Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
18	CVE-2026-40341 libgphoto2 is a camera access and control library. In versions up to and includi	LOW	3.5	-		2026-04-18
18	CVE-2026-40334 libgphoto2 is a camera access and control library. In versions up to and includi	LOW	3.5	-		2026-04-18
18	CVE-2026-35400 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	LOW	3.5	0.0%	FIX	2026-04-08
17	CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.4	0.0%	FIX	2026-04-06
17	CVE-2026-28264 Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorre	LOW	3.3	0.0%	FIX	2026-04-08
17	CVE-2026-21727 --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false	LOW	3.3	0.0%	FIX	2026-04-15
16	CVE-2026-39419 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below	LOW	3.1	0.0%	FIX	2026-04-14
16	CVE-2026-3155 The OneSignal - Web Push Notifications plugin for WordPress is vulnerable to aut	LOW	3.1	0.0%		2026-04-16
16	CVE-2026-33212 Weblate is a web based localization tool. In versions prior to 5.17, the tasks A	LOW	3.1	0.0%	FIX	2026-04-15
16	CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.1	0.0%	FIX	2026-04-06
16	CVE-2026-40109 Flux notification-controller is the event forwarder and notification dispatcher	LOW	3.1	0.0%	FIX	2026-04-09
16	CVE-2026-6313 Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101	LOW	3.1	0.0%	FIX	2026-04-15
16	CVE-2026-6312 Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.772	LOW	3.1	0.0%	FIX	2026-04-15
16	CVE-2026-33436 Stirling-PDF is a locally hosted web application that facilitates various operat	LOW	3.1	-	FIX	2026-04-17
15	CVE-2026-5382 An issue that could expose records outside of the authorized organization scope	LOW	3.0	0.0%	FIX	2026-04-07
15	CVE-2026-5379 An issue that allowed MCP agents to access certificate information from outside	LOW	3.0	0.0%	FIX	2026-04-07
15	CVE-2026-33948 jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db284	LOW	2.9	0.1%		2026-04-14
15	CVE-2026-40354 Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Fla	LOW	2.9	0.0%	FIX	2026-04-11
15	CVE-2026-41080 libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occu	LOW	2.9	0.0%	FIX	2026-04-16
15	CVE-2026-40947 Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager be	LOW	2.9	0.0%	FIX	2026-04-15
15	CVE-2026-40228 In systemd 259, systemd-journald can send ANSI escape sequences to the terminals	LOW	2.9	0.0%		2026-04-10
15	CVE-2025-52641 HCL AION is affected by a vulnerability where certain system behaviours may allo	LOW	2.9	0.0%		2026-04-15
14	CVE-2026-34781 ### Impact Apps that call `clipboard.readImage()` may be vulnerable to a denial	LOW	2.8	0.0%	FIX	2026-04-07
14	CVE-2026-37598 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitr	LOW	2.7	0.0%		2026-04-14
14	CVE-2025-15480 In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user cr	LOW	2.7	0.0%	FIX	2026-04-09
14	CVE-2025-14551 In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials durin	LOW	2.7	0.0%	FIX	2026-04-09
14	CVE-2026-37592 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL i	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-27316 A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-5375 An issue that could allow a user with access to a credential to view sensitive f	LOW	2.7	0.0%	FIX	2026-04-07
14	CVE-2026-27769 Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were corr	LOW	2.7	0.0%		2026-04-15
14	CVE-2026-37596 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-36922 Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36872 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /libr	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36873 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /libr	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36938 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injecti	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36947 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36923 Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the f	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36943 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36944 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36945 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36941 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injecti	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36937 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injecti	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-37600 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL In	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37597 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37595 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37594 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37593 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37602 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL In	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37591 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL i	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37590 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL I	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37589 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL I	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-37601 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL In	LOW	2.7	0.0%		2026-04-14
14	CVE-2026-36942 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injecti	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36946 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnera	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36919 Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36874 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /libr	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36920 Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-39510 Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image	LOW	2.7	0.0%		2026-04-08
14	CVE-2026-36952 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injectio	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-36950 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injectio	LOW	2.7	0.0%		2026-04-13
14	CVE-2026-4916 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2	LOW	2.7	0.0%	FIX	2026-04-08
14	CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	LOW	2.7	0.0%	FIX	2026-04-07
13	CVE-2026-34849 UAF vulnerability in the screen management module. Impact: Successful exploitati	LOW	2.5	0.0%		2026-04-13
12	CVE-2026-21741 An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] v	LOW	2.4	0.0%		2026-04-14
12	CVE-2026-27307 ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled	LOW	2.4	0.0%		2026-04-14
12	CVE-2026-27308 ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled	LOW	2.4	0.0%		2026-04-14
12	CVE-2026-2401 CWE-532 Insertion of Sensitive Information into Log File vulnerability exists th	LOW	2.4	0.0%		2026-04-14
12	CVE-2026-40336 libgphoto2 is a camera access and control library. Versions up to and including	LOW	2.4	-		2026-04-18
12	CVE-2026-35624 OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room auth	LOW	2.3	0.1%	FIX	2026-04-09
12	CVE-2026-35617 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Goog	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-5187 Two potential heap out-of-bounds write locations existed in DecodeObjectId() in	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-39957 Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL opera	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-5188 An integer underflow issue exists in wolfSSL when parsing the Subject Alternativ	LOW	2.3	0.0%		2026-04-10
12	CVE-2026-35648 OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued no	LOW	2.3	0.0%	FIX	2026-04-10
12	CVE-2026-34720 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	LOW	2.3	0.0%	FIX	2026-04-08
12	CVE-2026-5448 X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-5392 Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-34945 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-34988 Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-35402 mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j dat	LOW	2.3	-	FIX	2026-04-17
11	CVE-2026-5381 An issue that could expose task information outside of the authorized organizati	LOW	2.2	0.0%	FIX	2026-04-07
11	CVE-2026-34851 Race condition vulnerability in the event notification module. Impact: Successfu	LOW	2.2	0.0%		2026-04-13
11	CVE-2026-5778 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause	LOW	2.1	0.1%		2026-04-09
11	CVE-2026-30812 Improper Neutralization of Input During Web Page Generation vulnerability allows	LOW	2.1	0.0%		2026-04-13
11	CVE-2026-5772 A 1-byte stack buffer over-read was identified in the MatchDomainName function (	LOW	2.1	0.0%		2026-04-09
11	CVE-2026-35200 ### Impact A file can be uploaded with a filename extension that passes the fil	LOW	2.1	0.0%	FIX	2026-04-04
11	CVE-2026-34248 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	LOW	2.1	0.0%	FIX	2026-04-08
11	CVE-2026-39349 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to	LOW	2.1	0.0%	FIX	2026-04-07
10	CVE-2026-27949 Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerabil	LOW	2.0	0.0%	FIX	2026-04-07
10	CVE-2026-27675 SAP Landscape Transformation contains a vulnerability in an RFC-exposed function	LOW	2.0	0.0%		2026-04-14

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	735d
CVE-2019-19781	CRITICAL	9.8	223	2303d
CVE-2020-5902	CRITICAL	9.8	223	2116d
CVE-2021-35464	CRITICAL	9.8	223	1730d
CVE-2020-10189	CRITICAL	9.8	223	2233d
CVE-2012-4681	CRITICAL	9.8	223	4980d
CVE-2022-42475	CRITICAL	9.8	223	1201d
CVE-2023-3519	CRITICAL	9.8	223	1003d
CVE-2015-7450	CRITICAL	9.8	222	3758d
CVE-2023-34048	CRITICAL	9.8	222	905d

Prev 30 / 31 Next