Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
36	CVE-2026-33533 ### Summary The Glances XML-RPC server (activated with glances -s or glances --	HIGH	7.1	0.0%		2026-03-30
36	CVE-2025-10559 A Path Traversal vulnerability affecting Factory Resource Management in DELMIA F	HIGH	7.1	0.0%		2026-03-31
36	CVE-2026-33581 OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message	HIGH	7.1	0.0%	FIX	2026-03-31
36	CVE-2026-4162 The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in	HIGH	7.1	0.0%		2026-04-10
36	CVE-2026-5809 The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion i	HIGH	7.1	0.0%		2026-04-11
36	CVE-2026-34379 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	7.1	0.0%		2026-04-06
36	CVE-2026-32734 baserCMS is a website development framework. Prior to version 5.2.3, baserCMS ha	HIGH	7.1	0.0%	FIX	2026-03-31
36	CVE-2026-4947 Addressed a potential insecure direct object reference (IDOR) vulnerability in t	HIGH	7.1	0.0%		2026-04-01
36	CVE-2026-39370 WWBN AVideo is an open source video platform. In versions 26.0 and prior, object	HIGH	7.1	0.0%		2026-04-07
36	CVE-2026-22664 prompts.chat prior to commit 30a8f04 contains a server-side request forgery vuln	HIGH	7.1	0.0%	FIX	2026-04-03
36	CVE-2026-32976 OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowin	HIGH	7.1	0.0%		2026-03-31
36	CVE-2026-3445 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User	HIGH	7.1	0.0%		2026-04-04
36	CVE-2026-5429 Unsanitized input during web page generation in the Kiro Agent webview in Kiro I	HIGH	7.1	0.0%		2026-04-02
36	CVE-2026-34119 A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS	HIGH	7.1	0.0%	FIX	2026-04-02
36	CVE-2026-34118 A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS	HIGH	7.1	0.0%	FIX	2026-04-02
36	CVE-2026-34120 A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS	HIGH	7.1	0.0%	FIX	2026-04-02
36	CVE-2026-5053 NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. T	HIGH	7.1	0.0%		2026-04-11
36	CVE-2026-34122 A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520W	HIGH	7.1	0.0%	FIX	2026-04-02
36	CVE-2026-33987 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	HIGH	7.1	0.0%	FIX	2026-03-30
36	CVE-2026-35176 openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-	HIGH	7.1	0.0%		2026-04-06
36	CVE-2026-33982 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	HIGH	7.1	0.0%	FIX	2026-03-30
36	CVE-2025-68153 Juju is an open source application orchestration engine that enables any applica	HIGH	7.1	0.0%	FIX	2026-04-03
36	CVE-2026-34828 ### Summary A session management vulnerability allows previously issued authenti	HIGH	7.1	0.0%	FIX	2026-04-01
36	CVE-2025-47400 Cryptographic issue while copying data to a destination buffer without validatin	HIGH	7.1	0.0%		2026-04-06
36	CVE-2026-32894 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an	HIGH	7.1	0.0%		2026-04-10
36	CVE-2025-58920 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	HIGH	7.1	0.0%		2026-04-10
36	CVE-2026-40037 OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay v	HIGH	7.1	0.0%	FIX	2026-04-08
36	CVE-2026-32589 A flaw was found in Red Hat Quay's container image upload process. An authentica	HIGH	7.1	0.0%		2026-04-08
36	CVE-2026-33703 Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Di	HIGH	7.1	0.0%		2026-04-10
36	CVE-2026-39972 ### Impact A cache key collision vulnerability in `TopicSelectorStore` allows a	HIGH	7.1	0.1%	FIX	2026-04-08
36	CVE-2026-35167 ### Impact The `_get_versioned_path()` method in kedro/io/core.py constructs fil	HIGH	7.1	0.1%	FIX	2026-04-03
36	CVE-2026-4315 A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS	HIGH	7.1	0.0%		2026-03-30
36	CVE-2026-40185 TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authori	HIGH	7.1	0.0%		2026-04-10
36	CVE-2026-33704 Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated	HIGH	7.1	0.2%		2026-04-10
36	CVE-2026-35444 SDL_image is a library to load images of various formats as SDL surfaces. In do_	HIGH	7.1	0.0%		2026-04-06
36	CVE-2026-39414 MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49	HIGH	7.1	0.0%		2026-04-08
36	CVE-2026-39959 Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer	HIGH	7.1	0.0%	FIX	2026-04-08
