Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
31	CVE-2025-45806 A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha	MEDIUM	6.1	0.0%		2026-04-09
31	CVE-2026-34229 Emlog is an open source website building system. Prior to version 2.6.8, there i	MEDIUM	6.1	0.0%		2026-04-03
31	CVE-2026-5754 Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vA	MEDIUM	6.1	0.0%		2026-04-14
31	CVE-2025-61166 An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect	MEDIUM	6.1	0.0%		2026-04-06
31	CVE-2026-4091 The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery	MEDIUM	6.1	0.0%		2026-04-15
31	CVE-2026-6203 The User Registration & Membership plugin for WordPress is vulnerable to Open Re	MEDIUM	6.1	0.0%		2026-04-13
31	CVE-2025-70844 yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject	MEDIUM	6.1	0.0%		2026-04-07
31	CVE-2026-3355 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Refle	MEDIUM	6.1	0.0%		2026-04-16
31	CVE-2026-4032 The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scriptin	MEDIUM	6.1	0.0%	FIX	2026-04-16
31	CVE-2025-63238 A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15	MEDIUM	6.1	0.0%		2026-04-09
31	CVE-2026-26460 A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.	MEDIUM	6.1	0.0%		2026-04-13
31	CVE-2026-5896 Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote	MEDIUM	6.1	0.0%	FIX	2026-04-08
31	CVE-2026-35195 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0	MEDIUM	6.1	0.0%	FIX	2026-04-09
31	CVE-2026-1852 The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cros	MEDIUM	6.1	0.0%		2026-04-15
31	CVE-2026-35491 FTLDNS (pihole-FTL) provides an interactive API and also generates statistics fo	MEDIUM	6.1	0.0%	FIX	2026-04-07
31	CVE-2026-39956 jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86	MEDIUM	6.1	0.0%		2026-04-13
31	CVE-2026-32289 Context was not properly tracked across template branches for JS template litera	MEDIUM	6.1	0.0%	FIX	2026-04-08
31	CVE-2026-26058 Zulip is an open-source team collaboration tool. From version 1.4.0 to before ve	MEDIUM	6.1	0.0%	FIX	2026-04-03
31	CVE-2026-34852 Stack overflow vulnerability in the media platform. Impact: Successful exploitat	MEDIUM	6.1	0.0%		2026-04-13
31	CVE-2026-25854 Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in	MEDIUM	6.1	0.0%	FIX	2026-04-09
30	CVE-2026-32196 Improper neutralization of input during web page generation ('cross-site scripti	MEDIUM	6.1	0.0%	FIX	2026-04-14
30	CVE-2026-20170 A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center	MEDIUM	6.1	0.1%		2026-04-15
30	CVE-2026-26169 Buffer over-read in Windows Kernel Memory allows an authorized attacker to discl	MEDIUM	6.1	0.1%	FIX	2026-04-14
30	CVE-2026-20059 A vulnerability in the web-based management interface of Cisco Unity Connection	MEDIUM	6.1	0.0%		2026-04-15
30	CVE-2026-35410 ### Summary An open redirect vulnerability exists in the login redirection logi	MEDIUM	6.1	0.0%	FIX	2026-04-04
30	CVE-2026-32088 Concurrent execution using shared resource with improper synchronization ('race	MEDIUM	6.1	0.0%	FIX	2026-04-14
30	CVE-2026-40302 Summary The proxyUi template engine uses Go's text/template (which performs	MEDIUM	6.1	-	FIX	2026-04-16
30	CVE-2026-40255 ### Impact The `response.redirect().back()` method in `@adonisjs/http-server` i	MEDIUM	6.1	-	FIX	2026-04-14
30	CVE-2025-65136 In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exi	MEDIUM	6.1	0.0%		2026-04-14
30	CVE-2026-40186 ApostropheCMS is an open-source Node.js content management system. A regression	MEDIUM	6.1	0.0%	FIX	2026-04-15
30	CVE-2025-65132 alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS	MEDIUM	6.1	0.0%		2026-04-14
30	CVE-2025-69993 Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scriptin	MEDIUM	6.1	0.0%		2026-04-14
30	CVE-2026-40919 A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-sea	MEDIUM	6.1	0.0%		2026-04-15
30	CVE-2026-35670 OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that a	MEDIUM	6.0	0.1%	FIX	2026-04-10
30	CVE-2026-34765 ### Impact When a renderer calls `window.open()` with a target name, Electron di	MEDIUM	6.0	0.1%	FIX	2026-04-07
30	CVE-2026-3446 When calling base64.b64decode() or related functions the decoding process would	MEDIUM	6.0	0.1%	FIX	2026-04-10
30	CVE-2026-35622 OpenClaw before 2026.3.22 contains an improper authentication verification vulne	MEDIUM	6.0	0.0%	FIX	2026-04-09
30	CVE-2026-5446 In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identic	MEDIUM	6.0	0.0%	FIX	2026-04-09
30	CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects us	MEDIUM	6.0	0.0%	FIX	2026-04-07
30	CVE-2026-35658 OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in	MEDIUM	6.0	0.0%	FIX	2026-04-10
30	CVE-2025-12624 Active access tokens are not revoked or invalidated when a user account is locke	MEDIUM	6.0	0.0%	FIX	2026-04-16
30	CVE-2026-34511 OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter i	MEDIUM	6.0	0.0%	FIX	2026-04-03
30	CVE-2026-22615 Due to improper input validation in one of the Eaton Intelligent Power Protector	MEDIUM	6.0	0.0%	FIX	2026-04-16
30	CVE-2026-39670 Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview v	MEDIUM	6.0	0.0%		2026-04-08
30	CVE-2026-5525 A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in	MEDIUM	6.0	0.0%		2026-04-10
