Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
49	CVE-2026-30281 An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attacke	CRITICAL	9.8	0.0%		2026-03-31
49	CVE-2026-33815 Memory-safety vulnerability in github.com/jackc/pgx/v5.	CRITICAL	9.8	0.0%		2026-04-07
49	CVE-2025-52909 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear	CRITICAL	9.8	0.0%		2026-04-07
49	CVE-2026-30286 An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2	CRITICAL	9.8	0.0%		2026-03-31
49	CVE-2026-30283 An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds an	CRITICAL	9.8	0.0%		2026-03-31
49	CVE-2026-30276 An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 a	CRITICAL	9.8	0.0%		2026-03-31
49	CVE-2026-30285 An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.6	CRITICAL	9.8	0.0%		2026-03-31
49	CVE-2026-2286 CrewAI contains a server-side request forgery vulnerability that enables content	CRITICAL	9.8	0.0%		2026-03-30
49	CVE-2026-30278 An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.	CRITICAL	9.8	0.0%		2026-03-31
49	CVE-2026-35490 ### Summary On 13 routes across 5 blueprint files, the `@login_optionally_requi	CRITICAL	9.8	0.0%	FIX	2026-04-06
49	CVE-2026-30310 In its design for automatic terminal command execution, Sixth offers two options	CRITICAL	9.8	0.0%		2026-03-31
49	CVE-2026-30308 In its design for automatic terminal command execution, HAI Build Code Generator	CRITICAL	9.8	0.0%		2026-03-30
49	CVE-2026-4277 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	CRITICAL	9.8	0.0%	FIX	2026-04-07
49	CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from	CRITICAL	9.8	0.0%	FIX	2026-03-29
49	CVE-2025-52908 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear	CRITICAL	9.8	0.0%		2026-04-07
49	CVE-2026-30306 In its design for automatic terminal command execution, SakaDev offers two optio	CRITICAL	9.8	0.0%		2026-03-30
49	CVE-2026-4789 Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted C	CRITICAL	9.8	0.0%		2026-03-30
49	CVE-2026-5734 Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Fire	CRITICAL	9.8	0.0%		2026-04-07
49	CVE-2026-34841 ### Impact This is a supply chain attack involving compromised versions	CRITICAL	9.8	0.0%	FIX	2026-04-02
49	CVE-2026-5735 Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of t	CRITICAL	9.8	0.0%		2026-04-07
49	CVE-2026-2942 The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file u	CRITICAL	9.8	0.1%		2026-04-08
49	CVE-2026-5731 Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunder	CRITICAL	9.8	0.1%		2026-04-07
49	CVE-2026-35171 ### Impact This is a critical Remote Code Execution (RCE) vulnerability cau	CRITICAL	9.8	0.3%	FIX	2026-04-03
48	CVE-2026-0596 A command injection vulnerability exists in mlflow/mlflow when serving a model w	CRITICAL	9.6	0.2%	FIX	2026-03-31
48	CVE-2026-34449 SiYuan is a personal knowledge management system. Prior to version 3.6.2, a mali	CRITICAL	9.6	0.1%	FIX	2026-03-31
48	CVE-2025-15036 A path traversal vulnerability exists in the `extract_archive_to_dir` function w	CRITICAL	9.6	0.1%	FIX	2026-03-30
48	CVE-2026-26135 Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (	CRITICAL	9.6	0.1%		2026-04-03
48	CVE-2026-1115 A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social f	CRITICAL	9.6	0.0%	FIX	2026-04-10
48	CVE-2026-5289 Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a	CRITICAL	9.6	0.0%	FIX	2026-04-01
48	CVE-2026-5874 Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a re	CRITICAL	9.6	0.0%	FIX	2026-04-08
48	CVE-2026-5290 Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a	CRITICAL	9.6	0.0%	FIX	2026-04-01
