Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
37	CVE-2026-21716 An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle	LOW	3.3	0.0%	POC FIX	2026-03-30
31	CVE-2026-6000 A vulnerability was found in code-projects Online Library Management System 1.0.	LOW	2.1	0.0%	POC	2026-04-10
31	CVE-2026-5847 A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impa	LOW	2.1	0.0%	POC	2026-04-09
30	CVE-2026-5960 A weakness has been identified in code-projects Patient Record Management System	LOW	2.1	0.0%	POC	2026-04-09
30	CVE-2026-5420 A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.2	LOW	2.0	0.0%	POC	2026-04-02
30	CVE-2026-5310 A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. Thi	LOW	2.0	0.0%	POC FIX	2026-04-01
30	CVE-2026-5454 A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5462 A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5471 A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5458 A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on An	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5457 A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5456 A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on A	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5453 A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.3	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5452 A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vul	LOW	1.9	0.0%	POC	2026-04-03
30	CVE-2026-5455 A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affec	LOW	1.9	0.0%	POC	2026-04-03
20	CVE-2025-66038 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.	LOW	3.9	0.0%		2026-03-30
20	CVE-2026-34768 ### Impact On Windows, `app.setLoginItemSettings({openAtLogin: true})` wrote the	LOW	3.9	0.0%	FIX	2026-04-03
20	CVE-2025-66037 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.	LOW	3.9	0.0%		2026-03-30
19	CVE-2026-3470 A vulnerability exists in the SonicWall Email Security appliance due to improper	LOW	3.8	0.1%		2026-03-31
19	CVE-2025-49010 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.	LOW	3.8	0.0%		2026-03-30
19	CVE-2025-66215 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.	LOW	3.8	0.0%		2026-03-30
19	CVE-2026-3184 A flaw was found in util-linux. Improper hostname canonicalization in the `login	LOW	3.7	0.1%		2026-04-03
19	CVE-2026-21388 Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {	LOW	3.7	0.0%		2026-04-09
19	CVE-2026-24661 Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the	LOW	3.7	0.0%		2026-04-09
19	CVE-2026-34166 ## Summary The `replace` filter in LiquidJS incorrectly accounts for memory usa	LOW	3.7	0.0%	FIX	2026-04-08
19	CVE-2026-35448 ## Summary The BlockonomicsYPT plugin's `check.php` endpoint returns payment or	LOW	3.7	0.0%		2026-04-04
19	CVE-2026-35537 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe de	LOW	3.7	0.0%	FIX	2026-04-03
19	CVE-2026-26961 Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, a	LOW	3.7	0.0%	FIX	2026-04-02
19	CVE-2025-67806 The login mechanism of Sage DPW 2021_06_004 displays distinct responses for vali	LOW	3.7	0.0%		2026-04-01
19	CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resou	LOW	3.7	0.0%		2026-04-06
18	CVE-2026-40097 Step CA is an online certificate authority for secure, automated certificate man	LOW	3.7	0.0%	FIX	2026-04-10
18	CVE-2026-40184 TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded pho	LOW	3.7	0.1%		2026-04-10
18	CVE-2026-40194 phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1	LOW	3.7	0.0%	FIX	2026-04-10
18	CVE-2026-5115 The PaperCut NG/MF (specifically, the embedded application for Konica Minolta de	LOW	3.6	0.0%		2026-03-31
18	CVE-2026-35386 In OpenSSH before 10.3, command execution can occur via shell metacharacters in	LOW	3.6	0.0%		2026-04-02
18	CVE-2026-33551 An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.	LOW	3.5	0.0%	FIX	2026-04-10
18	CVE-2026-35679 Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under cert	LOW	3.5	0.0%		2026-04-05
18	CVE-2026-35400 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	LOW	3.5	0.0%		2026-04-08
18	CVE-2026-40077 Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in t	LOW	3.5	0.0%	FIX	2026-04-09
17	CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.4	0.0%		2026-04-06
17	CVE-2026-28264 Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorre	LOW	3.3	0.0%		2026-04-08
17	CVE-2026-35094 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file	LOW	3.3	0.0%		2026-04-01
17	CVE-2026-34766 ### Impact The `select-usb-device` event callback did not validate the chosen de	LOW	3.3	0.0%	FIX	2026-04-03
17	CVE-2025-43236 A type confusion issue was addressed with improved memory handling. This issue i	LOW	3.3	0.0%		2026-04-02
17	CVE-2026-21715 A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSyn	LOW	3.3	0.0%	FIX	2026-03-30
16	CVE-2026-35538 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitiz	LOW	3.1	0.0%	FIX	2026-04-03