30	CVE-2026-5774 Improper synchronization of the userTokens map in the API server in Canonical Ju	MEDIUM	6.0	0.0%	FIX	2026-04-10
30	CVE-2026-39810 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7	MEDIUM	6.0	0.0%		2026-04-14
30	CVE-2026-20136 A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisc	MEDIUM	6.0	0.1%		2026-04-15
30	CVE-2025-68649 An improper limitation of a pathname to a restricted directory ('path traversal'	MEDIUM	6.0	0.0%		2026-04-14
30	CVE-2026-40091 ### Impact When SpiceDB starts with log level `info`, the startup `"configuratio	MEDIUM	6.0	0.0%	FIX	2026-04-14
30	CVE-2025-61624 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'	MEDIUM	6.0	0.0%		2026-04-14
30	CVE-2026-39844 ### Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh	MEDIUM	5.9	0.1%	FIX	2026-04-08
30	CVE-2026-35407 Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.	MEDIUM	5.9	0.0%	FIX	2026-04-08
30	CVE-2026-33900 In viff encoder contains an integer truncation/wraparound issue on 32-bit builds	MEDIUM	5.9	0.0%	FIX	2026-04-13
30	CVE-2026-35201 ### Summary A signed length truncation bug causes an out-of-bounds read in the	MEDIUM	5.9	0.0%	FIX	2026-04-06
30	CVE-2026-34052 ## Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionar	MEDIUM	5.9	0.0%	FIX	2026-04-03
30	CVE-2026-34380 OpenEXR provides the specification and reference implementation of the EXR file	MEDIUM	5.9	0.0%	FIX	2026-04-06
30	CVE-2026-35597 ## Summary The TOTP failed-attempt lockout mechanism is non-functional due to a	MEDIUM	5.9	0.0%	FIX	2026-04-10
30	CVE-2026-39541 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-39683 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-39604 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-39638 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-39667 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-39693 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-39615 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-5376 An issue that could prevent session inactivity timeouts from triggering due to a	MEDIUM	5.9	0.0%	FIX	2026-04-07
30	CVE-2026-39408 ## Summary A path traversal issue in `toSSG()` allows files to be written outsi	MEDIUM	5.9	0.0%	FIX	2026-04-08
30	CVE-2026-5295 A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7	MEDIUM	5.9	0.0%	FIX	2026-04-09
30	CVE-2026-34942 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0	MEDIUM	5.9	0.0%	FIX	2026-04-09
30	CVE-2026-34946 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	MEDIUM	5.9	0.0%	FIX	2026-04-09
30	CVE-2026-39865 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.	MEDIUM	5.9	0.0%	FIX	2026-04-08
30	CVE-2026-5471 A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-22618 A security misconfiguration was identified in Eaton Intelligent Power Protector	MEDIUM	5.9	0.0%	FIX	2026-04-16
30	CVE-2026-5300 Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows una	MEDIUM	5.9	0.0%	FIX	2026-04-08
30	CVE-2026-34859 UAF vulnerability in the kernel module. Impact: Successful exploitation of this	MEDIUM	5.9	0.0%		2026-04-13
30	CVE-2026-40265 ### Summary A broken access control vulnerability allows unauthenticated users t	MEDIUM	5.9	-	FIX	2026-04-13
30	CVE-2026-28263 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Featu	MEDIUM	5.9	-	FIX	2026-04-17
30	CVE-2025-54510 Missing lock check in AMD Platform Security Processor in AMD EPYC™ 9005 Series C	MEDIUM	5.9	-		2026-04-16
30	CVE-2026-6370 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-15
30	CVE-2026-6414 @fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separat	MEDIUM	5.9	-	FIX	2026-04-16
30	CVE-2026-34721 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	MEDIUM	5.9	0.0%	FIX	2026-04-08
29	CVE-2026-5374 An issue that allowed MCP agents to access remediation and asset information fro	MEDIUM	5.8	0.0%	FIX	2026-04-07
29	CVE-2026-5384 An issue that could allow a credential to be updated and used for a task from ou	MEDIUM	5.8	0.0%	FIX	2026-04-07
29	CVE-2026-5378 An issue that allowed administrators to create and update users outside of their	MEDIUM	5.8	0.0%	FIX	2026-04-07
29	CVE-2026-20709 Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Pr	MEDIUM	5.8	0.0%		2026-04-08
29	CVE-2026-34981 The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1	MEDIUM	5.8	0.0%	FIX	2026-04-06
29	CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.	MEDIUM	5.7	0.0%	FIX	2026-04-10
29	CVE-2026-39901 ### Summary A transaction integrity flaw allows an authenticated tenant user to	MEDIUM	5.7	0.0%	FIX	2026-04-08
29	CVE-2025-24819 Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due t	MEDIUM	5.7	0.0%		2026-04-07
29	CVE-2026-1516 GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 b	MEDIUM	5.7	0.0%	FIX	2026-04-08

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	735d
CVE-2019-19781	CRITICAL	9.8	223	2302d
CVE-2020-5902	CRITICAL	9.8	223	2115d
CVE-2021-35464	CRITICAL	9.8	223	1729d
CVE-2020-10189	CRITICAL	9.8	223	2232d
CVE-2012-4681	CRITICAL	9.8	223	4980d
CVE-2022-42475	CRITICAL	9.8	223	1201d
CVE-2023-3519	CRITICAL	9.8	223	1002d
CVE-2015-7450	CRITICAL	9.8	222	3757d
CVE-2023-34048	CRITICAL	9.8	222	904d

Prev 22 / 32 Next