Total CVEs

143,818

Critical Severity

4,094

High Severity

14,786

Last 7 Days

1,521
Quick preset (or use dates below)
Clear Filters
šŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 21,121 - 21,140 of 40,223 CVEs
CVE-2025-59809 MEDIUM - 4.3

A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6....

Vendor: Fortinet
Product: FortiSOAR on-premise, FortiSOAR PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2025-53847 MEDIUM - 6.5

A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or comman...

Vendor: Fortinet
Product: FortiOS
Published: Apr 14, 2026
Source: NVD
CVE-2024-23104 MEDIUM - 5.4

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at leas...

Vendor: Fortinet
Product: FortiVoice, FortiNDR
Published: Apr 14, 2026
Source: NVD
CVE-2026-4914 MEDIUM - 5.4

Stored XSSĀ inĀ IvantiĀ N-ITSMĀ beforeĀ version 2025.4Ā allows aĀ remoteĀ authenticatedĀ attacker toĀ obtain limited information from other user sessions.Ā User interaction is required.

Published: Apr 14, 2026
Source: NVD
CVE-2026-4913 MEDIUM - 5.7

Improper protection of an alternate pathĀ inĀ IvantiĀ N-ITSMĀ beforeĀ version 2025.4Ā allows aĀ remote authenticatedĀ attacker toĀ retain access when their account has beenĀ disabled.

Published: Apr 14, 2026
Source: NVD
CVE-2026-4369 HIGH - 7.1

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to r...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4345 HIGH - 7.1

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4344 HIGH - 7.1

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loca...

Published: Apr 14, 2026
Source: NVD
CVE-2026-37980 MEDIUM - 6.9

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed in...

Vendor: Red Hat
Product: Red Hat Build of Keycloak
Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.

Published: Apr 14, 2026
Source: NVD

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.

Published: Apr 14, 2026
Source: NVD

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.

Published: Apr 14, 2026
Source: NVD

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.

Published: Apr 14, 2026
Source: NVD