Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
32	CVE-2026-46416 Microsoft UFO open-source framework for intelligent automation across devices an	MEDIUM	6.3	0.0%		2026-05-27
32	CVE-2026-45412 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via wo	MEDIUM	6.3	0.0%	FIX	2026-05-26
32	CVE-2026-2254 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 an	MEDIUM	6.3	0.0%	FIX	2026-05-27
32	CVE-2026-8723 ### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat:	MEDIUM	6.3	0.0%	FIX	2026-05-17
32	CVE-2026-43617 Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in t	MEDIUM	6.3	0.0%	FIX	2026-05-20
32	CVE-2026-44408 There is an unauthorized access vulnerability in ZTE MU5250. Due to improper per	MEDIUM	6.3	0.0%		2026-05-19
32	CVE-2026-47274 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	6.3	0.0%	FIX	2026-05-27
32	CVE-2026-47270 pam_usb provides hardware authentication for Linux using ordinary removable medi	MEDIUM	6.3	0.0%	FIX	2026-05-27
32	CVE-2026-45737 ### Summary The original fix for [GHSA-3v3m-wc6v-x4x3](https://github.com/argopr	MEDIUM	6.3	-	FIX	2026-05-19
32	CVE-2026-7881 Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDO	MEDIUM	6.3	0.0%	FIX	2026-05-21
32	CVE-2026-9806 A stored cross-site scripting (XSS) vulnerability exists in the notification pan	MEDIUM	6.3	0.0%	FIX	2026-05-28
32	CVE-2026-1816 Improper restriction of excessive authentication attempts vulnerability in Turki	MEDIUM	6.3	0.0%	FIX	2026-05-21
32	CVE-2026-46403 ## Publisher note Fixed in `v1.7.17`. Operators running `< v1.7.17` should	MEDIUM	6.3	-	FIX	2026-05-21
32	CVE-2026-30498 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.p	MEDIUM	6.3	0.0%		2026-05-27
32	CVE-2026-49093 Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user	MEDIUM	6.3	-		2026-05-28
32	CVE-2026-42791 Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_o	MEDIUM	6.3	0.1%		2026-05-27
32	CVE-2026-45626 ## Summary `GET /environments/{id}/volumes/{volumeName}/browse` accepts a `path	MEDIUM	6.3	-		2026-05-18
32	CVE-2026-8803 A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Im	MEDIUM	6.3	0.0%		2026-05-18
32	CVE-2026-7879 In Concrete CMS 9.5.0 and below, the submit_password() method in concrete/contr	MEDIUM	6.3	0.0%		2026-05-21
32	CVE-2026-20206 A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Age	MEDIUM	6.3	0.1%		2026-05-20
31	CVE-2026-41969 Permission control vulnerability in the projection module. Impact: Successful ex	MEDIUM	6.2	0.0%		2026-05-15
31	CVE-2026-2237 A use of get request method with sensitive query strings vulnerability in volume	MEDIUM	6.2	0.0%	FIX	2026-05-27
31	CVE-2026-45785 ### Summary The BST name-lookup loop in `DirectoryTree.TryGetDirectoryEntry` (`O	MEDIUM	6.2	-	FIX	2026-05-19
31	CVE-2026-46557 Due to a missing depth check a stack overflow can occur in the fx operation by p	MEDIUM	6.2	-	FIX	2026-05-18
31	CVE-2026-9813 FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vuln	MEDIUM	6.2	0.0%	FIX	2026-05-28
31	CVE-2026-48696 FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vu	MEDIUM	6.2	0.0%		2026-05-26
31	CVE-2026-38719 OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Com	MEDIUM	6.2	0.0%		2026-05-18
31	CVE-2026-46523 A crafted MSL image can trigger a heap-use-after-free.	MEDIUM	6.2	-	FIX	2026-05-18
31	CVE-2026-36189 Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82	MEDIUM	6.2	0.0%		2026-05-21
31	CVE-2026-8707 The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-	MEDIUM	6.1	0.1%		2026-05-27
31	CVE-2026-7462 The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site S	MEDIUM	6.1	0.1%		2026-05-20
31	CVE-2026-8624 The LJ comments import: reloaded plugin for WordPress is vulnerable to Reflected	MEDIUM	6.1	0.1%		2026-05-20
31	CVE-2026-3001 The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Script	MEDIUM	6.1	0.1%		2026-05-27
31	CVE-2026-8626 The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripti	MEDIUM	6.1	0.1%		2026-05-20
31	CVE-2026-8627 The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Sc	MEDIUM	6.1	0.1%		2026-05-20
31	CVE-2026-3349 The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-	MEDIUM	6.1	0.1%		2026-05-27
31	CVE-2026-43618 Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the c	MEDIUM	6.1	0.0%	FIX	2026-05-20
31	CVE-2026-29964 HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability i	MEDIUM	6.1	0.0%		2026-05-18
31	CVE-2026-31379 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.1	0.0%	FIX	2026-05-19
31	CVE-2025-65954 ### Summary The logout endpoint accepts a `url` query parameter to redirect to.	MEDIUM	6.1	0.0%	FIX	2026-05-15
31	CVE-2026-6367 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripti	MEDIUM	6.1	0.0%	FIX	2026-05-19
31	CVE-2026-6365 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripti	MEDIUM	6.1	0.0%	FIX	2026-05-19
31	CVE-2026-31906 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.1	0.0%	FIX	2026-05-19
31	CVE-2026-29965 HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /po	MEDIUM	6.1	0.0%		2026-05-18
31	CVE-2026-26028 CryptPad is an end-to-end encrypted collaborative office suite. In versions prio	MEDIUM	6.1	0.0%	FIX	2026-05-20
31	CVE-2026-6871 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripti	MEDIUM	6.1	0.0%	FIX	2026-05-19
