|
821
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code…
|
CWE-78
OS Command
|
CVE-2026-39808
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEM…
|
CWE-89
SQL Injection
|
CVE-2026-39809
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
6.0 |
MEDIUM
Local
|
-
|
-
|
A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump.
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-39810
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-39811
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
4.8 |
MEDIUM
Network
|
-
|
-
|
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39812
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector her…
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-39813
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7…
|
CWE-23
Relative Path Traversal
|
CVE-2026-39814
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
- |
|
-
|
-
|
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-4832
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
- |
|
-
|
-
|
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write address…
|
CWE-121
CWE-125
Stack-based Buffer Overflow
Out-of-bounds Read
|
CVE-2026-5713
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
6.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cro…
|
CWE-79
Cross-site Scripting
|
CVE-2026-37980
|
2026-04-18 00:11 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
