Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
42	CVE-2026-35595 ## Summary A user with Write-level access to a project can escalate their permi	HIGH	8.3	0.0%	FIX	2026-04-10
41	CVE-2026-34363 ### Impact When multiple clients subscribe to the same class via LiveQuery, the	HIGH	8.2	0.1%	FIX	2026-03-30
41	CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wr	HIGH	8.2	0.1%	FIX	2026-04-01
41	CVE-2026-39363 ### Summary [`server.fs`](https://vite.dev/config/server-options#server-fs-stri	HIGH	8.2	0.1%	FIX	2026-04-06
41	CVE-2026-34045 Podman Desktop is a graphical tool for developing on containers and Kubernetes.	HIGH	8.2	0.1%		2026-04-07
41	CVE-2026-35525 ### Summary LiquidJS enforces partial and layout root restrictions using the re	HIGH	8.2	0.1%	FIX	2026-04-08
41	CVE-2026-35604 File Browser is a file managing interface for uploading, deleting, previewing, r	HIGH	8.2	0.1%	FIX	2026-04-07
41	CVE-2026-5208 Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authen	HIGH	8.2	0.1%		2026-04-08
41	CVE-2026-34219 ## Description ### Summary The Rust libp2p Gossipsub implementation contains a r	HIGH	8.2	0.1%	FIX	2026-03-30
41	CVE-2026-27124 ## Summary While testing the GitHubProvider OAuth integration, which allows au	HIGH	8.2	0.1%	FIX	2026-03-31
41	CVE-2026-34573 Parse Server is an open source backend that can be deployed to any infrastructur	HIGH	8.2	0.0%	FIX	2026-03-31
41	CVE-2026-32877 Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0	HIGH	8.2	0.0%		2026-03-30
41	CVE-2026-34784 Parse Server is an open source backend that can be deployed to any infrastructur	HIGH	8.2	0.0%	FIX	2026-03-31
41	CVE-2026-4924 Improper authentication in the two-factor authentication (2FA) feature in Devo	HIGH	8.2	0.0%		2026-04-01
41	CVE-2026-4828 Improper authentication in the OAuth login functionality in Devolutions Server 2	HIGH	8.2	0.0%		2026-04-01
41	CVE-2026-5477 An integer overflow existed in the wolfCrypt CMAC implementation, that could be	HIGH	8.2	0.0%		2026-04-10
41	CVE-2026-34593 ## Summary `Ash.Type.Module.cast_input/2` unconditionally creates a new Erlang	HIGH	8.2	0.0%	FIX	2026-04-01
41	CVE-2026-39364 ### Summary The contents of files that are specified by [`server.fs.deny`](http	HIGH	8.2	0.0%	POC FIX	2026-04-06
41	CVE-2026-35457 ### Summary The rendezvous server stores pagination cookies without bounds. An u	HIGH	8.2	0.0%	FIX	2026-04-04
41	CVE-2026-34725 ### Summary A stored XSS vulnerability exists in DbGate because attacker-control	HIGH	8.2	0.0%	FIX	2026-04-01
41	CVE-2026-1116 A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` met	HIGH	8.2	0.0%		2026-04-12
41	CVE-2026-34236 Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From versio	HIGH	8.2	0.0%	FIX	2026-04-01
41	CVE-2026-4740 A flaw was found in Open Cluster Management (OCM), the technology underlying Red	HIGH	8.2	0.0%	FIX	2026-04-07
41	CVE-2026-34578 OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNs	HIGH	8.2	0.2%		2026-04-09
41	CVE-2026-40163 Saltcorn is an extensible, open source, no-code database application builder. Pr	HIGH	8.2	0.1%	FIX	2026-04-10
41	CVE-2026-39429 ### Summary The cache server is directly exposed by the root shard and has no a	HIGH	8.2	0.1%	FIX	2026-04-08
41	CVE-2026-34982 Vim is an open source, command line text editor. Prior to version 9.2.0276, a mo	HIGH	8.2	0.0%		2026-04-06
41	CVE-2026-40168 Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/s	HIGH	8.2	0.0%		2026-04-10
41	CVE-2026-40073 SvelteKit is a framework for rapidly developing robust, performant web applicati	HIGH	8.2	0.0%	FIX	2026-04-10
