Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
29	CVE-2026-20709 Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Pr	MEDIUM	5.8	0.0%		2026-04-08
29	CVE-2026-34981 The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1	MEDIUM	5.8	0.0%	FIX	2026-04-06
29	CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.	MEDIUM	5.7	0.0%	FIX	2026-04-10
29	CVE-2026-39901 ### Summary A transaction integrity flaw allows an authenticated tenant user to	MEDIUM	5.7	0.0%	FIX	2026-04-08
29	CVE-2025-24819 Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due t	MEDIUM	5.7	0.0%		2026-04-07
29	CVE-2026-1516 GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 b	MEDIUM	5.7	0.0%	FIX	2026-04-08
29	CVE-2026-22617 Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, w	MEDIUM	5.7	0.0%	FIX	2026-04-16
29	CVE-2026-34855 Out-of-bounds write vulnerability in the kernel module. Impact: Successful explo	MEDIUM	5.7	0.0%		2026-04-13
29	CVE-2026-34854 UAF vulnerability in the kernel module. Impact: Successful exploitation of this	MEDIUM	5.7	0.0%		2026-04-13
28	CVE-2026-21742 A cleartext transmission of sensitive information vulnerability in Fortinet Fort	MEDIUM	5.7	0.0%		2026-04-14
28	CVE-2026-23670 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enc	MEDIUM	5.7	0.1%	FIX	2026-04-14
28	CVE-2025-15621 Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise	MEDIUM	5.7	0.0%		2026-04-16
28	CVE-2026-4913 Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4	MEDIUM	5.7	0.1%		2026-04-14
28	CVE-2026-20945 Improper neutralization of input during web page generation ('cross-site scripti	MEDIUM	4.6	0.1%	FIX	2026-04-14
28	CVE-2026-40190 LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform.	MEDIUM	5.6	0.0%	FIX	2026-04-10
28	CVE-2026-5673 A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability	MEDIUM	5.6	0.0%		2026-04-06
28	CVE-2026-34943 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0	MEDIUM	5.6	0.0%	FIX	2026-04-09
28	CVE-2026-34867 Double free vulnerability in the multi-mode input system. Impact: Successful exp	MEDIUM	5.6	0.0%		2026-04-13
28	CVE-2026-40602 ### Impact Up to 1.0.0 of `home-assitant-cli` (or `hass-cli` for short) an unre	MEDIUM	5.6	-	FIX	2026-04-16
28	CVE-2026-0636 Improper neutralization of special elements used in an LDAP query ('LDAP injecti	MEDIUM	5.5	0.0%	FIX	2026-04-15
28	CVE-2026-5986 A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted	MEDIUM	5.5	0.0%		2026-04-09
28	CVE-2026-29043 HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can	MEDIUM	5.5	0.0%		2026-04-10
28	CVE-2026-5527 A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. A	MEDIUM	5.5	0.0%		2026-04-04
28	CVE-2026-5601 A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This i	MEDIUM	5.5	0.0%		2026-04-05
28	CVE-2026-27300 Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninit	MEDIUM	5.5	0.0%		2026-04-14
28	CVE-2026-27301 Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer	MEDIUM	5.5	0.0%		2026-04-14
28	CVE-2026-27286 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based	MEDIUM	5.5	0.0%		2026-04-14
28	CVE-2026-27258 DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write v	MEDIUM	5.5	0.0%		2026-04-14
28	CVE-2026-27222 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vuln	MEDIUM	5.5	0.0%		2026-04-14
28	CVE-2026-39855 osslsigncode is a tool that implements Authenticode signing and timestamping. Pr	MEDIUM	5.5	0.0%	FIX	2026-04-09
28	CVE-2026-39856 osslsigncode is a tool that implements Authenticode signing and timestamping. Pr	MEDIUM	5.5	0.0%	FIX	2026-04-09
28	CVE-2026-27285 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based	MEDIUM	5.5	0.0%		2026-04-14
28	CVE-2026-39464 Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, U	MEDIUM	5.5	0.0%		2026-04-08
28	CVE-2026-27315 Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sen	MEDIUM	5.5	0.0%	FIX	2026-04-07
28	CVE-2026-40159 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Mode	MEDIUM	5.5	0.0%	FIX	2026-04-10
28	CVE-2026-40311 ImageMagick is free and open-source software used for editing and manipulating d	MEDIUM	5.5	0.0%	FIX	2026-04-13
28	CVE-2025-65116 Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Window	MEDIUM	5.5	0.0%	FIX	2026-04-07
28	CVE-2026-5745 A flaw was found in libarchive. A NULL pointer dereference vulnerability exists	MEDIUM	5.5	0.0%		2026-04-07
28	CVE-2026-33905 ImageMagick is free and open-source software used for editing and manipulating d	MEDIUM	5.5	0.0%	FIX	2026-04-13
28	CVE-2026-33902 ImageMagick is free and open-source software used for editing and manipulating d	MEDIUM	5.5	0.0%	FIX	2026-04-13
28	CVE-2026-34933 Avahi is a system which facilitates service discovery on a local network via the	MEDIUM	5.5	0.0%		2026-04-03
28	CVE-2026-40183 ImageMagick is free and open-source software used for editing and manipulating d	MEDIUM	5.5	0.0%	FIX	2026-04-13
28	CVE-2026-40310 ImageMagick is free and open-source software used for editing and manipulating d	MEDIUM	5.5	0.0%	FIX	2026-04-13
28	CVE-2026-39392 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	MEDIUM	5.5	0.0%	FIX	2026-04-08
28	CVE-2026-32288 tar.Reader can allocate an unbounded amount of memory when reading a maliciously	MEDIUM	5.5	0.0%	FIX	2026-04-08
28	CVE-2025-48651 N/A	MEDIUM	5.5	0.0%		2026-04-06
28	CVE-2026-39390 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	MEDIUM	5.5	0.0%	FIX	2026-04-08
