Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
38	CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x5	HIGH	7.5	0.0%	FIX	2026-04-01
38	CVE-2026-4046 The iconv() function in the GNU C Library versions 2.43 and earlier may crash du	HIGH	7.5	0.0%	FIX	2026-03-30
38	CVE-2026-31935 Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-31937 Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, ineffici	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-31934 Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before vers	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-31933 Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-31932 Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-34148 Fedify is a TypeScript library for building federated server apps powered by Act	HIGH	7.5	0.0%	FIX	2026-04-06
38	CVE-2026-35405 ### Summary The`libp2p-rendezvous` server has no limit on how many namespaces a	HIGH	7.5	0.0%	FIX	2026-04-04
38	CVE-2026-34771 ### Impact Apps that register an asynchronous `session.setPermissionRequestHandl	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2026-33986 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	HIGH	7.5	0.0%	FIX	2026-03-30
38	CVE-2026-33984 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	HIGH	7.5	0.0%	FIX	2026-03-30
38	CVE-2026-24174 NVIDIA Triton Inference Server contains a vulnerability where an attacker could	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-24175 NVIDIA Triton Inference Server contains a vulnerability where an attacker could	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-5284 Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote	HIGH	7.5	0.0%	FIX	2026-04-01
38	CVE-2026-24146 NVIDIA Triton Inference Server contains a vulnerability where insufficient input	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-24173 NVIDIA Triton Inference Server contains a vulnerability where an attacker could	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-35385 In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setg	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-3902 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-5277 Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 al	HIGH	7.5	0.0%	FIX	2026-04-01
38	CVE-2026-22750 When configuring SSL bundles in Spring Cloud Gateway by using the configuration	HIGH	7.5	0.0%	FIX	2026-04-10
38	CVE-2026-30075 OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-39356 Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle O	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-5886 Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 al	HIGH	7.5	0.0%	FIX	2026-04-08
38	CVE-2026-35036 ### Summary Ech0 implements link preview (editor fetches a page title) thro	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2026-35486 text-generation-webui is an open-source web interface for running Large Language	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-39885 ## Summary The `mcp-from-openapi` library uses `@apidevtools/json-schema-ref-pa	HIGH	7.5	0.0%	FIX	2026-04-08
38	CVE-2026-34785 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a	HIGH	7.5	0.0%	FIX	2026-04-02
38	CVE-2026-34453 SiYuan is a personal knowledge management system. Prior to version 3.6.2, the pu	HIGH	7.5	0.0%	FIX	2026-03-31
38	CVE-2025-65114 Apache Traffic Server allows request smuggling if chunked messages are malformed	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-28389 Issue summary: During processing of a crafted CMS EnvelopedData message with Key	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-28390 Issue summary: During processing of a crafted CMS EnvelopedData message with Key	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-2285 CrewAI contains a arbitrary local file read vulnerability in the JSON loader too	HIGH	7.5	0.0%		2026-03-30
38	CVE-2026-33540 Distribution is a toolkit to pack, ship, store, and deliver container content. P	HIGH	7.5	0.0%	FIX	2026-04-06
38	CVE-2026-4748 A regression in the way hashes were calculated caused rules containing the addre	HIGH	7.5	0.0%		2026-04-01
38	CVE-2026-33034 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-34824 ### Summary An uncontrolled resource consumption vulnerability exists in the Web	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2025-62188 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exis	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-29146 Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50653 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34483 Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-54324 An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor,	HIGH	7.5	0.0%		2026-04-06
38	CVE-2025-50654 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50649 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50644 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-30080 OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity pro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-52221 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm f	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50647 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specificall	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50660 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-52222 D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50650 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50662 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-29129 Configured cipher preference order not preserved vulnerability in Apache Tomcat.	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50667 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50659 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50648 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50673 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50669 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-39304 Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apa	HIGH	7.5	0.0%	FIX	2026-04-10
38	CVE-2025-50657 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50652 An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id par	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34896 Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction,	HIGH	7.5	0.0%		2026-04-07
38	CVE-2026-34904 Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media	HIGH	7.5	0.0%		2026-04-07
38	CVE-2025-50663 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34487 Insertion of Sensitive Information into Log File vulnerability in the cloud memb	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50655 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50646 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insuf	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50672 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50668 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-57835 An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor,	HIGH	7.5	0.0%		2026-04-06
38	CVE-2026-24880 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-56015 In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI AP	HIGH	7.5	0.0%		2026-04-07
38	CVE-2025-59440 An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor,	HIGH	7.5	0.0%		2026-04-06
38	CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl gene	HIGH	7.5	0.0%		2026-03-31
38	CVE-2026-40046 Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-45059 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the f	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-28815 A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an	HIGH	7.5	0.0%		2026-04-03
38	CVE-2025-50645 A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-45058 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the f	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vuln	HIGH	7.5	0.0%		2026-04-02
38	CVE-2025-45057 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the i	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34020 Use of GET Request Method With Sensitive Query Strings vulnerability in Apache O	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-21710 A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a re	HIGH	7.5	0.0%	FIX	2026-03-30
38	CVE-2026-35042 ## Summary `fast-jwt` does not validate the `crit` (Critical) Header Parameter	HIGH	7.5	0.0%		2026-04-03
38	CVE-2026-28505 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. P	HIGH	7.5	0.0%		2026-03-30
38	CVE-2026-34240 JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to vers	HIGH	7.5	0.0%		2026-03-31
38	CVE-2026-31790 Issue summary: Applications using RSASVE key encapsulation to establish a secret	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-28388 Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-30332 A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena E	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-35467 The stored API keys in temporary browser client is not marked as protected allow	HIGH	7.5	0.0%		2026-04-02

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	731d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1197d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 13 / 31 Next