16	CVE-2026-2475 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	LOW	3.1	0.0%	FIX	2026-04-01
16	CVE-2026-35387 OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA al	LOW	3.1	0.0%		2026-04-02
16	CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.1	0.0%		2026-04-06
16	CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ	LOW	3.1	0.0%		2026-03-30
16	CVE-2026-0397 When the internal webserver is enabled (default is disabled), an attacker might	LOW	3.1	0.0%	FIX	2026-03-31
16	CVE-2026-0396 An attacker might be able to inject HTML content into the internal web dashboard	LOW	3.1	0.0%	FIX	2026-03-31
16	CVE-2026-40109 Flux notification-controller is the event forwarder and notification dispatcher	LOW	3.1	0.0%	FIX	2026-04-09
15	CVE-2026-5382 An issue that could expose records outside of the authorized organization scope	LOW	3.0	0.0%		2026-04-07
15	CVE-2026-5379 An issue that allowed MCP agents to access certificate information from outside	LOW	3.0	0.0%		2026-04-07
15	CVE-2026-40354 Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Fla	LOW	2.9	0.0%		2026-04-11
14	CVE-2026-40228 In systemd 259, systemd-journald can send ANSI escape sequences to the terminals	LOW	2.9	0.0%		2026-04-10
14	CVE-2026-34781 ### Impact Apps that call `clipboard.readImage()` may be vulnerable to a denial	LOW	2.8	0.0%	FIX	2026-04-07
14	CVE-2026-33762 ### Impact `go-git`’s index decoder for format version 4 fails to validate the	LOW	2.8	0.0%	FIX	2026-03-30
14	CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation	LOW	2.7	0.1%		2026-03-31
14	CVE-2026-34519 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34514 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34520 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34947 Discourse is an open-source discussion platform. From versions 2026.1.0-latest t	LOW	2.7	0.0%		2026-04-03
14	CVE-2026-34518 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34517 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34513 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34762 ## Summary The `PUT /api/v1/subscriber/{imsi}` API accepts an IMSI identifier f	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2025-66487 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequenc	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34203 Nautobot is a Network Source of Truth and Network Automation Platform. Prior to	LOW	2.7	0.0%	FIX	2026-03-31
14	CVE-2026-5375 An issue that could allow a user with access to a credential to view sensitive f	LOW	2.7	0.0%		2026-04-07
14	CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	LOW	2.7	0.0%	FIX	2026-04-07
14	CVE-2025-15480 In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user cr	LOW	2.7	0.0%	FIX	2026-04-09
14	CVE-2026-4916 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2	LOW	2.7	0.0%		2026-04-08
14	CVE-2025-14551 In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials durin	LOW	2.7	0.0%	FIX	2026-04-09
13	CVE-2026-35388 OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode mu	LOW	2.5	0.0%		2026-04-02
12	CVE-2026-5107 A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the f	LOW	2.3	0.0%	FIX	2026-03-30
12	CVE-2026-34969 # Refresh Token Leaked via URL Query Parameter in OAuth Provider Callback ## Su	LOW	2.3	0.0%	FIX	2026-04-01
12	CVE-2026-5199 A writer role user in an attacker-controlled namespace could signal, delete, and	LOW	2.3	0.0%	FIX	2026-04-01
12	CVE-2026-34509 OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its	LOW	2.3	0.0%	FIX	2026-03-31
12	CVE-2026-34506 OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its	LOW	2.3	0.0%	FIX	2026-03-31
12	CVE-2026-5188 An integer underflow issue exists in wolfSSL when parsing the Subject Alternativ	LOW	2.3	0.0%		2026-04-10
12	CVE-2026-34945 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-34988 Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-5187 Two potential heap out-of-bounds write locations existed in DecodeObjectId() in	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-39957 Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL opera	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-35624 OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room auth	LOW	2.3	0.1%	FIX	2026-04-09
12	CVE-2026-35617 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Goog	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-5392 Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-34764 ### Impact Apps that use offscreen rendering with GPU shared textures may be vul	LOW	2.3	0.0%	FIX	2026-04-03

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1724d
CVE-2020-10189	CRITICAL	9.8	223	2227d
CVE-2012-4681	CRITICAL	9.8	223	4975d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	997d
CVE-2015-7450	CRITICAL	9.8	222	3752d
CVE-2023-34048	CRITICAL	9.8	222	899d

1 / 2 Next