28	CVE-2026-6245 A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_	MEDIUM	5.5	0.0%		2026-04-15
28	CVE-2026-40915 A flaw was found in GIMP. A remote attacker could exploit an integer overflow vu	MEDIUM	5.5	0.0%		2026-04-15
28	CVE-2026-40918 A flaw was found in GIMP. Processing a specially crafted PVR image file with lar	MEDIUM	5.5	0.0%		2026-04-15
28	CVE-2026-33103 Improper access control in Microsoft Dynamics 365 (on-premises) allows an author	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-39984 ### Authorization bypass via certificate bag manipulation in sigstore/timestamp-	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-20806 Access of resource using incompatible type ('type confusion') in Windows COM all	MEDIUM	5.5	0.1%	FIX	2026-04-14
28	CVE-2026-32214 Improper access control in Universal Plug and Play (upnp.dll) allows an authoriz	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-32212 Improper link resolution before file access ('link following') in Universal Plug	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-20161 A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an	MEDIUM	5.5	0.0%		2026-04-15
28	CVE-2026-32084 Exposure of sensitive information to an unauthorized actor in Windows File Explo	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-32216 Null pointer dereference in Windows Redirected Drive Buffering allows an authori	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-32181 Improper privilege management in Microsoft Windows allows an authorized attacker	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-27930 Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose in	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-5600 A new API endpoint introduced in pretix 2025 that is supposed to return all che	MEDIUM	5.5	0.0%	FIX	2026-04-08
28	CVE-2026-27931 Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose in	MEDIUM	5.5	0.0%	FIX	2026-04-14
28	CVE-2026-35477 InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, th	MEDIUM	5.5	0.0%	FIX	2026-04-08
27	CVE-2026-5831 A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impa	MEDIUM	5.3	0.7%	FIX	2026-04-09
27	CVE-2026-6141 A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up t	MEDIUM	5.3	0.7%	FIX	2026-04-13
27	CVE-2026-5547 A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected i	MEDIUM	5.3	0.7%		2026-04-05
27	CVE-2026-3358 The Tutor LMS - eLearning and online course solution plugin for WordPress is vul	MEDIUM	5.4	0.1%		2026-04-11
27	CVE-2026-33119 User interface (ui) misrepresentation of critical information in Microsoft Edge	MEDIUM	5.4	0.1%	FIX	2026-04-10
27	CVE-2026-4124 The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all ve	MEDIUM	5.4	0.1%		2026-04-09
27	CVE-2026-1509 The Avada (Fusion) Builder plugin for WordPress is vulnerable to Arbitrary WordP	MEDIUM	5.4	0.0%		2026-04-15
27	CVE-2026-2712 The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of fun	MEDIUM	5.4	0.0%		2026-04-10
27	CVE-2026-35565 Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache St	MEDIUM	5.4	0.0%	FIX	2026-04-13
27	CVE-2026-35602 ## Summary The Vikunja file import endpoint uses the attacker-controlled `Size`	MEDIUM	5.4	0.0%	FIX	2026-04-10
27	CVE-2026-33406 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	MEDIUM	5.4	0.0%	FIX	2026-04-06
27	CVE-2026-34903 Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Inc	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-5895 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55	MEDIUM	5.4	0.0%	FIX	2026-04-08
27	CVE-2026-4065 The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-26291 Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If	MEDIUM	5.4	0.0%		2026-04-15
27	CVE-2026-35600 ## Summary Task titles are embedded directly into Markdown link syntax in overd	MEDIUM	5.4	0.0%	FIX	2026-04-10
27	CVE-2026-27288 Adobe Experience Manager versions FP11.7 and earlier are affected by a stored Cr	MEDIUM	5.4	0.0%		2026-04-14
27	CVE-2026-34624 Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a D	MEDIUM	5.4	0.0%		2026-04-14
27	CVE-2026-39367 WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-40071 pyLoad is a free and open-source download manager written in Python. Prior to 0.	MEDIUM	5.4	0.0%	FIX	2026-04-09
27	CVE-2026-34623 Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a D	MEDIUM	5.4	0.0%		2026-04-14
27	CVE-2025-1794 The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scri	MEDIUM	5.4	0.0%		2026-04-08
27	CVE-2026-39380 Open Source Point of Sale is a web based point-of-sale application written in PH	MEDIUM	5.4	0.0%	FIX	2026-04-07
27	CVE-2026-31153 A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows atta	MEDIUM	5.4	0.0%		2026-04-06
27	CVE-2026-40112 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoin	MEDIUM	5.4	0.0%	FIX	2026-04-09
27	CVE-2026-3369 The Better Find and Replace - AI-Powered Suggestions plugin for WordPress is vul	MEDIUM	5.4	0.0%		2026-04-16
27	CVE-2026-40212 OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scri	MEDIUM	5.4	0.0%		2026-04-10

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	735d
CVE-2019-19781	CRITICAL	9.8	223	2303d
CVE-2020-5902	CRITICAL	9.8	223	2116d
CVE-2021-35464	CRITICAL	9.8	223	1729d
CVE-2020-10189	CRITICAL	9.8	223	2232d
CVE-2012-4681	CRITICAL	9.8	223	4980d
CVE-2022-42475	CRITICAL	9.8	223	1201d
CVE-2023-3519	CRITICAL	9.8	223	1002d
CVE-2015-7450	CRITICAL	9.8	222	3757d
CVE-2023-34048	CRITICAL	9.8	222	904d

Prev 23 / 31 Next