Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
31	CVE-2026-33753 ### Summary An Authorization Bypass vulnerability in `rfc3161-client`'s signatu	MEDIUM	6.2	0.0%	FIX	2026-04-08
31	CVE-2026-5226 The Optimole - Optimize Images in Real Time plugin for WordPress is vulnerable t	MEDIUM	6.1	0.1%		2026-04-11
31	CVE-2026-4394 The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script	MEDIUM	6.1	0.1%		2026-04-08
31	CVE-2026-4146 The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Sc	MEDIUM	6.1	0.1%		2026-03-31
31	CVE-2026-33403 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	MEDIUM	6.1	0.1%		2026-04-06
31	CVE-2026-34980 OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik	MEDIUM	6.1	0.0%		2026-04-03
31	CVE-2026-35539 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exist	MEDIUM	6.1	0.0%	FIX	2026-04-03
31	CVE-2026-4305 The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable t	MEDIUM	6.1	0.0%		2026-04-10
31	CVE-2026-1877 The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request	MEDIUM	6.1	0.0%		2026-03-31
31	CVE-2026-39335 ChurchCRM is an open-source church management system. Prior to 7.1.1, there is S	MEDIUM	6.1	0.0%		2026-04-07
31	CVE-2026-34729 ### Summary The sanitization pipeline for FAQ content is: 1. `Filter::filterVar(	MEDIUM	6.1	0.0%	FIX	2026-04-01
31	CVE-2026-39336 ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored c	MEDIUM	6.1	0.0%		2026-04-07
31	CVE-2026-35466 XSS vulnerability in cveInterface.js allows for inject HTML to be passed to disp	MEDIUM	6.1	0.0%		2026-04-02
31	CVE-2026-34396 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV	MEDIUM	6.1	0.0%		2026-03-31
31	CVE-2026-34229 Emlog is an open source website building system. Prior to version 2.6.8, there i	MEDIUM	6.1	0.0%		2026-04-03
31	CVE-2026-34405 Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6	MEDIUM	6.1	0.0%	FIX	2026-03-31
31	CVE-2026-34231 ## Summary A Cross-site Scripting (XSS) vulnerability exists in the `{% attrs %	MEDIUM	6.1	0.0%	FIX	2026-03-30
31	CVE-2026-34206 Captcha Protect is a Traefik middleware to add an anti-bot challenge to individu	MEDIUM	6.1	0.0%		2026-03-31
31	CVE-2026-34739 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Us	MEDIUM	6.1	0.0%	FIX	2026-03-31
31	CVE-2025-61166 An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect	MEDIUM	6.1	0.0%		2026-04-06
31	CVE-2026-34237 ### Summary *Hardcoded Wildcard CORS (Access-Control-Allow-Origin: )** - ht	MEDIUM	6.1	0.0%	FIX	2026-03-30
31	CVE-2025-70844 yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject	MEDIUM	6.1	0.0%		2026-04-07
31	CVE-2026-20085 A vulnerability in the web-based management interface of Cisco IMC could allow a	MEDIUM	6.1	0.0%		2026-04-01
31	CVE-2026-20041 A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights coul	MEDIUM	6.1	0.0%		2026-04-01
31	CVE-2026-30251 A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php end	MEDIUM	6.1	0.0%		2026-04-02
31	CVE-2025-63238 A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15	MEDIUM	6.1	0.0%		2026-04-09
31	CVE-2026-30252 Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php e	MEDIUM	6.1	0.0%		2026-04-02
31	CVE-2026-34083 Signal K Server is a server application that runs on a central hub in a boat. Pr	MEDIUM	6.1	0.0%	FIX	2026-04-02
31	CVE-2026-35491 FTLDNS (pihole-FTL) provides an interactive API and also generates statistics fo	MEDIUM	6.1	0.0%		2026-04-07
31	CVE-2026-26058 Zulip is an open-source team collaboration tool. From version 1.4.0 to before ve	MEDIUM	6.1	0.0%		2026-04-03
31	CVE-2026-25854 Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in	MEDIUM	6.1	0.0%	FIX	2026-04-09
30	CVE-2026-35186 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	MEDIUM	6.1	0.0%	FIX	2026-04-09
30	CVE-2026-39315 Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() i	MEDIUM	6.1	0.0%	FIX	2026-04-09
30	CVE-2026-35195 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0	MEDIUM	6.1	0.0%	FIX	2026-04-09
30	CVE-2026-35410 ### Summary An open redirect vulnerability exists in the login redirection logi	MEDIUM	6.1	0.0%	FIX	2026-04-04
30	CVE-2025-45806 A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha	MEDIUM	6.1	0.0%		2026-04-09
30	CVE-2026-35645 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the g	MEDIUM	6.1	0.0%	FIX	2026-04-09
30	CVE-2026-34852 Stack overflow vulnerability in the media platform. Impact: Successful exploitat	MEDIUM	6.1	-		2026-04-13
30	CVE-2025-70797 Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remot	MEDIUM	6.1	0.1%		2026-04-09
30	CVE-2026-35199 SymCrypt is the core cryptographic function library currently used by Windows. F	MEDIUM	6.1	0.0%		2026-04-06
30	CVE-2026-33952 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	MEDIUM	6.0	0.1%	FIX	2026-03-30
30	CVE-2026-34765 ### Impact When a renderer calls `window.open()` with a target name, Electron di	MEDIUM	6.0	0.1%	FIX	2026-04-07
30	CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects us	MEDIUM	6.0	0.0%		2026-04-07
30	CVE-2026-5170 A user with access to the cluster with a limited set of privilege actions can tr	MEDIUM	6.0	0.0%	FIX	2026-03-30
30	CVE-2026-34511 OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter i	MEDIUM	6.0	0.0%	FIX	2026-04-03
