Base des vulnérabilités à forte valeur suivies et priorisées par FactualRisk (KEV, P0/P1, exploitées dans la nature, EPSS élevé). Chaque fiche reste accessible en permanence et est mise à jour à chaque collecte.
| CVE | Produit | CVSS | Prio | KEV |
| CVE-2026-20182 | Cisco Catalyst SD-WAN | 10.0 | P0 | KEV |
| CVE-2024-1212 | Progress Kemp LoadMaster | 10.0 | P0 | KEV |
| CVE-2024-3400 | Palo Alto Networks PAN-OS | 10.0 | P0 | KEV |
| CVE-2023-46604 | Apache ActiveMQ | 10.0 | P0 | KEV |
| CVE-2023-20198 | Cisco IOS XE Web UI | 10.0 | P0 | KEV |
| CVE-2026-10520 | Ivanti Sentry | 10.0 | P0 | KEV |
| CVE-2026-34910 | Ubiquiti UniFi OS | 10.0 | P0 | KEV |
| CVE-2026-34909 | Ubiquiti UniFi OS | 10.0 | P0 | KEV |
| CVE-2026-34908 | Ubiquiti UniFi OS | 10.0 | P0 | KEV |
| CVE-2026-48558 | SimpleHelp SimpleHelp | 10.0 | P0 | KEV |
| CVE-2026-48282 | Adobe ColdFusion | 10.0 | P0 | KEV |
| CVE-2026-15409 | SonicWall SMA1000 Appliances | 10.0 | P0 | KEV |
| CVE-2026-55255 | Langflow Langflow | 9.9 | P0 | KEV |
| CVE-2026-48752 | go github.com/lxc/incus/v7/cmd/incusd | 9.9 | P0 | |
| CVE-2026-48027 | Nx Nx Console | 9.8 | P0 | KEV |
| CVE-2026-8398 | Daemon Daemon Tools Lite | 9.8 | P0 | KEV |
| CVE-2026-48172 | LiteSpeed cPanel Plugin | 9.8 | P0 | KEV |
| CVE-2026-9082 | Drupal Core | 9.8 | P0 | KEV |
| CVE-2008-4250 | Microsoft Windows | 9.8 | P0 | KEV |
| CVE-2026-42208 | BerriAI LiteLLM | 9.8 | P0 | KEV |
| CVE-2026-0300 | Palo Alto Networks PAN-OS | 9.8 | P0 | KEV |
| CVE-2024-21413 | Microsoft Office Outlook | 9.8 | P0 | KEV |
| CVE-2023-29357 | Microsoft SharePoint Server | 9.8 | P0 | KEV |
| CVE-2023-22518 | Atlassian Confluence Data Center and Serve | 9.8 | P0 | KEV |
| CVE-2023-22515 | Atlassian Confluence Data Center and Serve | 9.8 | P0 | KEV |
| CVE-2023-42793 | JetBrains TeamCity | 9.8 | P0 | KEV |
| CVE-2023-3519 | Citrix NetScaler ADC and NetScaler Gateway | 9.8 | P0 | KEV |
| CVE-2023-27997 | Fortinet FortiOS and FortiProxy SSL-VPN | 9.8 | P0 | KEV |
| CVE-2023-34362 | Progress MOVEit Transfer | 9.8 | P0 | KEV |
| CVE-2023-23397 | Microsoft Office | 9.8 | P0 | KEV |
| CVE-2022-47966 | Zoho ManageEngine | 9.8 | P0 | KEV |
| CVE-2022-42475 | Fortinet FortiOS | 9.8 | P0 | KEV |
| CVE-2022-40684 | Fortinet Multiple Products | 9.8 | P0 | KEV |
| CVE-2026-45247 | Mirasvit Mirasvit Full Page Cache Warmer | 9.8 | P0 | KEV |
| CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools | 9.8 | P0 | KEV |
| CVE-2026-48907 | Widget Factory Joomla Content Editor | 9.8 | P0 | KEV |
| CVE-2026-20253 | Splunk Enterprise | 9.8 | P0 | KEV |
| CVE-2025-67038 | Lantronix EDS5000 | 9.8 | P0 | KEV |
| CVE-2026-9698 | Ubuntu | 9.8 | P0 | |
| CVE-2026-12569 | PTC Windchill and FlexPLM | 9.8 | P0 | KEV |
| CVE-2026-42601 | pip archivebox | 9.8 | P0 | |
| CVE-2026-48908 | JoomShaper SP Page Builder | 9.8 | P0 | KEV |
