Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
126	CVE-2026-41091 Improper link resolution before file access ('link following') in Microsoft Defe	HIGH	7.8	12.1%	KEV POC FIX	2026-05-20
64	CVE-2026-3220 The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin	HIGH	8.8	0.0%	POC FIX	2026-05-18
64	CVE-2026-43634 HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that	HIGH	8.7	0.0%	POC FIX	2026-05-19
63	CVE-2026-6379 The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly san	HIGH	8.6	0.0%	POC FIX	2026-05-18
63	CVE-2026-7862 The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper	HIGH	8.6	0.0%	POC FIX	2026-05-28
63	CVE-2026-47114 IINA before 1.4.3 contains a user-assisted command execution vulnerability that	HIGH	8.6	0.2%	POC FIX	2026-05-21
62	CVE-2026-45369 python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitut	HIGH	8.3	0.0%	POC FIX	2026-05-14
61	CVE-2026-41949 Dify version 1.14.1 and prior contain an authorization bypass vulnerability in t	HIGH	8.2	0.0%	POC FIX	2026-05-18
61	CVE-2026-41470 LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP	HIGH	8.2	0.1%	POC FIX	2026-05-19
59	CVE-2026-45370 python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_envir	HIGH	7.7	0.0%	POC FIX	2026-05-14
58	CVE-2026-6381 The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a paramete	HIGH	7.5	0.0%	POC FIX	2026-05-18
58	CVE-2025-15609 The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API	HIGH	7.5	0.0%	POC FIX	2026-05-19
57	CVE-2026-9345 A vulnerability was detected in Edimax EW-7438RPn up to 1.31. This affects the f	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9346 A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-8775 A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2	HIGH	7.4	0.0%	POC	2026-05-18
57	CVE-2026-9344 A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9348 A vulnerability was found in Edimax EW-7438RPn up to 1.31. Affected by this vuln	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-8776 A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affe	HIGH	7.4	0.0%	POC	2026-05-18
57	CVE-2026-9360 A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this	HIGH	7.4	0.0%	POC	2026-05-24
57	CVE-2026-9294 A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is	HIGH	7.4	0.0%	POC	2026-05-23
57	CVE-2026-9295 A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f	HIGH	7.4	0.0%	POC	2026-05-23
57	CVE-2026-8764 A security vulnerability has been detected in H3C Magic B3 up to 100R002. This a	HIGH	7.3	0.0%	POC	2026-05-17
56	CVE-2026-31266 Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in th	HIGH	7.3	0.0%	POC	2026-05-27
56	CVE-2025-70103 Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to th	HIGH	7.3	0.0%	POC	2026-05-27
56	CVE-2026-6495 The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a	HIGH	7.1	0.0%	POC FIX	2026-05-18
56	CVE-2026-46333 In the Linux kernel, the following vulnerability has been resolved: ptrace: sli	HIGH	7.1	0.0%	POC FIX	2026-05-15
54	CVE-2026-8603 In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an a	HIGH	8.7	0.6%		2026-05-19
54	CVE-2026-8602 In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnera	HIGH	8.8	0.1%		2026-05-19
53	CVE-2026-8604 In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigge	HIGH	8.6	0.0%		2026-05-19
45	CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to inse	HIGH	8.9	0.1%		2026-05-21
45	CVE-2026-45659 Deserialization of untrusted data in Microsoft Office SharePoint allows an autho	HIGH	8.8	0.5%	FIX	2026-05-22
44	CVE-2026-8832 The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code	HIGH	8.8	0.4%		2026-05-27
44	CVE-2026-27648 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex	HIGH	8.8	0.2%		2026-05-19
44	CVE-2026-44048 In Netatalk 2.0.4 through 4.4.2, stack buffer overflow via ucs-2 type confusion	HIGH	8.8	0.1%	FIX	2026-05-21
44	CVE-2026-6228 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege	HIGH	8.8	0.1%		2026-05-15
44	CVE-2026-7522 The Advanced Database Cleaner - Premium plugin for WordPress is vulnerable to Lo	HIGH	8.8	0.1%		2026-05-20
44	CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	HIGH	8.8	0.1%	FIX	2026-05-18
44	CVE-2026-24217 NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause	HIGH	8.8	0.1%		2026-05-20
44	CVE-2026-44047 In Netatalk 3.1.0 through 4.4.2, sql injection in mysql cnid backend. Fixed in 4	HIGH	8.8	0.1%	FIX	2026-05-21
