Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
37	CVE-2026-32275 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. F	HIGH	7.4	0.0%		2026-03-30
37	CVE-2026-5992 A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function	HIGH	7.4	0.0%		2026-04-10
37	CVE-2026-5990 A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerabi	HIGH	7.4	0.0%		2026-04-10
37	CVE-2026-5991 A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the f	HIGH	7.4	0.0%		2026-04-10
37	CVE-2026-5629 A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is	HIGH	7.4	0.0%		2026-04-06
37	CVE-2026-4282 A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value st	HIGH	7.4	0.0%	FIX	2026-04-02
37	CVE-2026-33643 SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the	HIGH	7.4	0.0%		2026-03-30
37	CVE-2026-29953 SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the	HIGH	7.4	0.0%		2026-03-30
37	CVE-2026-34359 ## Summary `ManagedWebAccessUtils.getServer()` uses `String.startsWith()` to ma	HIGH	7.4	0.0%	FIX	2026-03-30
37	CVE-2026-35099 Lakeside SysTrack Agent 11 before 11.2.1.28 has a race condition with resultant	HIGH	7.4	0.0%		2026-04-01
37	CVE-2026-35535 In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgr	HIGH	7.4	0.0%		2026-04-03
37	CVE-2026-5988 A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function fo	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-34727 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0,	HIGH	7.4	0.0%	FIX	2026-04-10
37	CVE-2026-5984 A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the funct	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-40153 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_com	HIGH	7.4	0.0%	FIX	2026-04-09
37	CVE-2026-5795 In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication chec	HIGH	7.4	0.0%	FIX	2026-04-08
37	CVE-2026-5980 A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-5983 A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects th	HIGH	7.4	0.0%		2026-04-09
37	CVE-2026-6137 A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected elem	HIGH	7.4	-		2026-04-13
37	CVE-2026-25207 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo	HIGH	7.4	-		2026-04-13
37	CVE-2026-25205 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows	HIGH	7.4	-		2026-04-13
37	CVE-2026-5686 A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerabili	HIGH	7.4	0.0%		2026-04-06
37	CVE-2026-5687 A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects th	HIGH	7.4	0.0%		2026-04-06
37	CVE-2026-35489 Tandoor Recipes is an application for managing recipes, planning meals, and buil	HIGH	7.3	0.1%		2026-04-07
37	CVE-2026-24156 NVIDIA DALI contains a vulnerability where an attacker could cause a deserializa	HIGH	7.3	0.1%		2026-04-07
37	CVE-2026-3877 A reflected cross-site scripting (XSS) vulnerability in the dashboard search fun	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-1345 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	HIGH	7.3	0.0%	FIX	2026-04-01
37	CVE-2026-39306 ### Summary PraisonAI's recipe registry pull flow extracts attacker-controlled	HIGH	7.3	0.0%	FIX	2026-04-06
37	CVE-2026-5599 A user with API access and "manage users" permission in any venueless world is	HIGH	7.3	0.0%		2026-04-05
37	CVE-2026-32971 OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-h	HIGH	7.3	0.0%	FIX	2026-03-31
37	CVE-2026-20151 A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SS	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-35558 Improper neutralization of special elements in the authentication components in	HIGH	7.3	0.0%	FIX	2026-04-03
37	CVE-2026-3872 A flaw was found in Keycloak. This issue allows an attacker, who controls anothe	HIGH	7.3	0.0%	FIX	2026-04-02
37	CVE-2026-35574 ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored C	HIGH	7.3	0.0%		2026-04-07
37	CVE-2026-28754 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-3879 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-4107 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-28703 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-4108 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-30273 pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-5485 OS command injection in the browser-based authentication component in Amazon Ath	HIGH	7.3	0.0%	FIX	2026-04-03
37	CVE-2026-28756 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-3880 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
37	CVE-2026-35455 immich is a high performance self-hosted photo and video management solution. Pr	HIGH	7.3	0.0%		2026-04-08
37	CVE-2026-4158 KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege	HIGH	7.3	0.0%		2026-04-11
37	CVE-2026-22768 Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment fo	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-22767 Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Follo	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-3780 The application's installer runs with elevated privileges but resolves system ex	HIGH	7.3	0.0%		2026-04-01