| CVE-2026-56290 | Joomlack Page Builder | 9.8 | P0 | KEV |
| CVE-2026-56291 | Balbooa Forms | 9.8 | P0 | KEV |
| CVE-2026-48939 | iCagenda iCagenda | 9.8 | P0 | KEV |
| CVE-2026-46817 | Oracle E-Business Suite | 9.8 | P0 | KEV |
| CVE-2026-58644 | Microsoft SharePoint | 9.8 | P0 | KEV |
| CVE-2026-25089 | Fortinet FortiSandbox | 9.8 | P0 | KEV |
| CVE-2026-39808 | Fortinet FortiSandbox | 9.8 | P0 | KEV |
| CVE-2026-45321 | TanStack TanStack | 9.6 | P0 | KEV |
| CVE-2026-48519 | pip langflow | 9.6 | P0 | |
| CVE-2023-4966 | Citrix NetScaler ADC and NetScaler Gateway | 9.4 | P0 | KEV |
| CVE-2026-50751 | Check Point Security Gateway | 9.3 | P0 | KEV |
| CVE-2026-0257 | Palo Alto Networks PAN-OS | 9.1 | P0 | KEV |
| CVE-2024-21887 | Ivanti Connect Secure and Policy Secure | 9.1 | P0 | KEV |
| CVE-2026-34182 | Ubuntu | 9.1 | P0 | |
| CVE-2026-53486 | npm @xhmikosr/decompress | 9.1 | P0 | |
| CVE-2026-53512 | npm better-auth | 9.1 | P0 | |
| CVE-2026-11386 | Ubuntu | 9.0 | P0 | |
| CVE-2025-34291 | Langflow Langflow | 8.8 | P0 | KEV |
| CVE-2009-1537 | Microsoft DirectX | 8.8 | P0 | KEV |
| CVE-2009-3459 | Adobe Acrobat and Reader | 8.8 | P0 | KEV |
| CVE-2010-0249 | Microsoft Internet Explorer | 8.8 | P0 | KEV |
| CVE-2010-0806 | Microsoft Internet Explorer | 8.8 | P0 | KEV |
| CVE-2017-6742 | Cisco IOS and IOS XE Software | 8.8 | P0 | KEV |
| CVE-2026-42271 | BerriAI LiteLLM | 8.8 | P0 | KEV |
| CVE-2026-35044 | pip bentoml | 8.8 | P0 | |
| CVE-2026-11645 | Google Chromium V8 | 8.8 | P0 | KEV |
| CVE-2026-46612 | go github.com/fission/fission | 8.8 | P0 | |
| CVE-2026-47162 | Ubuntu | 8.8 | P0 | |
| CVE-2026-12244 | Ubuntu | 8.8 | P0 | |
| CVE-2026-55698 | npm pnpm | 8.8 | P0 | |
| CVE-2026-45659 | Microsoft SharePoint Server | 8.8 | P0 | KEV |
| CVE-2026-47300 | Ubuntu | 8.8 | P0 | |
| CVE-2026-41241 | pip pretalx | 8.7 | P0 | |
| CVE-2026-49259 | composer nukeviet/nukeviet | 8.7 | P0 | |
| CVE-2024-20353 | Cisco Adaptive Security Appliance (ASA) an | 8.6 | P0 | KEV |
| CVE-2026-20230 | Cisco Unified Communications Manager | 8.6 | P0 | KEV |
| CVE-2026-54420 | LiteSpeed cPanel Plugin | 8.5 | P0 | KEV |
| CVE-2026-45414 | rubygems decidim | 8.5 | P0 | |
| CVE-2025-48595 | Android Framework | 8.4 | P0 | KEV |
| CVE-2026-49229 | npm @actual-app/sync-server | 8.3 | P0 | |
| CVE-2023-46805 | Ivanti Connect Secure and Policy Secure | 8.2 | P0 | KEV |
| CVE-2026-44016 | pip docling | 8.2 | P0 | |
| CVE-2026-42897 | Microsoft Microsoft | 8.1 | P0 | KEV |
| CVE-2024-21412 | Microsoft Windows | 8.1 | P0 | KEV |
| CVE-2026-47740 | composer shopper/framework | 8.1 | P0 | |
| CVE-2026-44249 | maven io.netty:netty-handler | 8.1 | P0 | |
| CVE-2026-53849 | npm openclaw | 8.1 | P0 | |
| CVE-2026-53857 | npm openclaw | 8.1 | P0 | |
| CVE-2026-12246 | Ubuntu | 8.1 | P0 | |
| CVE-2026-49340 | go go.senan.xyz/gonic | 8.1 | P0 | |
