NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-39815	A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may a...	2026-04-14	8.8	NETWORK	HIGH	NVD
CVE-2026-39814	A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWe...	2026-04-14	6.7	LOCAL	MEDIUM	NVD
CVE-2026-39813	A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to esca...	2026-04-14	9.8	NETWORK	CRITICAL	NVD
CVE-2026-39812	A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, For...	2026-04-14	4.8	NETWORK	MEDIUM	NVD
CVE-2026-39811	A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, Fort...	2026-04-14	4.9	NETWORK	MEDIUM	NVD
CVE-2026-39810	A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via de...	2026-04-14	6.0	LOCAL	MEDIUM	NVD
CVE-2026-39809	A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, F...	2026-04-14	6.7	LOCAL	MEDIUM	NVD
CVE-2026-39808	A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4....	2026-04-14	9.8	NETWORK	CRITICAL	NVD
CVE-2026-38533	An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permi...	2026-04-14	6.5	NETWORK	MEDIUM	NVD
CVE-2026-38532	A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated atta...	2026-04-14	8.1	NETWORK	HIGH	NVD
CVE-2026-38530	A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attac...	2026-04-14	8.1	NETWORK	HIGH	NVD
CVE-2026-38529	A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to ...	2026-04-14	8.8	NETWORK	HIGH	NVD
CVE-2026-2405	CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when...	2026-04-14	5.3	NETWORK	MEDIUM	NVD
CVE-2026-2404	CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j...	2026-04-14	6.9	NETWORK	MEDIUM	NVD
CVE-2026-2403	CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrit...	2026-04-14	5.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.