Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
30	CVE-2026-34859 UAF vulnerability in the kernel module. Impact: Successful exploitation of this	MEDIUM	5.9	-		2026-04-13
30	CVE-2026-5300 Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows una	MEDIUM	5.9	0.0%		2026-04-08
30	CVE-2026-34946 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	MEDIUM	5.9	0.0%	FIX	2026-04-09
29	CVE-2026-34761 ## Summary Ella Core panics when processing a NGAP handover failure message. #	MEDIUM	5.8	0.0%	FIX	2026-04-01
29	CVE-2026-5374 An issue that allowed MCP agents to access remediation and asset information fro	MEDIUM	5.8	0.0%		2026-04-07
29	CVE-2026-5384 An issue that could allow a credential to be updated and used for a task from ou	MEDIUM	5.8	0.0%		2026-04-07
29	CVE-2026-5378 An issue that allowed administrators to create and update users outside of their	MEDIUM	5.8	0.0%		2026-04-07
29	CVE-2026-34360 ## Summary The `/loadIG` HTTP endpoint in the FHIR Validator HTTP service accep	MEDIUM	5.8	0.0%	FIX	2026-03-30
29	CVE-2026-34772 ### Impact Apps that allow downloads and programmatically destroy sessions may b	MEDIUM	5.8	0.0%	FIX	2026-04-03
29	CVE-2026-34452 The Claude SDK for Python provides access to the Claude API from Python applicat	MEDIUM	5.8	0.0%	FIX	2026-03-31
29	CVE-2026-32988 OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs	MEDIUM	5.8	0.0%		2026-03-31
29	CVE-2026-32977 OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in th	MEDIUM	5.8	0.0%	FIX	2026-03-31
29	CVE-2026-25704 A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race C	MEDIUM	5.8	0.0%		2026-03-30
29	CVE-2026-34981 The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1	MEDIUM	5.8	0.0%		2026-04-06
29	CVE-2026-20709 Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Pr	MEDIUM	5.8	0.0%		2026-04-08
29	CVE-2026-30867 CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior	MEDIUM	5.7	0.0%		2026-04-02
29	CVE-2025-24819 Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due t	MEDIUM	5.7	0.0%		2026-04-07
29	CVE-2026-21712 A flaw in Node.js URL processing causes an assertion failure in native code when	MEDIUM	5.7	0.0%	FIX	2026-03-30
28	CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.	MEDIUM	5.7	0.0%		2026-04-10
28	CVE-2026-1516 GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 b	MEDIUM	5.7	0.0%		2026-04-08
28	CVE-2026-34855 Out-of-bounds write vulnerability in the kernel module. Impact: Successful explo	MEDIUM	5.7	-		2026-04-13
28	CVE-2026-39901 ### Summary A transaction integrity flaw allows an authenticated tenant user to	MEDIUM	5.7	0.0%	FIX	2026-04-08
28	CVE-2026-34854 UAF vulnerability in the kernel module. Impact: Successful exploitation of this	MEDIUM	5.7	-		2026-04-13
28	CVE-2026-5271 pymanager included the current working directory in sys.path meaning modules cou	MEDIUM	5.6	0.0%		2026-04-01
28	CVE-2026-5673 A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability	MEDIUM	5.6	0.0%		2026-04-06
28	CVE-2025-7024 Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Ser	MEDIUM	5.6	0.0%		2026-04-03
28	CVE-2026-34867 Double free vulnerability in the multi-mode input system. Impact: Successful exp	MEDIUM	5.6	-		2026-04-13
28	CVE-2026-40190 LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform.	MEDIUM	5.6	0.0%	FIX	2026-04-10
28	CVE-2026-34943 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0	MEDIUM	5.6	0.0%	FIX	2026-04-09
28	CVE-2026-5311 A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3	MEDIUM	5.5	0.1%		2026-04-01
28	CVE-2026-5527 A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. A	MEDIUM	5.5	0.0%		2026-04-04
28	CVE-2026-5601 A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This i	MEDIUM	5.5	0.0%		2026-04-05
28	CVE-2025-66484 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site script	MEDIUM	5.5	0.0%	FIX	2026-04-01
28	CVE-2026-27315 Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sen	MEDIUM	5.5	0.0%	FIX	2026-04-07
28	CVE-2026-3777 The application does not properly validate the lifetime and validity of internal	MEDIUM	5.5	0.0%		2026-04-01
28	CVE-2026-3776 The application does not validate the presence of required appearance (AP) data	MEDIUM	5.5	0.0%		2026-04-01
28	CVE-2025-65116 Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Window	MEDIUM	5.5	0.0%		2026-04-07
28	CVE-2026-5745 A flaw was found in libarchive. A NULL pointer dereference vulnerability exists	MEDIUM	5.5	0.0%		2026-04-07
28	CVE-2026-34447 Open Neural Network Exchange (ONNX) is an open standard for machine learning int	MEDIUM	5.5	0.0%	FIX	2026-04-01
28	CVE-2026-34933 Avahi is a system which facilitates service discovery on a local network via the	MEDIUM	5.5	0.0%		2026-04-03
28	CVE-2026-34730 ### Summary Copier's `_external_data` feature allows a template to load YAML fi	MEDIUM	5.5	0.0%	FIX	2026-04-01
28	CVE-2025-48651 N/A	MEDIUM	5.5	0.0%		2026-04-06
28	CVE-2026-35477 InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, th	MEDIUM	5.5	0.0%		2026-04-08
28	CVE-2026-5986 A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted	MEDIUM	5.5	0.0%		2026-04-09
28	CVE-2026-40159 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Mode	MEDIUM	5.5	0.0%	FIX	2026-04-10