| CVE-2026-49286 | composer pontedilana/php-weasyprint | 8.1 | P0 | |
| CVE-2026-56123 | Ubuntu | 8.1 | P0 | |
| CVE-2026-53932 | composer wnx/laravel-backup-restore | 8.0 | P0 | |
| CVE-2026-41091 | Microsoft Defender | 7.8 | P0 | KEV |
| CVE-2023-38831 | RARLAB WinRAR | 7.8 | P0 | KEV |
| CVE-2022-30190 | Microsoft Windows | 7.8 | P0 | KEV |
| CVE-2022-0492 | Linux Kernel | 7.8 | P0 | KEV |
| CVE-2026-47331 | Ubuntu | 7.8 | P0 | |
| CVE-2026-20245 | Cisco Catalyst SD-WAN Manager | 7.8 | P0 | KEV |
| CVE-2026-55693 | Ubuntu | 7.8 | P0 | |
| CVE-2026-56155 | Microsoft Active Directory Federation Serv | 7.8 | P0 | KEV |
| CVE-2026-59856 | Ubuntu | 7.8 | P0 | |
| CVE-2026-47260 | composer phanan/koel | 7.7 | P0 | |
| CVE-2026-54018 | pip open-webui | 7.7 | P0 | |
| CVE-2026-45337 | npm better-auth | 7.6 | P0 | |
| CVE-2026-9809 | composer mautic/core | 7.6 | P0 | |
| CVE-2024-21182 | Oracle WebLogic Server | 7.5 | P0 | KEV |
| CVE-2023-44487 | IETF HTTP/2 | 7.5 | P0 | KEV |
| CVE-2023-27532 | Veeam Backup & Replication | 7.5 | P0 | KEV |
| CVE-2022-27924 | Synacor Zimbra Collaboration Suite (ZCS) | 7.5 | P0 | KEV |
| CVE-2026-41292 | Ubuntu | 7.5 | P0 | |
| CVE-2026-42959 | Ubuntu | 7.5 | P0 | |
| CVE-2026-44017 | pip docling | 7.5 | P0 | |
| CVE-2026-43891 | pip changedetection.io | 7.5 | P0 | |
| CVE-2026-28318 | SolarWinds Serv-U | 7.5 | P0 | KEV |
| CVE-2025-10156 | pip picklescan | 7.5 | P0 | |
| CVE-2026-44439 | pip PlaywrightCapture | 7.5 | P0 | |
| CVE-2026-47736 | rubygems puma | 7.5 | P0 | |
| CVE-2026-44316 | go github.com/free5gc/pcf | 7.5 | P0 | |
| CVE-2026-34180 | Ubuntu | 7.5 | P0 | |
| CVE-2026-49975 | Ubuntu | 7.5 | P0 | |
| CVE-2026-45591 | Ubuntu | 7.5 | P0 | |
| CVE-2026-12151 | npm undici | 7.5 | P0 | |
| CVE-2026-46862 | Ubuntu | 7.5 | P0 | |
| CVE-2026-46863 | Ubuntu | 7.5 | P0 | |
| CVE-2026-55697 | npm pnpm | 7.5 | P0 | |
| CVE-2026-44937 | go github.com/rancher/fleet | 7.5 | P0 | |
| CVE-2026-41992 | Ubuntu | 7.5 | P0 | |
| CVE-2026-20213 | Ubuntu | 7.5 | P0 | |
| CVE-2026-20214 | Ubuntu | 7.5 | P0 | |
| CVE-2026-58469 | Ubuntu | 7.5 | P0 | |
| CVE-2023-4346 | KNX Association KNX Protocol Connection Au | 7.5 | P0 | KEV |
| CVE-2026-47302 | Ubuntu | 7.5 | P0 | |
| CVE-2026-44511 | rubygems katalyst-koi | 7.4 | P0 | |
| CVE-2026-54783 | nuget CoreWCF.Primitives | 7.4 | P0 | |
| CVE-2025-9906 | pip keras | 7.3 | P0 | |
| CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) | 7.2 | P0 | KEV |
| CVE-2023-20273 | Cisco Cisco IOS XE Web UI | 7.2 | P0 | KEV |
| CVE-2023-0669 | Fortra GoAnywhere MFT | 7.2 | P0 | KEV |
| CVE-2026-41567 | go github.com/moby/moby/v2 | 7.2 | P0 | |
| CVE-2026-15410 | SonicWall SMA1000 Appliances | 7.2 | P0 | KEV |
| CVE-2026-49338 | go go.senan.xyz/gonic | 7.1 | P0 | |
| CVE-2026-49339 | go go.senan.xyz/gonic | 7.1 | P0 | |
| CVE-2026-49284 | composer simplesamlphp/simplesamlphp | 7.1 | P0 | |
