Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,599
Quick preset (or use dates below)
Clear Filters
Showing 10,041 - 10,060 of 14,444 CVEs
CVE-2025-68482 MEDIUM - 6.9

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiM...

Vendor: Fortinet
Product: FortiAnalyzer, FortiManager, FortiManager Cloud, FortiAnalyzer Cloud
Published: Mar 10, 2026
Source: NVD
CVE-2025-55717 MEDIUM - 4.0

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder ...

Vendor: Fortinet
Product: FortiVoice, FortiMail, FortiRecorder
Published: Mar 10, 2026
Source: NVD
CVE-2025-54659 MEDIUM - 5.8

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessibl...

Vendor: Fortinet
Product: FortiSOAR Agent Communication Bridge
Published: Mar 10, 2026
Source: NVD
CVE-2025-53608 MEDIUM - 4.8

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticat...

Vendor: Fortinet
Product: FortiSandbox
Published: Mar 10, 2026
Source: NVD
CVE-2025-49784 MEDIUM - 6.0

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnaly...

Vendor: Fortinet
Product: FortiAnalyzer-BigData, FortiAnalyzer
Published: Mar 10, 2026
Source: NVD
CVE-2025-48840 MEDIUM - 5.3

An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.

Vendor: Fortinet
Product: FortiWeb
Published: Mar 10, 2026
Source: NVD
CVE-2025-48418 MEDIUM - 6.7

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnal...

Vendor: Fortinet
Product: FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, FortiManager Cloud
Published: Mar 10, 2026
Source: NVD
CVE-2025-41712 MEDIUM - 6.5

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.

Vendor: Janitza, Weidmueller
Product: UMG 96RM-E 24V(5222063), UMG 96RM-E 230V(5222062), ENERGY METER 750-230 (2540910000), ENERGY METER 750-24 (2540900000)
Published: Mar 10, 2026
Source: NVD
CVE-2025-41711 MEDIUM - 5.3

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

Vendor: Janitza, Weidmueller
Product: UMG 96RM-E 24V(5222063), UMG 96RM-E 230V(5222062), ENERGY METER 750-230 (2540910000), ENERGY METER 750-24 (2540900000)
Published: Mar 10, 2026
Source: NVD
CVE-2025-41710 MEDIUM - 6.5

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.

Vendor: Janitza, Weidmueller
Product: UMG 96RM-E 24V(5222063), UMG 96RM-E 230V(5222062), ENERGY METER 750-230 (2540910000), ENERGY METER 750-24 (2540900000)
Published: Mar 10, 2026
Source: NVD
CVE-2026-26310 MEDIUM - 5.9

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This vulnerability is fixed ...

Vendor: go
Product: github.com/envoyproxy/envoy
Published: Mar 10, 2026
Source: GitHub
CVE-2026-28267 MEDIUM - 5.5

Multiple i-ใƒ•ใ‚ฃใƒซใ‚ฟใƒผ products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.

Published: Mar 10, 2026
Source: NVD
CVE-2026-27688 MEDIUM - 5.0

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially es...

Vendor: SAP_SE
Product: SAP NetWeaver Application Server for ABAP
Published: Mar 10, 2026
Source: NVD
CVE-2026-27687 MEDIUM - 5.8

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability.

Vendor: SAP_SE
Product: SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
Published: Mar 10, 2026
Source: NVD
CVE-2026-27686 MEDIUM - 5.9

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processi...

Vendor: SAP_SE
Product: SAP Business Warehouse (Service API)
Published: Mar 10, 2026
Source: NVD
CVE-2026-27684 MEDIUM - 6.4

SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a...

Vendor: SAP_SE
Product: SAP NetWeaver (Feedback Notification)
Published: Mar 10, 2026
Source: NVD
CVE-2026-24317 MEDIUM - 5.0

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user'...

Vendor: SAP_SE
Product: SAP GUI for Windows with active GuiXT
Published: Mar 10, 2026
Source: NVD
CVE-2026-24316 MEDIUM - 6.4

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with pot...

Vendor: SAP_SE
Product: SAP NetWeaver Application Server for ABAP
Published: Mar 10, 2026
Source: NVD
CVE-2026-24313 MEDIUM - 5.0

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.

Vendor: SAP_SE
Product: SAP Solution Tools Plug-In (ST-PI)
Published: Mar 10, 2026
Source: NVD
CVE-2026-24311 MEDIUM - 5.6

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes could a...

Vendor: SAP_SE
Product: SAP Customer Checkout 2.0
Published: Mar 10, 2026
Source: NVD