41	CVE-2026-34783 ## Summary A path traversal vulnerability in Ferret's `IO::FS::WRITE` standard	HIGH	8.1	0.2%	FIX	2026-04-01
41	CVE-2026-33949 ### Summary A Path Traversal vulnerability in `@tinacms/graphql` allows unauthen	HIGH	8.1	0.1%	FIX	2026-03-30
41	CVE-2026-4272 Missing Authentication for Critical Function vulnerability in Honeywell Handheld	HIGH	8.1	0.1%		2026-04-05
41	CVE-2026-4350 The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion vi	HIGH	8.1	0.1%		2026-04-03
41	CVE-2026-4101 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	HIGH	8.1	0.1%	FIX	2026-04-01
41	CVE-2026-34528 ## Summary The `signupHandler` in File Browser applies default user permissions	HIGH	8.1	0.1%	FIX	2026-03-31
41	CVE-2026-4347 The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due t	HIGH	8.1	0.1%		2026-04-02
41	CVE-2026-35607 File Browser is a file managing interface for uploading, deleting, previewing, r	HIGH	8.1	0.1%	FIX	2026-04-07
41	CVE-2026-4800 Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h	HIGH	8.1	0.1%	FIX	2026-03-31
41	CVE-2026-4351 The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite v	HIGH	8.1	0.1%		2026-04-10
41	CVE-2026-34522 ### Summary A path traversal vulnerability in `/api/chats/import` allows an auth	HIGH	8.1	0.1%	FIX	2026-04-01
41	CVE-2026-32727 SciTokens is a reference library for generating and using SciTokens. Prior to ve	HIGH	8.1	0.1%	FIX	2026-03-31
41	CVE-2026-34840 OneUptime is an open-source monitoring and observability platform. Prior to vers	HIGH	8.1	0.0%		2026-04-02
41	CVE-2026-39307 The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbit	HIGH	8.1	0.0%	FIX	2026-04-06
41	CVE-2026-25726 ### Impact This vulnerability affects Cloudreve instances that were **first	HIGH	8.1	0.0%	FIX	2026-03-31
41	CVE-2026-24660 A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functi	HIGH	8.1	0.0%	FIX	2026-04-07
41	CVE-2026-24450 An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw fun	HIGH	8.1	0.0%	FIX	2026-04-07
41	CVE-2026-20884 An integer overflow vulnerability exists in the deflate_dng_load_raw functionali	HIGH	8.1	0.0%	FIX	2026-04-07
41	CVE-2026-5915 Insufficient validation of untrusted input in WebML in Google Chrome prior to 14	HIGH	8.1	0.0%	FIX	2026-04-08
41	CVE-2026-34774 ### Impact Apps that use offscreen rendering and allow child windows via `window	HIGH	8.1	0.0%	FIX	2026-04-03
41	CVE-2026-35488 Tandoor Recipes is an application for managing recipes, planning meals, and buil	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-39331 ChurchCRM is an open-source church management system. Prior to 7.1.0, an authent	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-39344 ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-5907 Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 al	HIGH	8.1	0.0%	FIX	2026-04-08
41	CVE-2026-5282 Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed	HIGH	8.1	0.0%	FIX	2026-04-01
41	CVE-2026-26263 GLPI is a free asset and IT management software package. From 11.0.0 to before 1	HIGH	8.1	0.0%		2026-04-06
41	CVE-2026-34581 ### Summary When using the `Share Token` it is possible to bypass the limited se	HIGH	8.1	0.0%		2026-04-01
41	CVE-2026-32726 SciTokens C++ is a minimal library for creating and using SciTokens from C or C+	HIGH	8.1	0.0%		2026-03-31
41	CVE-2026-35045 Tandoor Recipes is an application for managing recipes, planning meals, and buil	HIGH	8.1	0.0%		2026-04-06
