Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
38	CVE-2026-2328 An unauthenticated remote attacker can exploit insufficient input validation to	HIGH	7.5	0.0%		2026-03-30
38	CVE-2026-34824 ### Summary An uncontrolled resource consumption vulnerability exists in the Web	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2025-50662 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34896 Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction,	HIGH	7.5	0.0%		2026-04-07
38	CVE-2025-50649 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50669 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50668 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50667 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50652 An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id par	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-59440 An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor,	HIGH	7.5	0.0%		2026-04-06
38	CVE-2025-50653 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50650 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50648 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inade	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-39304 Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apa	HIGH	7.5	0.0%	FIX	2026-04-10
38	CVE-2025-50647 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specificall	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50644 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50672 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50657 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50655 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50660 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50663 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34487 Insertion of Sensitive Information into Log File vulnerability in the cloud memb	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-62188 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exis	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50673 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-56015 In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI AP	HIGH	7.5	0.0%		2026-04-07
38	CVE-2025-50654 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-54324 An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor,	HIGH	7.5	0.0%		2026-04-06
38	CVE-2026-34904 Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media	HIGH	7.5	0.0%		2026-04-07
38	CVE-2025-57835 An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor,	HIGH	7.5	0.0%		2026-04-06
38	CVE-2026-30080 OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity pro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-24880 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50659 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-29129 Configured cipher preference order not preserved vulnerability in Apache Tomcat.	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50646 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insuf	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-52221 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm f	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34483 Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-29146 Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-52222 D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50645 A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl gene	HIGH	7.5	0.0%		2026-03-31
38	CVE-2025-45059 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the f	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vuln	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-40046 Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-45057 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the i	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-45058 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the f	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-28815 A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an	HIGH	7.5	0.0%		2026-04-03
38	CVE-2026-34020 Use of GET Request Method With Sensitive Query Strings vulnerability in Apache O	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-21710 A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a re	HIGH	7.5	0.0%	FIX	2026-03-30
38	CVE-2026-35042 ## Summary `fast-jwt` does not validate the `crit` (Critical) Header Parameter	HIGH	7.5	0.0%		2026-04-03
38	CVE-2026-28505 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. P	HIGH	7.5	0.0%		2026-03-30
38	CVE-2026-31790 Issue summary: Applications using RSASVE key encapsulation to establish a secret	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-34240 JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to vers	HIGH	7.5	0.0%		2026-03-31
38	CVE-2026-28388 Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is	HIGH	7.5	0.0%	FIX	2026-04-07
38	CVE-2026-30332 A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena E	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-35467 The stored API keys in temporary browser client is not marked as protected allow	HIGH	7.5	0.0%		2026-04-02
38	CVE-2026-33266 Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The r	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50665 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-34486 Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the f	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2025-50670 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50671 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50666 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50664 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-50661 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to impro	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-32280 During chain building, the amount of work that is done is not correctly limited	HIGH	7.5	0.0%	FIX	2026-04-08
38	CVE-2026-33756 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-4660 HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-39889 The A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activ	HIGH	7.5	0.0%	FIX	2026-04-08
38	CVE-2026-34392 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-6067 A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due	HIGH	7.5	0.1%		2026-04-10
38	CVE-2026-40116 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream Web	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-35401 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.5	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-35209 ### Impact Applications that pass unsanitized user input (e.g. parsed JSON requ	HIGH	7.5	0.0%	FIX	2026-04-04
38	CVE-2026-35203 ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in	HIGH	7.5	0.0%		2026-04-06
38	CVE-2025-5804 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.5	0.1%		2026-04-10
38	CVE-2026-34986 ### Impact Decrypting a JSON Web Encryption (JWE) object will panic if the `alg	HIGH	7.5	0.0%	FIX	2026-04-03
38	CVE-2026-30762 Summary: The file lightrag/api/config.py (line 397) uses a default JWT secret "l	HIGH	7.5	-	FIX	2026-04-04
38	CVE-2026-6069 NASM’s disasm() function contains a stack based buffer overflow when formatting	HIGH	7.5	0.0%		2026-04-10
38	CVE-2026-33350 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	HIGH	7.5	0.0%		2026-04-08
38	CVE-2025-12664 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-5959 A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL	HIGH	7.5	0.1%	FIX	2026-04-09
38	CVE-2026-1584 A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this	HIGH	7.5	0.1%		2026-04-09
38	CVE-2026-40069 BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2,	HIGH	7.5	0.0%	FIX	2026-04-09
38	CVE-2026-33710 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, RE	HIGH	7.5	0.0%		2026-04-10
38	CVE-2026-35172 ## summary: distribution can restore read access in `repo a` after an explicit d	HIGH	7.5	0.0%	FIX	2026-04-06
38	CVE-2026-32931 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an	HIGH	7.5	0.2%		2026-04-10
38	CVE-2026-31940 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in	HIGH	7.5	0.0%		2026-04-10
38	CVE-2026-1092 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10	HIGH	7.5	0.0%		2026-04-08
38	CVE-2026-39863 Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.	HIGH	7.5	0.1%		2026-04-08
38	CVE-2026-23869 A denial of service vulnerability exists in React Server Components, affecting t	HIGH	7.5	0.3%	FIX	2026-04-08
37	CVE-2026-0522 A local file inclusion vulnerability in the upload/download flow of the VertiGIS	HIGH	7.4	0.4%		2026-04-01

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 8 / 10 Next