Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
116	CVE-2026-48027 Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver	CRITICAL	9.3	26.8%	KEV POC	2026-05-27
67	CVE-2026-41948 Dify version 1.14.1 and prior contain a path traversal vulnerability that allows	CRITICAL	9.3	0.1%	POC	2026-05-18
66	CVE-2026-24444 SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con	CRITICAL	9.3	-	POC	2026-05-28
66	CVE-2026-31071 API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack au	CRITICAL	9.1	0.1%	POC	2026-05-19
50	CVE-2026-45829 A pre-authentication, code injection vulnerability in version 1.0.0 or later of	CRITICAL	10.0	0.1%		2026-05-18
50	CVE-2026-9152 A missing authentication vulnerability exists in the Altium 365 SearchService. A	CRITICAL	10.0	0.1%		2026-05-21
50	CVE-2026-45444 Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift	CRITICAL	10.0	0.0%		2026-05-20
50	CVE-2026-46412 ## Summary Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compr	CRITICAL	10.0	-		2026-05-19
50	CVE-2026-33712 Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview cha	CRITICAL	10.0	0.1%		2026-05-22
50	CVE-2026-46840 Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). S	CRITICAL	10.0	-		2026-05-28
50	CVE-2026-20223 A vulnerability in the access validation of internal REST APIs of Cisco Sec	CRITICAL	10.0	0.0%		2026-05-20
50	CVE-2026-42757 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	CRITICAL	9.9	0.0%		2026-05-27
50	CVE-2026-42748 Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo	CRITICAL	9.9	0.0%		2026-05-27
50	CVE-2026-46775 Vulnerability in Oracle REST Data Services (component: Core). Supported version	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-9645 Exposed methods allow authenticated users to create and execute arbitrary JavaSc	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-46824 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Su	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-46839 Vulnerability in Oracle REST Data Services (component: Core). Supported version	CRITICAL	9.9	-		2026-05-28
50	CVE-2026-42756 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	CRITICAL	9.9	0.0%		2026-05-27
50	CVE-2026-46822 Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (componen	CRITICAL	9.9	-		2026-05-28
49	CVE-2026-5229 The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in v	CRITICAL	9.8	0.3%		2026-05-15
49	CVE-2026-7304 SGLangs multimodal generation runtime is vulnerable to unauthenticated remote co	CRITICAL	9.8	0.3%		2026-05-18
49	CVE-2026-6555 The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File U	CRITICAL	9.8	0.3%		2026-05-20
49	CVE-2026-7637 The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions	CRITICAL	9.8	0.1%		2026-05-20
49	CVE-2026-6279 The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthe	CRITICAL	9.8	0.1%		2026-05-21
49	CVE-2026-24207 NVIDIA Triton Inference Server contains a vulnerability where an attacker could	CRITICAL	9.8	0.1%		2026-05-20
49	CVE-2026-7284 The Easy Elements for Elementor - Addons & Website Templates plugin for WordPres	CRITICAL	9.8	0.1%		2026-05-20
49	CVE-2026-4885 The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbit	CRITICAL	9.8	0.1%		2026-05-19
49	CVE-2026-7301 SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0	CRITICAL	9.8	0.0%		2026-05-18
49	CVE-2026-42758 Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias Webinar	CRITICAL	9.8	0.0%		2026-05-27
49	CVE-2026-31070 The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticat	CRITICAL	9.8	0.0%		2026-05-19
49	CVE-2026-32253 Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2	CRITICAL	9.8	0.0%		2026-05-22
49	CVE-2026-30118 scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SS	CRITICAL	9.8	0.0%		2026-05-19
49	CVE-2026-30117 scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerab	CRITICAL	9.8	0.0%		2026-05-19
49	CVE-2026-48902 The password and username reset features created plain http links for https conn	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2026-48691 FastNetMon Community Edition through 1.2.9 contains an integer overflow in the B	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2026-8507 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) wr	CRITICAL	9.8	0.0%		2026-05-17
49	CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with e	CRITICAL	9.8	0.0%		2026-05-17
49	CVE-2026-5118 The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation	CRITICAL	9.8	0.0%		2026-05-21
49	CVE-2026-36829 An authentication bypass vulnerability exists in the embedded HTTP server of Pan	CRITICAL	9.8	0.4%		2026-05-19
49	CVE-2026-48687 FastNetMon Community Edition through 1.2.9 contains an OS command injection vuln	CRITICAL	9.8	0.1%		2026-05-26
49	CVE-2026-8175 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A	CRITICAL	9.8	0.4%		2026-05-27