31	CVE-2026-6095 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripti	MEDIUM	6.1	0.0%	FIX	2026-05-19
31	CVE-2026-6395 The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery	MEDIUM	6.1	0.0%		2026-05-20
31	CVE-2026-8911 The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery	MEDIUM	6.1	0.0%		2026-05-27
31	CVE-2026-44366 Vvveb is a powerful and easy to use CMS with page builder to build websites, blo	MEDIUM	6.1	0.0%	FIX	2026-05-15
31	CVE-2026-6391 The Sentence To SEO (keywords, description and tags) plugin for WordPress is vul	MEDIUM	6.1	0.0%		2026-05-20
31	CVE-2026-8420 The BLOGCHAT Chat System plugin for WordPress is vulnerable to Cross-Site Reques	MEDIUM	6.1	0.0%		2026-05-20
31	CVE-2026-22880 Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11	MEDIUM	6.1	0.0%		2026-05-21
31	CVE-2026-8906 The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery	MEDIUM	6.1	0.0%		2026-05-27
31	CVE-2026-30691 Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 al	MEDIUM	6.1	0.0%		2026-05-20
31	CVE-2026-5090 Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScrip	MEDIUM	6.1	0.0%		2026-05-19
31	CVE-2025-66592 An origin validation error vulnerability in Synology Active Backup for Business	MEDIUM	6.1	0.0%	FIX	2026-05-27
31	CVE-2025-66593 An origin validation error vulnerability in Synology Assistant before 7.0.6-5008	MEDIUM	6.1	0.0%	FIX	2026-05-27
31	CVE-2025-13593 Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1	MEDIUM	6.1	0.0%	FIX	2026-05-27
30	CVE-2026-47328 Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly	MEDIUM	6.1	-	FIX	2026-05-28
30	CVE-2026-47128 ### Summary The nono Landlock/seccomp policies allow access to local Unix domai	MEDIUM	6.1	-		2026-05-28
30	CVE-2026-44644 ## Summary The `strip_html` filter in liquidjs is intended to remove HTML tags	MEDIUM	6.1	-		2026-05-27
30	CVE-2026-46341 ### Summary The `fetch-apify-docs` tool validates URLs against a domain allowlis	MEDIUM	6.1	-	FIX	2026-05-19
30	CVE-2026-45307 Speakr is a personal, self-hosted web application designed for transcribing audi	MEDIUM	6.1	-	FIX	2026-05-28
30	CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vuln	MEDIUM	6.1	0.0%	FIX	2026-05-22
30	CVE-2026-9646 A reflected cross-site scripting issue exists in URL handling.	MEDIUM	6.1	-		2026-05-28
30	CVE-2026-41568 ## Summary A race condition during `docker cp` mount setup allows a malicious c	MEDIUM	6.1	-	FIX	2026-05-18
30	CVE-2026-7660 The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-S	MEDIUM	6.1	0.0%		2026-05-28
30	CVE-2026-49102 Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachme	MEDIUM	6.1	0.0%	FIX	2026-05-27
30	CVE-2026-46547 ### Summary A reflected XSS vulnerability exists in the Page Leaving Warning pag	MEDIUM	6.1	-		2026-05-21
30	CVE-2026-6864 The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected C	MEDIUM	6.1	0.0%		2026-05-22
30	CVE-2026-3481 The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scrip	MEDIUM	6.1	0.0%		2026-05-22
30	CVE-2026-8245 Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination	MEDIUM	6.0	0.0%		2026-05-21
30	CVE-2026-33514 Discourse is an open-source discussion platform. In versions prior to 2026.1.4,	MEDIUM	6.0	0.0%	FIX	2026-05-19
30	CVE-2026-4377 Dlink DWR-X1820 router uses weak default password generated from its IMEI number	MEDIUM	6.0	0.0%	FIX	2026-05-28
30	CVE-2026-0857 Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Me	MEDIUM	6.0	0.0%		2026-05-20
30	CVE-2026-42998 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone applic	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-42999 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC p	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-41185 When Calico is configured with the Azure IPAM plugin, the Calico CNI binary muta	MEDIUM	6.0	-	FIX	2026-05-28
30	CVE-2026-41184 In Calico, the install-cni init container logs the rendered CNI configuration to	MEDIUM	6.0	-	FIX	2026-05-28
30	CVE-2026-44394 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federa	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-9100 The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from th	MEDIUM	6.0	0.1%	FIX	2026-05-20
30	CVE-2026-9084 MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity	MEDIUM	6.0	0.0%	FIX	2026-05-20
30	CVE-2026-43000 An issue was discovered in OpenStack Keystone before 29.0.2. When combined with	MEDIUM	6.0	-		2026-05-28
30	CVE-2026-46685 RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta	MEDIUM	6.0	-	FIX	2026-05-28
30	CVE-2026-44061 In Netatalk 1.5.0 through 4.4.2, des-ecb auth with timing side channel. Fixed in	MEDIUM	5.9	0.1%	FIX	2026-05-21
30	CVE-2026-46724 The file indexer does not normalize the configured directory path. A backend use	MEDIUM	5.9	0.0%	FIX	2026-05-19
30	CVE-2026-48593 Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oba	MEDIUM	5.9	0.0%	FIX	2026-05-26
30	CVE-2026-46722 The OOXML parsing of the file indexer does not disable external entity resolutio	MEDIUM	5.9	0.0%	FIX	2026-05-19
30	CVE-2026-43827 Default configurations of Apache Shiro have a session fixation vulnerability. T	MEDIUM	5.9	0.0%		2026-05-25

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3799d
CVE-2023-34048	CRITICAL	9.8	222	946d

Prev 4 / 10 Next