48	CVE-2026-5288 Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 al	CRITICAL	9.6	0.0%	FIX	2026-04-01
48	CVE-2026-28373 The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path t	CRITICAL	9.6	0.0%		2026-04-03
48	CVE-2026-2275 The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach	CRITICAL	9.6	0.0%		2026-03-30
48	CVE-2026-31818 Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-	CRITICAL	9.6	0.0%	FIX	2026-04-03
48	CVE-2026-39619 Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busi	CRITICAL	9.6	0.0%		2026-04-08
48	CVE-2026-39617 Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bl	CRITICAL	9.6	0.0%		2026-04-08
48	CVE-2026-40088 The `execute_command` function and workflow shell execution are exposed to user-	CRITICAL	9.6	0.1%	FIX	2026-04-08
47	CVE-2026-5463 Command injection vulnerability in console.run_module_with_output() in pymetaspl	CRITICAL	9.3	0.8%		2026-04-03
47	CVE-2026-34406 APTRS (Automated Penetration Testing Reporting System) is a Python and Django-ba	CRITICAL	9.4	0.1%		2026-03-31
47	CVE-2026-35030 ### Impact When JWT authentication is enabled (`enable_jwt_auth: true`), the O	CRITICAL	9.4	0.1%	FIX	2026-04-03
47	CVE-2026-33950 Signal K Server is a server application that runs on a central hub in a boat. Pr	CRITICAL	9.4	0.0%	FIX	2026-04-02
47	CVE-2026-34989 ## Summary ### **Vulnerability 1: Stored DOM XSS via Profile Name Update (Persis	CRITICAL	9.4	0.0%	FIX	2026-04-03
47	CVE-2026-39397 @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual	CRITICAL	9.4	0.0%	FIX	2026-04-07
47	CVE-2026-39342 ChurchCRM is an open-source church management system. Prior to 7.1.0, the search	CRITICAL	9.4	0.0%		2026-04-07
47	CVE-2026-33026 ## Summary The `nginx-ui` backup restore mechanism allows attackers to tamper wi	CRITICAL	9.4	0.0%		2026-03-30
47	CVE-2026-33707 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, th	CRITICAL	9.4	0.1%		2026-04-10
47	CVE-2026-40157 PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the rec	CRITICAL	9.4	0.1%	FIX	2026-04-10
47	CVE-2026-3199 A vulnerability in the task management component of Sonatype Nexus Repository ve	CRITICAL	9.4	0.1%	FIX	2026-04-08
47	CVE-2026-35002 Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability	CRITICAL	9.3	0.4%	FIX	2026-04-02
47	CVE-2026-35047 Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vul	CRITICAL	9.3	0.4%		2026-04-06
47	CVE-2026-34078 Flatpak is a Linux application sandboxing and distribution framework. Prior to 1	CRITICAL	9.3	0.2%		2026-04-07
47	CVE-2026-33439 ## Summary OpenIdentityPlatform OpenAM 16.0.5 (and likely earlier versions) is	CRITICAL	9.3	0.1%	FIX	2026-04-07
47	CVE-2026-40035 dfir-unfurl through 20250810 contains an improper input validation vulnerability	CRITICAL	9.3	0.1%		2026-04-08
47	CVE-2026-34977 Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when up	CRITICAL	9.3	0.1%		2026-04-06
47	CVE-2025-71279 XenForo before 2.3.7 contains a security issue affecting Passkeys that have been	CRITICAL	9.3	0.1%		2026-04-01
47	CVE-2026-3106 Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within	CRITICAL	9.3	0.1%	FIX	2026-03-31
47	CVE-2026-25776 Movable Type provided by Six Apart Ltd. contains a code injection vulnerability	CRITICAL	9.3	0.0%		2026-04-08
47	CVE-2026-4317 SQL inyection (SQLi) vulnerability in Umami Software web application through an	CRITICAL	9.3	0.0%	FIX	2026-03-31
47	CVE-2026-3107 Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affect	CRITICAL	9.3	0.0%	FIX	2026-03-31
47	CVE-2026-39382 dbt enables data analysts and engineers to transform their data using the same p	CRITICAL	9.3	0.0%		2026-04-07
