Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
44	CVE-2026-5777 This vulnerability exists in the Atom 3x Projector due to improper exposure of t	HIGH	8.7	0.0%		2026-04-10
44	CVE-2026-35389 Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior	HIGH	8.7	0.0%		2026-04-06
44	CVE-2026-35391 Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior	HIGH	8.7	0.0%		2026-04-06
44	CVE-2026-26928 SzafirHost downloads necessary files in the context of the initiating web page.	HIGH	8.7	0.0%		2026-04-02
44	CVE-2026-5747 An out-of-bounds write issue in the virtio PCI transport in Amazon Firecracker 1	HIGH	8.7	0.0%		2026-04-08
44	CVE-2025-43257 This issue was addressed with improved handling of symlinks. This issue is fixed	HIGH	8.7	0.0%		2026-04-02
44	CVE-2026-33778 An Improper Validation of Syntactic Correctness of Input vulnerability in the I	HIGH	8.7	0.1%		2026-04-09
44	CVE-2026-40036 dfir-unfurl through 20250810 contains an unbounded zlib decompression vulnerabil	HIGH	8.7	0.1%	FIX	2026-04-08
44	CVE-2026-35638 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the C	HIGH	8.7	0.0%	FIX	2026-04-09
44	CVE-2026-35639 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the d	HIGH	8.7	0.2%	FIX	2026-04-09
44	CVE-2026-33782 A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP d	HIGH	8.7	0.0%		2026-04-09
44	CVE-2026-35063 OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the call	HIGH	8.7	0.0%		2026-04-09
44	CVE-2026-35669 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gatew	HIGH	8.7	0.0%	FIX	2026-04-10
44	CVE-2026-34724 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	HIGH	8.7	0.0%		2026-04-08
44	CVE-2026-35169 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	HIGH	8.7	0.0%		2026-04-08
44	CVE-2026-35213 All versions of `@hapi/content` through 6.0.0 are vulnerable to Regular Expressi	HIGH	8.7	0.2%	FIX	2026-04-04
44	CVE-2026-33790 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flo	HIGH	8.7	0.0%		2026-04-09
44	CVE-2026-34940 ## CHAMP: Description ### Summary The `ollamaStartupProbeScript()` function in	HIGH	8.7	0.0%	FIX	2026-04-01
44	CVE-2026-35454 # Zip Slip Path Traversal in coder/code-marketplace ## Summary A Zip Slip (CWE	HIGH	8.7	0.1%	FIX	2026-04-04
44	CVE-2026-39911 Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript exec	HIGH	8.7	0.1%		2026-04-09
44	CVE-2026-40107 SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configu	HIGH	8.7	0.1%	FIX	2026-04-09
44	CVE-2026-35408 ## Summary Directus's Single Sign-On (SSO) login pages lacked a `Cross-Origin-O	HIGH	8.7	0.0%	FIX	2026-04-04
44	CVE-2026-35663 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing	HIGH	8.7	0.0%	FIX	2026-04-10
43	CVE-2026-3987 A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox s	HIGH	8.6	0.4%		2026-04-01
43	CVE-2026-35056 XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by aut	HIGH	8.6	0.3%		2026-04-01
43	CVE-2026-34621 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a	HIGH	8.6	0.2%	POC	2026-04-11
43	CVE-2026-34577 Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /	HIGH	8.6	0.1%		2026-04-02
43	CVE-2026-39338 ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Re	HIGH	8.6	0.1%		2026-04-07
43	CVE-2026-34430 ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vu	HIGH	8.6	0.1%		2026-04-01
43	CVE-2026-34585 SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vuln	HIGH	8.6	0.1%	FIX	2026-03-31
43	CVE-2026-32173 Improper authentication in Azure SRE Agent allows an unauthorized attacker to di	HIGH	8.6	0.1%		2026-04-03
43	CVE-2026-23898 Lack of input validation leads to an arbitrary file deletion vulnerability in th	HIGH	8.6	0.1%		2026-04-01
43	CVE-2026-32920 OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenCl	HIGH	8.6	0.1%	FIX	2026-03-31
43	CVE-2026-33276 Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows	HIGH	8.6	0.0%		2026-03-31
43	CVE-2026-34445 Open Neural Network Exchange (ONNX) is an open standard for machine learning int	HIGH	8.6	0.0%	FIX	2026-04-01
43	CVE-2026-22661 prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in	HIGH	8.6	0.0%	FIX	2026-04-03
43	CVE-2026-33229 ### Impact An improperly protected scripting API allows any user with script rig	HIGH	8.6	0.0%	FIX	2026-04-08
43	CVE-2026-34954 ### Summary `FileTools.download_file()` in `praisonaiagents` validates the dest	HIGH	8.6	0.0%	FIX	2026-04-01
43	CVE-2026-22665 prompts.chat prior to commit 1464475 contains an identity confusion vulnerabilit	HIGH	8.6	0.0%	FIX	2026-04-03
43	CVE-2026-34503 OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when dev	HIGH	8.6	0.0%	FIX	2026-03-31
43	CVE-2026-5501 wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificat	HIGH	8.6	0.0%		2026-04-10
43	CVE-2026-30284 An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 al	HIGH	8.6	0.0%		2026-03-31
43	CVE-2026-34605 SiYuan is a personal knowledge management system. From version 3.6.0 to before v	HIGH	8.6	0.0%	FIX	2026-03-31
43	CVE-2026-23899 An improper access check allows unauthorized access to webservice endpoints.	HIGH	8.6	0.0%		2026-04-01
43	CVE-2026-34588 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.6	0.0%	FIX	2026-04-06
43	CVE-2026-2123 A security audit identified a privilege escalation vulnerability in Operations A	HIGH	8.6	0.0%		2026-03-31
