Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
44	CVE-2026-35182 Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing	HIGH	8.8	0.0%		2026-04-06
44	CVE-2026-4443 Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowe	HIGH	8.8	0.0%	FIX	2026-03-20
44	CVE-2026-5858 Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a	HIGH	8.8	0.0%	FIX	2026-04-08
44	CVE-2026-28805 ## Description Multiple AJAX select handlers in OpenSTAManager <= 2.10.1 are vu	HIGH	8.8	0.0%	FIX	2026-04-01
44	CVE-2026-33025 AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injectio	HIGH	8.8	0.0%		2026-03-20
44	CVE-2026-39329 ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-39326 ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-4463 Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed	HIGH	8.8	0.0%	FIX	2026-03-20
44	CVE-2026-4444 Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed	HIGH	8.8	0.0%	FIX	2026-03-20
44	CVE-2026-5836 A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected	MEDIUM	4.8	0.0%	POC	2026-04-09
44	CVE-2026-29099 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (C	HIGH	8.8	0.0%		2026-03-19
44	CVE-2026-5643 A vulnerability was identified in Cyber-III Student-Management-System up to 1a93	MEDIUM	4.8	0.0%	POC	2026-04-06
44	CVE-2026-5644 A security flaw has been discovered in Cyber-III Student-Management-System up to	MEDIUM	4.8	0.0%	POC	2026-04-06
44	CVE-2026-4616 A security flaw has been discovered in bolo-blog 까지 2.6.4. The affected element	MEDIUM	4.8	0.0%	POC	2026-03-24
44	CVE-2026-39330 ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-39327 ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-6003 A security vulnerability has been detected in code-projects Simple IT Discussion	MEDIUM	4.8	0.0%	POC	2026-04-10
44	CVE-2026-4972 A security vulnerability has been detected in code-projects Online Reviewer Syst	MEDIUM	4.8	0.0%	POC	2026-03-27
44	CVE-2026-39323 ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-39334 ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL inj	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-39319 ChurchCRM is an open-source church management system. Prior to 7.1.0, a second o	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-33755 Group-Office is an enterprise customer relationship management and groupware too	HIGH	8.8	0.0%		2026-03-27
44	CVE-2026-5835 A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this v	MEDIUM	4.8	0.0%	POC	2026-04-09
44	CVE-2026-32321 ClipBucket v5 is an open source video sharing platform. An authenticated time-ba	HIGH	8.8	0.0%		2026-03-18
44	CVE-2026-5209 A security vulnerability has been detected in SourceCodester Leave Application S	MEDIUM	4.8	0.0%	POC	2026-03-31
44	CVE-2026-4909 A weakness has been identified in code-projects Exam Form Submission 1.0/7.php.	MEDIUM	4.8	0.0%	POC	2026-03-27
44	CVE-2026-5106 A flaw has been found in code-projects Exam Form Submission 1.0. The impacted el	MEDIUM	4.8	0.0%	POC	2026-03-30
44	CVE-2026-35470 ## Description Six `confronta_righe.php` files across different modules in Open	HIGH	8.8	0.0%	FIX	2026-04-03
44	CVE-2026-4899 A security flaw has been discovered in code-projects Online Food Ordering System	MEDIUM	4.8	0.0%	POC	2026-03-26
44	CVE-2026-30881 Chamilo LMS is a learning management system. Version 1.11.34 and prior contains	HIGH	8.8	0.0%		2026-03-16
44	CVE-2026-39317 ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL inje	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-5834 A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is	MEDIUM	4.8	0.0%	POC	2026-04-09
44	CVE-2026-35395 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web g	HIGH	8.8	0.0%		2026-04-06
44	CVE-2026-39318 ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupP	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-33917 OpenEMR is a free and open source electronic health records and medical practice	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-3334 The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'o	HIGH	8.8	0.0%	FIX	2026-03-21
44	CVE-2026-1430 The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape som	MEDIUM	4.8	0.0%	POC	2026-03-26
44	CVE-2026-32065 OpenClaw versions prior to 2026.2.25 contain an approval-integrity bypass vulner	MEDIUM	4.8	0.0%	POC FIX	2026-03-21
44	CVE-2026-33075 FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fa	HIGH	8.8	0.0%		2026-03-20
44	CVE-2026-33373 An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Sit	HIGH	8.8	0.0%		2026-03-30
44	CVE-2026-32888 Open Source Point of Sale is a web based point-of-sale application written in PH	HIGH	8.8	0.0%		2026-03-20
