Security Dashboard

Priority	CVE	Severity	CVSS	EPSS	Indicators	Published
39	CVE-2026-39361 OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the	HIGH	7.7	0.0%		2026-04-07
39	CVE-2026-41060 WWBN AVideo is an open source video platform. In versions 29.0 and below, the `i	HIGH	7.7	0.0%		2026-04-21
39	CVE-2026-33399 Wallos is an open-source, self-hostable personal subscription tracker. Prior to	HIGH	7.7	0.0%	FIX	2026-03-24
39	CVE-2026-34056 OpenEMR is a free and open source electronic health records and medical practice	HIGH	7.7	0.0%		2026-03-25
39	CVE-2026-21887 OpenCTI is an open source platform for managing cyber threat intelligence knowle	HIGH	7.7	0.0%		2026-03-12
39	CVE-2026-39843 Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0,	HIGH	7.7	0.0%	FIX	2026-04-09
39	CVE-2026-31945 LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 throug	HIGH	7.7	0.0%	FIX	2026-03-27
39	CVE-2026-34936 ### Summary `passthrough()` and `apassthrough()` in `praisonai` accept a caller	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-32123 OpenEMR is a free and open source electronic health records and medical practice	HIGH	7.7	0.0%		2026-03-11
39	CVE-2026-34746 Payload is a free and open source headless content management system. Prior to v	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-35409 ### Summary A Server-Side Request Forgery (SSRF) protection bypass has been iden	HIGH	7.7	0.0%	FIX	2026-04-04
39	CVE-2026-30953 LinkAce is a self-hosted archive to collect website links. When a user creates a	HIGH	7.7	0.0%		2026-03-10
39	CVE-2026-35187 ## Vulnerability Details CWE-918: Server-Side Request Forgery (SSRF) The `	HIGH	7.7	0.0%		2026-04-04
39	CVE-2026-29925 Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery	HIGH	7.7	0.0%		2026-03-30
39	CVE-2026-33530 InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6,	HIGH	7.7	0.0%	FIX	2026-03-26
39	CVE-2026-40150 PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl()	HIGH	7.7	0.0%	FIX	2026-04-09
39	CVE-2026-32131 ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.	HIGH	7.7	0.0%		2026-03-11
39	CVE-2026-33913 OpenEMR is a free and open source electronic health records and medical practice	HIGH	7.7	0.0%		2026-03-25
39	CVE-2026-24177 NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API	HIGH	7.7	0.0%		2026-04-21
39	CVE-2026-31941 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch	HIGH	7.7	0.0%	FIX	2026-04-10
39	CVE-2026-22558 An Authenticated NoSQL Injection vulnerability found in UniFi Network Applicatio	HIGH	7.7	0.0%		2026-03-19
39	CVE-2026-31801 zot is ancontainer image/artifact registry based on the Open Container Initiativ	HIGH	7.7	0.0%	FIX	2026-03-10
39	CVE-2026-31891 ### Impact This is a SQL Injection vulnerability in the MongoLite Aggregation O	HIGH	7.7	0.0%	FIX	2026-03-17
39	CVE-2026-32067 OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerabil	LOW	3.7	0.0%	POC FIX	2026-03-21
39	CVE-2026-32050 OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in	LOW	3.7	0.0%	POC FIX	2026-03-21
39	CVE-2026-40188 goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, th	HIGH	7.7	0.0%	FIX	2026-04-10
39	CVE-2026-28468 OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in	HIGH	7.7	0.0%	FIX	2026-03-05
39	CVE-2026-32252 Chartbrew is an open-source web application that can connect directly to databas	HIGH	7.7	0.0%	FIX	2026-04-10
39	CVE-2026-25153 Backstage is an open framework for building developer portals, and @backstage/pl	HIGH	7.7	0.0%	FIX	2026-01-30
39	CVE-2026-29140 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause	HIGH	7.7	0.0%	FIX	2026-04-02
39	CVE-2026-24969 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	HIGH	7.7	0.0%		2026-03-25
