Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
15	CVE-2026-1762 A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipula	LOW	2.9	0.0%		2026-02-10
15	CVE-2026-0992 A flaw was found in the libxml2 library. This uncontrolled resource consumption	LOW	2.9	0.0%		2026-01-15
15	CVE-2026-23553 In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU r	LOW	2.9	0.0%	FIX	2026-01-28
15	CVE-2026-23749 Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, c	LOW	2.9	0.0%		2026-02-26
15	CVE-2026-40354 Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Fla	LOW	2.9	0.0%		2026-04-11
15	CVE-2026-32778 libexpat before 2.7.5 allows a NULL pointer dereference in the function setConte	LOW	2.9	0.0%		2026-03-16
15	CVE-2026-25046 Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent	LOW	2.9	0.0%		2026-01-29
15	CVE-2026-24515 In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown e	LOW	2.9	0.0%		2026-01-23
15	CVE-2026-0121 In VPU, there is a possible use-after-free read due to a race condition. This co	LOW	2.9	0.0%		2026-03-10
14	CVE-2026-40228 In systemd 259, systemd-journald can send ANSI escape sequences to the terminals	LOW	2.9	0.0%		2026-04-10
14	CVE-2025-52659 HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This	LOW	2.8	0.0%		2026-01-19
14	CVE-2025-32739 Improper conditions check in some firmware for some Intel(R) Graphics Drivers an	LOW	2.8	0.0%		2026-02-10
14	CVE-2026-34781 ### Impact Apps that call `clipboard.readImage()` may be vulnerable to a denial	LOW	2.8	0.0%	FIX	2026-04-07
14	CVE-2026-33762 ### Impact `go-git`’s index decoder for format version 4 fails to validate the	LOW	2.8	0.0%	FIX	2026-03-30
14	CVE-2026-0520 A potential vulnerability was reported in the Lenovo FileZ Android application t	LOW	2.8	0.0%		2026-03-11
14	CVE-2026-2239 A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread	LOW	2.8	0.0%	FIX	2026-03-26
14	CVE-2026-1485 A flaw was found in Glib's content type parsing logic. This buffer underflow vul	LOW	2.8	0.0%		2026-01-27
14	CVE-2025-36194 IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51,	LOW	2.8	0.0%		2026-02-02
14	CVE-2025-59383 A buffer overflow vulnerability has been reported to affect Media Streaming Add-	LOW	2.7	0.2%		2026-03-20
14	CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation	LOW	2.7	0.1%		2026-03-31
14	CVE-2026-32946 ## Summary A vulnerability exists in the Community Tier of Harden-Runner that a	LOW	2.7	0.1%	FIX	2026-03-17
14	CVE-2026-24641 A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet For	LOW	2.7	0.1%		2026-03-10
14	CVE-2025-52660 HCL AION is affected by an Unrestricted File Upload vulnerability. This can allo	LOW	2.7	0.1%		2026-01-19
14	CVE-2026-4285 A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b9	LOW	2.7	0.1%		2026-03-17
14	CVE-2026-1791 Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Netwo	LOW	2.7	0.1%		2026-02-04
14	CVE-2026-33160 ### Summary An unauthenticated user can call `assets/generate-transform` with a	LOW	2.7	0.0%	FIX	2026-03-24
14	CVE-2026-23859 Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enf	LOW	2.7	0.0%	FIX	2026-02-24
14	CVE-2026-21965 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pl	LOW	2.7	0.0%		2026-01-20
14	CVE-2026-3339 The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Travers	LOW	2.7	0.0%		2026-03-20
14	CVE-2026-34520 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34514 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34519 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34947 Discourse is an open-source discussion platform. From versions 2026.1.0-latest t	LOW	2.7	0.0%		2026-04-03
14	CVE-2026-33879 Federated Learning and Interoperability Platform (FLIP) is an open-source platfo	LOW	2.7	0.0%		2026-03-27
14	CVE-2026-34517 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34518 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34513 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python.	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2026-34762 ## Summary The `PUT /api/v1/subscriber/{imsi}` API accepts an IMSI identifier f	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2025-31966 HCL Sametime is vulnerable to broken server-side validation. While the applicati	LOW	2.7	0.0%		2026-03-17
14	CVE-2025-14270 The OneClick Chat to Order plugin for WordPress is vulnerable to authorization b	LOW	2.7	0.0%		2026-02-19
14	CVE-2025-66487 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequenc	LOW	2.7	0.0%	FIX	2026-04-01
14	CVE-2025-15321 Tanium addressed an improper input validation vulnerability in Tanium Appliance.	LOW	2.7	0.0%		2026-02-05
14	CVE-2026-29185 Backstage is an open framework for building developer portals. Prior to version	LOW	2.7	0.0%	FIX	2026-03-07
14	CVE-2025-13459 IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a	LOW	2.7	0.0%	FIX	2026-03-13
14	CVE-2026-28227 Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20	LOW	2.7	0.0%		2026-02-26
14	CVE-2026-26979 Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20	LOW	2.7	0.0%		2026-02-26
14	CVE-2026-26964 Windmill is an open-source developer platform for internal code: APIs, backgroun	LOW	2.7	0.0%		2026-02-20
