Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
33	CVE-2026-34516 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	MEDIUM	6.6	0.0%	FIX	2026-04-01
33	CVE-2026-35479 InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.	MEDIUM	6.6	0.0%		2026-04-08
33	CVE-2026-4837 An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic fo	MEDIUM	6.6	0.2%		2026-04-08
33	CVE-2026-35197 dye is a portable and respectful color library for shell scripts. Prior to 1.1.1	MEDIUM	6.6	0.0%		2026-04-06
33	CVE-2026-27102 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 t	MEDIUM	6.6	0.0%		2026-04-08
33	CVE-2026-3689 OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulner	MEDIUM	6.5	0.3%		2026-04-11
33	CVE-2026-34401 XML Notepad is a Windows program that provides a simple intuitive User Interface	MEDIUM	6.5	0.2%		2026-03-31
33	CVE-2026-3309 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User	MEDIUM	6.5	0.1%		2026-04-04
33	CVE-2026-20095 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	6.5	0.1%		2026-04-01
33	CVE-2026-20096 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	6.5	0.1%		2026-04-01
33	CVE-2026-2265 An unauthenticated remote code execution (RCE) vulnerability exists in applicati	MEDIUM	6.5	0.1%		2026-04-01
33	CVE-2026-20431 In Modem, there is a possible system crash due to a logic error. This could lead	MEDIUM	6.5	0.1%		2026-04-07
33	CVE-2026-20097 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	6.5	0.1%		2026-04-01
33	CVE-2026-34733 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	MEDIUM	6.5	0.1%	FIX	2026-03-31
33	CVE-2026-34978 OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik	MEDIUM	6.5	0.1%		2026-04-03
33	CVE-2026-34750 Payload is a free and open source headless content management system. Prior to v	MEDIUM	6.5	0.1%	FIX	2026-04-01
33	CVE-2026-35549 An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x	MEDIUM	6.5	0.0%		2026-04-03
33	CVE-2026-34787 Emlog is an open source website building system. In versions 2.6.2 and prior, a	MEDIUM	6.5	0.0%		2026-04-03
33	CVE-2026-34832 Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.6	MEDIUM	6.5	0.0%		2026-04-02
33	CVE-2026-33983 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	MEDIUM	6.5	0.0%	FIX	2026-03-30
33	CVE-2026-2950 Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype polluti	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-1710 The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnera	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-34939 ### Summary `MCPToolIndex.search_tools()` compiles a caller-supplied string dir	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-34531 ## Summary In a situation where the client makes a request to a token protected	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-34500 CLIENT_CERT authentication does not fail as expected for some scenarios when sof	MEDIUM	6.5	0.0%	FIX	2026-04-09
33	CVE-2026-5876 Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-5283 Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 a	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-34378 OpenEXR provides the specification and reference implementation of the EXR file	MEDIUM	6.5	0.0%		2026-04-06
33	CVE-2026-39848 Dockyard is a Docker container management app. Prior to 1.1.0, Docker container	MEDIUM	6.5	0.0%		2026-04-09
33	CVE-2026-34889 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-34890 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-02
33	CVE-2026-34887 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-3480 The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in a	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-5291 Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 a	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-5276 Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.1	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-4927 Exposure of sensitive information in the users MFA feature in Devolutions Server	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-5869 Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-5867 Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-5864 Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-39508 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39674 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39517 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39646 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39696 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39692 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39702 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39708 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39575 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39666 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39368 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Li	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-34395 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the pl	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-5207 The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order	MEDIUM	6.5	0.0%		2026-04-11
33	CVE-2026-5905 Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-34586 PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user	MEDIUM	6.5	0.0%		2026-03-31
33	CVE-2026-39354 Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-1865 The User Registration & Membership - Free & Paid Memberships, Subscriptions, Con	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-34737 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the St	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-39374 Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBul	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-34779 ### Impact On macOS, `app.moveToApplicationsFolder()` used an AppleScript fallba	MEDIUM	6.5	0.0%	FIX	2026-04-03
33	CVE-2026-34788 Emlog is an open source website building system. In versions 2.6.2 and prior, a	MEDIUM	6.5	0.0%		2026-04-03
33	CVE-2026-34740 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EP	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-20042 A vulnerability in the configuration backup feature of Cisco Nexus Dashboard cou	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-5919 Insufficient validation of untrusted input in WebSockets in Google Chrome prior	MEDIUM	6.5	0.0%	FIX	2026-04-08
33	CVE-2026-1839 A vulnerability in the HuggingFace Transformers library, specifically in the `Tr	MEDIUM	6.5	0.0%	FIX	2026-04-07
33	CVE-2026-32588 Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticate	MEDIUM	6.5	0.0%	FIX	2026-04-07
33	CVE-2026-39639 Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-i	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39569 Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-st	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-3571 The Pie Register - User Registration, Profiles & Content Restriction plugin for	MEDIUM	6.5	0.0%		2026-04-04
33	CVE-2026-34538 Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom re	MEDIUM	6.5	0.0%	FIX	2026-04-09
33	CVE-2026-34611 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-39366 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Pa	MEDIUM	6.5	0.0%		2026-04-07
33	CVE-2026-34613 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	MEDIUM	6.5	0.0%	FIX	2026-03-31
33	CVE-2026-35492 ### Impact PartitionedDataset in kedro-datasets was vulnerable to path traversa	MEDIUM	6.5	0.0%	FIX	2026-04-06
33	CVE-2025-47374 Memory Corruption when accessing freed memory due to concurrent fence deregistra	MEDIUM	6.5	0.0%		2026-04-06
33	CVE-2026-25627 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to v	MEDIUM	6.5	0.0%		2026-03-30
33	CVE-2025-36375 IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway	MEDIUM	6.5	0.0%	FIX	2026-04-01
33	CVE-2026-1672 The BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Plug	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-4668 The Booking for Appointments and Events Calendar - Amelia plugin for WordPress i	MEDIUM	6.5	0.0%		2026-04-01
33	CVE-2026-39633 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental g	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-39641 Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyr	MEDIUM	6.5	0.0%		2026-04-08
33	CVE-2026-24029 When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is ena	MEDIUM	6.5	0.0%	FIX	2026-03-31
32	CVE-2026-34755 ## Summary The `VideoMediaIO.load_base64()` method at `vllm/multimodal/media/vi	MEDIUM	6.5	0.0%	FIX	2026-04-03
32	CVE-2026-33459 Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of serv	MEDIUM	6.5	0.0%		2026-04-08
32	CVE-2026-27460 Tandoor Recipes is an application for managing recipes, planning meals, and buil	MEDIUM	6.5	0.0%		2026-04-10
32	CVE-2026-35594 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,	MEDIUM	6.5	0.0%	FIX	2026-04-10
32	CVE-2026-2377 A flaw was found in mirror-registry. Authenticated users can exploit the log exp	MEDIUM	6.5	0.0%		2026-04-08
32	CVE-2026-35599 ## Summary The `addRepeatIntervalToTime` function uses an O(n) loop that advanc	MEDIUM	6.5	0.0%	FIX	2026-04-10
32	CVE-2026-6068 NASM contains a heap use after free vulnerability in response file (-@) processi	MEDIUM	6.5	0.0%		2026-04-10
32	CVE-2026-39943 Directus is a real-time API and App dashboard for managing SQL database content.	MEDIUM	6.5	0.0%	FIX	2026-04-09

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 5 / 14 Next