confirmed active exploitation in the wild
EPSS x100
Exploit Prediction Scoring System — probability of exploitation in next 30 days (0-100)
CVSS x5
Common Vulnerability Scoring System — technical severity (0-50)
POC +20
Public exploit code exists — lowers barrier for attackers
0-40 Low 40-80 Medium 80-120 High 120+ Critical

Patch Now — Known Exploited Vulnerabilities

141
CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FM
CRITICAL
136
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service o
CRITICAL
133
CVE-2026-41940
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, an
CRITICAL
131
CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows 
HIGH
131
CVE-2026-42897
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
HIGH
129
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to el
HIGH
127
CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a vulnerability that w
CRITICAL
126
CVE-2026-41091
Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
HIGH
124
CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an
CRITICAL
120
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp
CRITICAL

Priority Distribution

CRITICAL HIGH MEDIUM LOW KEV Only POC Only Unpatched CRIT/HIGH
Priority CVE
141 CVE-2026-20131
A vulnerability in the web-based management interface of Cisco Secure Firewall M
131 CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1,
127 CVE-2026-20182
May 2026: This security advisory provides the details and fix information for a
124 CVE-2026-35616
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through
118 CVE-2026-34621
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a
117 CVE-2026-33017
## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b
116 CVE-2026-48027
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver
109 CVE-2026-3502
TrueConf Client downloads application update code and applies it without perform
96 CVE-2025-14558
The rtsol(8) and rtsold(8) programs do not validate the domain search list optio
90 CVE-2026-20079
A vulnerability in the web interface of Cisco Secure Firewall Management Center
74 CVE-2026-39808
A improper neutralization of special elements used in an os command ('os command
71 CVE-2026-24105
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1
70 CVE-2026-28409
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a cr
70 CVE-2026-26478
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012
70 CVE-2026-24107
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the
70 CVE-2026-24101
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_mul
70 CVE-2026-29128
IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration
70 CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice
70 CVE-2026-28411
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an u
70 CVE-2026-28775
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP
69 CVE-2025-50187
Chamilo is a learning management system. Prior to version 1.11.28, parameter fro
69 CVE-2026-3485
A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1
69 CVE-2026-26720
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute ar
69 CVE-2025-66944
SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a r
69 CVE-2026-3584
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al
69 CVE-2026-3703
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_4
69 CVE-2026-27005
Chartbrew is an open-source web application that can connect directly to databas
69 CVE-2026-22891
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing funct
69 CVE-2025-70231
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When proces
69 CVE-2025-46108
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpi
69 CVE-2025-70220
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70222
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70223
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70221
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70219
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formD
69 CVE-2025-70226
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70225
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime para
69 CVE-2025-70232
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70230
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70229
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70218
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the gofo
69 CVE-2025-70233
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70234
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70239
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70240
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70241
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70236
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2025-70237
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para
69 CVE-2026-4183
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected
69 CVE-2026-4184
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulne
69 CVE-2026-4182
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unkn
69 CVE-2026-45185
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable u
69 CVE-2026-28408
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the
69 CVE-2025-66678
An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Wri
69 CVE-2026-24111
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24108
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24109
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24112
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24110
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send over
69 CVE-2026-24114
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pP
69 CVE-2026-24113
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t
69 CVE-2026-24115
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the
69 CVE-2026-24103
A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in
69 CVE-2026-33032
### Summary The nginx-ui MCP (Model Context Protocol) integration exposes two HT
69 CVE-2026-21992
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware
69 CVE-2026-26705
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26709
code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection i
69 CVE-2026-26713
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26702
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26710
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26711
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26712
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f
69 CVE-2026-26708
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26706
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26695
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection i
69 CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26701
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26707
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26696
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection i
69 CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Inj
69 CVE-2026-26704
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection
69 CVE-2026-26694
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in
69 CVE-2025-70821
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceIm
69 CVE-2026-30532
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
69 CVE-2026-30533
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
69 CVE-2026-27012
OpenSTAManager is an open source management software for technical assistance an
69 CVE-2026-30530
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering Syst
68 CVE-2026-28495
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) b
68 CVE-2025-69969
A lack of authentication and authorization mechanisms in the Bluetooth Low Energ
67 CVE-2026-41922
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command in

Oldest Unpatched Critical/High CVEs

CVE Severity CVSS Priority Days Open
CVE-2024-3400 CRITICAL 10.0 224 776d
CVE-2019-19781 CRITICAL 9.8 223 2344d
CVE-2020-5902 CRITICAL 9.8 223 2157d
CVE-2021-35464 CRITICAL 9.8 223 1771d
CVE-2020-10189 CRITICAL 9.8 223 2274d
CVE-2012-4681 CRITICAL 9.8 223 5021d
CVE-2022-42475 CRITICAL 9.8 223 1242d
CVE-2023-3519 CRITICAL 9.8 223 1044d
CVE-2015-7450 CRITICAL 9.8 222 3798d
CVE-2023-34048 CRITICAL 9.8 222 946d
1 / 40 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy