Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
39	CVE-2026-27806 ## Summary The Orbit agent's FileVault disk encryption key rotation flow on col	HIGH	7.8	0.0%	FIX	2026-04-08
39	CVE-2026-29141 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass	HIGH	7.7	0.1%		2026-04-02
39	CVE-2026-34200 Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41	HIGH	7.7	0.1%		2026-03-31
39	CVE-2026-5709 Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio	HIGH	7.7	0.1%	FIX	2026-04-06
39	CVE-2026-33544 ### Summary All three OAuth service implementations (`GenericOAuthService`, `Gi	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-34163 FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's M	HIGH	7.7	0.0%		2026-03-31
39	CVE-2026-39361 OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the	HIGH	7.7	0.0%		2026-04-07
39	CVE-2026-34936 ### Summary `passthrough()` and `apassthrough()` in `praisonai` accept a caller	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-35187 ## Vulnerability Details CWE-918: Server-Side Request Forgery (SSRF) The `	HIGH	7.7	0.0%		2026-04-04
39	CVE-2026-34746 Payload is a free and open source headless content management system. Prior to v	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-29140 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause	HIGH	7.7	0.0%		2026-04-02
39	CVE-2026-34769 ### Impact An undocumented `commandLineSwitches` webPreference allowed arbitrary	HIGH	7.7	0.0%	FIX	2026-04-03
39	CVE-2026-5190 Out-of-bounds write in the streaming decoder component in aws-c-event-stream bef	HIGH	7.7	0.0%	FIX	2026-03-31
39	CVE-2026-35533 ### Summary `mise` loads trust-control settings from a local project `.mise.tom	HIGH	7.7	0.0%		2026-04-07
39	CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Ra	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-34222 Open WebUI is a self-hosted artificial intelligence platform designed to operate	HIGH	7.7	0.0%	FIX	2026-04-01
38	CVE-2026-4498 Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug r	HIGH	7.7	0.0%		2026-04-08
38	CVE-2026-33461 Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure v	HIGH	7.7	0.1%		2026-04-08
38	CVE-2026-40150 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl()	HIGH	7.7	0.0%	FIX	2026-04-09
38	CVE-2026-40180 Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients	HIGH	7.7	0.0%	FIX	2026-04-10
38	CVE-2026-39843 Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0,	HIGH	7.7	0.0%		2026-04-09
38	CVE-2026-35666 OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.r	HIGH	7.7	0.0%	FIX	2026-04-10
38	CVE-2026-34853 Permission bypass vulnerability in the LBS module. Impact: Successful exploitati	HIGH	7.7	-		2026-04-13
38	CVE-2026-31941 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch	HIGH	7.7	0.0%		2026-04-10
38	CVE-2026-35650 OpenClaw before 2026.3.22 contains an environment variable override handling vul	HIGH	7.7	0.1%	FIX	2026-04-10
38	CVE-2026-35446 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	HIGH	7.7	0.0%		2026-04-08
38	CVE-2026-35409 ### Summary A Server-Side Request Forgery (SSRF) protection bypass has been iden	HIGH	7.7	0.0%	FIX	2026-04-04
38	CVE-2026-40188 goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, th	HIGH	7.7	0.0%		2026-04-10
38	CVE-2026-32252 Chartbrew is an open-source web application that can connect directly to databas	HIGH	7.7	0.0%		2026-04-10
38	CVE-2026-35585 File Browser is a file managing interface for uploading, deleting, previewing, r	HIGH	7.5	0.8%		2026-04-07
38	CVE-2025-13855 IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable t	HIGH	7.6	0.1%	FIX	2026-04-01
38	CVE-2026-29870 A directory traversal vulnerability in the agentic-context-engine project versio	HIGH	7.6	0.1%		2026-03-31
38	CVE-2026-34742 The Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection	HIGH	7.6	0.1%	FIX	2026-04-01
38	CVE-2026-39369 WWBN AVideo is an open source video platform. In versions 26.0 and prior, object	HIGH	7.6	0.0%		2026-04-07
38	CVE-2026-21381 Transient DOS when receiving a service data frame with excessive length during d	HIGH	7.6	0.0%		2026-04-06
38	CVE-2026-21367 Transient DOS when processing nonstandard FILS Discovery Frames with out-of-rang	HIGH	7.6	0.0%		2026-04-06
38	CVE-2026-39384 FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor	HIGH	7.6	0.0%		2026-04-07
38	CVE-2026-34529 ### Summary The EPUB preview function in File Browser is vulnerable to Stored C	HIGH	7.6	0.0%	FIX	2026-03-31
38	CVE-2026-35534 ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored c	HIGH	7.6	0.0%		2026-04-07
38	CVE-2026-24154 NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker	HIGH	7.6	0.0%		2026-03-31
38	CVE-2026-34365 InvoiceShelf is an open-source web & mobile app that helps track expenses, payme	HIGH	7.6	0.0%		2026-03-31
38	CVE-2026-34367 InvoiceShelf is an open-source web & mobile app that helps track expenses, payme	HIGH	7.6	0.0%		2026-03-31
38	CVE-2026-34366 InvoiceShelf is an open-source web & mobile app that helps track expenses, payme	HIGH	7.6	0.0%		2026-03-31
