Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
42	CVE-2026-30277 An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Pri	HIGH	8.4	0.0%		2026-03-31
42	CVE-2025-30650 A Missing Authentication for Critical Function vulnerability in command processi	HIGH	8.4	0.0%		2026-04-08
42	CVE-2026-30290 An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6	HIGH	8.4	0.0%		2026-03-31
42	CVE-2026-32928 V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-32925 V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-34589 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.4	0.0%	FIX	2026-04-06
42	CVE-2026-30289 An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-30287 An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-28704 Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file i	HIGH	8.4	0.0%		2026-04-10
42	CVE-2026-4788 IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-30291 An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Edi	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-30292 An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer AP	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-32929 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!ge	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-32927 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-32926 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-34544 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.4	0.0%	FIX	2026-04-01
42	CVE-2026-22682 OpenHarness prior to commit 166fcfe contains an improper access control vulnerab	HIGH	8.4	0.0%	FIX	2026-04-07
42	CVE-2026-40024 The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_rec	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-40113 PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs	HIGH	8.4	0.0%	FIX	2026-04-09
42	CVE-2026-35553 Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer ov	HIGH	8.4	-		2026-04-13
42	CVE-2026-35204 Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a spec	HIGH	8.4	0.0%	FIX	2026-04-09
42	CVE-2026-40027 ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path t	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-35641 OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in	HIGH	8.4	0.0%	FIX	2026-04-10
42	CVE-2026-21915 A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks	HIGH	8.4	0.0%		2026-04-09
42	CVE-2026-4266 An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an at	HIGH	8.4	0.1%		2026-03-30
42	CVE-2026-40030 parseusbs before 1.9 contains an OS command injection vulnerability where the vo	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-35205 Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm w	HIGH	8.4	0.0%	FIX	2026-04-09
42	CVE-2026-33791 An OS Command Injection vulnerability in the CLI processing of Juniper Networks	HIGH	8.4	0.0%		2026-04-09
42	CVE-2025-14213 Cato Networks’ Socket versions prior to 25 contain a command injection vulnerabi	HIGH	8.3	0.3%		2026-03-31
42	CVE-2026-32725 SciTokens C++ is a minimal library for creating and using SciTokens from C or C+	HIGH	8.3	0.2%		2026-03-31
42	CVE-2026-34524 ## Summary A Path Traversal vulnerability in chat endpoints allows an authentica	HIGH	8.3	0.0%	FIX	2026-04-01
42	CVE-2026-34072 Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, l	HIGH	8.3	0.0%		2026-04-01
42	CVE-2026-34780 ### Impact Apps that pass `VideoFrame` objects (from the WebCodecs API) across t	HIGH	8.3	0.0%	FIX	2026-04-03
42	CVE-2026-35394 ### Summary The `mobile_open_url` tool in mobile-mcp passes user-supplied URLs	HIGH	8.3	0.0%	FIX	2026-04-04
42	CVE-2026-34576 Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST	HIGH	8.3	0.0%		2026-04-02
42	CVE-2026-24148 NVIDIA Jetson for JetPack contains a vulnerability in the system initialization	HIGH	8.3	0.0%		2026-03-31
42	CVE-2026-34719 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	HIGH	8.3	0.0%		2026-04-08
42	CVE-2026-35478 InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1	HIGH	8.3	0.1%		2026-04-08
42	CVE-2026-33779 An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web o	HIGH	8.3	0.0%		2026-04-09
42	CVE-2026-35618 OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 s	HIGH	8.3	0.0%	FIX	2026-04-09
42	CVE-2026-35595 ## Summary A user with Write-level access to a project can escalate their permi	HIGH	8.3	0.0%	FIX	2026-04-10
42	CVE-2026-28808 Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unaut	HIGH	8.3	0.0%	FIX	2026-04-07
42	CVE-2026-31939 Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path t	HIGH	8.3	0.0%		2026-04-10
42	CVE-2026-5264 Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can s	HIGH	8.3	0.2%		2026-04-09
41	CVE-2026-34363 ### Impact When multiple clients subscribe to the same class via LiveQuery, the	HIGH	8.2	0.1%	FIX	2026-03-30
41	CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wr	HIGH	8.2	0.1%	FIX	2026-04-01
41	CVE-2026-39363 ### Summary [`server.fs`](https://vite.dev/config/server-options#server-fs-stri	HIGH	8.2	0.1%	FIX	2026-04-06
41	CVE-2026-34045 Podman Desktop is a graphical tool for developing on containers and Kubernetes.	HIGH	8.2	0.1%		2026-04-07
