Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
33	CVE-2026-34978 OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik	MEDIUM	6.5	0.1%		2026-04-03
33	CVE-2026-34750 Payload is a free and open source headless content management system. Prior to v	MEDIUM	6.5	0.1%	FIX	2026-04-01
33	CVE-2026-34787 Emlog is an open source website building system. In versions 2.6.2 and prior, a	MEDIUM	6.5	0.0%		2026-04-03
33	CVE-2026-35549 An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x	MEDIUM	6.5	0.0%		2026-04-03
33	CVE-2026-34832 Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.6	MEDIUM	6.5	0.0%		2026-04-02
33	CVE-2026-39943 Directus is a real-time API and App dashboard for managing SQL database content.	MEDIUM	6.5	0.0%	FIX	2026-04-09
33	CVE-2026-25209 Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource	MEDIUM	6.5	0.0%		2026-04-13
33	CVE-2026-2950 Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype polluti	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-33983 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	MEDIUM	6.5	0.0%	FIX	2026-03-30
33	CVE-2026-1710 The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnera	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-35599 ## Summary The `addRepeatIntervalToTime` function uses an O(n) loop that advanc	MEDIUM	6.5	0.0%	FIX	2026-04-10
33	CVE-2026-34939 ### Summary `MCPToolIndex.search_tools()` compiles a caller-supplied string dir	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-27460 Tandoor Recipes is an application for managing recipes, planning meals, and buil	MEDIUM	6.5	0.0%		2026-04-10
33	CVE-2026-34531 ## Summary In a situation where the client makes a request to a token protected	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-35594 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,	MEDIUM	6.5	0.0%	FIX	2026-04-10
33	CVE-2026-34500 CLIENT_CERT authentication does not fail as expected for some scenarios when sof	MEDIUM	6.5	0.0%	FIX	2026-04-09
33	CVE-2026-5283 Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 a	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-5876 Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-40148 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall(	MEDIUM	6.5	0.0%	FIX	2026-04-09
33	CVE-2026-34378 OpenEXR provides the specification and reference implementation of the EXR file	MEDIUM	6.5	0.0%		2026-04-06
33	CVE-2026-39848 Dockyard is a Docker container management app. Prior to 1.1.0, Docker container	MEDIUM	6.5	0.0%		2026-04-09
33	CVE-2026-34889 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-34887 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-34890 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-02
33	CVE-2026-5276 Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.1	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-5291 Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 a	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-3480 The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in a	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-4927 Exposure of sensitive information in the users MFA feature in Devolutions Server	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-39508 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39575 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39702 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39692 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39517 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39708 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39674 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39666 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39696 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39646 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-6068 NASM contains a heap use after free vulnerability in response file (-@) processi	MEDIUM	6.5	0.0%		2026-04-10
33	CVE-2026-33736 Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authentica	MEDIUM	6.5	0.0%		2026-04-10
33	CVE-2026-39368 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Li	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-33708 Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info	MEDIUM	6.5	0.0%		2026-04-10
33	CVE-2026-34395 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the pl	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-5207 The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order	MEDIUM	6.5	0.0%		2026-04-11
33	CVE-2026-34586 PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-5905 Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-39354 Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-1865 The User Registration & Membership - Free & Paid Memberships, Subscriptions, Con	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-34737 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the St	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-39374 Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBul	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-34788 Emlog is an open source website building system. In versions 2.6.2 and prior, a	MEDIUM	6.5	0.0%		2026-04-03
33	CVE-2026-34779 ### Impact On macOS, `app.moveToApplicationsFolder()` used an AppleScript fallba	MEDIUM	6.5	0.0%	FIX	2026-04-03
33	CVE-2026-34740 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EP	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-20042 A vulnerability in the configuration backup feature of Cisco Nexus Dashboard cou	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-5919 Insufficient validation of untrusted input in WebSockets in Google Chrome prior	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-1839 A vulnerability in the HuggingFace Transformers library, specifically in the `Tr	MEDIUM	6.5	0.0%	FIX	2026-04-07
33	CVE-2026-32588 Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticate	MEDIUM	6.5	0.0%	FIX	2026-04-07
33	CVE-2026-1101 GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 bef	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39569 Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-st	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-33141 Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Di	MEDIUM	6.5	0.0%		2026-04-10
33	CVE-2026-39639 Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-i	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-3571 The Pie Register - User Registration, Profiles & Content Restriction plugin for	MEDIUM	6.5	0.0%		2026-04-04
33	CVE-2026-34538 Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom re	MEDIUM	6.5	0.0%	FIX	2026-04-09
33	CVE-2026-39366 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Pa	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-34611 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2025-47374 Memory Corruption when accessing freed memory due to concurrent fence deregistra	MEDIUM	6.5	0.0%		2026-04-06
33	CVE-2026-34613 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-35492 ### Impact PartitionedDataset in kedro-datasets was vulnerable to path traversa	MEDIUM	6.5	0.0%	FIX	2026-04-06
33	CVE-2026-25627 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to v	MEDIUM	6.5	0.0%		2026-03-30
33	CVE-2025-36375 IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-1672 The BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Plug	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-4668 The Booking for Appointments and Events Calendar - Amelia plugin for WordPress i	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-39641 Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyr	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39633 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental g	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-24029 When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is ena	MEDIUM	6.5	0.0%	FIX	2026-03-31
32	CVE-2026-34755 ## Summary The `VideoMediaIO.load_base64()` method at `vllm/multimodal/media/vi	MEDIUM	6.5	0.0%	FIX	2026-04-03
32	CVE-2026-34897 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-06
32	CVE-2026-33459 Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of serv	MEDIUM	6.5	0.0%		2026-04-08
32	CVE-2026-34756 ### Summary A Denial of Service vulnerability exists in the vLLM OpenAI-compatib	MEDIUM	6.5	0.0%	FIX	2026-04-03
32	CVE-2026-35441 ### Summary Directus' GraphQL endpoints (`/graphql` and `/graphql/system`) did	MEDIUM	6.5	0.0%	FIX	2026-04-04
32	CVE-2026-35403 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	MEDIUM	6.5	0.0%		2026-04-08
32	CVE-2026-35173 Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR /	MEDIUM	6.5	0.0%		2026-04-06
32	CVE-2026-2377 A flaw was found in mirror-registry. Authenticated users can exploit the log exp	MEDIUM	6.5	0.0%		2026-04-08
32	CVE-2026-5742 The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in	MEDIUM	6.4	0.1%		2026-04-09
32	CVE-2025-13535 The King Addons for Elementor plugin for WordPress is vulnerable to multiple Con	MEDIUM	6.4	0.1%		2026-04-01
32	CVE-2026-3618 The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Si	MEDIUM	6.4	0.1%		2026-04-08
32	CVE-2026-4429 The OSM - OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site	MEDIUM	6.4	0.1%		2026-04-09
32	CVE-2026-34716 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	MEDIUM	6.4	0.0%		2026-03-31
32	CVE-2026-3142 The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vu	MEDIUM	6.4	0.0%		2026-04-08

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	731d
CVE-2019-19781	CRITICAL	9.8	223	2299d
CVE-2020-5902	CRITICAL	9.8	223	2112d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2229d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1197d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 18 / 31 Next