Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
48	CVE-2026-9584 A security vulnerability has been detected in code-projects Project Management S	MEDIUM	5.5	0.0%	POC	2026-05-26
48	CVE-2026-9603 A security vulnerability has been detected in SourceCodester eDoc Doctor Appoint	MEDIUM	5.5	0.0%	POC	2026-05-26
48	CVE-2026-9580 A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is	MEDIUM	5.5	0.0%	POC FIX	2026-05-26
47	CVE-2026-9102 A path traversal vulnerability exists in the Altium Enterprise Server Comparison	CRITICAL	9.4	0.5%	FIX	2026-05-20
47	CVE-2026-8134 Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the p	CRITICAL	9.4	0.4%		2026-05-21
47	CVE-2026-44590 Sherlock hunts down social media accounts by username across social networks. Pr	CRITICAL	9.3	0.8%	FIX	2026-05-27
47	CVE-2026-39405 Frappe Learning Management System (LMS) is a learning system that helps users st	CRITICAL	9.4	0.0%	FIX	2026-05-20
47	CVE-2026-45035 Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1	CRITICAL	9.4	0.0%	FIX	2026-05-15
47	CVE-2026-9129 A path traversal vulnerability exists in the Altium Enterprise Server Viewer Sto	CRITICAL	9.4	0.0%	FIX	2026-05-20
47	CVE-2026-1631 The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plu	MEDIUM	5.4	0.0%	POC FIX	2026-05-18
47	CVE-2026-9739 Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During	CRITICAL	9.4	0.0%		2026-05-27
47	CVE-2026-49103 Webmin before 2.640 does not safely construct a filename for saving of an attach	CRITICAL	9.4	0.0%	FIX	2026-05-27
47	CVE-2026-32998 This vulnerability in Veeam Service Provider Console allows for remote code exec	CRITICAL	9.4	0.3%		2026-05-28
47	CVE-2026-9141 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication	CRITICAL	9.3	0.2%		2026-05-20
47	CVE-2026-9139 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded crede	CRITICAL	9.3	0.1%		2026-05-20
47	CVE-2026-45010 phpMyFAQ before 4.1.2 contains an improper restriction of excessive authenticati	CRITICAL	9.3	0.1%	FIX	2026-05-15
47	CVE-2026-48906 The vulnerability in the Tassos Framework Plugin allows users to delete arbitrar	CRITICAL	9.3	0.1%		2026-05-27
47	CVE-2026-8838 Unsafe use of Python's eval() on server-received data in the vector_in() functio	CRITICAL	9.3	0.1%	FIX	2026-05-18
47	CVE-2026-46364 phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in	CRITICAL	9.3	0.0%	FIX	2026-05-15
47	CVE-2026-41090 Improper neutralization of special elements used in a command ('command injectio	CRITICAL	9.3	0.0%	FIX	2026-05-22
47	CVE-2026-23734 XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.	CRITICAL	9.3	0.0%	FIX	2026-05-20
47	CVE-2026-33137 XWiki Platform is a generic wiki platform offering runtime services for applicat	CRITICAL	9.3	0.0%	FIX	2026-05-20
47	CVE-2026-9058 Szafir SDK returns a success status code from the cryptographic digital signatur	CRITICAL	9.3	0.0%	FIX	2026-05-25
47	CVE-2026-42755 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
47	CVE-2026-42747 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
47	CVE-2026-9065 SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection vi	CRITICAL	9.3	0.0%	FIX	2026-05-20
47	CVE-2026-9059 NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injec	CRITICAL	9.3	0.0%	FIX	2026-05-20
47	CVE-2026-8631 A potential security vulnerability has been identified in the HP Linux Imaging a	CRITICAL	9.3	0.0%	FIX	2026-05-20
47	CVE-2026-8950 Same-origin policy bypass in the Networking: HTTP component. This vulnerability	CRITICAL	9.3	0.0%	FIX	2026-05-19
46	CVE-2026-42097 Sparx Pro Cloud Server requires authentication based on requested URL. An attack	CRITICAL	9.3	0.1%		2026-05-19
46	CVE-2026-4320 Authorization Bypass vulnerability in Creartia's ICMS software could allow an at	CRITICAL	9.3	0.0%	FIX	2026-05-18
46	CVE-2026-35090 In Slican telephone exchanges it is possible to manage the control panel remotel	CRITICAL	9.3	0.1%	FIX	2026-05-27
46	CVE-2026-35087 Slican telephone exchanges allow administrative protocol authentication bypass.	CRITICAL	9.3	0.1%	FIX	2026-05-27
46	CVE-2026-8979 The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an auth	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-44451 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component	CRITICAL	9.3	0.0%	FIX	2026-05-26
46	CVE-2026-8980 The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privile	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-45261 GitButler is a modern Git-based version control interface for AI-powered workflo	CRITICAL	9.3	-	FIX	2026-05-28
46	CVE-2026-42761 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-9037 A firmware update mechanism in the affected charging controller fails to validat	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-42727 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-42740 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-8836 A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_par	CRITICAL	9.3	0.2%	FIX	2026-05-18
46	CVE-2026-44159 Tyler Identity Local (TID-L) uses documented, default administrative credentials	CRITICAL	9.3	0.0%		2026-05-19
46	CVE-2026-39531 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-21
46	CVE-2026-46725 The extension passes an attacker-controlled cookie directly to PHP's unserialize	CRITICAL	9.2	0.4%	FIX	2026-05-19
