Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
39	CVE-2026-35043 Commit ce53491 (March 24) fixed command injection via `system_packages` in Docke	HIGH	7.8	0.1%	FIX	2026-04-03
39	CVE-2026-4150 GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-4154 GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-4151 GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-34054 vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3,	HIGH	7.8	0.1%		2026-03-31
39	CVE-2026-4153 GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi	HIGH	7.8	0.1%	FIX	2026-04-11
39	CVE-2026-4152 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi	HIGH	7.8	0.1%		2026-04-11
39	CVE-2026-24165 NVIDIA BioNeMo contains a vulnerability where a user could cause a deserializati	HIGH	7.8	0.1%		2026-03-31
39	CVE-2026-30309 InfCode's terminal auto-execution module contains a critical command filtering v	HIGH	7.8	0.0%		2026-03-31
39	CVE-2026-5493 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-5495 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-5494 Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Cod	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-5496 Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Exe	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-29139 SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by a	HIGH	7.8	0.0%		2026-04-02
39	CVE-2026-34937 ### Summary `run_python()` in `praisonai` constructs a shell command string by	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-3779 The application's list box calculate array logic keeps stale references to page	HIGH	7.8	0.0%		2026-04-01
39	CVE-2026-23406 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-33641 ## Summary Glances supports dynamic configuration values in which substrings enc	HIGH	7.8	0.0%		2026-03-30
39	CVE-2026-23411 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-23410 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-23408 In the Linux kernel, the following vulnerability has been resolved: apparmor: F	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-23407 In the Linux kernel, the following vulnerability has been resolved: apparmor: f	HIGH	7.8	0.0%	FIX	2026-04-01
39	CVE-2026-3308 An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.	HIGH	7.8	0.0%		2026-03-31
39	CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-21378 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21380 Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memor	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21373 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21382 Memory Corruption when handling power management requests with improperly sized	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21375 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-5055 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerabil	HIGH	7.8	0.0%		2026-04-11
39	CVE-2026-3775 The application's update service, when checking for updates, loads certain syste	HIGH	7.8	0.0%		2026-04-01
39	CVE-2026-3991 Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.	HIGH	7.8	0.0%		2026-03-30
39	CVE-2025-14821 A flaw was found in libssh. This vulnerability allows local man-in-the-middle at	HIGH	7.8	0.0%		2026-04-07
39	CVE-2026-25203 Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalat	HIGH	7.8	0.0%		2026-04-10
39	CVE-2026-21371 Memory Corruption when retrieving output buffer with insufficient size validatio	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21374 Memory Corruption when processing auxiliary sensor input/output control commands	HIGH	7.8	0.0%		2026-04-06
39	CVE-2025-47391 Memory corruption while processing a frame request from user.	HIGH	7.8	0.0%		2026-04-06
39	CVE-2025-47390 Memory corruption while preprocessing IOCTL request in JPEG driver.	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21372 Memory Corruption when sending IOCTL requests with invalid buffer sizes during m	HIGH	7.8	0.0%		2026-04-06
39	CVE-2025-47389 Memory corruption when buffer copy operation fails due to integer overflow durin	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-21376 Memory Corruption when accessing an output buffer without validating its size du	HIGH	7.8	0.0%		2026-04-06
39	CVE-2026-5726 ASDA-Soft Stack-based Buffer Overflow Vulnerability	HIGH	7.8	0.0%		2026-04-08
39	CVE-2026-33092 Local privilege escalation due to improper handling of environment variables. Th	HIGH	7.8	0.0%		2026-04-10
39	CVE-2026-30232 Chartbrew is an open-source web application that can connect directly to databas	HIGH	7.8	0.0%		2026-04-10
39	CVE-2026-28261 Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, ver	HIGH	7.8	0.0%		2026-04-08
39	CVE-2026-40156 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatical	HIGH	7.8	0.0%	FIX	2026-04-10
39	CVE-2026-34734 HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-fr	HIGH	7.8	0.0%		2026-04-09
39	CVE-2026-39853 osslsigncode is a tool that implements Authenticode signing and timestamping. Pr	HIGH	7.8	0.0%		2026-04-09