41	CVE-2026-32716 SciTokens is a reference library for generating and using SciTokens. Prior to ve	HIGH	8.1	0.0%	FIX	2026-03-31
41	CVE-2026-39340 ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-5373 An issue that allowed all-organization administrators to promote accounts to sup	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-39341 ChurchCRM is an open-source church management system. Prior to 7.1.0, The applic	HIGH	8.1	0.0%		2026-04-07
41	CVE-2026-4636 A flaw was found in Keycloak. An authenticated user with the uma_protection role	HIGH	8.1	0.0%	FIX	2026-04-02
41	CVE-2026-34394 WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo	HIGH	8.1	0.0%		2026-03-31
41	CVE-2026-39371 RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver	HIGH	8.1	0.0%	FIX	2026-04-07
40	CVE-2026-40070 BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2,	HIGH	8.1	0.0%	FIX	2026-04-09
40	CVE-2026-40259 ## Summary An authenticated publish-service reader can invoke `/api/av/removeUn	HIGH	8.1	-	FIX	2026-04-10
40	CVE-2026-40093 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati	HIGH	8.1	0.1%		2026-04-09
40	CVE-2026-40393 In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occu	HIGH	8.1	-		2026-04-12
40	CVE-2026-34402 ChurchCRM is an open-source church management system. Prior to 7.1.0, authentica	HIGH	8.1	0.0%		2026-04-06
40	CVE-2026-39393 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	HIGH	8.1	0.0%	FIX	2026-04-08
40	CVE-2026-39394 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	HIGH	8.1	0.0%	FIX	2026-04-08
40	CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash	HIGH	8.1	0.3%		2026-04-08
40	CVE-2026-40200 An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co	HIGH	8.1	0.0%		2026-04-10
40	CVE-2026-5436 The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in	HIGH	8.1	0.2%		2026-04-08
40	CVE-2026-35442 ### Summary Aggregate functions (`min`, `max`) applied to fields with the `conc	HIGH	8.1	0.0%	FIX	2026-04-04
40	CVE-2025-58913 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	8.1	0.1%		2026-04-10
40	CVE-2026-25773 UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize categor	HIGH	8.1	0.0%		2026-04-03
40	CVE-2026-20155 A vulnerability in the web-based management interface of Cisco Evolved Programma	HIGH	8.0	0.1%		2026-04-01
40	CVE-2025-24818 Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to	HIGH	8.0	0.1%		2026-04-07
40	CVE-2025-24817 Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to	HIGH	8.0	0.1%		2026-04-07
40	CVE-2026-20432 In Modem, there is a possible out of bounds write due to a missing bounds check.	HIGH	8.0	0.1%		2026-04-07
40	CVE-2026-35575 ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored C	HIGH	8.0	0.0%		2026-04-07
40	CVE-2026-34444 Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier,	HIGH	7.9	0.1%		2026-04-06
40	CVE-2026-40149 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/ap	HIGH	7.9	0.0%	FIX	2026-04-09
39	CVE-2026-0634 Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows	HIGH	7.8	0.3%		2026-04-02
39	CVE-2026-29144 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass	HIGH	7.8	0.1%		2026-04-02
39	CVE-2026-29143 SEPPmail Secure Email Gateway before version 15.0.3 does not properly authentica	HIGH	7.8	0.1%		2026-04-02
39	CVE-2026-35043 Commit ce53491 (March 24) fixed command injection via `system_packages` in Docke	HIGH	7.8	0.1%	FIX	2026-04-03
39	CVE-2026-4154 GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This	HIGH	7.8	0.1%	FIX	2026-04-11

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 5 / 10 Next