| CVE-2026-35341 | rust uu_mkfifo | 7.1 | P0 | |
| CVE-2026-54491 | composer phanan/koel | 7.1 | P0 | |
| CVE-2026-54321 | go github.com/daytonaio/daytona | 7.0 | P0 | |
| CVE-2026-58050 | Ubuntu | 7.0 | P0 | |
| CVE-2026-49271 | Ubuntu | 6.5 | P0 | |
| CVE-2025-15661 | Ubuntu | 6.5 | P0 | |
| CVE-2026-58051 | Ubuntu | 6.5 | P0 | |
| CVE-2026-14324 | Ubuntu | 6.5 | P0 | |
| CVE-2026-45491 | Ubuntu | 6.2 | P0 | |
| CVE-2026-50229 | Ubuntu | 6.1 | P0 | |
| CVE-2023-20269 | Cisco Adaptive Security Appliance and Fire | 5.0 | P0 | KEV |
| CVE-2008-4128 | Cisco IOS | 4.3 | P0 | KEV |
| CVE-2022-1388 | F5 BIG-IP | 0.0 | P0 | KEV |
| CVE-2022-29464 | WSO2 Multiple Products | 0.0 | P0 | KEV |
| CVE-2022-24682 | Synacor Zimbra Collaborate Suite (ZCS) | 0.0 | P0 | KEV |
| CVE-2022-0609 | Google Chromium Animation | 0.0 | P0 | KEV |
| CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN software | 0.0 | P0 | KEV |
| CVE-2021-44228 | Apache Log4j2 | 0.0 | P0 | KEV |
| CVE-2021-44077 | Zoho ManageEngine ServiceDesk Plus (SDP) / | 0.0 | P0 | KEV |
| CVE-2021-42321 | Microsoft Exchange | 0.0 | P0 | KEV |
| CVE-2021-27104 | Accellion FTA | 0.0 | P0 | KEV |
| CVE-2021-26084 | Atlassian Confluence Server and Data Cente | 0.0 | P0 | KEV |
| CVE-2019-3396 | Atlassian Confluence Server and Data Serve | 0.0 | P0 | KEV |
| CVE-2018-0171 | Cisco IOS and IOS XE | 0.0 | P0 | KEV |
| CVE-2019-19781 | Citrix Application Delivery Controller (AD | 0.0 | P0 | KEV |
| CVE-2021-22205 | GitLab Community and Enterprise Editions | 0.0 | P0 | KEV |
| CVE-2021-22986 | F5 BIG-IP and BIG-IQ Centralized Managemen | 0.0 | P0 | KEV |
| CVE-2020-17144 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2021-34523 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2020-0688 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2021-34473 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2021-34527 | Microsoft Windows | 0.0 | P0 | KEV |
| CVE-2021-31207 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2021-26411 | Microsoft Internet Explorer | 0.0 | P0 | KEV |
| CVE-2021-40444 | Microsoft MSHTML | 0.0 | P0 | KEV |
| CVE-2017-0199 | Microsoft Office and WordPad | 0.0 | P0 | KEV |
| CVE-2020-1472 | Microsoft Netlogon | 0.0 | P0 | KEV |
| CVE-2021-26855 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2021-26858 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2021-27065 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2019-0604 | Microsoft SharePoint | 0.0 | P0 | KEV |
| CVE-2021-26857 | Microsoft Exchange Server | 0.0 | P0 | KEV |
| CVE-2019-11510 | Ivanti Pulse Connect Secure | 0.0 | P0 | KEV |
| CVE-2021-20016 | SonicWall SSLVPN SMA100 | 0.0 | P0 | KEV |
| CVE-2021-22005 | VMware vCenter Server | 0.0 | P0 | KEV |
| CVE-2021-21985 | VMware vCenter Server | 0.0 | P0 | KEV |
| CVE-2020-4006 | VMware Multiple Products | 0.0 | P0 | KEV |