39	CVE-2026-24970 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v	HIGH	7.7	0.0%		2026-03-25
39	CVE-2026-34214 ### Summary Iceberg connector REST catalog static credentials (access key) or v	HIGH	7.7	0.0%	FIX	2026-03-29
39	CVE-2026-34769 ### Impact An undocumented `commandLineSwitches` webPreference allowed arbitrary	HIGH	7.7	0.0%	FIX	2026-04-03
39	CVE-2026-24122 Cosign provides code signing and transparency for containers and binaries. In ve	LOW	3.7	0.0%	POC FIX	2026-02-19
39	CVE-2026-31851 Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implem	HIGH	7.7	0.0%		2026-03-23
39	CVE-2026-4368 Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configur	HIGH	7.7	0.0%		2026-03-23
39	CVE-2026-25506 MUNGE is an authentication service for creating and validating user credentials.	HIGH	7.7	0.0%	FIX	2026-02-10
39	CVE-2026-32441 Missing Authorization vulnerability in WebToffee Comments Import & Export commen	HIGH	7.7	0.0%		2026-03-25
39	CVE-2026-25958 Cube is a semantic layer for building data applications. From 0.27.19 to before	HIGH	7.7	0.0%	FIX	2026-02-09
39	CVE-2025-61917 n8n is an open source workflow automation platform. From version 1.65.0 to befor	HIGH	7.7	0.0%	FIX	2026-02-04
39	CVE-2025-15598 A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the funct	LOW	3.7	0.0%	POC	2026-03-03
39	CVE-2026-40683 In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert	HIGH	7.7	0.0%	FIX	2026-04-14
39	CVE-2026-5190 Out-of-bounds write in the streaming decoder component in aws-c-event-stream bef	HIGH	7.7	0.0%	FIX	2026-03-31
39	CVE-2026-2618 A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an	LOW	3.7	0.0%	POC	2026-02-17
39	CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Ra	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-35533 ### Summary `mise` loads trust-control settings from a local project `.mise.tom	HIGH	7.7	0.0%		2026-04-07
39	CVE-2026-30929 ImageMagick is free and open-source software used for editing and manipulating d	HIGH	7.7	0.0%	FIX	2026-03-10
39	CVE-2026-34242 Weblate is a web based localization tool. In versions prior to 5.17, the ZIP dow	HIGH	7.7	0.0%	FIX	2026-04-15
39	CVE-2025-13523 Mattermost Confluence plugin version <1.7.0 fails to properly escape user-contro	HIGH	7.7	0.0%	FIX	2026-02-06
39	CVE-2026-28521 arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vuln	HIGH	7.7	0.0%	FIX	2026-03-15
39	CVE-2026-30463 Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnera	HIGH	7.7	0.0%		2026-03-26
39	CVE-2024-51346 An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain s	HIGH	7.7	0.0%	POC	2026-03-25
39	CVE-2026-4115 A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verif	LOW	3.7	0.0%	POC FIX	2026-03-22
39	CVE-2025-68157 Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experim	LOW	3.7	0.0%	POC FIX	2026-02-05
39	CVE-2025-68458 Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experim	LOW	3.7	0.0%	POC FIX	2026-02-05
39	CVE-2026-34222 Open WebUI is a self-hosted artificial intelligence platform designed to operate	HIGH	7.7	0.0%	FIX	2026-04-01
39	CVE-2026-40348 Movary is a self hosted web app to track and rate a user's watched movies. Prior	HIGH	7.7	0.0%	FIX	2026-04-18
39	CVE-2025-1272 The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above fo	HIGH	7.7	0.0%	FIX	2026-02-18
39	CVE-2026-0017 In onChange of BiometricService.java, there is a possible way to enable fingerpr	HIGH	7.7	0.0%		2026-03-02
39	CVE-2025-48635 In multiple functions of TaskFragmentOrganizerController.java, there is a possib	HIGH	7.7	0.0%		2026-03-02
39	CVE-2022-50976 A local attacker could cause a full device reset by resetting the device passwor	HIGH	7.7	0.0%		2026-02-02