49	CVE-2026-46817 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-7524 IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to im	CRITICAL	9.8	0.3%		2026-05-27
49	CVE-2026-42731 Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verifi	CRITICAL	9.8	0.0%		2026-05-27
49	CVE-2026-48689 FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buf	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2026-9642 There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthentica	CRITICAL	9.8	0.0%		2026-05-26
49	CVE-2026-8760 The Login with OTP plugin for WordPress is vulnerable to authentication bypass i	CRITICAL	9.8	0.3%		2026-05-27
49	CVE-2026-34311 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Ora	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-38703 A command injection vulnerability exists in the ZeroTier VPN feature of InHand N	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-38704 A command injection vulnerability exists in the WireGuard VPN feature of InHand	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-38702 A command injection vulnerability exists in the Admin Access feature of InHand N	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-6960 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload	CRITICAL	9.8	0.1%		2026-05-21
49	CVE-2026-38707 A command injection vulnerability exists in the IPSec VPN feature of InHand Netw	CRITICAL	9.8	-		2026-05-28
49	CVE-2026-4883 The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload du	CRITICAL	9.8	0.1%		2026-05-19
48	CVE-2026-45758 ### Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker publis	CRITICAL	9.6	-		2026-05-19
47	CVE-2026-8134 Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the p	CRITICAL	9.4	0.4%		2026-05-21
47	CVE-2026-9739 Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During	CRITICAL	9.4	0.0%		2026-05-27
47	CVE-2026-32998 This vulnerability in Veeam Service Provider Console allows for remote code exec	CRITICAL	9.4	0.3%		2026-05-28
47	CVE-2026-9141 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication	CRITICAL	9.3	0.2%		2026-05-20
47	CVE-2026-9139 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded crede	CRITICAL	9.3	0.1%		2026-05-20
47	CVE-2026-48906 The vulnerability in the Tassos Framework Plugin allows users to delete arbitrar	CRITICAL	9.3	0.1%		2026-05-27
47	CVE-2026-42755 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
47	CVE-2026-42747 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-42097 Sparx Pro Cloud Server requires authentication based on requested URL. An attack	CRITICAL	9.3	0.1%		2026-05-19
46	CVE-2026-39531 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-21
46	CVE-2026-9037 A firmware update mechanism in the affected charging controller fails to validat	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-42740 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-42727 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-42761 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti	CRITICAL	9.3	0.0%		2026-05-27
46	CVE-2026-8979 The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an auth	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-8980 The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privile	CRITICAL	9.3	-		2026-05-28
46	CVE-2026-44159 Tyler Identity Local (TID-L) uses documented, default administrative credentials	CRITICAL	9.3	0.0%		2026-05-19
46	CVE-2026-0481 Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosyst	CRITICAL	9.2	0.2%		2026-05-15
46	CVE-2026-47358 Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF)	CRITICAL	9.2	0.0%		2026-05-19
46	CVE-2026-47357 Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF)	CRITICAL	9.2	0.0%		2026-05-19
46	CVE-2026-2586 An authenticated Remote Code Execution (RCE) vulnerability was identified in Gla	CRITICAL	9.1	0.2%		2026-05-19
46	CVE-2026-7302 SGLangs multimodal generation runtime is vulnerable to an unauthenticated path t	CRITICAL	9.1	0.1%		2026-05-18
46	CVE-2026-49002 Access control failure means that an application does not effectively check user	CRITICAL	9.1	0.0%		2026-05-27
46	CVE-2026-7876 IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19	CRITICAL	9.1	0.0%		2026-05-27
46	CVE-2026-46819 Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-B	CRITICAL	9.1	-		2026-05-28
46	CVE-2026-8598 An undocumented configuration export port is accessible on some models of ZKTec	CRITICAL	9.1	0.1%		2026-05-20
45	CVE-2026-22314 Improper Control of Generation of Code ('Code Injection') vulnerability in Mesal	CRITICAL	9.0	0.0%		2026-05-20
45	CVE-2026-46833 Vulnerability in the Net Service component of Oracle Database Server. Supported	CRITICAL	9.0	-		2026-05-28
0	CVE-2026-48700 An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When	CRITICAL	9.3	0.0%		2026-05-22
0	CVE-2026-45568 ## Summary Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob	CRITICAL	-	-		2026-05-19

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d