Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
38	CVE-2026-30332 A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena E	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-33266 Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The r	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-35467 The stored API keys in temporary browser client is not marked as protected allow	HIGH	7.5	0.0%		2026-04-02
38	CVE-2025-50665 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50664 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50666 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50670 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34486 Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the f	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50661 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50671 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-32280 During chain building, the amount of work that is done is not correctly limited	HIGH	7.5	0.0%	FIX	2026-04-08
38	CVE-2026-35203 ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in	HIGH	7.5	0.0%		2026-04-06
38	CVE-2026-35172 ## summary: distribution can restore read access in `repo a` after an explicit d	HIGH	7.5	0.0%	FIX	2026-04-06
38	CVE-2026-40116 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream Web	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-1092 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-33756 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-34986 ### Impact Decrypting a JSON Web Encryption (JWE) object will panic if the `alg	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2026-40069 BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2,	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-4660 HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-33710 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, RE	HIGH	7.5	0.0%		2026-04-10
38	CVE-2026-23869 A denial of service vulnerability exists in React Server Components, affecting t	HIGH	7.5	0.3%	FIX	2026-04-08
38	CVE-2026-34392 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-5804 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%		2026-04-10
38	CVE-2026-39889 The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activ	HIGH	7.5	0.0%	FIX	2026-04-08
38	CVE-2026-32931 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an	HIGH	7.5	0.2%		2026-04-10
38	CVE-2026-6067 A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due	HIGH	7.5	0.1%		2026-04-10
38	CVE-2026-5959 A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL	HIGH	7.5	0.1%	FIX	2026-04-09
38	CVE-2026-31940 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in	HIGH	7.5	0.0%		2026-04-10
38	CVE-2026-1584 A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this	HIGH	7.5	0.1%		2026-04-09
38	CVE-2026-33350 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-35401 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-39863 Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-35209 ### Impact Applications that pass unsanitized user input (e.g. parsed JSON requ	HIGH	7.5	0.0%	FIX	2026-04-04
38	CVE-2026-30762 Summary: The file lightrag/api/config.py (line 397) uses a default JWT secret "l	HIGH	7.5	-	FIX	2026-04-04
38	CVE-2025-12664 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-6069 NASM’s disasm() function contains a stack based buffer overflow when formatting	HIGH	7.5	0.0%		2026-04-10
37	CVE-2026-0522 A local file inclusion vulnerability in the upload/download flow of the VertiGIS	HIGH	7.4	0.4%		2026-04-01
37	CVE-2026-3690 OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows r	HIGH	7.4	0.1%		2026-04-11
37	CVE-2026-32275 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. F	HIGH	7.4	0.0%		2026-03-30
37	CVE-2026-5991 A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the f	HIGH	7.4	0.0%		2026-04-10
37	CVE-2026-5992 A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function	HIGH	7.4	0.0%		2026-04-10
37	CVE-2026-5990 A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerabi	HIGH	7.4	0.0%		2026-04-10
37	CVE-2026-5629 A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is	HIGH	7.4	0.0%		2026-04-06
37	CVE-2026-4282 A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value st	HIGH	7.4	0.0%	FIX	2026-04-02
37	CVE-2026-29953 SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the	HIGH	7.4	0.0%		2026-03-30
37	CVE-2026-33643 SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the	HIGH	7.4	0.0%		2026-03-30
37	CVE-2026-34359 ## Summary `ManagedWebAccessUtils.getServer()` uses `String.startsWith()` to ma	HIGH	7.4	0.0%	FIX	2026-03-30
37	CVE-2026-35099 Lakeside SysTrack Agent 11 before 11.2.1.28 has a race condition with resultant	HIGH	7.4	0.0%		2026-04-01
37	CVE-2026-35535 In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgr	HIGH	7.4	0.0%		2026-04-03
37	CVE-2026-5980 A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-5988 A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function fo	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-40153 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_com	HIGH	7.4	0.0%	FIX	2026-04-09
37	CVE-2026-25205 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows	HIGH	7.4	-		2026-04-13
37	CVE-2026-5795 In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication chec	HIGH	7.4	0.0%	FIX	2026-04-08
37	CVE-2026-5687 A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects th	HIGH	7.4	0.0%		2026-04-06
37	CVE-2026-5686 A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerabili	HIGH	7.4	0.0%		2026-04-06
37	CVE-2026-6137 A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected elem	HIGH	7.4	-		2026-04-13
37	CVE-2026-34727 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,	HIGH	7.4	0.0%	FIX	2026-04-10
37	CVE-2026-25207 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo	HIGH	7.4	-		2026-04-13
37	CVE-2026-5984 A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the funct	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-5983 A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects th	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-35489 Tandoor Recipes is an application for managing recipes, planning meals, and buil	HIGH	7.3	0.1%		2026-04-07
37	CVE-2026-24156 NVIDIA DALI contains a vulnerability where an attacker could cause a deserializa	HIGH	7.3	0.1%		2026-04-07
37	CVE-2026-3877 A reflected cross-site scripting (XSS) vulnerability in the dashboard search fun	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-1345 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	HIGH	7.3	0.0%	FIX	2026-04-01
37	CVE-2026-39306 ### Summary PraisonAI's recipe registry pull flow extracts attacker-controlled	HIGH	7.3	0.0%	FIX	2026-04-06
37	CVE-2026-5599 A user with API access and "manage users" permission in any venueless world is	HIGH	7.3	0.0%		2026-04-05
37	CVE-2026-32971 OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-h	HIGH	7.3	0.0%	FIX	2026-03-31
37	CVE-2026-20151 A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SS	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-35558 Improper neutralization of special elements in the authentication components in	HIGH	7.3	0.0%	FIX	2026-04-03
37	CVE-2026-3872 A flaw was found in Keycloak. This issue allows an attacker, who controls anothe	HIGH	7.3	0.0%	FIX	2026-04-02
37	CVE-2026-35574 ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored C	HIGH	7.3	0.0%		2026-04-07
37	CVE-2026-4108 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-4107 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-3879 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-28703 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-28754 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-30273 pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-5485 OS command injection in the browser-based authentication component in Amazon Ath	HIGH	7.3	0.0%	FIX	2026-04-03
37	CVE-2026-3880 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-28756 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-35455 immich is a high performance self-hosted photo and video management solution. Pr	HIGH	7.3	0.0%		2026-04-08
37	CVE-2026-4158 KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege	HIGH	7.3	0.0%		2026-04-11
37	CVE-2026-22768 Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment fo	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-22767 Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Follo	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-3780 The application's installer runs with elevated privileges but resolves system ex	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-39883 ## Summary The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin	HIGH	7.3	0.0%	FIX	2026-04-08
37	CVE-2026-21716 An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle	LOW	3.3	0.0%	POC FIX	2026-03-30
36	CVE-2026-27655 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
36	CVE-2026-34856 UAF vulnerability in the communication module. Impact: Successful exploitation o	HIGH	7.3	-		2026-04-13

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	731d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1197d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 14 / 31 Next