Total CVEs

143,818

Critical Severity

4,094

High Severity

14,786

Last 7 Days

1,521
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,101 - 21,120 of 40,223 CVEs
CVE-2026-25691 MEDIUM - 6.7

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker wi...

Vendor: Fortinet
Product: FortiSandbox PaaS, FortiSandbox Cloud, FortiSandbox
Published: Apr 14, 2026
Source: NVD
CVE-2026-23708 HIGH - 7.5

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA req...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-22828 HIGH - 8.1

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large am...

Vendor: Fortinet
Product: FortiAnalyzer Cloud, FortiManager Cloud
Published: Apr 14, 2026
Source: NVD
CVE-2026-22576 MEDIUM - 4.3

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOA...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-22574 MEDIUM - 4.1

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOA...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-22573 MEDIUM - 6.5

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, Forti...

Vendor: Fortinet
Product: FortiSOAR on-premise, FortiSOAR PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2026-22155 MEDIUM - 6.5

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, Fo...

Vendor: Fortinet
Product: FortiSOAR on-premise, FortiSOAR PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2026-22154 MEDIUM - 4.6

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-21742 MEDIUM - 5.7

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, Fo...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD

An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an ar...

Vendor: Fortinet
Product: FortiNAC-F
Published: Apr 14, 2026
Source: NVD
CVE-2025-68649 MEDIUM - 6.0

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAn...

Vendor: Fortinet
Product: FortiManager Cloud, FortiManager, FortiAnalyzer, FortiAnalyzer Cloud
Published: Apr 14, 2026
Source: NVD
CVE-2025-65136 MEDIUM - 6.1

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-65135 CRITICAL - 9.8

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

Published: Apr 14, 2026
Source: NVD

In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-65133 CRITICAL - 9.8

A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information.

Published: Apr 14, 2026
Source: NVD
CVE-2025-65132 MEDIUM - 6.1

alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GET parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-63939 CRITICAL - 9.8

Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-61886 MEDIUM - 5.4

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

Vendor: Fortinet
Product: FortiSandbox PaaS, FortiSandbox
Published: Apr 14, 2026
Source: NVD
CVE-2025-61848 HIGH - 7.2

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, F...

Vendor: Fortinet
Product: FortiManager, FortiAnalyzer, FortiManager Cloud, FortiAnalyzer Cloud
Published: Apr 14, 2026
Source: NVD
CVE-2025-61624 MEDIUM - 6.0

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all vers...

Vendor: Fortinet
Product: FortiOS, FortiProxy, FortiSwitchManager, FortiPAM
Published: Apr 14, 2026
Source: NVD