Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
12	CVE-2026-4165 A vulnerability has been found in Worksuite HR, CRM and Project Management up to	LOW	2.4	0.0%		2026-03-15
12	CVE-2026-20989 Improper verification of cryptographic signature in Font Settings prior to SMR M	LOW	2.4	0.0%		2026-03-16
12	CVE-2026-32735 openapi-to-java-records-mustache-templates allows users to generate Java Records	LOW	2.3	0.1%		2026-03-18
12	CVE-2026-33658 ### Impact Active Storage's proxy controller does not limit the number of byte r	LOW	2.3	0.0%	FIX	2026-03-25
12	CVE-2026-5107 A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the f	LOW	2.3	0.0%	FIX	2026-03-30
12	CVE-2026-32019 OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-use range v	LOW	2.3	0.0%	FIX	2026-03-19
12	CVE-2026-34969 # Refresh Token Leaked via URL Query Parameter in OAuth Provider Callback ## Su	LOW	2.3	0.0%	FIX	2026-04-01
12	CVE-2026-3237 In affected versions of Octopus Server it was possible for a low privileged user	LOW	2.3	0.0%		2026-03-17
12	CVE-2026-5199 A writer role user in an attacker-controlled namespace could signal, delete, and	LOW	2.3	0.0%	FIX	2026-04-01
12	CVE-2026-33644 Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the	LOW	2.3	0.0%		2026-03-26
12	CVE-2026-32642 Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache Active	LOW	2.3	0.0%	FIX	2026-03-24
12	CVE-2026-32943 ### Impact The password reset mechanism does not enforce single-use guarantees	LOW	2.3	0.0%	FIX	2026-03-17
12	CVE-2026-27524 OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /	LOW	2.3	0.0%	FIX	2026-03-18
12	CVE-2026-4202 The extension fails to verify, if an authenticated user has permissions to acces	LOW	2.3	0.0%	FIX	2026-03-17
12	CVE-2026-34506 OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its	LOW	2.3	0.0%	FIX	2026-03-31
12	CVE-2026-34509 OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its	LOW	2.3	0.0%	FIX	2026-03-31
12	CVE-2026-5188 An integer underflow issue exists in wolfSSL when parsing the Subject Alternativ	LOW	2.3	0.0%		2026-04-10
12	CVE-2026-5392 Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-35624 OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room auth	LOW	2.3	0.1%	FIX	2026-04-09
12	CVE-2026-35648 OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued no	LOW	2.3	0.0%	FIX	2026-04-10
12	CVE-2026-34764 ### Impact Apps that use offscreen rendering with GPU shared textures may be vul	LOW	2.3	0.0%	FIX	2026-04-03
12	CVE-2026-35617 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Goog	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-34720 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	LOW	2.3	0.0%		2026-04-08
12	CVE-2026-5448 X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-39957 Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL opera	LOW	2.3	0.0%		2026-04-09
12	CVE-2026-34945 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-34988 Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and	LOW	2.3	0.0%	FIX	2026-04-09
12	CVE-2026-5187 Two potential heap out-of-bounds write locations existed in DecodeObjectId() in	LOW	2.3	0.0%		2026-04-09
11	CVE-2026-22895 A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Ser	LOW	2.2	0.1%		2026-03-20
11	CVE-2026-3109 Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request t	LOW	2.2	0.0%		2026-03-26
11	CVE-2026-33408 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late	LOW	2.2	0.0%		2026-03-19
11	CVE-2026-5381 An issue that could expose task information outside of the authorized organizati	LOW	2.2	0.0%		2026-04-07
11	CVE-2026-30888 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-late	LOW	2.2	0.0%		2026-03-20
11	CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations ma	LOW	2.2	0.0%		2026-03-16
11	CVE-2026-0819 A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encod	LOW	2.2	0.0%		2026-03-19
11	CVE-2026-1005 Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause	LOW	2.1	0.1%		2026-03-19
11	CVE-2025-11571 Vulnerable endpoints accept user-controlled input through a URL in JSON format w	LOW	2.1	0.1%		2026-03-24
11	CVE-2026-34224 ### Impact An attacker who possesses a valid authentication provider token and	LOW	2.1	0.1%	FIX	2026-03-29
11	CVE-2026-32607 Discourse is an open-source discussion platform. From versions 2026.1.0-latest t	LOW	2.1	0.0%		2026-03-31
11	CVE-2026-4794 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.	LOW	2.1	0.0%		2026-03-31
11	CVE-2026-35200 ### Impact A file can be uploaded with a filename extension that passes the fil	LOW	2.1	0.0%	FIX	2026-04-04
11	CVE-2026-33624 Parse Server is an open source backend that can be deployed to any infrastructur	LOW	2.1	0.0%	FIX	2026-03-24
11	CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation	LOW	2.1	0.0%		2026-03-18
11	CVE-2026-5476 A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is th	LOW	2.1	0.0%		2026-04-03
