Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,316
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,021 - 23,040 of 42,148 CVEs

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.

Published: Apr 14, 2026
Source: NVD

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.

Published: Apr 14, 2026
Source: NVD

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.

Published: Apr 14, 2026
Source: NVD

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.

Published: Apr 14, 2026
Source: NVD

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

Vendor: Fortinet
Product: FortiSandbox, FortiSandbox PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2026-25691 MEDIUM - 6.7

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker wi...

Vendor: Fortinet
Product: FortiSandbox PaaS, FortiSandbox Cloud, FortiSandbox
Published: Apr 14, 2026
Source: NVD
CVE-2026-23708 HIGH - 7.5

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA req...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-22828 HIGH - 8.1

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large am...

Vendor: Fortinet
Product: FortiAnalyzer Cloud, FortiManager Cloud
Published: Apr 14, 2026
Source: NVD
CVE-2026-22576 MEDIUM - 4.3

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOA...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-22574 MEDIUM - 4.1

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOA...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-22573 MEDIUM - 6.5

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, Forti...

Vendor: Fortinet
Product: FortiSOAR on-premise, FortiSOAR PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2026-22155 MEDIUM - 6.5

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, Fo...

Vendor: Fortinet
Product: FortiSOAR on-premise, FortiSOAR PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2026-22154 MEDIUM - 4.6

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD
CVE-2026-21742 MEDIUM - 5.7

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, Fo...

Vendor: Fortinet
Product: FortiSOAR PaaS, FortiSOAR on-premise
Published: Apr 14, 2026
Source: NVD

An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an ar...

Vendor: Fortinet
Product: FortiNAC-F
Published: Apr 14, 2026
Source: NVD
CVE-2025-68649 MEDIUM - 6.0

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAn...

Vendor: Fortinet
Product: FortiManager Cloud, FortiManager, FortiAnalyzer, FortiAnalyzer Cloud
Published: Apr 14, 2026
Source: NVD
CVE-2025-65136 MEDIUM - 6.1

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-65135 CRITICAL - 9.8

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

Published: Apr 14, 2026
Source: NVD

In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-65133 CRITICAL - 9.8

A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database information.

Published: Apr 14, 2026
Source: NVD