46	CVE-2026-0481 Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosyst	CRITICAL	9.2	0.2%		2026-05-15
46	CVE-2026-8711 NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is config	CRITICAL	9.2	0.2%	FIX	2026-05-19
46	CVE-2026-41552 PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to	CRITICAL	9.2	0.0%	FIX	2026-05-15
46	CVE-2026-47358 Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF)	CRITICAL	9.2	0.0%		2026-05-19
46	CVE-2026-47357 Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF)	CRITICAL	9.2	0.0%		2026-05-19
46	CVE-2026-7182 Diagram's export module is vulnerable to Path Traversal in src attribute due to	CRITICAL	9.2	0.1%	FIX	2026-05-15
46	CVE-2026-9054 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than	CRITICAL	9.2	0.0%	FIX	2026-05-22
46	CVE-2026-48241 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in	CRITICAL	9.2	0.1%	FIX	2026-05-21
46	CVE-2026-48242 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection cre	CRITICAL	9.2	0.0%	FIX	2026-05-21
46	CVE-2026-9312 A server-side request forgery (SSRF) vulnerability was identified in GitHub Ente	CRITICAL	9.2	0.0%	FIX	2026-05-27
46	CVE-2026-33278 NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability	CRITICAL	9.1	0.4%	FIX	2026-05-20
46	CVE-2026-5433 Honeywell Control Network Module (CNM) contains command injection vulnerability	CRITICAL	9.1	0.3%	FIX	2026-05-21
46	CVE-2026-2586 An authenticated Remote Code Execution (RCE) vulnerability was identified in Gla	CRITICAL	9.1	0.2%		2026-05-19
46	CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_f	CRITICAL	9.1	0.1%	FIX	2026-05-27
46	CVE-2026-7302 SGLangs multimodal generation runtime is vulnerable to an unauthenticated path t	CRITICAL	9.1	0.1%		2026-05-18
46	CVE-2026-33843 Authentication bypass using an alternate path or channel in Microsoft Azure Acti	CRITICAL	9.1	0.1%	FIX	2026-05-22
46	CVE-2026-44699 LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA	CRITICAL	9.1	0.0%	FIX	2026-05-15
46	CVE-2026-49002 Access control failure means that an application does not effectively check user	CRITICAL	9.1	0.0%		2026-05-27
46	CVE-2026-41919 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injecti	CRITICAL	9.1	0.0%	FIX	2026-05-19
46	CVE-2026-8948 Same-origin policy bypass in the DOM: Networking component. This vulnerability w	CRITICAL	9.1	0.0%	FIX	2026-05-19
46	CVE-2026-39833 The in-memory keyring returned by NewKeyring() silently accepted keys with the C	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-42496 Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/26. pen	CRITICAL	9.1	0.0%	FIX	2026-05-26
46	CVE-2026-39834 When writing data larger than 4GB in a single Write call on an SSH channel, an i	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-7876 IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19	CRITICAL	9.1	0.0%		2026-05-27
46	CVE-2026-31986 Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue a	CRITICAL	9.1	0.0%	FIX	2026-05-19
46	CVE-2026-42508 Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-39832 When adding a key to a remote agent constraint extensions such as restrict-desti	CRITICAL	9.1	0.0%	FIX	2026-05-22
46	CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values	CRITICAL	9.1	0.0%	FIX	2026-05-20
46	CVE-2026-44449 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the prima	CRITICAL	9.1	0.1%	FIX	2026-05-26
46	CVE-2026-44632 ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algor	CRITICAL	9.1	-	FIX	2026-05-27
46	CVE-2026-46354 ## Summary `azureidentity.Validate()` verifies that the PKCS#7 signer certifica	CRITICAL	9.1	-	FIX	2026-05-19
46	CVE-2026-8598 An undocumented configuration export port is accessible on some models of ZKTec	CRITICAL	9.1	0.1%		2026-05-20
46	CVE-2026-46819 Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-B	CRITICAL	9.1	-		2026-05-28
46	CVE-2026-33000 A malicious actor with access to the network and high privileges could exploit a	CRITICAL	9.1	0.1%	FIX	2026-05-22
46	CVE-2026-46621 ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs scrip	CRITICAL	9.1	-	FIX	2026-05-27
45	CVE-2026-22314 Improper Control of Generation of Code ('Code Injection') vulnerability in Mesal	CRITICAL	9.0	0.0%		2026-05-20
45	CVE-2026-48150 Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/ro	CRITICAL	9.0	0.0%	FIX	2026-05-27
45	CVE-2026-45721 ### Summary When Algernon is asked for any URL path that resolves to a director	CRITICAL	9.0	0.2%	FIX	2026-05-19
45	CVE-2026-46833 Vulnerability in the Net Service component of Oracle Database Server. Supported	CRITICAL	9.0	-		2026-05-28
45	CVE-2026-32999 Insufficient character filtering in backup agent signing module on Comet Backup	CRITICAL	9.0	0.0%	FIX	2026-05-28
45	CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to inse	HIGH	8.9	0.1%		2026-05-21
45	CVE-2026-45659 Deserialization of untrusted data in Microsoft Office SharePoint allows an autho	HIGH	8.8	0.5%	FIX	2026-05-22
44	CVE-2026-8832 The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code	HIGH	8.8	0.4%		2026-05-27
44	CVE-2026-27648 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex	HIGH	8.8	0.2%		2026-05-19
44	CVE-2026-44048 In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion	HIGH	8.8	0.1%	FIX	2026-05-21

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 3 / 27 Next