43	CVE-2026-33577 OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerabilit	HIGH	8.6	0.0%	FIX	2026-03-31
43	CVE-2026-33752 ### Summary curl_cffi does not restrict requests to internal IP ranges, and foll	HIGH	8.6	0.0%	FIX	2026-04-03
43	CVE-2026-35643 OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vu	HIGH	8.6	0.0%	FIX	2026-04-10
43	CVE-2026-39983 ## Summary `basic-ftp` version `5.2.0` allows FTP command injection via CRLF se	HIGH	8.6	1.2%	FIX	2026-04-08
43	CVE-2026-40158 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based	HIGH	8.6	0.0%	FIX	2026-04-10
43	CVE-2026-35399 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS	HIGH	8.5	0.1%		2026-04-06
43	CVE-2026-34747 Payload is a free and open source headless content management system. Prior to v	HIGH	8.5	0.0%	FIX	2026-04-01
43	CVE-2026-34932 hoppscotch is an open source API development ecosystem. Prior to version 2026.3.	HIGH	8.5	0.0%		2026-04-02
43	CVE-2026-2737 A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6,	HIGH	8.5	0.0%		2026-04-02
43	CVE-2026-20915 Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2	HIGH	8.5	0.0%		2026-03-31
43	CVE-2026-34825 ## Summary NocoBase <= 2.0.8 `plugin-workflow-sql` substitutes template variabl	HIGH	8.5	0.0%	FIX	2026-04-01
43	CVE-2026-34931 hoppscotch is an open source API development ecosystem. Prior to version 2026.3.	HIGH	8.5	0.0%		2026-04-02
43	CVE-2026-39495 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	8.5	0.0%		2026-04-08
43	CVE-2026-4416 The Performance Library component of Gigabyte Control Center has an Insecure Des	HIGH	8.5	0.0%		2026-03-30
43	CVE-2026-32864 There is a memory corruption vulnerability due to an out-of-bounds read in mgcor	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32861 There is a memory corruption vulnerability due to an out-of-bounds write when lo	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32863 There is a memory corruption vulnerability due to an out-of-bounds read in sentr	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32860 There is a memory corruption vulnerability due to an out-of-bounds write when lo	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-32862 There is a memory corruption vulnerability due to an out-of-bounds write in ResF	HIGH	8.5	0.0%		2026-04-07
43	CVE-2026-1342 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	HIGH	8.5	0.0%		2026-04-08
42	CVE-2026-40029 parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2026-30815 An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX	HIGH	8.5	0.3%	FIX	2026-04-08
42	CVE-2026-34975 Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0,	HIGH	8.5	0.0%		2026-04-06
42	CVE-2026-5483 A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in	HIGH	8.5	0.1%		2026-04-10
42	CVE-2026-33788 A Missing Authentication for Critical Function vulnerability in the Flexible PIC	HIGH	8.5	0.0%		2026-04-09
42	CVE-2026-39416 AIL framework is an open-source platform to collect, crawl, process and analyse	HIGH	8.5	0.1%		2026-04-08
42	CVE-2026-40031 MemProcFS before 5.17 contains multiple unsafe library-loading patterns that ena	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2026-40032 UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injectio	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2026-39974 ## Impact An authenticated Server-Side Request Forgery in `n8n-mcp` allows a cal	HIGH	8.5	0.0%	FIX	2026-04-08
42	CVE-2026-3466 Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL	HIGH	8.5	0.0%		2026-04-07
42	CVE-2026-33793 An Execution with Unnecessary Privileges vulnerability in the User Interface (UI	HIGH	8.5	0.0%		2026-04-09
42	CVE-2026-34885 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	HIGH	8.5	0.0%	POC	2026-04-06
42	CVE-2026-30818 An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX	HIGH	8.5	0.4%	FIX	2026-04-08
42	CVE-2026-5173 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.	HIGH	8.5	0.0%		2026-04-08
42	CVE-2026-35625 OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where si	HIGH	8.5	0.0%	FIX	2026-04-09
42	CVE-2026-39942 Directus is a real-time API and App dashboard for managing SQL database content.	HIGH	8.5	0.0%	FIX	2026-04-09
42	CVE-2026-5329 Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validatio	HIGH	8.5	0.2%		2026-04-09
42	CVE-2025-59711 An issue was discovered in Biztalk360 before 11.5. Because of mishandling of use	HIGH	8.3	0.9%		2026-04-03
42	CVE-2026-34545 OpenEXR provides the specification and reference implementation of the EXR file	HIGH	8.4	0.1%		2026-04-01
42	CVE-2026-34377 --- # CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data ## S	HIGH	8.4	0.0%	FIX	2026-03-30
42	CVE-2026-30279 An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel T	HIGH	8.4	0.0%		2026-03-31
42	CVE-2026-30277 An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Pri	HIGH	8.4	0.0%		2026-03-31
42	CVE-2025-30650 A Missing Authentication for Critical Function vulnerability in command processi	HIGH	8.4	0.0%		2026-04-08
42	CVE-2026-30290 An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6	HIGH	8.4	0.0%		2026-03-31

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 9 / 31 Next