39	CVE-2019-25652 UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contai	HIGH	7.7	0.0%	FIX	2026-03-27
39	CVE-2026-2968 A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the fu	LOW	3.7	0.0%	POC	2026-02-23
39	CVE-2026-25157 OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS	HIGH	7.7	0.0%	FIX	2026-02-04
39	CVE-2026-20620 An out-of-bounds read issue was addressed with improved input validation. This i	HIGH	7.7	0.0%		2026-02-11
39	CVE-2026-34853 Permission bypass vulnerability in the LBS module. Impact: Successful exploitati	HIGH	7.7	0.0%		2026-04-13
38	CVE-2026-4760 From Panorama Web HMI, an attacker can gain read access to certain Web HMI serve	HIGH	7.7	0.1%		2026-03-25
38	CVE-2026-33476 ## Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint	HIGH	7.5	0.9%	FIX	2026-03-20
38	CVE-2026-0772 Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vuln	HIGH	7.5	0.9%		2026-01-23
38	CVE-2026-35585 File Browser is a file managing interface for uploading, deleting, previewing, r	HIGH	7.5	0.8%		2026-04-07
38	CVE-2026-33718 ## Summary A Command Injection vulnerability exists in the `get_git_diff()` met	HIGH	7.6	0.2%	FIX	2026-03-25
38	CVE-2026-24538 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP	HIGH	7.6	0.1%		2026-01-23
38	CVE-2025-13855 IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable t	HIGH	7.6	0.1%	FIX	2026-04-01
38	CVE-2026-22567 Improper validation of user-supplied input in the ZIA Admin UI could allow an au	HIGH	7.6	0.1%		2026-02-23
38	CVE-2026-29870 A directory traversal vulnerability in the agentic-context-engine project versio	HIGH	7.6	0.1%		2026-03-31
38	CVE-2026-34742 The Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection	HIGH	7.6	0.1%	FIX	2026-04-01
38	CVE-2026-27487 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using	HIGH	7.6	0.1%	FIX	2026-02-21
38	CVE-2026-29924 Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through th	HIGH	7.6	0.1%		2026-03-30
38	CVE-2026-29053 Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, spec	HIGH	7.6	0.1%	FIX	2026-03-05
38	CVE-2025-52744 Improper Control of Generation of Code ('Code Injection') vulnerability in inper	HIGH	7.6	0.1%		2026-02-20
38	CVE-2025-68662 Discourse is an open source discussion platform. In versions prior to 3.5.4, 202	HIGH	7.6	0.1%		2026-01-28
38	CVE-2026-39369 WWBN AVideo is an open source video platform. In versions 26.0 and prior, object	HIGH	7.6	0.0%		2026-04-07
38	CVE-2025-53217 Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-bu	HIGH	7.6	0.0%		2026-02-20
38	CVE-2026-32749 ### Summary `POST /api/import/importSY` and `POST /api/import/importZipMd` write	HIGH	7.6	0.0%	FIX	2026-03-16
38	CVE-2026-30918 facileManager is a modular suite of web apps built with the sysadmin in mind. Pr	HIGH	7.6	0.0%		2026-03-10
38	CVE-2025-8461 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site	HIGH	7.6	0.0%		2026-02-03
38	CVE-2025-8456 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site	HIGH	7.6	0.0%		2026-02-03
38	CVE-2026-30919 facileManager is a modular suite of web apps built with the sysadmin in mind. Pr	HIGH	7.6	0.0%		2026-03-10
38	CVE-2026-24750 Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior	HIGH	7.6	0.0%	FIX	2026-03-25

Oldest Unpatched Critical/High CVEs

CVE	Severity	CVSS	Priority	Days Open
CVE-2024-3400	CRITICAL	10.0	224	740d
CVE-2019-19781	CRITICAL	9.8	223	2308d
CVE-2020-5902	CRITICAL	9.8	223	2121d
CVE-2021-35464	CRITICAL	9.8	223	1735d
CVE-2020-10189	CRITICAL	9.8	223	2238d
CVE-2012-4681	CRITICAL	9.8	223	4986d
CVE-2022-42475	CRITICAL	9.8	223	1206d
CVE-2023-3519	CRITICAL	9.8	223	1008d
CVE-2015-7450	CRITICAL	9.8	222	3763d
CVE-2023-34048	CRITICAL	9.8	222	910d

Prev 78 / 181 Next