47	CVE-2026-34361 ## Summary The FHIR Validator HTTP service exposes an unauthenticated `/loadIG`	CRITICAL	9.3	0.0%	FIX	2026-03-30
47	CVE-2026-35459 ## Summary The fix for CVE-2026-33992 (GHSA-m74m-f7cr-432x) added IP validation	CRITICAL	9.3	0.0%		2026-04-04
47	CVE-2026-39324 Rack::Session is a session management implementation for Rack. From 2.0.0 to bef	CRITICAL	9.3	0.0%	FIX	2026-04-07
47	CVE-2026-35614 Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0,	CRITICAL	9.3	0.0%		2026-04-07
47	CVE-2026-25197 A specific endpoint allows authenticated users to pivot to other user profiles b	CRITICAL	9.3	0.0%		2026-04-03
47	CVE-2026-34580 Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::	CRITICAL	9.3	0.0%		2026-04-07
47	CVE-2026-32917 OpenClaw before 2026.3.13 contains a remote command injection vulnerability in t	CRITICAL	9.2	0.5%	FIX	2026-03-31
47	CVE-2026-1346 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	CRITICAL	9.3	0.0%	FIX	2026-04-08
46	CVE-2026-40189 goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces	CRITICAL	9.3	0.1%		2026-04-10
46	CVE-2026-40111 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks	CRITICAL	9.3	0.0%	FIX	2026-04-09
46	CVE-2025-39666 Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46	CRITICAL	9.3	0.0%		2026-04-07
46	CVE-2026-40154 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remo	CRITICAL	9.3	0.0%	FIX	2026-04-09
46	CVE-2026-33784 A Use of Default Password vulnerability in the Juniper Networks Support Insigh	CRITICAL	9.3	0.0%		2026-04-09
46	CVE-2026-35178 Workbench is a suite of tools for administrators and developers to interact with	CRITICAL	9.3	0.5%		2026-04-06
46	CVE-2025-62718 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.	CRITICAL	9.3	0.0%	FIX	2026-04-09
46	CVE-2026-40177 ajenti.plugin.core defines all necessary core elements to allow Ajenti to run pr	CRITICAL	9.3	0.1%	FIX	2026-04-10
46	CVE-2026-5194 Missing hash/digest size and OID checks allow digests smaller than allowed when	CRITICAL	9.3	0.0%	FIX	2026-04-09
46	CVE-2026-34424 Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-st	CRITICAL	9.3	0.2%		2026-04-09
46	CVE-2026-33698 Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack	CRITICAL	9.3	0.1%		2026-04-10
46	CVE-2026-31845 A pre-authenticated reflected cross-site scripting (XSS) vulnerability exists in	CRITICAL	9.3	0.0%		2026-04-11
46	CVE-2026-39987 ## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal	CRITICAL	9.3	2.7%	FIX	2026-04-08
46	CVE-2026-4415 Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulner	CRITICAL	9.2	0.4%		2026-03-30
46	CVE-2026-30880 baserCMS is a website development framework. Prior to version 5.2.3, baserCMS ha	CRITICAL	9.2	0.3%	FIX	2026-03-31
46	CVE-2026-35053 OneUptime is an open-source monitoring and observability platform. Prior to vers	CRITICAL	9.2	0.1%		2026-04-02
46	CVE-2026-34759 OneUptime is an open-source monitoring and observability platform. Prior to vers	CRITICAL	9.2	0.1%		2026-04-02
46	CVE-2026-28766 A specific endpoint exposes all user account information for registered Gardyn u	CRITICAL	9.2	0.1%		2026-04-03
46	CVE-2026-32916 OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vuln	CRITICAL	9.2	0.1%	FIX	2026-03-31
46	CVE-2026-35615 ### Executive Summary: The path validation has a critical logic bug: it checks f	CRITICAL	9.2	0.1%	FIX	2026-04-06
46	CVE-2026-39322 PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and ea	CRITICAL	9.2	0.0%		2026-04-07

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4975d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3752d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 2 / 3 Next