38	CVE-2026-39497 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	7.6	0.0%		2026-04-08
38	CVE-2026-39487 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	7.6	0.0%		2026-04-08
38	CVE-2026-35568 ### Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerabi	HIGH	7.6	0.0%	FIX	2026-04-07
38	CVE-2026-5466 wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s`	HIGH	7.6	0.0%		2026-04-10
38	CVE-2026-5479 In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EV	HIGH	7.6	0.0%		2026-04-10
38	CVE-2026-32144 Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_o	HIGH	7.6	0.0%	FIX	2026-04-07
38	CVE-2026-5301 Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthe	HIGH	7.6	0.0%		2026-04-08
38	CVE-2026-35485 text-generation-webui is an open-source web interface for running Large Language	HIGH	7.5	0.4%		2026-04-07
38	CVE-2026-4155 ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Informat	HIGH	7.5	0.2%		2026-04-11
38	CVE-2026-4157 ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vul	HIGH	7.5	0.2%		2026-04-11
38	CVE-2026-35523 Strawberry up until version `0.312.3` is vulnerable to an authentication bypass	HIGH	7.5	0.1%	FIX	2026-04-06
38	CVE-2026-3360 The Tutor LMS - eLearning and online course solution plugin for WordPress is vul	HIGH	7.5	0.1%		2026-04-10
38	CVE-2026-39312 SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5	HIGH	7.5	0.1%		2026-04-07
38	CVE-2026-5201 A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vuln	HIGH	7.5	0.1%	FIX	2026-03-31
38	CVE-2026-3396 WCAPF - WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL I	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-35464 ## Summary The fix for CVE-2026-33509 (GHSA-r7mc-x6x7-cqxx) added an `ADMIN_ONL	HIGH	7.5	0.1%		2026-04-04
38	CVE-2026-4156 ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execu	HIGH	7.5	0.1%		2026-04-11
38	CVE-2026-4634 A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulne	HIGH	7.5	0.1%	FIX	2026-04-02
38	CVE-2026-34731 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	HIGH	7.5	0.1%	FIX	2026-03-31
38	CVE-2026-34381 Admidio is an open-source user management solution. From version 5.0.0 to before	HIGH	7.5	0.1%	FIX	2026-03-31
38	CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There i	HIGH	7.5	0.1%		2026-04-01
38	CVE-2026-30078 OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invali	HIGH	7.5	0.1%		2026-04-06
38	CVE-2026-35092 A flaw was found in Corosync. An integer overflow vulnerability in Corosync's jo	HIGH	7.5	0.1%	FIX	2026-04-01
38	CVE-2026-39684 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-39613 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-39611 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-39623 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-4020 The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp	HIGH	7.5	0.1%		2026-03-31
38	CVE-2026-5032 The W3 Total Cache plugin for WordPress is vulnerable to information exposure in	HIGH	7.5	0.1%		2026-04-02
38	CVE-2026-33616 An unauthenticated remote attacker can exploit an unauthenticated blind SQL Inje	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-33614 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-26027 GLPI is a free asset and IT management software package. From 11.0.0 to before 1	HIGH	7.5	0.0%		2026-04-06
38	CVE-2026-31931 Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before vers	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-1233 The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulner	HIGH	7.5	0.0%		2026-04-04
38	CVE-2026-35526 Strawberry GraphQL's WebSocket subscription handlers for both the `graphql-trans	HIGH	7.5	0.0%	FIX	2026-04-06
38	CVE-2025-57834 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Mod	HIGH	7.5	0.0%		2026-04-06
38	CVE-2026-27833 Piwigo is an open source photo gallery application for the web. Prior to version	HIGH	7.5	0.0%		2026-04-03
38	CVE-2026-33184 nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake pro	HIGH	7.5	0.0%		2026-04-03
38	CVE-2026-34376 PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user	HIGH	7.5	0.0%		2026-04-01
38	CVE-2026-34829 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-34827 Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-34601 ## Summary `@xmldom/xmldom` allows attacker-controlled strings containing the C	HIGH	7.5	0.0%	FIX	2026-04-01
38	CVE-2026-34148 Fedify is a TypeScript library for building federated server apps powered by Act	HIGH	7.5	0.0%	FIX	2026-04-06
38	CVE-2026-35405 ### Summary The`libp2p-rendezvous` server has no limit on how many namespaces a	HIGH	7.5	0.0%	FIX	2026-04-04
38	CVE-2025-58136 A bug in POST request handling causes a crash under a certain condition. This i	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x5	HIGH	7.5	0.0%	FIX	2026-04-01
38	CVE-2026-35611 Addressable is an alternative implementation to the URI implementation that is p	HIGH	7.5	0.0%	FIX	2026-04-07

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	731d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1197d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 12 / 31 Next