36	CVE-2026-35170 openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-	HIGH	7.1	0.0%		2026-04-06
36	CVE-2026-40160 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's htt	HIGH	7.1	0.0%	FIX	2026-04-10
36	CVE-2026-40162 Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file wr	HIGH	7.1	0.1%	FIX	2026-04-10
36	CVE-2026-35621 OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where th	HIGH	7.1	0.0%	FIX	2026-04-10
36	CVE-2026-33706 Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated	HIGH	7.1	0.0%		2026-04-10
36	CVE-2026-34992 ### Impact This is a missing encryption vulnerability (CWE-311) affecting inter-	HIGH	7.1	0.0%	FIX	2026-04-03
36	CVE-2026-40436 The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Becau	HIGH	7.1	-		2026-04-13
36	CVE-2026-33702 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch	HIGH	7.1	0.0%		2026-04-10
36	CVE-2026-32930 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an	HIGH	7.1	0.0%		2026-04-10
36	CVE-2026-35657 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the	HIGH	7.1	0.0%	FIX	2026-04-10
36	CVE-2026-35644 OpenClaw before 2026.3.22 contains an information disclosure vulnerability that	HIGH	7.1	0.0%	FIX	2026-04-09
36	CVE-2026-33781 An Improper Check for Unusual or Exceptional Conditions vulnerability in the pac	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-35412 ## Summary Directus' TUS resumable upload endpoint (`/files/tus`) allows any au	HIGH	7.1	0.0%	FIX	2026-04-04
36	CVE-2026-33797 An Improper Input Validation vulnerability in Juniper Networks Junos OS and Juno	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-33783 A Function Call With Incorrect Argument Type vulnerability in the sensor interfa	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-35636 OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass	HIGH	7.1	0.0%	FIX	2026-04-09
36	CVE-2026-35631 OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating inte	HIGH	7.1	0.0%	FIX	2026-04-09
36	CVE-2026-33780 A Missing Release of Memory after Effective Lifetime vulnerability in the Layer	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-33775 A Missing Release of Memory after Effective Lifetime vulnerability in the BroadB	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-21919 An Incorrect Synchronization vulnerability in the management daemon (mgd) of Jun	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-35183 Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Refer	HIGH	7.1	0.0%		2026-04-06
36	CVE-2025-59969 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnera	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-39977 flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.	HIGH	7.1	0.0%		2026-04-09
36	CVE-2026-39976 Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to befor	HIGH	7.1	0.1%		2026-04-09
36	CVE-2026-32590 A flaw was found in Red Hat Quay's handling of resumable container image layer u	HIGH	7.1	0.1%		2026-04-08
36	CVE-2026-35668 OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enf	HIGH	7.1	0.1%	FIX	2026-04-10
35	CVE-2026-4400 Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat	HIGH	7.0	0.2%		2026-03-31
35	CVE-2026-4483 An exposed IOCTL with an insufficient access control vulnerability has been ide	HIGH	7.0	0.0%		2026-04-08
35	CVE-2026-35572 ChurchCRM is an open-source church management system. Prior to 6.5.3, it is poss	HIGH	7.0	0.0%		2026-04-07
35	CVE-2025-54601 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wear	HIGH	7.0	0.0%		2026-04-06
35	CVE-2025-14859 The Semtech LR11xx LoRa transceivers implement secure boot functionality using d	HIGH	7.0	0.0%		2026-04-07
35	CVE-2026-34770 ### Impact Apps that use the `powerMonitor` module may be vulnerable to a use-af	HIGH	7.0	0.0%	FIX	2026-04-03
35	CVE-2025-54602 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear	HIGH	7.0	0.0%		2026-04-06
35	CVE-2026-5263 URI nameConstraints from constrained intermediate CAs are parsed but not enforce	HIGH	7.0	0.0%		2026-04-09
35	CVE-2026-21916 A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Net	HIGH	7.0	0.0%		2026-04-09
35	CVE-2025-13914 A Key Exchange without Entity Authentication vulnerability in the SSH implementa	HIGH	7.0	0.0%		2026-04-09

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 10 / 10