Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,316
Quick preset (or use dates below)
Clear Filters
šŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 23,041 - 23,060 of 42,148 CVEs
CVE-2025-65132 MEDIUM - 6.1

alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GET parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-63939 CRITICAL - 9.8

Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.

Published: Apr 14, 2026
Source: NVD
CVE-2025-61886 MEDIUM - 5.4

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

Vendor: Fortinet
Product: FortiSandbox PaaS, FortiSandbox
Published: Apr 14, 2026
Source: NVD
CVE-2025-61848 HIGH - 7.2

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, F...

Vendor: Fortinet
Product: FortiManager, FortiAnalyzer, FortiManager Cloud, FortiAnalyzer Cloud
Published: Apr 14, 2026
Source: NVD
CVE-2025-61624 MEDIUM - 6.0

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all vers...

Vendor: Fortinet
Product: FortiOS, FortiProxy, FortiSwitchManager, FortiPAM
Published: Apr 14, 2026
Source: NVD
CVE-2025-59809 MEDIUM - 4.3

A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.4, FortiSOAR on-premise 7.6....

Vendor: Fortinet
Product: FortiSOAR on-premise, FortiSOAR PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2025-53847 MEDIUM - 6.5

A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or comman...

Vendor: Fortinet
Product: FortiOS
Published: Apr 14, 2026
Source: NVD
CVE-2024-23104 MEDIUM - 5.4

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at leas...

Vendor: Fortinet
Product: FortiVoice, FortiNDR
Published: Apr 14, 2026
Source: NVD
CVE-2026-4914 MEDIUM - 5.4

Stored XSSĀ inĀ IvantiĀ N-ITSMĀ beforeĀ version 2025.4Ā allows aĀ remoteĀ authenticatedĀ attacker toĀ obtain limited information from other user sessions.Ā User interaction is required.

Published: Apr 14, 2026
Source: NVD
CVE-2026-4913 MEDIUM - 5.7

Improper protection of an alternate pathĀ inĀ IvantiĀ N-ITSMĀ beforeĀ version 2025.4Ā allows aĀ remote authenticatedĀ attacker toĀ retain access when their account has beenĀ disabled.

Published: Apr 14, 2026
Source: NVD
CVE-2026-4369 HIGH - 7.1

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to r...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4345 HIGH - 7.1

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4344 HIGH - 7.1

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loca...

Published: Apr 14, 2026
Source: NVD
CVE-2026-37980 MEDIUM - 6.9

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed in...

Vendor: Red Hat
Product: Red Hat Build of Keycloak
Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.

Published: Apr 14, 2026
Source: NVD

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.

Published: Apr 14, 2026
Source: NVD

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.

Published: Apr 14, 2026
Source: NVD