28	CVE-2026-39392 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	MEDIUM	5.5	0.0%	FIX	2026-04-08
28	CVE-2026-5600 A new API endpoint introduced in pretix 2025 that is supposed to return all che	MEDIUM	5.5	0.0%	FIX	2026-04-08
28	CVE-2026-39390 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo	MEDIUM	5.5	0.0%	FIX	2026-04-08
28	CVE-2026-29043 HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can	MEDIUM	5.5	0.0%		2026-04-10
28	CVE-2026-39856 osslsigncode is a tool that implements Authenticode signing and timestamping. Pr	MEDIUM	5.5	0.0%		2026-04-09
28	CVE-2026-39855 osslsigncode is a tool that implements Authenticode signing and timestamping. Pr	MEDIUM	5.5	0.0%		2026-04-09
27	CVE-2026-5355 A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this i	MEDIUM	5.3	0.8%		2026-04-02
27	CVE-2026-32629 ### Summary An unauthenticated attacker can submit a guest FAQ with an email add	MEDIUM	5.4	0.2%	FIX	2026-03-31
27	CVE-2026-5831 A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impa	MEDIUM	5.3	0.7%	FIX	2026-04-09
27	CVE-2026-5547 A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected i	MEDIUM	5.3	0.7%		2026-04-05
27	CVE-2026-3358 The Tutor LMS - eLearning and online course solution plugin for WordPress is vul	MEDIUM	5.4	0.1%		2026-04-11
27	CVE-2026-4124 The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all ve	MEDIUM	5.4	0.1%		2026-04-09
27	CVE-2026-22569 An incorrect startup configuration of affected versions of Zscaler Client Connec	MEDIUM	5.4	0.0%		2026-03-31
27	CVE-2026-34442 FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor	MEDIUM	5.4	0.0%		2026-03-31
27	CVE-2026-2712 The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of fun	MEDIUM	5.4	0.0%		2026-04-10
27	CVE-2026-34903 Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Inc	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-4829 Improper authentication in the external OAuth authentication flow in Devolutions	MEDIUM	5.4	0.0%		2026-04-01
27	CVE-2026-35540 An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient C	MEDIUM	5.4	0.0%	FIX	2026-04-03
27	CVE-2026-4065 The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-40212 OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scri	MEDIUM	5.4	0.0%		2026-04-10
27	CVE-2026-35508 Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,	MEDIUM	5.4	0.0%		2026-04-03
27	CVE-2026-34848 hoppscotch is an open source API development ecosystem. Prior to version 2026.3.	MEDIUM	5.4	0.0%		2026-04-02
27	CVE-2026-39367 WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-40071 pyLoad is a free and open-source download manager written in Python. Prior to 0.	MEDIUM	5.4	0.0%		2026-04-09
27	CVE-2026-32273 Discourse is an open-source discussion platform. From versions 2026.1.0-latest t	MEDIUM	5.4	0.0%		2026-03-31
27	CVE-2025-1794 The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scri	MEDIUM	5.4	0.0%		2026-04-08
27	CVE-2026-34974 ### Summary The regex-based SVG sanitizer in phpMyFAQ (`SvgSanitizer.php`) can b	MEDIUM	5.4	0.0%	FIX	2026-04-01
27	CVE-2026-39380 Open Source Point of Sale is a web based point-of-sale application written in PH	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-29598 Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_use	MEDIUM	5.4	0.0%		2026-04-01
27	CVE-2026-35046 Tandoor Recipes is an application for managing recipes, planning meals, and buil	MEDIUM	5.4	0.0%		2026-04-06
27	CVE-2026-33978 Notesnook is a note-taking app focused on user privacy & ease of use. Prior to v	MEDIUM	5.4	0.0%		2026-04-01
27	CVE-2026-34590 Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST	MEDIUM	5.4	0.0%		2026-04-02
27	CVE-2026-34584 listmonk is a standalone, self-hosted, newsletter and mailing list manager. From	MEDIUM	5.4	0.0%		2026-04-02
27	CVE-2026-1243 IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scrip	MEDIUM	5.4	0.0%	FIX	2026-04-02
27	CVE-2025-66485 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, c	MEDIUM	5.4	0.0%	FIX	2026-04-01
27	CVE-2026-32712 Open Source Point of Sale is a web based point-of-sale application written in PH	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-3781 The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via t	MEDIUM	5.4	0.0%		2026-04-08
27	CVE-2025-14857 An improper access control vulnerability exists in Semtech LoRa LR11xxx transcei	MEDIUM	5.4	0.0%		2026-04-07
27	CVE-2026-4401 The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Fo	MEDIUM	5.4	0.0%		2026-04-08
27	CVE-2026-34749 Payload is a free and open source headless content management system. Prior to v	MEDIUM	5.4	0.0%	FIX	2026-04-01
27	CVE-2026-31352 An authenticated stored cross-site scripting (XSS) vulnerability in the Role Man	MEDIUM	5.4	0.0%		2026-04-06
27	CVE-2026-31350 An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2	MEDIUM	5.4	0.0%		2026-04-06
27	CVE-2025-70365 A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due	MEDIUM	5.4	0.0%		2026-04-09
27	CVE-2026-31313 An authenticated stored cross-site scripting (XSS) vulnerability in the creation	MEDIUM	5.4	0.0%		2026-04-06
27	CVE-2026-31353 An authenticated stored cross-site scripting (XSS) vulnerability in the Category	MEDIUM	5.4	0.0%		2026-04-06

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 9 / 14 Next