14	CVE-2026-0925 Tanium addressed an improper input validation vulnerability in Discover.	LOW	2.7	0.0%		2026-01-26
14	CVE-2025-14083 A flaw was found in the Keycloak Admin REST API. This vulnerability allows the e	LOW	2.7	0.0%		2026-01-21
14	CVE-2026-2543 A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerab	LOW	2.7	0.0%		2026-02-16
14	CVE-2026-21640 HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format strin	LOW	2.7	0.0%		2026-01-20
14	CVE-2026-27153 Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20	LOW	2.7	0.0%		2026-02-26
14	CVE-2026-33394 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-late	LOW	2.7	0.0%		2026-03-19
14	CVE-2026-29104 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (C	LOW	2.7	0.0%		2026-03-19
14	CVE-2026-34203 Nautobot is a Network Source of Truth and Network Automation Platform. Prior to	LOW	2.7	0.0%	FIX	2026-03-31
14	CVE-2026-3911 A flaw was found in Keycloak. An authenticated user with the view-users role cou	LOW	2.7	0.0%		2026-03-11
14	CVE-2026-5375 An issue that could allow a user with access to a credential to view sensitive f	LOW	2.7	0.0%		2026-04-07
14	CVE-2026-32717 AnythingLLM is an application that turns pieces of content into context that any	LOW	2.7	0.0%		2026-03-13
14	CVE-2026-27151 Discourse is an open source discussion platform. Prior to versions 2025.12.2, 20	LOW	2.7	0.0%		2026-02-26
14	CVE-2026-32638 ## Summary The REST API `getUsers` endpoint in StudioCMS uses the attacker-cont	LOW	2.7	0.0%	FIX	2026-03-16
14	CVE-2026-22717 Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any plat	LOW	2.7	0.0%		2026-02-27
14	CVE-2026-32445 Missing Authorization vulnerability in Elementor Elementor Website Builder eleme	LOW	2.7	0.0%		2026-03-13
14	CVE-2026-2419 The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in a	LOW	2.7	0.0%		2026-02-18
14	CVE-2025-61643 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate	LOW	2.7	0.0%		2026-02-03
14	CVE-2026-25517 Wagtail is an open source content management system built on Django. Prior to ve	LOW	2.7	0.0%	FIX	2026-02-04
14	CVE-2026-1831 The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to	LOW	2.7	0.0%		2026-02-18
14	CVE-2025-13881 A flaw was found in Keycloak Admin API. This vulnerability allows an administrat	LOW	2.7	0.0%	FIX	2026-02-02
14	CVE-2026-1518 A flaw was found in Keycloak’s CIBA feature where insufficient validation of cli	LOW	2.7	0.0%		2026-02-02
14	CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4	LOW	2.7	0.0%	FIX	2026-04-07
14	CVE-2025-15480 In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user cr	LOW	2.7	0.0%	FIX	2026-04-09
14	CVE-2025-14551 In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials durin	LOW	2.7	0.0%	FIX	2026-04-09
14	CVE-2026-4916 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2	LOW	2.7	0.0%		2026-04-08
13	CVE-2026-22735 Spring MVC and WebFlux applications are vulnerable to stream corruption when usi	LOW	2.6	0.0%	FIX	2026-03-20
13	CVE-2026-21725 A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-the	LOW	2.6	0.0%		2026-02-25
13	CVE-2025-61873 Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV In	LOW	2.6	0.0%		2026-01-16
13	CVE-2025-55274 HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability.	LOW	2.6	0.0%		2026-03-26
13	CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerabi	LOW	2.6	0.1%		2026-03-26
13	CVE-2026-20757 Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows	LOW	2.5	0.0%		2026-03-03
13	CVE-2026-35388 OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode mu	LOW	2.5	0.0%		2026-04-02
13	CVE-2026-4243 A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts	LOW	2.5	0.0%		2026-03-16
13	CVE-2026-2974 A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. Th	LOW	2.5	0.0%	FIX	2026-02-23
13	CVE-2026-23901 Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects	LOW	2.5	0.0%	FIX	2026-02-10
13	CVE-2026-24508 Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Im	LOW	2.5	0.0%		2026-03-11
13	CVE-2026-27139 On Unix platforms, when listing the contents of a directory using File.ReadDir o	LOW	2.5	0.0%	FIX	2026-03-06
12	CVE-2026-1705 A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by	LOW	2.4	0.0%		2026-01-30
12	CVE-2025-52661 HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. Thi	LOW	2.4	0.0%		2026-01-19
12	CVE-2026-1444 A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37	LOW	2.4	0.0%		2026-01-26
12	CVE-2026-4474 A flaw has been found in itsourcecode University Management System 1.0. Impacted	LOW	2.4	0.0%		2026-03-20
12	CVE-2026-2965 A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.	LOW	2.4	0.0%		2026-02-23
12	CVE-2025-31703 A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker	LOW	2.4	0.0%		2026-03-18

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	730d
CVE-2019-19781	CRITICAL	9.8	223	2298d
CVE-2020-5902	CRITICAL	9.8	223	2111d
CVE-2021-35464	CRITICAL	9.8	223	1725d
CVE-2020-10189	CRITICAL	9.8	223	2228d
CVE-2012-4681	CRITICAL	9.8	223	4976d
CVE-2022-42475	CRITICAL	9.8	223	1196d
CVE-2023-3519	CRITICAL	9.8	223	998d
CVE-2015-7450	CRITICAL	9.8	222	3753d
CVE-2023-34048	CRITICAL	9.8	222	900d

Prev 6 / 8 Next