| CVE-2020-10189 | Zoho ManageEngine | 0.0 | P0 | KEV |
| CVE-2023-25574 | pip jupyterhub-ltiauthenticator | 10.0 | P1 | |
| CVE-2026-47668 | npm dbgate-serve | 10.0 | P1 | |
| CVE-2025-14009 | pip nltk | 10.0 | P1 | |
| CVE-2026-44329 | go github.com/free5gc/smf | 10.0 | P1 | |
| CVE-2026-43898 | npm @nyariv/sandboxjs | 10.0 | P1 | |
| CVE-2026-45087 | go github.com/hahwul/dalfox/v2 | 10.0 | P1 | |
| CVE-2026-44330 | go github.com/free5gc/nef | 10.0 | P1 | |
| CVE-2026-44327 | go github.com/free5gc/nef | 10.0 | P1 | |
| CVE-2026-46695 | pip boxlite | 10.0 | P1 | |
| CVE-2026-47140 | npm vm2 | 10.0 | P1 | |
| CVE-2026-47137 | npm vm2 | 10.0 | P1 | |
| CVE-2026-47208 | npm vm2 | 10.0 | P1 | |
| CVE-2026-47131 | npm vm2 | 10.0 | P1 | |
| CVE-2026-54309 | npm n8n | 10.0 | P1 | |
| CVE-2026-3490 | pip picklescan | 10.0 | P1 | |
| CVE-2026-54782 | nuget CoreWCF.Primitives | 10.0 | P1 | |
| CVE-2026-54350 | npm @budibase/server | 10.0 | P1 | |
| CVE-2026-52813 | go gogs.io/gogs | 10.0 | P1 | |
| CVE-2026-46595 | go golang.org/x/crypto | 10.0 | P1 | |
| CVE-2026-49257 | pip mcp-pinot-server | 10.0 | P1 | |
| CVE-2026-27597 | npm @enclave-vm/core | 10.0 | P1 | |
| CVE-2026-54769 | pip langroid | 10.0 | P1 | |
| CVE-2026-52831 | go github.com/nuclio/nuclio | 10.0 | P1 | |
| CVE-2026-54159 | composer prestashop/ps_facetedsearch | 10.0 | P1 | |
| CVE-2026-47392 | pip praisonaiagents | 9.9 | P1 | |
| CVE-2026-47744 | composer shopper/framework | 9.9 | P1 | |
| CVE-2026-33309 | pip langflow | 9.9 | P1 | |
| CVE-2026-44477 | go github.com/cloudnative-pg/cloudnative-p | 9.9 | P1 | |
| CVE-2026-48030 | composer pheditor/pheditor | 9.9 | P1 | |
| CVE-2026-54310 | npm n8n | 9.9 | P1 | |
| CVE-2026-54305 | npm n8n | 9.9 | P1 | |
| CVE-2026-54051 | npm network-ai | 9.9 | P1 | |
| CVE-2026-44179 | maven com.xwiki.pro:xwiki-pro-macros | 9.9 | P1 | |
| CVE-2025-58048 | composer paymenter/paymenter | 9.9 | P1 | |
| CVE-2026-52806 | go gogs.io/gogs | 9.9 | P1 | |
| CVE-2026-55166 | pip lemur | 9.9 | P1 | |
| CVE-2026-46716 | go github.com/nezhahq/nezha | 9.9 | P1 | |
| CVE-2026-49252 | npm @deepstream/server | 9.9 | P1 | |
| CVE-2026-48769 | go github.com/lxc/incus/v7/cmd/incusd | 9.9 | P1 | |
| CVE-2026-48755 | go github.com/lxc/incus/v7/cmd/incusd | 9.9 | P1 | |
| CVE-2026-48753 | go github.com/lxc/incus/v7/cmd/incusd | 9.9 | P1 | |
| CVE-2026-48751 | go github.com/lxc/incus/v7/cmd/incusd | 9.9 | P1 | |
| CVE-2026-48750 | go github.com/lxc/incus/v7/cmd/incusd | 9.9 | P1 | |
| CVE-2026-48749 | go github.com/lxc/incus/v7/cmd/incusd | 9.9 | P1 | |
| CVE-2026-50566 | go github.com/fission/fission | 9.9 | P1 | |
| CVE-2026-50564 | go github.com/fission/fission | 9.9 | P1 | |
| CVE-2026-50563 | go github.com/fission/fission | 9.9 | P1 | |
| CVE-2026-50545 | go github.com/fission/fission | 9.9 | P1 | |
| CVE-2026-7374 | go kubevirt.io/kubevirt | 9.9 | P1 | |