30	CVE-2026-39670 Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview v	MEDIUM	6.0	0.0%		2026-04-08
30	CVE-2026-5525 A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in	MEDIUM	6.0	0.0%		2026-04-10
30	CVE-2026-35670 OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that a	MEDIUM	6.0	0.1%	FIX	2026-04-10
30	CVE-2026-3446 When calling base64.b64decode() or related functions the decoding process would	MEDIUM	6.0	0.1%	FIX	2026-04-10
30	CVE-2026-5774 Improper synchronization of the userTokens map in the API server in Canonical Ju	MEDIUM	6.0	0.0%	FIX	2026-04-10
30	CVE-2026-5446 In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identic	MEDIUM	6.0	0.0%		2026-04-09
30	CVE-2026-35658 OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in	MEDIUM	6.0	0.0%	FIX	2026-04-10
30	CVE-2026-35622 OpenClaw before 2026.3.22 contains an improper authentication verification vulne	MEDIUM	6.0	0.0%	FIX	2026-04-09
30	CVE-2026-34760 vLLM is an inference and serving engine for large language models (LLMs). From v	MEDIUM	5.9	0.1%		2026-04-02
30	CVE-2026-35407 Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-21632 Lack of output escaping for article titles leads to XSS vectors in various locat	MEDIUM	5.9	0.0%		2026-04-01
30	CVE-2026-21631 Lack of output escaping leads to a XSS vector in the multilingual associations c	MEDIUM	5.9	0.0%		2026-04-01
30	CVE-2026-34052 ## Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionar	MEDIUM	5.9	0.0%	FIX	2026-04-03
30	CVE-2026-33985 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio	MEDIUM	5.9	0.0%	FIX	2026-03-30
30	CVE-2026-34380 OpenEXR provides the specification and reference implementation of the EXR file	MEDIUM	5.9	0.0%		2026-04-06
30	CVE-2025-67805 A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated acces	MEDIUM	5.9	0.0%		2026-04-01
30	CVE-2026-34830 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a	MEDIUM	5.9	0.0%	FIX	2026-04-02
30	CVE-2026-39541 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-39615 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-34767 ### Impact Apps that register custom protocol handlers via `protocol.handle()` /	MEDIUM	5.9	0.0%	FIX	2026-04-03
30	CVE-2026-5376 An issue that could prevent session inactivity timeouts from triggering due to a	MEDIUM	5.9	0.0%		2026-04-07
30	CVE-2026-27853 An attacker might be able to trigger an out-of-bounds write by sending crafted D	MEDIUM	5.9	0.0%	FIX	2026-03-31
30	CVE-2026-5119 A flaw was found in libsoup. When establishing HTTPS tunnels through a configure	MEDIUM	5.9	0.0%	FIX	2026-03-30
30	CVE-2026-32883 Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0	MEDIUM	5.9	0.0%		2026-03-30
30	CVE-2025-13916 IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic a	MEDIUM	5.9	0.0%	FIX	2026-04-01
30	CVE-2026-39408 ## Summary A path traversal issue in `toSSG()` allows files to be written outsi	MEDIUM	5.9	0.0%	FIX	2026-04-08
30	CVE-2026-34227 Sliver is a command and control framework that uses a custom Wireguard netstack.	MEDIUM	5.9	0.0%	FIX	2026-03-31
30	CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed	MEDIUM	5.9	0.0%	FIX	2026-03-30
30	CVE-2026-34610 The leancrypto library is a cryptographic library that exclusively contains only	MEDIUM	5.9	0.0%		2026-04-02
30	CVE-2026-32884 Botan is a C++ cryptography library. Prior to version 3.11.0, during processing	MEDIUM	5.9	0.0%		2026-03-30
30	CVE-2026-34778 ### Impact A service worker running in a session could spoof reply messages on t	MEDIUM	5.9	0.0%	FIX	2026-04-03
30	CVE-2026-21713 A flaw in Node.js HMAC verification uses a non-constant-time comparison when val	MEDIUM	5.9	0.0%	FIX	2026-03-30
30	CVE-2026-5300 Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows una	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-35201 ### Summary A signed length truncation bug causes an out-of-bounds read in the	MEDIUM	5.9	0.0%	FIX	2026-04-06
30	CVE-2026-39865 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.	MEDIUM	5.9	0.0%	FIX	2026-04-08
30	CVE-2026-34942 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0	MEDIUM	5.9	0.0%	FIX	2026-04-09
30	CVE-2026-35597 ## Summary The TOTP failed-attempt lockout mechanism is non-functional due to a	MEDIUM	5.9	0.0%	FIX	2026-04-10
30	CVE-2026-39844 ### Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh	MEDIUM	5.9	0.1%	FIX	2026-04-08
30	CVE-2026-5295 A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7	MEDIUM	5.9	0.0%		2026-04-09
30	CVE-2026-25209 Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource	MEDIUM	5.9	-		2026-04-13
30	CVE-2026-34721 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-34946 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	MEDIUM	5.9	0.0%	FIX	2026-04-09
30	CVE-2026-34859 UAF vulnerability in the kernel module. Impact: Successful exploitation of this	MEDIUM	5.9	-		2026-04-13
29	CVE-2026-34761 ## Summary Ella Core panics when processing a NGAP handover failure message. #	MEDIUM	5.8	0.0%	FIX	2026-04-01
29	CVE-2026-5384 An issue that could allow a credential to be updated and used for a task from ou	MEDIUM	5.8	0.0%		2026-04-07

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 8 / 14 Next