44	CVE-2026-8540 Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote a	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8555 Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowe	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8532 Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remot	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8581 Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8551 Use after free in Downloads in Google Chrome prior to 148.0.7778.168 allowed a r	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8577 Integer overflow in Fonts in Google Chrome prior to 148.0.7778.168 allowed a rem	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8544 Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remot	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8518 Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remot	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8522 Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allo	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8549 Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remot	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8527 Insufficient validation of untrusted input in Downloads in Google Chrome prior t	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8517 Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.1	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8526 Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-9207 Tanium addressed an unauthorized code execution vulnerability in Connect.	HIGH	8.8	0.1%	FIX	2026-05-27
44	CVE-2026-8529 Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8524 Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8519 Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 al	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8509 Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-45672 ### Summary The `/api/v1/utils/code/execute` endpoint executes arbitrary Python	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-35430 Authorization bypass through user-controlled key in Azure Privileged Identity Ma	HIGH	8.8	0.1%	FIX	2026-05-22
44	CVE-2026-8531 Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.16	HIGH	8.8	0.1%	FIX	2026-05-14
44	CVE-2026-8975 Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox	HIGH	8.8	0.1%	FIX	2026-05-19
44	CVE-2026-8974 Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-46414 Microsoft UFO open-source framework for intelligent automation across devices an	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-47161 RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7	HIGH	8.7	0.5%		2026-05-27
44	CVE-2026-48920 Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining im	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-8787 The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-38807 Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-8970 Privilege escalation in the Security component. This vulnerability was fixed in	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-6456 The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation	HIGH	8.8	0.0%		2026-05-20
44	CVE-2026-8973 Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-6898 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-5200 The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution	HIGH	8.8	0.0%		2026-05-20
44	CVE-2026-32740 libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-7467 The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escala	HIGH	8.8	0.0%		2026-05-20
44	CVE-2026-44988 LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and	HIGH	8.8	0.0%		2026-05-27
44	CVE-2026-6419 The WishList Member plugin for WordPress is vulnerable to Privilege Escalation v	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-6897 The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-8719 The AI Engine - The Chatbot, AI Framework & MCP for WordPress plugin for WordPre	HIGH	8.8	0.0%		2026-05-17
44	CVE-2026-6895 The WishList Member plugin for WordPress is vulnerable to Missing Authorization	HIGH	8.8	0.0%		2026-05-23
44	CVE-2026-8558 Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a	HIGH	8.8	0.0%	FIX	2026-05-14
44	CVE-2026-9126 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remo	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-8957 Privilege escalation in the Enterprise Policies component. This vulnerability wa	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-8955 Privilege escalation in the DOM: Workers component. This vulnerability was fixed	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-46586 Improper Control of Generation of Code ('Code Injection'), Improper Neutralizati	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-41075 RT is an open source, enterprise-grade issue and ticket tracking system. Version	HIGH	8.8	0.0%		2026-05-22
44	CVE-2026-9114 Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a rem	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-9112 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowe	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-9118 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed	HIGH	8.8	0.0%	FIX	2026-05-20
44	CVE-2026-8952 Privilege escalation in the Application Update component. This vulnerability was	HIGH	8.8	0.0%	FIX	2026-05-19
44	CVE-2026-8972 Privilege escalation in the WebRTC: Audio/Video component. This vulnerability wa	HIGH	8.8	0.0%	FIX	2026-05-19

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	776d
CVE-2019-19781	CRITICAL	9.8	223	2344d
CVE-2020-5902	CRITICAL	9.8	223	2157d
CVE-2021-35464	CRITICAL	9.8	223	1771d
CVE-2020-10189	CRITICAL	9.8	223	2274d
CVE-2012-4681	CRITICAL	9.8	223	5021d
CVE-2022-42475	CRITICAL	9.8	223	1242d
CVE-2023-3519	CRITICAL	9.8	223	1044d
CVE-2015-7450	CRITICAL	9.8	222	3798d
CVE-2023-34048	CRITICAL	9.8	222	946d

1 / 9 Next