Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
126	CVE-2026-41091 Improper link resolution before file access ('link following') in Microsoft Defe	HIGH	7.8	12.1%	KEV POC FIX	2026-05-20
64	CVE-2026-3220 The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin	HIGH	8.8	0.0%	POC FIX	2026-05-18
64	CVE-2026-32847 DeepCode through commit c991dc2 contains a path traversal vulnerability in the S	HIGH	8.7	-	POC	2026-05-28
64	CVE-2026-43634 HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that	HIGH	8.7	0.0%	POC FIX	2026-05-19
63	CVE-2026-6379 The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly san	HIGH	8.6	0.0%	POC FIX	2026-05-18
63	CVE-2026-47114 IINA before 1.4.3 contains a user-assisted command execution vulnerability that	HIGH	8.6	0.2%	POC FIX	2026-05-21
63	CVE-2026-7862 The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper	HIGH	8.6	0.0%	POC FIX	2026-05-28
61	CVE-2026-41949 Dify version 1.14.1 and prior contain an authorization bypass vulnerability in t	HIGH	8.2	0.0%	POC FIX	2026-05-18
61	CVE-2026-10044 Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vul	HIGH	8.2	-	POC FIX	2026-05-28
61	CVE-2026-41470 LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP	HIGH	8.2	0.1%	POC FIX	2026-05-19
58	CVE-2026-6381 The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a paramete	HIGH	7.5	0.0%	POC FIX	2026-05-18
58	CVE-2025-15609 The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API	HIGH	7.5	0.0%	POC FIX	2026-05-19
57	CVE-2026-9346 A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9345 A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the f	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9344 A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-8775 A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2	HIGH	7.4	0.0%	POC	2026-05-18
57	CVE-2026-8776 A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affe	HIGH	7.4	0.0%	POC	2026-05-18
57	CVE-2026-9360 A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9348 A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vuln	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9294 A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is	HIGH	7.4	0.0%	POC	2026-05-23
57	CVE-2026-9295 A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f	HIGH	7.4	0.0%	POC	2026-05-23
57	CVE-2026-8764 A security vulnerability has been detected in H3C Magic B3 up to 100R002. This a	HIGH	7.3	0.0%	POC	2026-05-17
56	CVE-2025-70103 Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th	HIGH	7.3	0.0%	POC	2026-05-27
56	CVE-2026-31266 Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in th	HIGH	7.3	0.0%	POC	2026-05-27
56	CVE-2026-6495 The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a	HIGH	7.1	0.0%	POC FIX	2026-05-18
56	CVE-2026-46333 In the Linux kernel, the following vulnerability has been resolved: ptrace: sli	HIGH	7.1	0.0%	POC FIX	2026-05-15
54	CVE-2026-8603 In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an a	HIGH	8.7	0.6%		2026-05-19
54	CVE-2026-8602 In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnera	HIGH	8.8	0.1%		2026-05-19
53	CVE-2026-8604 In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigge	HIGH	8.6	0.0%		2026-05-19
45	CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to inse	HIGH	8.9	0.1%		2026-05-21
45	CVE-2026-45659 Deserialization of untrusted data in Microsoft Office SharePoint allows an autho	HIGH	8.8	0.5%	FIX	2026-05-22
44	CVE-2026-8832 The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code	HIGH	8.8	0.4%		2026-05-27
44	CVE-2026-27648 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex	HIGH	8.8	0.2%		2026-05-19
44	CVE-2026-44048 In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion	HIGH	8.8	0.1%	FIX	2026-05-21
44	CVE-2026-6228 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege	HIGH	8.8	0.1%		2026-05-15
44	CVE-2026-7522 The Advanced Database Cleaner - Premium plugin for WordPress is vulnerable to Lo	HIGH	8.8	0.1%		2026-05-20
44	CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	HIGH	8.8	0.1%	FIX	2026-05-18
44	CVE-2026-24217 NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause	HIGH	8.8	0.1%		2026-05-20
44	CVE-2026-44047 In Netatalk 3.1.0 through 4.4.2, sql injection in mysql cnid backend. Fixed in 4	HIGH	8.8	0.1%	FIX	2026-05-21
44	CVE-2026-9207 Tanium addressed an unauthorized code execution vulnerability in Connect.	HIGH	8.8	0.1%	FIX	2026-05-27
44	CVE-2026-35430 Authorization bypass through user-controlled key in Azure Privileged Identity Ma	HIGH	8.8	0.1%	FIX	2026-05-22
44	CVE-2026-8975 Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox	HIGH	8.8	0.1%	FIX	2026-05-19
44	CVE-2026-8974 Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-46414 Microsoft UFO open-source framework for intelligent automation across devices an	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-47161 RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7	HIGH	8.7	0.5%		2026-05-27
