Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12747
Total
852
Critical
3670
High
3998
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5713 | UNKNOWN | — | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read … | Apr 14, 2026 |
| CVE-2026-4832 | UNKNOWN | — | CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the … | Apr 14, 2026 |
| CVE-2026-39815 | HIGH | 8.8 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute … | Apr 14, 2026 |
| CVE-2026-39814 | MEDIUM | 6.7 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 … | Apr 14, 2026 |
| CVE-2026-39813 | CRITICAL | 9.8 | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack … | Apr 14, 2026 |
| CVE-2026-39812 | MEDIUM | 4.8 | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all … | Apr 14, 2026 |
| CVE-2026-39811 | MEDIUM | 4.9 | A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb … | Apr 14, 2026 |
| CVE-2026-39810 | MEDIUM | 6.0 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump. | Apr 14, 2026 |
| CVE-2026-39809 | MEDIUM | 6.7 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS … | Apr 14, 2026 |
| CVE-2026-39808 | CRITICAL | 9.8 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to … | Apr 14, 2026 |
| CVE-2026-38533 | UNKNOWN | — | An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields … | Apr 14, 2026 |
| CVE-2026-38532 | HIGH | 8.1 | A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any … | Apr 14, 2026 |
| CVE-2026-38530 | HIGH | 8.1 | A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any … | Apr 14, 2026 |
| CVE-2026-38529 | HIGH | 8.8 | A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a … | Apr 14, 2026 |
| CVE-2026-38528 | HIGH | 7.1 | Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php. | Apr 14, 2026 |
| CVE-2026-38527 | HIGH | 8.5 | A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST … | Apr 14, 2026 |
| CVE-2026-38526 | CRITICAL | 9.9 | An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted … | Apr 14, 2026 |
| CVE-2026-2405 | UNKNOWN | — | CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the … | Apr 14, 2026 |
| CVE-2026-2404 | UNKNOWN | — | CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check … | Apr 14, 2026 |
| CVE-2026-2403 | UNKNOWN | — | CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin … | Apr 14, 2026 |
| CVE-2026-2402 | UNKNOWN | — | CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary … | Apr 14, 2026 |
| CVE-2026-2401 | UNKNOWN | — | CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a … | Apr 14, 2026 |
| CVE-2026-2400 | UNKNOWN | — | CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the … | Apr 14, 2026 |
| CVE-2026-2399 | UNKNOWN | — | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a … | Apr 14, 2026 |
| CVE-2026-27316 | LOW | 2.7 | A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator … | Apr 14, 2026 |