| CVE-2026-29090 | pip rucio | 9.9 | P1 | |
| CVE-2026-29080 | pip rucio | 9.9 | P1 | |
| CVE-2026-44935 | go github.com/rancher/fleet | 9.9 | P1 | |
| CVE-2026-9559 | composer mautic/core | 9.9 | P1 | |
| CVE-2026-9558 | composer mautic/core | 9.9 | P1 | |
| CVE-2026-55500 | npm 9router | 9.9 | P1 | |
| CVE-2026-50551 | go github.com/siyuan-note/siyuan/kernel | 9.9 | P1 | |
| CVE-2026-54158 | go github.com/siyuan-note/siyuan/kernel | 9.9 | P1 | |
| CVE-2026-54067 | go github.com/siyuan-note/siyuan/kernel | 9.9 | P1 | |
| CVE-2026-61667 | pip DIRAC | 9.9 | P1 | |
| CVE-2026-45579 | pip DIRAC | 9.9 | P1 | |
| CVE-2026-41283 | pip mistral | 9.9 | P1 | |
| CVE-2026-54052 | npm n8n-mcp | 9.9 | P1 | |
| CVE-2026-45262 | composer facturascripts/facturascripts | 9.9 | P1 | |
| CVE-2026-47429 | npm vitest | 9.8 | P1 | |
| CVE-2026-46614 | go github.com/fission/fission | 9.8 | P1 | |
| CVE-2026-47410 | pip praisonai-platform | 9.8 | P1 | |
| CVE-2026-47391 | pip PraisonAI | 9.8 | P1 | |
| CVE-2026-47393 | pip PraisonAI | 9.8 | P1 | |
| CVE-2026-47396 | pip PraisonAI | 9.8 | P1 | |
| CVE-2026-8838 | pip redshift-connector | 9.8 | P1 | |
| CVE-2026-44180 | pip jupyter_enterprise_gateway | 9.8 | P1 | |
| CVE-2026-31072 | pip apscheduler | 9.8 | P1 | |
| CVE-2026-47323 | maven org.apache.camel:camel-cxf-rest | 9.8 | P1 | |
| CVE-2026-35490 | pip changedetection.io | 9.8 | P1 | |
| CVE-2025-67895 | pip apache-airflow-providers-edge3 | 9.8 | P1 | |
| CVE-2023-25693 | pip apache-airflow-providers-apache-sqoop | 9.8 | P1 | |
| CVE-2024-39236 | pip Gradio | 9.8 | P1 | |
| CVE-2024-42835 | pip langflow | 9.8 | P1 | |
| CVE-2026-35171 | pip kedro | 9.8 | P1 | |
| CVE-2018-1000620 | npm cryptiles | 9.8 | P1 | |
| CVE-2026-26956 | npm vm2 | 9.8 | P1 | |
| CVE-2024-9053 | pip vllm | 9.8 | P1 | |
| CVE-2026-32640 | pip simpleeval | 9.8 | P1 | |
| CVE-2026-38360 | pip dash-uploader | 9.8 | P1 | |
| CVE-2026-46364 | composer thorsten/phpmyfaq | 9.8 | P1 | |
| CVE-2026-45083 | maven io.goobi.viewer:viewer-core | 9.8 | P1 | |
| CVE-2018-7750 | pip paramiko | 9.8 | P1 | |
| CVE-2026-33728 | maven com.datadoghq:dd-java-agent | 9.8 | P1 | |
| CVE-2026-42074 | npm openclaude | 9.8 | P1 | |
| CVE-2020-36962 | pip tendenci | 9.8 | P1 | |
| CVE-2026-24178 | pip nvflare | 9.8 | P1 | |
| CVE-2024-34252 | pip pywasm3 | 9.8 | P1 | |
| CVE-2024-34249 | pip pywasm3 | 9.8 | P1 | |
| CVE-2024-30564 | npm @andrei-tatar/nora-firebase-common | 9.8 | P1 | |
| CVE-2026-48062 | composer codeigniter4/framework | 9.8 | P1 | |
| CVE-2026-47210 | npm vm2 | 9.8 | P1 | |
| CVE-2026-53633 | npm @vitest/browser | 9.8 | P1 | |
| CVE-2026-53753 | pip crawl4ai | 9.8 | P1 | |
| CVE-2026-49980 | go github.com/rclone/rclone | 9.8 | P1 | |
| CVE-2025-71323 | pip picklescan | 9.8 | P1 | |
| CVE-2026-53873 | pip picklescan | 9.8 | P1 | |
