Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
18	CVE-2026-32909 OpenClaw before 2026.2.19 contains a command injection vulnerability in tools.ex	LOW	3.6	-	FIX	2026-03-23
18	CVE-2026-4175 A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected ele	LOW	3.5	0.0%	FIX	2026-03-15
18	CVE-2026-4354 A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impa	LOW	3.5	0.0%		2026-03-18
18	CVE-2026-4355 A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknow	LOW	3.5	0.0%		2026-03-18
18	CVE-2026-33422 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late	LOW	3.5	0.0%		2026-03-20
18	CVE-2026-33551 An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.	LOW	3.5	0.0%	FIX	2026-04-10
18	CVE-2026-33426 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late	LOW	3.5	0.0%		2026-03-20
18	CVE-2026-35679 Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under cert	LOW	3.5	0.0%		2026-04-05
18	CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation which allows an att	LOW	3.5	0.1%		2026-03-26
18	CVE-2026-40077 Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in t	LOW	3.5	0.0%	FIX	2026-04-09
18	CVE-2026-35400 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web app	LOW	3.5	0.0%		2026-04-08
17	CVE-2026-32772 telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment	LOW	3.4	0.0%		2026-03-13
17	CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.4	0.0%		2026-04-06
17	CVE-2026-2271 A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker c	LOW	3.3	0.1%	FIX	2026-03-26
17	CVE-2026-33529 # Authenticated Path Traversal to RCE via Configuration Import ## Summary An a	LOW	3.3	0.0%	FIX	2026-03-25
17	CVE-2026-28864 This issue was addressed with improved permissions checking. This issue is fixed	LOW	3.3	0.0%		2026-03-25
17	CVE-2026-28893 A privacy issue was addressed with improved handling of temporary files. This is	LOW	3.3	0.0%		2026-03-25
17	CVE-2025-26474 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause informatio	LOW	3.3	0.0%		2026-03-16
17	CVE-2026-20684 A permissions issue was addressed with additional restrictions. This issue is fi	LOW	3.3	0.0%		2026-03-25
17	CVE-2026-0965 A flaw was found in libssh where it can attempt to open arbitrary files during c	LOW	3.3	0.0%	FIX	2026-03-26
17	CVE-2026-0639 in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through m	LOW	3.3	0.0%		2026-03-16
17	CVE-2026-20992 Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local	LOW	3.3	0.0%		2026-03-16
17	CVE-2025-52642 HCL AION is affected by a vulnerability where internal filesystem paths may be e	LOW	3.3	0.0%		2026-03-16
17	CVE-2026-32020 OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in t	LOW	3.3	0.0%	FIX	2026-03-19
17	CVE-2026-28264 Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorre	LOW	3.3	0.0%		2026-04-08
17	CVE-2026-35094 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file	LOW	3.3	0.0%		2026-04-01
17	CVE-2026-34766 ### Impact The `select-usb-device` event callback did not validate the chosen de	LOW	3.3	0.0%	FIX	2026-04-03
17	CVE-2026-4761 When a certificate and its private key are installed in the Windows machine cert	LOW	3.3	0.0%		2026-03-25
17	CVE-2025-43236 A type confusion issue was addressed with improved memory handling. This issue i	LOW	3.3	0.0%		2026-04-02
17	CVE-2026-21715 A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSyn	LOW	3.3	0.0%	FIX	2026-03-30
16	CVE-2026-22545 Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication m	LOW	3.1	0.0%	FIX	2026-03-16
16	CVE-2026-32006 OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerabili	LOW	3.1	0.0%	FIX	2026-03-19
16	CVE-2026-35538 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitiz	LOW	3.1	0.0%	FIX	2026-04-03
16	CVE-2026-2475 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify	LOW	3.1	0.0%	FIX	2026-04-01
16	CVE-2026-35387 OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA al	LOW	3.1	0.0%		2026-04-02
16	CVE-2026-4874 A flaw was found in Keycloak. An authenticated attacker can perform Server-Side	LOW	3.1	0.0%		2026-03-26
16	CVE-2026-29071 Open WebUI is a self-hosted artificial intelligence platform designed to operate	LOW	3.1	0.0%	FIX	2026-03-27
16	CVE-2025-14808 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attac	LOW	3.1	0.0%	FIX	2026-03-25
16	CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level	LOW	3.1	0.0%		2026-04-06
16	CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ	LOW	3.1	0.0%		2026-03-30
16	CVE-2026-4477 A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1_201710241	LOW	3.1	0.0%		2026-03-20
16	CVE-2026-0397 When the internal webserver is enabled (default is disabled), an attacker might	LOW	3.1	0.0%	FIX	2026-03-31
16	CVE-2026-4549 A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by th	LOW	3.1	0.0%		2026-03-22
16	CVE-2026-0396 An attacker might be able to inject HTML content into the internal web dashboard	LOW	3.1	0.0%	FIX	2026-03-31
16	CVE-2026-40109 Flux notification-controller is the event forwarder and notification dispatcher	LOW	3.1	0.0%	FIX	2026-04-09
