Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
43	CVE-2026-34605 SiYuan is a personal knowledge management system. From version 3.6.0 to before v	HIGH	8.6	0.0%	FIX	2026-03-31
43	CVE-2026-23899 An improper access check allows unauthorized access to webservice endpoints.	HIGH	8.6	0.0%		2026-04-01
43	CVE-2026-34588 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.6	0.0%	FIX	2026-04-06
43	CVE-2026-2123 A security audit identified a privilege escalation vulnerability in Operations A	HIGH	8.6	0.0%		2026-03-31
43	CVE-2026-33752 ### Summary curl_cffi does not restrict requests to internal IP ranges, and foll	HIGH	8.6	0.0%	FIX	2026-04-03
43	CVE-2026-33577 OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerabilit	HIGH	8.6	0.0%	FIX	2026-03-31
43	CVE-2026-39983 ## Summary `basic-ftp` version `5.2.0` allows FTP command injection via CRLF se	HIGH	8.6	1.2%	FIX	2026-04-08
43	CVE-2026-40158 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based	HIGH	8.6	0.0%	FIX	2026-04-10
43	CVE-2026-35643 OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vu	HIGH	8.6	0.0%	FIX	2026-04-10
43	CVE-2026-35399 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS	HIGH	8.5	0.1%		2026-04-06
43	CVE-2026-34747 Payload is a free and open source headless content management system. Prior to v	HIGH	8.5	0.0%	FIX	2026-04-01
43	CVE-2026-2737 A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6,	HIGH	8.5	0.0%		2026-04-02
43	CVE-2026-34932 hoppscotch is an open source API development ecosystem. Prior to version 2026.3.	HIGH	8.5	0.0%		2026-04-02
43	CVE-2026-20915 Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2	HIGH	8.5	0.0%		2026-03-31
43	CVE-2026-34825 ## Summary NocoBase <= 2.0.8 `plugin-workflow-sql` substitutes template variabl	HIGH	8.5	0.0%	FIX	2026-04-01
43	CVE-2026-34931 hoppscotch is an open source API development ecosystem. Prior to version 2026.3.	HIGH	8.5	0.0%		2026-04-02
43	CVE-2026-39495 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	8.5	0.0%		2026-04-08
43	CVE-2026-4416 The Performance Library component of Gigabyte Control Center has an Insecure Des	HIGH	8.5	0.0%		2026-03-30
43	CVE-2026-32862 There is a memory corruption vulnerability due to an out-of-bounds write in ResF	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32860 There is a memory corruption vulnerability due to an out-of-bounds write when lo	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32863 There is a memory corruption vulnerability due to an out-of-bounds read in sentr	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32861 There is a memory corruption vulnerability due to an out-of-bounds write when lo	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32864 There is a memory corruption vulnerability due to an out-of-bounds read in mgcor	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-1342 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	HIGH	8.5	0.0%		2026-04-08
42	CVE-2026-40031 MemProcFS before 5.17 contains multiple unsafe library-loading patterns that ena	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2026-39416 AIL framework is an open-source platform to collect, crawl, process and analyse	HIGH	8.5	0.1%		2026-04-08
42	CVE-2026-30818 An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX	HIGH	8.5	0.4%	FIX	2026-04-08
42	CVE-2026-30815 An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX	HIGH	8.5	0.3%	FIX	2026-04-08
42	CVE-2026-40029 parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2026-35625 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where si	HIGH	8.5	0.0%	FIX	2026-04-09
42	CVE-2026-34885 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	8.5	0.0%	POC	2026-04-06
42	CVE-2026-3466 Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL	HIGH	8.5	0.0%		2026-04-07
42	CVE-2026-5173 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.	HIGH	8.5	0.0%		2026-04-08
42	CVE-2026-33788 A Missing Authentication for Critical Function vulnerability in the Flexible PIC	HIGH	8.5	0.0%		2026-04-09
42	CVE-2026-34975 Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0,	HIGH	8.5	0.0%		2026-04-06
42	CVE-2026-39942 Directus is a real-time API and App dashboard for managing SQL database content.	HIGH	8.5	0.0%	FIX	2026-04-09
42	CVE-2026-39974 ## Impact An authenticated Server-Side Request Forgery in `n8n-mcp` allows a cal	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2026-5329 Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validatio	HIGH	8.5	0.2%		2026-04-09
42	CVE-2026-33793 An Execution with Unnecessary Privileges vulnerability in the User Interface (UI	HIGH	8.5	0.0%		2026-04-09
42	CVE-2026-5483 A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in	HIGH	8.5	0.1%		2026-04-10
42	CVE-2026-40032 UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injectio	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2025-59711 An issue was discovered in Biztalk360 before 11.5. Because of mishandling of use	HIGH	8.3	0.9%		2026-04-03
42	CVE-2026-34545 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.4	0.1%		2026-04-01