| CVE-2026-32966 | maven org.apache.dolphinscheduler:dolphins | 9.8 | P1 | |
| CVE-2026-47103 | pip python-statemachine | 9.8 | P1 | |
| CVE-2026-0755 | npm gemini-mcp-tool | 9.8 | P1 | |
| CVE-2025-65719 | npm kubectl-mcp-server | 9.8 | P1 | |
| CVE-2019-0219 | npm cordova-plugin-inappbrowser | 9.8 | P1 | |
| CVE-2019-15609 | npm kill-port-process | 9.8 | P1 | |
| CVE-2026-30120 | npm remotion | 9.8 | P1 | |
| CVE-2026-56266 | pip crawl4ai | 9.8 | P1 | |
| CVE-2026-33815 | go github.com/jackc/pgx/v5 | 9.8 | P1 | |
| CVE-2026-44024 | rubygems fluentd | 9.8 | P1 | |
| CVE-2026-44930 | maven org.apache.cxf.services.xkms:cxf-ser | 9.8 | P1 | |
| CVE-2026-48207 | pip pyfory | 9.8 | P1 | |
| CVE-2026-47117 | pip openmed | 9.8 | P1 | |
| CVE-2015-1778 | maven org.opendaylight.odlparent:opendayli | 9.8 | P1 | |
| CVE-2018-25357 | composer dolibarr/dolibarr | 9.8 | P1 | |
| CVE-2020-36326 | composer phpmailer/phpmailer | 9.8 | P1 | |
| CVE-2026-25879 | pip langroid | 9.8 | P1 | |
| CVE-2025-46724 | pip langroid | 9.8 | P1 | |
| CVE-2026-50027 | pip mcp-memory-service | 9.8 | P1 | |
| CVE-2022-46337 | maven org.apache.derby:derby | 9.8 | P1 | |
| CVE-2016-4000 | maven org.python:jython-standalone | 9.8 | P1 | |
| CVE-2026-49352 | npm 9router | 9.8 | P1 | |
| CVE-2026-54617 | maven pro.gravit.launcher:launchserver-api | 9.8 | P1 | |
| CVE-2025-8077 | go github.com/neuvector/neuvector | 9.8 | P1 | |
| CVE-2026-9097 | go github.com/casdoor/casdoor | 9.8 | P1 | |
| CVE-2026-9093 | go github.com/casdoor/casdoor | 9.8 | P1 | |
| CVE-2025-65896 | pip asyncmy | 9.8 | P1 | |
| CVE-2020-7629 | npm install-package | 9.8 | P1 | |
| CVE-2020-7630 | npm git-add-remote | 9.8 | P1 | |
| CVE-2020-7627 | npm node-key-sender | 9.8 | P1 | |
| CVE-2020-7625 | npm op-browser | 9.8 | P1 | |
| CVE-2020-7626 | npm karma-mojo | 9.8 | P1 | |
| CVE-2020-7621 | npm strong-nginx-controller | 9.8 | P1 | |
| CVE-2020-7623 | npm jscover | 9.8 | P1 | |
| CVE-2020-7646 | npm curlrequest | 9.8 | P1 | |
| CVE-2020-7619 | npm get-git-data | 9.8 | P1 | |
| CVE-2019-6446 | pip numpy | 9.8 | P1 | |
| CVE-2026-26190 | go github.com/milvus-io/milvus | 9.8 | P1 | |
| CVE-2024-9701 | pip kedro | 9.8 | P1 | |
| CVE-2016-10131 | composer bcit-ci/codeigniter | 9.8 | P1 | |
| CVE-2024-2952 | pip litellm | 9.8 | P1 | |
| CVE-2023-36188 | pip langchain | 9.8 | P1 | |
| CVE-2020-36645 | go github.com/square/squalor | 9.8 | P1 | |
| CVE-2024-23827 | go github.com/0xJacky/Nginx-UI | 9.8 | P1 | |
| CVE-2026-52889 | composer verbb/formie | 9.8 | P1 | |
| CVE-2026-59800 | npm 9router | 9.8 | P1 | |
| CVE-2026-1114 | pip lollms | 9.8 | P1 | |
| CVE-2026-54334 | pip uefi-firmware | 9.8 | P1 | |
| CVE-2026-54333 | pip uefi-firmware | 9.8 | P1 | |
| CVE-2022-32511 | rubygems jmespath | 9.8 | P1 | |
| CVE-2026-52778 | composer yeswiki/yeswiki | 9.8 | P1 | |
| CVE-2026-9094 | go github.com/casdoor/casdoor | 9.8 | P1 | |
