Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
26	CVE-2026-35613 coursevault-preview is a utility for previewing course material files from a con	MEDIUM	5.1	0.0%	FIX	2026-04-07
26	CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in R	MEDIUM	5.1	0.0%		2026-04-01
26	CVE-2025-14858 The Semtech LR11xx LoRa transceivers running early versions of firmware contains	MEDIUM	5.1	0.0%		2026-04-07
26	CVE-2026-34819 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS)	MEDIUM	5.1	0.0%		2026-04-02
26	CVE-2026-21014 Improper access control in Samsung Camera prior to version 16.5.00.28 allows loc	MEDIUM	5.1	-		2026-04-13
26	CVE-2026-35634 OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the	MEDIUM	5.1	0.0%	FIX	2026-04-09
26	CVE-2026-5987 A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d	MEDIUM	5.1	0.0%		2026-04-09
26	CVE-2026-34866 Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitat	MEDIUM	5.1	-		2026-04-13
26	CVE-2026-35659 OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT m	MEDIUM	5.1	0.0%	FIX	2026-04-10
26	CVE-2026-3438 A reflected cross-site scripting vulnerability exists in Sonatype Nexus Reposito	MEDIUM	5.1	0.2%		2026-04-08
26	CVE-2026-40028 Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerabil	MEDIUM	5.1	0.0%		2026-04-08
26	CVE-2026-21904 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scri	MEDIUM	5.1	0.0%		2026-04-09
26	CVE-2026-34757 LIBPNG is a reference library for use in applications that read, create, and man	MEDIUM	5.1	0.0%		2026-04-09
26	CVE-2026-40447 Integer overflow or wraparound vulnerability in Samsung Open Source Escargot all	MEDIUM	5.1	-		2026-04-13
26	CVE-2026-21008 Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 all	MEDIUM	5.1	-		2026-04-13
25	CVE-2026-4925 Improper access control in the users MFA feature in Devolutions Server allows an	MEDIUM	5.0	0.0%		2026-04-01
25	CVE-2026-5175 Improper access control in the multi-factor authentication (MFA) management API	MEDIUM	5.0	0.0%		2026-04-01
25	CVE-2026-4979 The UsersWP - Front-end login form, User Registration, User Profile & Members Di	MEDIUM	5.0	0.0%		2026-04-11
25	CVE-2026-34881 OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side	MEDIUM	5.0	0.0%	FIX	2026-03-31
25	CVE-2026-34526 ### Details Distinct from CVE-2025-59159 and CVE-2026-26286 (all fixed in v1.16.	MEDIUM	5.0	0.0%	FIX	2026-04-01
25	CVE-2026-5704 A flaw was found in tar. A remote attacker could exploit this vulnerability by c	MEDIUM	5.0	0.0%		2026-04-06
25	CVE-2026-35516 LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkR	MEDIUM	5.0	0.0%		2026-04-07
25	CVE-2026-35461 Papra is a minimalistic document management and archiving platform. Prior to 26.	MEDIUM	5.0	0.0%		2026-04-07
25	CVE-2026-34990 OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik	MEDIUM	5.0	0.0%		2026-04-03
25	CVE-2026-34165 ### Impact A vulnerability has been identified in which a maliciously crafted `	MEDIUM	5.0	0.0%	FIX	2026-03-30
25	CVE-2026-34972 OpenFGA is a high-performance and flexible authorization/permission engine built	MEDIUM	5.0	0.0%	FIX	2026-04-06
25	CVE-2026-39881 Vim is an open source, command line text editor. Prior to 9.2.0316, a command in	MEDIUM	5.0	0.1%		2026-04-08
25	CVE-2026-39880 Remnawave Backend is the backend for the Remnawave proxy and user management sol	MEDIUM	5.0	0.0%		2026-04-08
25	CVE-2026-39411 # Summary The `webapi` authentication layer trusts a client-controlled `X-lobe-	MEDIUM	5.0	0.0%	FIX	2026-04-08
25	CVE-2026-29131 SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a spec	MEDIUM	4.9	0.0%		2026-04-02
25	CVE-2026-20174 A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights	MEDIUM	4.9	0.0%		2026-04-01
25	CVE-2026-34608 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to v	MEDIUM	4.9	0.0%		2026-04-02
25	CVE-2026-4819 In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature m	MEDIUM	4.9	0.0%		2026-03-31
25	CVE-2026-39631 Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolp	MEDIUM	4.9	0.0%		2026-04-08
25	CVE-2026-34061 nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake pro	MEDIUM	4.9	0.0%		2026-04-03
25	CVE-2026-31799 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. F	MEDIUM	4.9	0.0%		2026-03-30
24	CVE-2026-24147 NVIDIA Triton Inference Server contains a vulnerability in triton server where a	MEDIUM	4.8	0.1%		2026-04-07
24	CVE-2026-3468 A stored Cross-Site Scripting (XSS) vulnerability has been identified in the Son	MEDIUM	4.8	0.0%		2026-03-31
24	CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site	MEDIUM	4.8	0.0%		2026-03-31
24	CVE-2026-34835 Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before	MEDIUM	4.8	0.0%	FIX	2026-04-02
24	CVE-2026-26962 Rack is a modular Ruby web server interface. From version 3.2.0 to before versio	MEDIUM	4.8	0.0%	FIX	2026-04-02
24	CVE-2026-20087 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	4.8	0.0%		2026-04-01
24	CVE-2026-20090 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	4.8	0.0%		2026-04-01
24	CVE-2026-20088 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	4.8	0.0%		2026-04-01
24	CVE-2026-20089 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	4.8	0.0%		2026-04-01
24	CVE-2026-27447 OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik	MEDIUM	4.8	0.0%	FIX	2026-04-03
