📊 CVE Trends & Statistics

Discover trending vulnerabilities and security insights

Last 7 Days Last 30 Days Last 90 Days Last Year
915
Total CVEs
86
Critical
283
High
378
Medium
42
Low
6.7
Avg CVSS Score

Severity Distribution

86
Critical
9%
Click to view
283
High
31%
Click to view
378
Medium
41%
Click to view
42
Low
5%
Click to view

Daily CVE Trends

156
May 18
250
May 19
209
May 20
244
May 21
49
May 22
7
May 23
May 24

Top Affected Vendors

Go
Click to view all CVEs
54
🔥 6
Npm
Click to view all CVEs
46
🔥 4
Open ISES
Click to view all CVEs
37
Mozilla
Click to view all CVEs
32
🔥 8
Netatalk
Click to view all CVEs
30
🔥 1
Composer
Click to view all CVEs
23
🔥 3
Pip
Click to view all CVEs
23
🔥 4
Apache Software Foundation
Click to view all CVEs
22
🔥 4
Nuget
Click to view all CVEs
19
Mattermost
Click to view all CVEs
18

Top Affected Products

Tickets
Open ISES
Click to view all CVEs
37
firefox
Mozilla
Click to view all CVEs
32
🔥 8
Netatalk
Netatalk
Click to view all CVEs
30
🔥 1
Apache OFBiz
Apache Software Foundation
Click to view all CVEs
17
🔥 2
Magick.NET-Q16-AnyCPU
Nuget
Click to view all CVEs
16
chrome
Google
Click to view all CVEs
16
mattermost_server
Mattermost
Click to view all CVEs
15
TrendAI Apex One, TrendAI Apex One as a Service
Trend Micro, Inc.
Click to view all CVEs
12
🔥 2
Unbound
NLnet Labs
Click to view all CVEs
11
🔥 2
Linux
Linux
Click to view all CVEs
11
🔥 1

🔥 Recently Published CVEs

CVE-2026-47124 MEDIUM - 6.5

Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members...

Vendor: go Product: github.com/nezhahq/nezha Published: May 23, 2026
CVE-2026-46716 CRITICAL - 9.9

Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron...

Vendor: go Product: github.com/nezhahq/nezha Published: May 23, 2026
CVE-2026-47125 HIGH - 8.8

Arcane: Missing admin authorization on global variables endpoint...

Vendor: go Product: github.com/getarcaneapp/arcane/backend Published: May 23, 2026
CVE-2026-47157 MEDIUM - 6.5

aiograpi: Unsafe signup challenge path handling...

Vendor: pip Product: aiograpi Published: May 23, 2026
CVE-2026-47138 HIGH

Parse Server: Pre-authentication denial of service via client version header regex backtracking...

Vendor: npm Product: parse-server Published: May 23, 2026
CVE-2026-47120 MEDIUM - 5.4

Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)...

Vendor: go Product: github.com/nezhahq/nezha Published: May 23, 2026
CVE-2026-46717 HIGH - 8.5

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification...

Vendor: go Product: github.com/nezhahq/nezha Published: May 23, 2026
CVE-2026-46715 MEDIUM

Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance...

Vendor: pip Product: Flask-Security-Too Published: May 22, 2026
CVE-2026-46670 CRITICAL - 9.8

YesWiki: Unauthenticated SQL Injection...

Vendor: composer Product: yeswiki/yeswiki Published: May 22, 2026
CVE-2026-47166 MEDIUM - 5.7

ImageMagick: Heap Buffer Over-Read in distributed pixel cache server ...

Vendor: nuget Product: Magick.NET-Q16-AnyCPU Published: May 22, 2026