44	CVE-2026-8787 The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-48920 Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining im	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-8970 Privilege escalation in the Security component. This vulnerability was fixed in	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-38807 Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-8973 Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-6456 The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation	HIGH	8.8	0.0%		2026-05-20
44	CVE-2026-7467 The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escala	HIGH	8.8	0.0%		2026-05-20
44	CVE-2026-6898 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-5200 The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution	HIGH	8.8	0.0%		2026-05-20
44	CVE-2026-32740 libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-6895 The WishList Member plugin for WordPress is vulnerable to Missing Authorization	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-6419 The WishList Member plugin for WordPress is vulnerable to Privilege Escalation v	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-44988 LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-8719 The AI Engine - The Chatbot, AI Framework & MCP for WordPress plugin for WordPre	HIGH	8.8	0.0%		2026-05-17
44	CVE-2026-6897 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-9126 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remo	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-8957 Privilege escalation in the Enterprise Policies component. This vulnerability wa	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-8955 Privilege escalation in the DOM: Workers component. This vulnerability was fixed	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-41075 RT is an open source, enterprise-grade issue and ticket tracking system. Version	HIGH	8.8	0.0%		2026-05-22
44	CVE-2026-46586 Improper Control of Generation of Code ('Code Injection'), Improper Neutralizati	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-9112 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowe	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-9118 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-9114 Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a rem	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-8952 Privilege escalation in the Application Update component. This vulnerability was	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-9120 Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remo	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-8972 Privilege escalation in the WebRTC: Audio/Video component. This vulnerability wa	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-9121 Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-44713 pam_usb provides hardware authentication for Linux using ordinary removable medi	HIGH	8.8	0.0%	FIX	2026-05-27
44	CVE-2026-9111 Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allow	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-9119 Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allow	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-43490 In the Linux kernel, the following vulnerability has been resolved: ksmbd: vali	HIGH	8.8	0.0%	FIX	2026-05-15
44	CVE-2026-39461 libcasper(3) communicates with helper processes via UNIX domain sockets, and use	HIGH	8.8	0.0%		2026-05-21
44	CVE-2026-31069 BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerabilit	HIGH	8.8	0.0%		2026-05-19
44	CVE-2026-44925 Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations	HIGH	8.8	0.0%		2026-05-20
44	CVE-2026-36828 A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint	HIGH	8.8	0.1%		2026-05-19
44	CVE-2026-9018 The Easy Elements for Elementor - Addons & Website Templates plugin for WordPres	HIGH	8.8	0.0%		2026-05-22
44	CVE-2026-8676 An attacker is able to downgrade the security of a Bluetooth LE connection by de	HIGH	8.8	0.0%	FIX	2026-05-26
44	CVE-2026-46519 ## Summary `mcp-server-kubernetes` exposes three environment variables (`ALLOW_	HIGH	8.8	-	FIX	2026-05-21
44	CVE-2026-36044 @pensar/apex <= 0.0.58 is vulnerable to OS command injection via the smart_enume	HIGH	8.8	0.1%		2026-05-27
44	CVE-2026-45578 ## Summary Type: Classic shell-metacharacter injection. The YPTSocket notif	HIGH	8.8	-		2026-05-15
44	CVE-2026-45717 ## Summary Budibase exposes a REST API for datasource management. The route `PU	HIGH	8.8	0.0%	FIX	2026-05-15
44	CVE-2026-45805 ### Summary The MCP module's `ReplServer` binds to all interfaces (`0.0.0.0:440	HIGH	8.8	-	FIX	2026-05-19
44	CVE-2026-7498 Improper neutralization of input during web page generation ('cross-site scripti	HIGH	8.8	0.0%		2026-05-18
44	CVE-2026-48235 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/r	HIGH	8.8	0.0%	FIX	2026-05-21
44	CVE-2026-46612 ### Summary The Fission `storagesvc` component registers archive CRUD handlers	HIGH	8.8	-	FIX	2026-05-21

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3799d
CVE-2023-34048	CRITICAL	9.8	222	946d

1 / 8 Next