Total CVEs

140,323

Critical Severity

3,747

High Severity

13,514

Last 7 Days

1,765
Quick preset (or use dates below)
Clear Filters
Showing 681 - 700 of 1,468 CVEs
CVE-2026-27769 LOW - 2.7

Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API.. ...

Vendor: Mattermost
Product: Mattermost
Published: Apr 15, 2026
Source: NVD
CVE-2025-52641 LOW - 2.9

HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosur...

Vendor: HCL
Product: AION
Published: Apr 15, 2026
Source: NVD
CVE-2026-40319 LOW - 5.5

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtrack...

Vendor: pip
Product: giskard-checks
Published: Apr 14, 2026
Source: GitHub
CVE-2026-34454 LOW - 3.5

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be show...

Vendor: go
Product: github.com/oauth2-proxy/oauth2-proxy/v7
Published: Apr 14, 2026
Source: GitHub
CVE-2026-27308 LOW - 2.4

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of t...

Vendor: Adobe
Product: ColdFusion
Published: Apr 14, 2026
Source: NVD
CVE-2026-27307 LOW - 2.4

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of t...

Vendor: Adobe
Product: ColdFusion
Published: Apr 14, 2026
Source: NVD
CVE-2026-27316 LOW - 2.7

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection.

Vendor: Fortinet
Product: FortiSandbox, FortiSandbox PaaS
Published: Apr 14, 2026
Source: NVD
CVE-2026-21741 LOW - 2.4

An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may allow a remote privileged attacker with system administrator role to redirect users to an ar...

Vendor: Fortinet
Product: FortiNAC-F
Published: Apr 14, 2026
Source: NVD
CVE-2026-37602 LOW - 2.7

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37601 LOW - 2.7

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37600 LOW - 2.7

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37598 LOW - 2.7

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37597 LOW - 2.7

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37596 LOW - 2.7

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37595 LOW - 2.7

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37594 LOW - 2.7

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37593 LOW - 2.7

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37592 LOW - 2.7

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37591 LOW - 2.7

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php.

Published: Apr 14, 2026
Source: NVD
CVE-2026-37590 LOW - 2.7

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php.

Published: Apr 14, 2026
Source: NVD