NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-68649	An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAn...	2026-04-14	6.0	LOCAL	MEDIUM	NVD
CVE-2025-61886	An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox ...	2026-04-14	5.4	NETWORK	MEDIUM	NVD
CVE-2025-61848	An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, F...	2026-04-14	7.2	NETWORK	HIGH	NVD
CVE-2025-61624	An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, Fort...	2026-04-14	6.0	LOCAL	MEDIUM	NVD
CVE-2025-59809	A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, Forti...	2026-04-14	4.3	NETWORK	MEDIUM	NVD
CVE-2025-53847	A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 throu...	2026-04-14	6.5	ADJACENT_NETWORK	MEDIUM	NVD
CVE-2024-23104	An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all...	2026-04-14	5.4	NETWORK	MEDIUM	NVD
CVE-2026-4914	Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User ...	2026-04-14	5.4	NETWORK	MEDIUM	NVD
CVE-2026-4913	Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their acc...	2026-04-14	5.7	NETWORK	MEDIUM	NVD
CVE-2026-4369	A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigge...	2026-04-14	7.1	LOCAL	HIGH	NVD
CVE-2026-4345	A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the ...	2026-04-14	7.1	LOCAL	HIGH	NVD
CVE-2026-4344	A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stor...	2026-04-14	7.1	LOCAL	HIGH	NVD
CVE-2026-37980	A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` a...	2026-04-14	6.9	NETWORK	MEDIUM	NVD
CVE-2026-30480	A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to inc...	2026-04-14	6.5	NETWORK	MEDIUM	NVD
CVE-2025-69993	Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied ...	2026-04-14	6.1	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.