11	CVE-2026-39349 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to	LOW	2.1	0.0%		2026-04-07
11	CVE-2025-7741 Hardcoded Password Vulnerability have been found in CENTUM. Affected products co	LOW	2.1	0.0%		2026-03-30
11	CVE-2026-3479 pkgutil.get_data() did not validate the resource argument as documented, allowin	LOW	2.1	0.0%	FIX	2026-03-18
11	CVE-2026-28527 BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Co	LOW	2.1	0.0%	FIX	2026-03-30
11	CVE-2026-28526 BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Co	LOW	2.1	0.0%	FIX	2026-03-30
11	CVE-2026-28528 BlueKitchen BTstack contains an out-of-bounds read vulnerability in the AVRCP Br	LOW	2.1	0.0%	FIX	2026-03-30
11	CVE-2026-27183 OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulne	LOW	2.1	0.0%	FIX	2026-03-23
10	CVE-2026-5772 A 1-byte stack buffer over-read was identified in the MatchDomainName function (	LOW	2.1	0.0%		2026-04-09
10	CVE-2026-5778 Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause	LOW	2.1	0.1%		2026-04-09
10	CVE-2026-34248 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0	LOW	2.1	0.0%		2026-04-08
10	CVE-2026-33073 Discourse is an open-source discussion platform. From versions 2026.1.0-latest t	LOW	2.0	0.0%		2026-03-31
10	CVE-2026-33674 ### Impact Fix improper use of validation framework ### Patches Patched in 8.2.	LOW	2.0	0.0%	FIX	2026-03-25
10	CVE-2026-27949 Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerabil	LOW	2.0	0.0%		2026-04-07
10	CVE-2026-4359 A compromised third party cloud server or man-in-the-middle attacker could send	LOW	2.0	0.0%	FIX	2026-03-17
10	CVE-2026-32828 Kargo manages and automates the promotion of software artifacts. In versions 1.4	LOW	2.0	0.0%	FIX	2026-03-20
10	CVE-2026-33550 SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has	LOW	2.0	0.0%	FIX	2026-03-22
10	CVE-2026-5473 A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is	LOW	2.0	0.0%		2026-04-03
10	CVE-2026-32970 OpenClaw before 2026.3.11 contains a credential fallback vulnerability where una	LOW	2.0	0.0%	FIX	2026-03-31
10	CVE-2026-31996 OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input valid	LOW	2.0	0.0%	FIX	2026-03-19
10	CVE-2025-52645 HCL AION is affected by a vulnerability where model packaging and distribution m	LOW	1.9	0.0%		2026-03-16
9	CVE-2025-52636 HCL AION is affected by a vulnerability related to the handling of upload size l	LOW	1.8	0.0%		2026-03-16
9	CVE-2025-52649 HCL AION is affected by a vulnerability where certain identifiers may be predict	LOW	1.8	0.0%		2026-03-16
9	CVE-2026-34743 XZ Utils provide a general-purpose data-compression library plus command-line to	LOW	1.7	0.0%		2026-04-02
9	CVE-2026-34073 ## Summary In versions of cryptography prior to 46.0.5, DNS name constraints we	LOW	1.7	0.0%	FIX	2026-03-27
8	CVE-2026-40072 web3.py allows you to interact with the Ethereum blockchain using Python. From 6	LOW	1.7	0.0%		2026-04-09
7	CVE-2026-4395 Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex()	LOW	1.3	0.2%	FIX	2026-03-19
7	CVE-2026-33402 Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 throug	LOW	1.3	0.0%		2026-03-26
7	CVE-2026-33161 ### Summary A low-privileged authenticated user can call `assets/image-editor`	LOW	1.3	0.0%	FIX	2026-03-24
7	CVE-2026-33423 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late	LOW	1.3	0.0%		2026-03-20
6	CVE-2026-3230 Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest hand	LOW	1.2	0.1%		2026-03-19
6	CVE-2026-33284 GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0	LOW	1.2	0.1%		2026-03-27
6	CVE-2026-4159 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted c	LOW	1.2	0.0%		2026-03-19
6	CVE-2026-3229 An integer overflow vulnerability existed in the static function wolfssl_add_to_	LOW	1.2	0.0%		2026-03-19
5	CVE-2026-34983 Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is	LOW	1.0	0.0%	FIX	2026-04-09
5	CVE-2025-62843 An improper restriction of communication channel to intended endpoints vulnerabi	LOW	0.9	0.0%		2026-03-20
3	CVE-2026-33525 ### Impact Official Weighted Severity Rating: Low This exploit is very unl	LOW	0.5	0.0%	FIX	2026-03-24
0	CVE-2026-32766 ## Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX exte	LOW	-	0.0%	FIX	2026-03-17
0	CVE-2026-32266 Unauthenticated users can view a list of buckets the plugin has access to. The	LOW	-	0.0%	FIX	2026-03-16
0	CVE-2026-33168 ### Impact When a blank string is used as an HTML attribute name in Action View	LOW	-	0.0%	FIX	2026-03-23
0	CVE-2026-33167 ### Impact The debug exceptions page does not properly escape exception messages	LOW	-	0.0%	FIX	2026-03-23
0	CVE-2026-33221 ## Summary The storage service's file upload handler trusts the client-provided	LOW	-	0.0%	FIX	2026-03-18

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4975d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 3 / 3