41	CVE-2026-35525 ### Summary LiquidJS enforces partial and layout root restrictions using the re	HIGH	8.2	0.1%	FIX	2026-04-08
41	CVE-2026-35604 File Browser is a file managing interface for uploading, deleting, previewing, r	HIGH	8.2	0.1%	FIX	2026-04-07
41	CVE-2026-5208 Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authen	HIGH	8.2	0.1%		2026-04-08
41	CVE-2026-34219 ## Description ### Summary The Rust libp2p Gossipsub implementation contains a r	HIGH	8.2	0.1%	FIX	2026-03-30
41	CVE-2026-27124 ## Summary While testing the GitHubProvider OAuth integration, which allows au	HIGH	8.2	0.1%	FIX	2026-03-31
41	CVE-2026-34573 Parse Server is an open source backend that can be deployed to any infrastructur	HIGH	8.2	0.0%	FIX	2026-03-31
41	CVE-2026-32877 Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0	HIGH	8.2	0.0%		2026-03-30
41	CVE-2026-34784 Parse Server is an open source backend that can be deployed to any infrastructur	HIGH	8.2	0.0%	FIX	2026-03-31
41	CVE-2026-4924 Improper authentication in the two-factor authentication (2FA) feature in Devo	HIGH	8.2	0.0%		2026-04-01
41	CVE-2026-4828 Improper authentication in the OAuth login functionality in Devolutions Server 2	HIGH	8.2	0.0%		2026-04-01
41	CVE-2026-34593 ## Summary `Ash.Type.Module.cast_input/2` unconditionally creates a new Erlang	HIGH	8.2	0.0%	FIX	2026-04-01
41	CVE-2026-5477 An integer overflow existed in the wolfCrypt CMAC implementation, that could be	HIGH	8.2	0.0%		2026-04-10
41	CVE-2026-39364 ### Summary The contents of files that are specified by [`server.fs.deny`](http	HIGH	8.2	0.0%	POC FIX	2026-04-06
41	CVE-2026-35457 ### Summary The rendezvous server stores pagination cookies without bounds. An u	HIGH	8.2	0.0%	FIX	2026-04-04
41	CVE-2026-34725 ### Summary A stored XSS vulnerability exists in DbGate because attacker-control	HIGH	8.2	0.0%	FIX	2026-04-01
41	CVE-2026-1116 A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` met	HIGH	8.2	0.0%		2026-04-12
41	CVE-2026-34236 Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From versio	HIGH	8.2	0.0%	FIX	2026-04-01
41	CVE-2026-4740 A flaw was found in Open Cluster Management (OCM), the technology underlying Red	HIGH	8.2	0.0%	FIX	2026-04-07
41	CVE-2026-40168 Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/s	HIGH	8.2	0.0%		2026-04-10
41	CVE-2026-34578 OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNs	HIGH	8.2	0.2%		2026-04-09
41	CVE-2026-40073 SvelteKit is a framework for rapidly developing robust, performant web applicati	HIGH	8.2	0.0%	FIX	2026-04-10
41	CVE-2026-39429 ### Summary The cache server is directly exposed by the root shard and has no a	HIGH	8.2	0.1%	FIX	2026-04-08
41	CVE-2026-34982 Vim is an open source, command line text editor. Prior to version 9.2.0276, a mo	HIGH	8.2	0.0%		2026-04-06
41	CVE-2026-40163 Saltcorn is an extensible, open source, no-code database application builder. Pr	HIGH	8.2	0.1%	FIX	2026-04-10
41	CVE-2026-34783 ## Summary A path traversal vulnerability in Ferret's `IO::FS::WRITE` standard	HIGH	8.1	0.2%	FIX	2026-04-01
41	CVE-2026-33949 ### Summary A Path Traversal vulnerability in `@tinacms/graphql` allows unauthen	HIGH	8.1	0.1%	FIX	2026-03-30
41	CVE-2026-4272 Missing Authentication for Critical Function vulnerability in Honeywell Handheld	HIGH	8.1	0.1%		2026-04-05
41	CVE-2026-4350 The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion vi	HIGH	8.1	0.1%		2026-04-03
41	CVE-2026-4101 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	HIGH	8.1	0.1%	FIX	2026-04-01
41	CVE-2026-34528 ## Summary The `signupHandler` in File Browser applies default user permissions	HIGH	8.1	0.1%	FIX	2026-03-31
41	CVE-2026-4347 The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due t	HIGH	8.1	0.1%		2026-04-02
41	CVE-2026-35607 File Browser is a file managing interface for uploading, deleting, previewing, r	HIGH	8.1	0.1%	FIX	2026-04-07
41	CVE-2026-4800 Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h	HIGH	8.1	0.1%	FIX	2026-03-31
41	CVE-2026-4351 The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite v	HIGH	8.1	0.1%		2026-04-10
41	CVE-2026-34522 ### Summary A path traversal vulnerability in `/api/chats/import` allows an auth	HIGH	8.1	0.1%	FIX	2026-04-01
41	CVE-2026-32727 SciTokens is a reference library for generating and using SciTokens. Prior to ve	HIGH	8.1	0.1%	FIX	2026-03-31
41	CVE-2026-34840 OneUptime is an open-source monitoring and observability platform. Prior to vers	HIGH	8.1	0.0%		2026-04-02
41	CVE-2026-5915 Insufficient validation of untrusted input in WebML in Google Chrome prior to 14	HIGH	8.1	0.0%	FIX	2026-04-08
41	CVE-2026-34774 ### Impact Apps that use offscreen rendering and allow child windows via `window	HIGH	8.1	0.0%	FIX	2026-04-03
41	CVE-2026-24660 A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functi	HIGH	8.1	0.0%	FIX	2026-04-07
41	CVE-2026-24450 An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw fun	HIGH	8.1	0.0%	FIX	2026-04-07
41	CVE-2026-25726 ### Impact This vulnerability affects Cloudreve instances that were **first	HIGH	8.1	0.0%	FIX	2026-03-31

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 10 / 31 Next