16	CVE-2025-55272 HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attacke	LOW	3.1	0.0%		2026-03-26
16	CVE-2025-55271 HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where i	LOW	3.1	0.0%		2026-03-26
16	CVE-2025-55276 HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will giv	LOW	3.1	0.0%		2026-03-26
15	CVE-2026-5382 An issue that could expose records outside of the authorized organization scope	LOW	3.0	0.0%		2026-04-07
15	CVE-2026-5379 An issue that allowed MCP agents to access certificate information from outside	LOW	3.0	0.0%		2026-04-07
15	CVE-2026-33769 Astro is a web framework. From version 2.10.10 to before version 5.18.1, this is	LOW	2.9	0.1%	FIX	2026-03-24
15	CVE-2026-4742 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')	LOW	2.9	0.0%	FIX	2026-03-24
15	CVE-2026-40354 Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Fla	LOW	2.9	0.0%		2026-04-11
15	CVE-2026-32778 libexpat before 2.7.5 allows a NULL pointer dereference in the function setConte	LOW	2.9	0.0%		2026-03-16
14	CVE-2026-40228 In systemd 259, systemd-journald can send ANSI escape sequences to the terminals	LOW	2.9	0.0%		2026-04-10
14	CVE-2026-34781 ### Impact Apps that call `clipboard.readImage()` may be vulnerable to a denial	LOW	2.8	0.0%	FIX	2026-04-07
14	CVE-2026-33762 ### Impact `go-git`’s index decoder for format version 4 fails to validate the	LOW	2.8	0.0%	FIX	2026-03-30
14	CVE-2026-2239 A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread	LOW	2.8	0.0%	FIX	2026-03-26
14	CVE-2025-59383 A buffer overflow vulnerability has been reported to affect Media Streaming Add-	LOW	2.7	0.2%		2026-03-20
14	CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation	LOW	2.7	0.1%		2026-03-31
14	CVE-2026-32946 ## Summary A vulnerability exists in the Community Tier of Harden-Runner that a	LOW	2.7	0.1%	FIX	2026-03-17
14	CVE-2026-4285 A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b9	LOW	2.7	0.1%		2026-03-17
14	CVE-2026-33160 ### Summary An unauthenticated user can call `assets/generate-transform` with a	LOW	2.7	0.0%	FIX	2026-03-24
14	CVE-2026-3339 The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Travers	LOW	2.7	0.0%		2026-03-20
14	CVE-2026-34519 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34520 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34514 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34947 Discourse is an open-source discussion platform. From versions 2026.1.0-latest t	LOW	2.7	0.0%		2026-04-03
14	CVE-2026-33879 Federated Learning and Interoperability Platform (FLIP) is an open-source platfo	LOW	2.7	0.0%		2026-03-27
14	CVE-2026-34518 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34517 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34513 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34762 ## Summary The `PUT /api/v1/subscriber/{imsi}` API accepts an IMSI identifier f	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2025-31966 HCL Sametime is vulnerable to broken server-side validation. While the applicati	LOW	2.7	0.0%		2026-03-17
14	CVE-2025-66487 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequenc	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-33394 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late	LOW	2.7	0.0%		2026-03-19
14	CVE-2026-34203 Nautobot is a Network Source of Truth and Network Automation Platform. Prior to	LOW	2.7	0.0%	FIX	2026-03-31
14	CVE-2026-29104 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (C	LOW	2.7	0.0%		2026-03-19
14	CVE-2026-5375 An issue that could allow a user with access to a credential to view sensitive f	LOW	2.7	0.0%		2026-04-07
14	CVE-2026-32717 AnythingLLM is an application that turns pieces of content into context that any	LOW	2.7	0.0%		2026-03-13
14	CVE-2026-32638 ## Summary The REST API `getUsers` endpoint in StudioCMS uses the attacker-cont	LOW	2.7	0.0%	FIX	2026-03-16
14	CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	LOW	2.7	0.0%	FIX	2026-04-07
14	CVE-2026-4916 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2	LOW	2.7	0.0%		2026-04-08
14	CVE-2025-14551 In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials durin	LOW	2.7	0.0%	FIX	2026-04-09
14	CVE-2025-15480 In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user cr	LOW	2.7	0.0%	FIX	2026-04-09
13	CVE-2026-22735 Spring MVC and WebFlux applications are vulnerable to stream corruption when usi	LOW	2.6	0.0%	FIX	2026-03-20
13	CVE-2025-55274 HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability.	LOW	2.6	0.0%		2026-03-26
13	CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerabi	LOW	2.6	0.1%		2026-03-26
13	CVE-2026-4243 A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts	LOW	2.5	0.0%		2026-03-16
13	CVE-2026-35388 OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode mu	LOW	2.5	0.0%		2026-04-02

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4975d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3752d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 2 / 3 Next