42	CVE-2026-34377 --- # CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data ## S	HIGH	8.4	0.0%	FIX	2026-03-30
42	CVE-2026-30277 An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Pri	HIGH	8.4	0.0%		2026-03-31
42	CVE-2026-30279 An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel T	HIGH	8.4	0.0%		2026-03-31
42	CVE-2025-30650 A Missing Authentication for Critical Function vulnerability in command processi	HIGH	8.4	0.0%		2026-04-08
42	CVE-2026-30290 An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6	HIGH	8.4	0.0%		2026-03-31
42	CVE-2026-32928 V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-32925 V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-34589 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.4	0.0%	FIX	2026-04-06
42	CVE-2026-30289 An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-30291 An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Edi	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-4788 IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-30292 An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer AP	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-34544 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.4	0.0%	FIX	2026-04-01
42	CVE-2026-28704 Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file i	HIGH	8.4	0.0%		2026-04-10
42	CVE-2026-32927 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-32926 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-32929 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!ge	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-30287 An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner	HIGH	8.4	0.0%		2026-04-01
42	CVE-2026-22682 OpenHarness prior to commit 166fcfe contains an improper access control vulnerab	HIGH	8.4	0.0%	FIX	2026-04-07
42	CVE-2026-40030 parseusbs before 1.9 contains an OS command injection vulnerability where the vo	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-40027 ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path t	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-40024 The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_rec	HIGH	8.4	0.0%	FIX	2026-04-08
42	CVE-2026-35204 Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a spec	HIGH	8.4	0.0%	FIX	2026-04-09
42	CVE-2026-35205 Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm w	HIGH	8.4	0.0%	FIX	2026-04-09
42	CVE-2026-4266 An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an at	HIGH	8.4	0.1%		2026-03-30
42	CVE-2026-35641 OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in	HIGH	8.4	0.0%	FIX	2026-04-10
42	CVE-2026-33791 An OS Command Injection vulnerability in the CLI processing of Juniper Networks	HIGH	8.4	0.0%		2026-04-09
42	CVE-2026-21915 A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks	HIGH	8.4	0.0%		2026-04-09
42	CVE-2026-40113 PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs	HIGH	8.4	0.0%	FIX	2026-04-09
42	CVE-2025-14213 Cato Networks’ Socket versions prior to 25 contain a command injection vulnerabi	HIGH	8.3	0.3%		2026-03-31
42	CVE-2026-32725 SciTokens C++ is a minimal library for creating and using SciTokens from C or C+	HIGH	8.3	0.2%		2026-03-31
42	CVE-2026-34524 ## Summary A Path Traversal vulnerability in chat endpoints allows an authentica	HIGH	8.3	0.0%	FIX	2026-04-01
42	CVE-2026-34072 Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, l	HIGH	8.3	0.0%		2026-04-01
42	CVE-2026-34780 ### Impact Apps that pass `VideoFrame` objects (from the WebCodecs API) across t	HIGH	8.3	0.0%	FIX	2026-04-03
42	CVE-2026-35394 ### Summary The `mobile_open_url` tool in mobile-mcp passes user-supplied URLs	HIGH	8.3	0.0%	FIX	2026-04-04
42	CVE-2026-34576 Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST	HIGH	8.3	0.0%		2026-04-02
42	CVE-2026-34719 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	HIGH	8.3	0.0%		2026-04-08
42	CVE-2026-24148 NVIDIA Jetson for JetPack contains a vulnerability in the system initialization	HIGH	8.3	0.0%		2026-03-31
42	CVE-2026-35478 InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1	HIGH	8.3	0.1%		2026-04-08
42	CVE-2026-35618 OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 s	HIGH	8.3	0.0%	FIX	2026-04-09
42	CVE-2026-5264 Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can s	HIGH	8.3	0.2%		2026-04-09
42	CVE-2026-33779 An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web o	HIGH	8.3	0.0%		2026-04-09
42	CVE-2026-28808 Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unaut	HIGH	8.3	0.0%	FIX	2026-04-07
42	CVE-2026-35595 ## Summary A user with Write-level access to a project can escalate their permi	HIGH	8.3	0.0%	FIX	2026-04-10
42	CVE-2026-31939 Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path t	HIGH	8.3	0.0%		2026-04-10
41	CVE-2026-34363 ### Impact When multiple clients subscribe to the same class via LiveQuery, the	HIGH	8.2	0.1%	FIX	2026-03-30
41	CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wr	HIGH	8.2	0.1%	FIX	2026-04-01

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4975d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 4 / 10 Next