|
831
|
7.1 |
HIGH
Local
|
-
|
-
|
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4344
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
832
|
7.1 |
HIGH
Local
|
-
|
-
|
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2026-4345
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
833
|
7.1 |
HIGH
Local
|
-
|
-
|
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4369
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
834
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.
|
CWE-424
Improper Protection of Alternate Path
|
CVE-2026-4913
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
835
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.
|
CWE-79
Cross-site Scripting
|
CVE-2026-4914
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
836
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2025-59809
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
837
|
5.4 |
MEDIUM
Network
|
-
|
-
|
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 thro…
|
CWE-79
Cross-site Scripting
|
CVE-2025-61886
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
838
|
6.0 |
MEDIUM
Local
|
-
|
-
|
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions…
|
CWE-22
Path Traversal
|
CVE-2025-61624
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
839
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-0390
|
2026-04-18 00:10 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
840
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
|
CWE-843
Type Confusion
|
CVE-2026-20806
|
2026-04-18 00:10 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