39	CVE-2026-27806 ## Summary The Orbit agent's FileVault disk encryption key rotation flow on col	HIGH	7.8	0.0%	FIX	2026-04-08
39	CVE-2026-29141 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass	HIGH	7.7	0.1%		2026-04-02
39	CVE-2026-34200 Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41	HIGH	7.7	0.1%		2026-03-31
39	CVE-2026-5709 Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio	HIGH	7.7	0.1%	FIX	2026-04-06
39	CVE-2026-33544 ### Summary All three OAuth service implementations (`GenericOAuthService`, `Gi	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-35187 ## Vulnerability Details CWE-918: Server-Side Request Forgery (SSRF) The `	HIGH	7.7	0.0%		2026-04-04
39	CVE-2026-34746 Payload is a free and open source headless content management system. Prior to v	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-34936 ### Summary `passthrough()` and `apassthrough()` in `praisonai` accept a caller	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-39361 OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the	HIGH	7.7	0.0%		2026-04-07
39	CVE-2026-34163 FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's M	HIGH	7.7	0.0%		2026-03-31
39	CVE-2026-29140 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause	HIGH	7.7	0.0%		2026-04-02
39	CVE-2026-34769 ### Impact An undocumented `commandLineSwitches` webPreference allowed arbitrary	HIGH	7.7	0.0%	FIX	2026-04-03
39	CVE-2026-5190 Out-of-bounds write in the streaming decoder component in aws-c-event-stream bef	HIGH	7.7	0.0%	FIX	2026-03-31
39	CVE-2026-35533 ### Summary `mise` loads trust-control settings from a local project `.mise.tom	HIGH	7.7	0.0%		2026-04-07
39	CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Ra	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-34222 Open WebUI is a self-hosted artificial intelligence platform designed to operate	HIGH	7.7	0.0%	FIX	2026-04-01
38	CVE-2026-35666 OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.r	HIGH	7.7	0.0%	FIX	2026-04-10
38	CVE-2026-40150 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl()	HIGH	7.7	0.0%	FIX	2026-04-09
38	CVE-2026-33461 Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure v	HIGH	7.7	0.1%		2026-04-08
38	CVE-2026-4498 Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug r	HIGH	7.7	0.0%		2026-04-08
38	CVE-2026-39843 Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0,	HIGH	7.7	0.0%		2026-04-09
38	CVE-2026-40180 Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients	HIGH	7.7	0.0%	FIX	2026-04-10
38	CVE-2026-35409 ### Summary A Server-Side Request Forgery (SSRF) protection bypass has been iden	HIGH	7.7	0.0%	FIX	2026-04-04
38	CVE-2026-31941 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch	HIGH	7.7	0.0%		2026-04-10
38	CVE-2026-35650 OpenClaw before 2026.3.22 contains an environment variable override handling vul	HIGH	7.7	0.1%	FIX	2026-04-10
38	CVE-2026-40188 goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, th	HIGH	7.7	0.0%		2026-04-10
38	CVE-2026-35446 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	HIGH	7.7	0.0%		2026-04-08
38	CVE-2026-32252 Chartbrew is an open-source web application that can connect directly to databas	HIGH	7.7	0.0%		2026-04-10
38	CVE-2026-35585 File Browser is a file managing interface for uploading, deleting, previewing, r	HIGH	7.5	0.8%		2026-04-07
38	CVE-2025-13855 IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable t	HIGH	7.6	0.1%	FIX	2026-04-01
38	CVE-2026-29870 A directory traversal vulnerability in the agentic-context-engine project versio	HIGH	7.6	0.1%		2026-03-31
38	CVE-2026-34742 The Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection	HIGH	7.6	0.1%	FIX	2026-04-01
38	CVE-2026-39369 WWBN AVideo is an open source video platform. In versions 26.0 and prior, object	HIGH	7.6	0.0%		2026-04-07
38	CVE-2026-21367 Transient DOS when processing nonstandard FILS Discovery Frames with out-of-rang	HIGH	7.6	0.0%		2026-04-06
38	CVE-2026-21381 Transient DOS when receiving a service data frame with excessive length during d	HIGH	7.6	0.0%		2026-04-06
38	CVE-2026-39384 FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor	HIGH	7.6	0.0%		2026-04-07
38	CVE-2026-34529 ### Summary The EPUB preview function in File Browser is vulnerable to Stored C	HIGH	7.6	0.0%	FIX	2026-03-31
38	CVE-2026-35534 ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored c	HIGH	7.6	0.0%		2026-04-07
38	CVE-2026-24154 NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker	HIGH	7.6	0.0%		2026-03-31
38	CVE-2026-34367 InvoiceShelf is an open-source web & mobile app that helps track expenses, payme	HIGH	7.6	0.0%		2026-03-31
38	CVE-2026-34365 InvoiceShelf is an open-source web & mobile app that helps track expenses, payme	HIGH	7.6	0.0%		2026-03-31
38	CVE-2026-34366 InvoiceShelf is an open-source web & mobile app that helps track expenses, payme	HIGH	7.6	0.0%		2026-03-31

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 6 / 10 Next