44	CVE-2026-24359 Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan,	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-25360 Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-27045 Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-24981 Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-v	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-32484 Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allo	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-25406 Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeu	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-24976 Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-24978 Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-c	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-25359 Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum all	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-25358 Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Ob	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-31968 HTSlib is a library for reading and writing bioinformatics file formats. CRAM is	HIGH	8.8	0.0%	FIX	2026-03-18
44	CVE-2026-24974 Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citil	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-23395 In the Linux kernel, the following vulnerability has been resolved: Bluetooth:	HIGH	8.8	0.0%	FIX	2026-03-25
44	CVE-2026-25400 Deserialization of Untrusted Data vulnerability in thememount Apicona apicona al	HIGH	8.8	0.0%		2026-03-25
44	CVE-2025-43264 The issue was addressed with improved memory handling. This issue is fixed in ma	HIGH	8.8	0.0%		2026-04-02
44	CVE-2026-27654 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module	HIGH	8.8	0.0%	FIX	2026-03-24
44	CVE-2026-27314 Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using Mutual	HIGH	8.8	0.0%	FIX	2026-04-07
44	CVE-2025-43219 The issue was addressed with improved memory handling. This issue is fixed in ma	HIGH	8.8	0.0%		2026-04-02
44	CVE-2026-5130 The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthentic	HIGH	8.8	0.0%		2026-03-30
44	CVE-2026-4475 A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_201710241	HIGH	8.8	0.0%		2026-03-20
44	CVE-2026-27040 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-34955 ### Summary `SubprocessSandbox` in all modes (BASIC, STRICT, NETWORK_ISOLATED)	HIGH	8.8	0.0%	FIX	2026-04-01
44	CVE-2026-33030 ## Summary Nginx-UI contains an Insecure Direct Object Reference (IDOR) vulnera	HIGH	8.8	0.0%		2026-03-30
44	CVE-2025-55040 The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers t	HIGH	8.8	0.0%		2026-03-18
44	CVE-2025-67260 The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated compon	HIGH	8.8	0.0%		2026-03-20
44	CVE-2026-29839 DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) v	HIGH	8.8	0.0%		2026-03-24
44	CVE-2026-20631 A logic issue was addressed with improved checks. This issue is fixed in macOS T	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-23246 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80	HIGH	8.8	0.0%	FIX	2026-03-18
44	CVE-2026-3499 The Product Feed PRO for WooCommerce by AdTribes - Product Feeds for WooCommerce	HIGH	8.8	0.0%		2026-04-08
44	CVE-2026-24068 The VSL privileged helper does utilize NSXPC for IPC. The implementation of the	HIGH	8.8	0.0%		2026-03-26
44	CVE-2025-55044 The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers	HIGH	8.8	0.0%		2026-03-18
44	CVE-2026-32530 Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-25414 Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbook	HIGH	8.8	0.0%		2026-03-25
44	CVE-2026-30460 Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote	HIGH	8.8	0.0%		2026-04-07
44	CVE-2026-27018 ### Impact The fix introduced in version 8.1.0 for GHSA-rh2x-ccvw-q7r3 (CVE-202	HIGH	8.8	0.0%	FIX	2026-03-30
44	CVE-2026-4722 Privilege escalation in the IPC component. This vulnerability affects Firefox <	HIGH	8.8	0.0%	FIX	2026-03-24
44	CVE-2026-28519 arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vuln	HIGH	8.8	0.0%		2026-03-15
44	CVE-2026-35093 A flaw was found in libinput. A local attacker who can place a specially crafted	HIGH	8.8	0.0%		2026-04-01
44	CVE-2026-30711 Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection	HIGH	8.8	0.0%		2026-03-19
44	CVE-2026-4833 A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects	MEDIUM	4.8	0.0%	POC	2026-03-26
44	CVE-2026-5235 A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts	MEDIUM	4.8	0.0%	POC	2026-03-31
44	CVE-2026-5037 A vulnerability was determined in mxml up to 4.0.4. This issue affects the funct	MEDIUM	4.8	0.0%	POC FIX	2026-03-29
44	CVE-2026-5323 A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability	MEDIUM	4.8	0.0%	POC FIX	2026-04-02
44	CVE-2026-23480 Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there	HIGH	8.8	0.0%		2026-03-23
44	CVE-2025-69784 A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed	HIGH	8.8	0.0%		2026-03-16
44	CVE-2026-34040 ## Summary A security vulnerability has been detected that allows attackers to	HIGH	8.8	0.0%	FIX	2026-03-27
44	CVE-2025-43202 This issue was addressed with improved memory handling. This issue is fixed in i	HIGH	8.8	0.0%		2026-04-02
44	CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic	HIGH	8.8	0.0%		2026-04-02
44	CVE-2026-5272 Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a r	HIGH	8.8	0.0%	FIX	2026-04-01

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	731d
CVE-2019-19781	CRITICAL	9.8	223	2299d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1197d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 16 / 65 Next