| CVE-2026-47065 | maven org.apache.mina:mina-core | 9.8 | P1 | |
| CVE-2026-55579 | composer pheditor/pheditor | 9.8 | P1 | |
| CVE-2026-22778 | pip vllm | 9.8 | P1 | |
| CVE-2025-47277 | pip vllm | 9.8 | P1 | |
| CVE-2026-49468 | pip litellm | 9.8 | P1 | |
| CVE-2026-47413 | pip praisonai-platform | 9.6 | P1 | |
| CVE-2026-47428 | npm @vitest/browser | 9.6 | P1 | |
| CVE-2026-47416 | pip praisonai-platform | 9.6 | P1 | |
| CVE-2026-42087 | rubygems openc3 | 9.6 | P1 | |
| CVE-2026-2611 | pip mlflow | 9.6 | P1 | |
| CVE-2026-2587 | maven org.glassfish.main.admingui:admingui | 9.6 | P1 | |
| CVE-2025-30215 | go github.com/nats-io/nats-server/v2 | 9.6 | P1 | |
| CVE-2026-45758 | pip guardrails-ai | 9.6 | P1 | |
| CVE-2026-42557 | pip jupyterlab | 9.6 | P1 | |
| CVE-2026-46703 | pip boxlite | 9.6 | P1 | |
| CVE-2026-54307 | npm n8n | 9.6 | P1 | |
| CVE-2026-55518 | rubygems avo | 9.6 | P1 | |
| CVE-2026-55742 | composer cotonti/cotonti | 9.6 | P1 | |
| CVE-2026-55447 | pip langflow | 9.6 | P1 | |
| CVE-2026-54458 | composer WWBN/AVideo | 9.6 | P1 | |
| CVE-2023-25313 | composer wwbn/avideo | 9.6 | P1 | |
| CVE-2026-33646 | rust mise | 9.6 | P1 | |
| CVE-2026-54352 | npm @budibase/server | 9.6 | P1 | |
| CVE-2024-22416 | pip pyload-ng | 9.6 | P1 | |
| CVE-2026-53943 | npm ghost | 9.6 | P1 | |
| CVE-2026-44939 | go github.com/rancher/rancher | 9.6 | P1 | |
| CVE-2026-57168 | maven io.openremote:openremote-manager | 9.6 | P1 | |
| CVE-2026-53513 | npm @better-auth/sso | 9.6 | P1 | |
| CVE-2026-53552 | go github.com/zhenorzz/goploy | 9.6 | P1 | |
| CVE-2026-53649 | go github.com/BishopFox/joro | 9.6 | P1 | |
| CVE-2026-27771 | go code.gitea.io/gitea | 8.2 | P1 | |
| CVE-2020-13935 | maven org.apache.tomcat:tomcat | 7.5 | P1 | |
| CVE-2020-11996 | maven org.apache.tomcat:tomcat | 7.5 | P1 | |
| CVE-2023-24998 | maven commons-fileupload:commons-fileuploa | 7.5 | P1 | |
| CVE-2026-20262 | Cisco Catalyst SD-WAN Manager | 6.5 | P1 | KEV |
| CVE-2026-48681 | Ubuntu | 5.9 | P1 | |
| CVE-2026-55199 | Ubuntu | 5.9 | P1 | |
| CVE-2026-7473 | Arista Extensible Operating System | 5.8 | P1 | KEV |
| CVE-2026-46447 | Ubuntu | 5.8 | P1 | |
| CVE-2026-47335 | Ubuntu | 5.5 | P1 | |
| CVE-2026-14330 | Ubuntu | 5.5 | P1 | |
| CVE-2026-59857 | Ubuntu | 5.5 | P1 | |
| CVE-2026-9494 | Ubuntu | 5.5 | P1 | |
| CVE-2026-47167 | Ubuntu | 5.3 | P1 | |
| CVE-2026-56164 | Microsoft SharePoint Server | 5.3 | P1 | KEV |
| CVE-2026-41991 | Ubuntu | 4.7 | P1 | |
| CVE-2026-59995 | Ubuntu | 4.2 | P1 | |
| CVE-2026-59996 | Ubuntu | 4.2 | P1 | |
| CVE-2026-45498 | Microsoft Defender | 4.0 | P1 | KEV |
| CVE-2026-37982 | maven org.keycloak:keycloak-services | 6.8 | P2 | |
| CVE-2026-55885 | composer getgrav/grav | 6.8 | P2 | |
| CVE-2026-9802 | maven org.keycloak:keycloak-services | 6.8 | P2 | |
| CVE-2026-48545 | pip gradio | 6.8 | P2 |