37	CVE-2026-39883 ## Summary The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin	HIGH	7.3	0.0%	FIX	2026-04-08
36	CVE-2026-34856 UAF vulnerability in the communication module. Impact: Successful exploitation o	HIGH	7.3	-		2026-04-13
36	CVE-2026-27655 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable	HIGH	7.3	0.0%		2026-04-03
36	CVE-2026-30814 A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.	HIGH	7.3	0.0%	FIX	2026-04-08
36	CVE-2026-34607 Emlog is an open source website building system. In versions 2.6.2 and prior, a	HIGH	7.2	0.3%		2026-04-03
36	CVE-2026-4808 The Gerador de Certificados - DevApps plugin for WordPress is vulnerable to arbi	HIGH	7.2	0.2%		2026-04-08
36	CVE-2026-30940 baserCMS is a website development framework. Prior to version 5.2.3, a path trav	HIGH	7.2	0.2%	FIX	2026-03-31
36	CVE-2026-33613 Due to the improper neutralisation of special elements used in an OS command, a	HIGH	7.2	0.1%		2026-04-02
36	CVE-2026-5217 The Optimole - Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image O	HIGH	7.2	0.1%		2026-04-11
36	CVE-2026-35035 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	HIGH	7.2	0.1%	FIX	2026-04-06
36	CVE-2026-5425 The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored C	HIGH	7.2	0.1%		2026-04-04
36	CVE-2026-35581 Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Execut	HIGH	7.2	0.1%	FIX	2026-04-07
36	CVE-2026-2936 The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to S	HIGH	7.2	0.1%		2026-04-04
36	CVE-2026-25932 GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.	HIGH	7.2	0.0%		2026-04-06
36	CVE-2026-0686 The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery	HIGH	7.2	0.0%		2026-04-02
36	CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pe	HIGH	7.2	0.0%		2026-04-07
36	CVE-2026-1343 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	HIGH	7.2	0.0%	FIX	2026-04-08
36	CVE-2026-29782 ## Description The `oauth2.php` file in OpenSTAManager is an *unauthenticated	HIGH	7.2	0.0%	FIX	2026-04-01
36	CVE-2026-35536 In Tornado before 6.5.5, cookie attribute injection could occur because the doma	HIGH	7.2	0.0%	FIX	2026-04-03
36	CVE-2026-29047 GLPI is a free asset and IT management software package. From 10.0.0 to before 1	HIGH	7.2	0.0%		2026-04-06
36	CVE-2026-39343 ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje	HIGH	7.2	0.0%		2026-04-07
36	CVE-2026-39325 ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj	HIGH	7.2	0.0%		2026-04-07
36	CVE-2026-27885 Piwigo is an open source photo gallery application for the web. Prior to version	HIGH	7.2	0.0%		2026-04-03
36	CVE-2026-27834 Piwigo is an open source photo gallery application for the web. Prior to version	HIGH	7.2	0.0%		2026-04-03
36	CVE-2026-34155 RAUC controls the update process on embedded Linux systems. Prior to version 1.1	HIGH	7.2	0.0%		2026-03-31
36	CVE-2026-35037 ## Summary The `GET /api/website/title` endpoint accepts an arbitrary URL via t	HIGH	7.2	0.0%	FIX	2026-04-03
36	CVE-2026-40114 PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endp	HIGH	7.2	0.0%	FIX	2026-04-09
36	CVE-2026-35175 ### Impact An authenticated user (using the `auth_users` plugin authentication	HIGH	7.2	0.1%	FIX	2026-04-03
36	CVE-2026-35476 InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.	HIGH	7.2	0.0%		2026-04-08
36	CVE-2026-34512 OpenClaw before 2026.3.25 contains an improper access control vulnerability in t	HIGH	7.2	0.0%	FIX	2026-04-09
36	CVE-2026-35653 OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in t	HIGH	7.2	0.0%	FIX	2026-04-10
36	CVE-2026-40242 Arcane is an interface for managing Docker containers, images, networks, and vol	HIGH	7.2	0.0%	FIX	2026-04-10
36	CVE-2026-35660 OpenClaw before 2026.3.23 contains an insufficient access control vulnerability	HIGH	7.2	0.0%	FIX	2026-04-10
36	CVE-2026-34790 Endian Firewall version 3.3.25 and prior allow authenticated users to delete arb	HIGH	7.1	0.3%		2026-04-02
36	CVE-2026-33028 ### Summary The `nginx-ui` application is vulnerable to a Race Condition. Du	HIGH	7.1	0.1%	FIX	2026-03-30
36	CVE-2026-34591 ### Summary A crafted wheel can contain ../ paths that Poetry writes to disk wit	HIGH	7.1	0.1%	FIX	2026-04-01
36	CVE-2026-34598 ### Summary A stored and blind XSS vulnerability exists in the form title field.	HIGH	7.1	0.1%	FIX	2026-04-01
36	CVE-2026-34603 ## Summary `@tinacms/cli` recently added lexical path-traversal checks to the d	HIGH	7.1	0.1%	FIX	2026-04-01
36	CVE-2026-34604 ## Summary `@tinacms/graphql` uses string-based path containment checks in `Fil	HIGH	7.1	0.1%	FIX	2026-04-01
36	CVE-2026-39308 ### Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe	HIGH	7.1	0.1%	FIX	2026-04-06
36	CVE-2026-35000 ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerab	HIGH	7.1	0.1%	FIX	2026-04-01
36	CVE-2026-34124 A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 wit	HIGH	7.1	0.0%	FIX	2026-04-02

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 9 / 10 Next