24	CVE-2025-66486 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote	MEDIUM	4.8	0.0%	FIX	2026-04-01
24	CVE-2026-5647 A vulnerability was detected in code-projects Online Shoe Store 1.0. This affect	MEDIUM	4.8	0.0%		2026-04-06
24	CVE-2026-32762 Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before	MEDIUM	4.8	0.0%	FIX	2026-04-02
24	CVE-2026-34831 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a	MEDIUM	4.8	0.0%	FIX	2026-04-02
24	CVE-2026-34441 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library	MEDIUM	4.8	0.0%		2026-03-31
24	CVE-2026-31351 An authenticated stored cross-site scripting (XSS) vulnerability in the creation	MEDIUM	4.8	0.0%		2026-04-06
24	CVE-2026-35571 Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache n	MEDIUM	4.8	0.0%	FIX	2026-04-07
24	CVE-2026-6042 A security flaw has been discovered in musl libc up to 1.2.6. Affected is the fu	MEDIUM	4.8	0.0%	FIX	2026-04-10
24	CVE-2026-5186 A weakness has been identified in Nothings stb up to 2.30. This impacts the func	MEDIUM	4.8	0.0%		2026-03-31
24	CVE-2026-5185 A security flaw has been discovered in Nothings stb_image up to 2.30. This affec	MEDIUM	4.8	0.0%	FIX	2026-03-31
24	CVE-2026-34450 The Claude SDK for Python provides access to the Claude API from Python applicat	MEDIUM	4.8	0.0%	FIX	2026-03-31
24	CVE-2026-27854 An attacker might be able to trigger a use-after-free by sending crafted DNS que	MEDIUM	4.8	0.0%	FIX	2026-03-31
24	CVE-2026-5236 A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is	MEDIUM	4.8	0.0%		2026-03-31
24	CVE-2026-32794 Improper Certificate Validation vulnerability in Apache Airflow Provider for Dat	MEDIUM	4.8	0.0%	FIX	2026-03-30
24	CVE-2026-40025 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in th	MEDIUM	4.8	0.0%	FIX	2026-04-08
24	CVE-2026-40026 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in th	MEDIUM	4.8	0.0%	FIX	2026-04-08
24	CVE-2026-35206 Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 a	MEDIUM	4.8	0.0%	FIX	2026-04-09
24	CVE-2026-39391 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	MEDIUM	4.8	0.0%	FIX	2026-04-08
24	CVE-2026-39410 ## Summary A discrepancy between browser cookie parsing and `parse()` handling	MEDIUM	4.8	0.0%	FIX	2026-04-08
24	CVE-2026-27101 Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.	MEDIUM	4.7	0.2%		2026-04-01
24	CVE-2026-4406 The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scr	MEDIUM	4.7	0.1%		2026-04-08
24	CVE-2026-34561 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	MEDIUM	4.7	0.0%	FIX	2026-04-01
24	CVE-2026-34562 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	MEDIUM	4.7	0.0%	FIX	2026-04-01
24	CVE-2026-34773 ### Impact On Windows, `app.setAsDefaultProtocolClient(protocol)` did not valida	MEDIUM	4.7	0.0%	FIX	2026-04-03
24	CVE-2025-67807 The login mechanism of Sage DPW 2025_06_004 displays distinct responses for vali	MEDIUM	4.7	0.0%		2026-04-01
24	CVE-2026-34847 hoppscotch is an open source API development ecosystem. Prior to version 2026.3.	MEDIUM	4.7	0.0%		2026-04-02
24	CVE-2026-22561 Uncontrolled search path elements in Anthropic Claude for Windows installer (Cla	MEDIUM	4.7	0.0%		2026-03-31
24	CVE-2026-34446 Open Neural Network Exchange (ONNX) is an open standard for machine learning int	MEDIUM	4.7	0.0%	FIX	2026-04-01
24	CVE-2026-27599 ## Summary ### **Vulnerability: Stored DOM XSS via System Settings - Mail Settin	MEDIUM	4.7	0.0%	FIX	2026-03-30
24	CVE-2026-27456 util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a	MEDIUM	4.7	0.0%	FIX	2026-04-03
24	CVE-2026-3774 The application allows PDF JavaScript and document/print actions (such as WillPr	MEDIUM	4.7	0.0%		2026-04-01
24	CVE-2026-40223 In systemd 258 before 260, a local unprivileged user can trigger an assert when	MEDIUM	4.7	0.0%		2026-04-10
24	CVE-2026-35404 Open edX Platform enables the authoring and delivery of online learning at any s	MEDIUM	4.7	0.0%		2026-04-06
24	CVE-2026-32932 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an	MEDIUM	4.7	0.0%		2026-04-10
24	CVE-2026-21006 Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows ph	MEDIUM	4.7	-		2026-04-13
24	CVE-2026-34857 UAF vulnerability in the communication module. Impact: Successful exploitation o	MEDIUM	4.7	-		2026-04-13
23	CVE-2026-39345 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to	MEDIUM	4.6	0.0%		2026-04-07
23	CVE-2026-30613 An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16a	MEDIUM	4.6	0.0%		2026-04-06
23	CVE-2026-34382 Admidio is an open-source user management solution. From version 5.0.0 to before	MEDIUM	4.6	0.0%	FIX	2026-03-31
23	CVE-2026-31060 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove	MEDIUM	4.5	0.0%		2026-04-06
23	CVE-2026-31058 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer ove	MEDIUM	4.5	0.0%		2026-04-06
23	CVE-2026-31063 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer ove	MEDIUM	4.5	0.0%		2026-04-06
23	CVE-2026-31061 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove	MEDIUM	4.5	0.0%		2026-04-06
23	CVE-2026-31066 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer ove	MEDIUM	4.5	0.0%		2026-04-06

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	731d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1197d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 13 / 14 Next