Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
41	CVE-2026-25726 ### Impact This vulnerability affects Cloudreve instances that were **first	HIGH	8.1	0.0%	FIX	2026-03-31
41	CVE-2026-24450 An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw fun	HIGH	8.1	0.0%	FIX	2026-04-07
41	CVE-2026-35488 Tandoor Recipes is an application for managing recipes, planning meals, and buil	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-39331 ChurchCRM is an open-source church management system. Prior to 7.1.0, an authent	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-39344 ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-5907 Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 al	HIGH	8.1	0.0%	FIX	2026-04-08
41	CVE-2026-5282 Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed	HIGH	8.1	0.0%	FIX	2026-04-01
41	CVE-2026-26263 GLPI is a free asset and IT management software package. From 11.0.0 to before 1	HIGH	8.1	0.0%		2026-04-06
41	CVE-2026-35045 Tandoor Recipes is an application for managing recipes, planning meals, and buil	HIGH	8.1	0.0%		2026-04-06
41	CVE-2026-32726 SciTokens C++ is a minimal library for creating and using SciTokens from C or C+	HIGH	8.1	0.0%		2026-03-31
41	CVE-2026-34581 ### Summary When using the `Share Token` it is possible to bypass the limited se	HIGH	8.1	0.0%		2026-04-01
41	CVE-2026-32716 SciTokens is a reference library for generating and using SciTokens. Prior to ve	HIGH	8.1	0.0%	FIX	2026-03-31
41	CVE-2026-5373 An issue that allowed all-organization administrators to promote accounts to sup	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-39341 ChurchCRM is an open-source church management system. Prior to 7.1.0, The applic	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-39340 ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-4636 A flaw was found in Keycloak. An authenticated user with the uma_protection role	HIGH	8.1	0.0%	FIX	2026-04-02
41	CVE-2026-34394 WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo	HIGH	8.1	0.0%		2026-03-31
41	CVE-2026-39371 RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver	HIGH	8.1	0.0%	FIX	2026-04-07
40	CVE-2026-40093 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati	HIGH	8.1	0.1%		2026-04-09
40	CVE-2026-34402 ChurchCRM is an open-source church management system. Prior to 7.1.0, authentica	HIGH	8.1	0.0%		2026-04-06
40	CVE-2026-25773 UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize categor	HIGH	8.1	0.0%		2026-04-03
40	CVE-2026-40200 An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co	HIGH	8.1	0.0%		2026-04-10
40	CVE-2026-40070 BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2,	HIGH	8.1	0.0%	FIX	2026-04-09
40	CVE-2026-35442 ### Summary Aggregate functions (`min`, `max`) applied to fields with the `conc	HIGH	8.1	0.0%	FIX	2026-04-04
40	CVE-2026-39393 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	HIGH	8.1	0.0%	FIX	2026-04-08
40	CVE-2026-40393 In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occu	HIGH	8.1	-		2026-04-12
40	CVE-2026-40259 ## Summary An authenticated publish-service reader can invoke `/api/av/removeUn	HIGH	8.1	-	FIX	2026-04-10
40	CVE-2026-25208 Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow B	HIGH	8.1	-		2026-04-13
40	CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash	HIGH	8.1	0.3%		2026-04-08
40	CVE-2025-58913 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	8.1	0.1%		2026-04-10
40	CVE-2026-5436 The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in	HIGH	8.1	0.2%		2026-04-08
40	CVE-2026-39394 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	HIGH	8.1	0.0%	FIX	2026-04-08
40	CVE-2026-20155 A vulnerability in the web-based management interface of Cisco Evolved Programma	HIGH	8.0	0.1%		2026-04-01
40	CVE-2025-24818 Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to	HIGH	8.0	0.1%		2026-04-07
40	CVE-2025-24817 Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to	HIGH	8.0	0.1%		2026-04-07
40	CVE-2026-20432 In Modem, there is a possible out of bounds write due to a missing bounds check.	HIGH	8.0	0.1%		2026-04-07
40	CVE-2026-35575 ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored C	HIGH	8.0	0.0%		2026-04-07
40	CVE-2026-34444 Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier,	HIGH	7.9	0.1%		2026-04-06
40	CVE-2026-40149 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/ap	HIGH	7.9	0.0%	FIX	2026-04-09
39	CVE-2026-0634 Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows	HIGH	7.8	0.3%		2026-04-02
39	CVE-2026-29144 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass	HIGH	7.8	0.1%		2026-04-02
39	CVE-2026-29143 SEPPmail Secure Email Gateway before version 15.0.3 does not properly authentica	HIGH	7.8	0.1%		2026-04-02
