NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-39811	A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, Fort...	2026-04-14	4.9	NETWORK	MEDIUM	NVD
CVE-2026-39810	A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via de...	2026-04-14	6.0	LOCAL	MEDIUM	NVD
CVE-2026-39809	A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, F...	2026-04-14	6.7	LOCAL	MEDIUM	NVD
CVE-2026-39808	A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4....	2026-04-14	9.8	NETWORK	CRITICAL	NVD
CVE-2026-38533	An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permi...	2026-04-14	N/A	None	None	NVD
CVE-2026-38532	A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated atta...	2026-04-14	8.1	NETWORK	HIGH	NVD
CVE-2026-38530	A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attac...	2026-04-14	8.1	NETWORK	HIGH	NVD
CVE-2026-38529	A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to ...	2026-04-14	8.8	NETWORK	HIGH	NVD
CVE-2026-38528	Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.	2026-04-14	7.1	NETWORK	HIGH	NVD
CVE-2026-38527	A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resource...	2026-04-14	8.5	NETWORK	HIGH	NVD
CVE-2026-38526	An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arb...	2026-04-14	9.9	NETWORK	CRITICAL	NVD
CVE-2026-2405	CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when...	2026-04-14	5.3	NETWORK	MEDIUM	NVD
CVE-2026-2404	CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j...	2026-04-14	6.9	NETWORK	MEDIUM	NVD
CVE-2026-2403	CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrit...	2026-04-14	5.3	NETWORK	MEDIUM	NVD
CVE-2026-2402	CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account...	2026-04-14	6.9	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.