39	CVE-2026-35043 Commit ce53491 (March 24) fixed command injection via `system_packages` in Docke	HIGH	7.8	0.1%	FIX	2026-04-03
39	CVE-2026-4154 GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-4151 GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-4150 GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-34054 vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3,	HIGH	7.8	0.1%		2026-03-31
39	CVE-2026-4153 GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-4152 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi	HIGH	7.8	0.1%		2026-04-11
39	CVE-2026-24165 NVIDIA BioNeMo contains a vulnerability where a user could cause a deserializati	HIGH	7.8	0.1%		2026-03-31
39	CVE-2026-30309 InfCode's terminal auto-execution module contains a critical command filtering v	HIGH	7.8	0.0%		2026-03-31
39	CVE-2026-5493 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-5494 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-5496 Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Exe	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-5495 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-29139 SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by a	HIGH	7.8	0.0%		2026-04-02
39	CVE-2026-34937 ### Summary `run_python()` in `praisonai` constructs a shell command string by	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-3779 The application's list box calculate array logic keeps stale references to page	HIGH	7.8	0.0%		2026-04-01
39	CVE-2026-23411 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-23410 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-23408 In the Linux kernel, the following vulnerability has been resolved: apparmor: F	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-23407 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-23406 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-33641 ## Summary Glances supports dynamic configuration values in which substrings enc	HIGH	7.8	0.0%		2026-03-30
39	CVE-2026-3308 An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.	HIGH	7.8	0.0%		2026-03-31
39	CVE-2026-21382 Memory Corruption when handling power management requests with improperly sized	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21373 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-21378 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21380 Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memor	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21375 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-5055 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-3991 Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.	HIGH	7.8	0.0%		2026-03-30
39	CVE-2026-3775 The application's update service, when checking for updates, loads certain syste	HIGH	7.8	0.0%		2026-04-01
39	CVE-2025-14821 A flaw was found in libssh. This vulnerability allows local man-in-the-middle at	HIGH	7.8	0.0%		2026-04-07
39	CVE-2026-25203 Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat	HIGH	7.8	0.0%		2026-04-10
39	CVE-2026-21372 Memory Corruption when sending IOCTL requests with invalid buffer sizes during m	HIGH	7.8	0.0%		2026-04-06
39	CVE-2025-47391 Memory corruption while processing a frame request from user.	HIGH	7.8	0.0%		2026-04-06
39	CVE-2025-47390 Memory corruption while preprocessing IOCTL request in JPEG driver.	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21374 Memory Corruption when processing auxiliary sensor input/output control commands	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21376 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2025-47389 Memory corruption when buffer copy operation fails due to integer overflow durin	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21371 Memory Corruption when retrieving output buffer with insufficient size validatio	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-5726 ASDA-Soft Stack-based Buffer Overflow Vulnerability	HIGH	7.8	0.0%		2026-04-08
39	CVE-2026-33092 Local privilege escalation due to improper handling of environment variables. Th	HIGH	7.8	0.0%		2026-04-10
39	CVE-2026-39853 osslsigncode is a tool that implements Authenticode signing and timestamping. Pr	HIGH	7.8	0.0%		2026-04-09
39	CVE-2026-30232 Chartbrew is an open-source web application that can connect directly to databas	HIGH	7.8	0.0%		2026-04-10
39	CVE-2026-40156 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatical	HIGH	7.8	0.0%	FIX	2026-04-10
39	CVE-2026-34734 HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-fr	HIGH	7.8	0.0%		2026-04-09
39	CVE-2026-27806 ## Summary The Orbit agent's FileVault disk encryption key rotation flow on col	HIGH	7.8	0.0%	FIX	2026-04-08

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 11 / 31 Next