Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-22576 — Fortinet FortiSOAR Password Recovery Vulnerability

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v…

fortisoaron-premise fortisoarpaas | Remote | Cryptography
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.1 MEDIUM
CVE-2026-22574 — Fortinet FortiSOAR Password Storage Vulnerability

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v…

fortisoaron-premise fortisoarpaas | Remote | Cryptography
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.5 MEDIUM
CVE-2026-22573 — Fortinet FortiSOAR Path Traversal Vulnerability

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all…

fortisoaron-premise fortisoarpaas | Remote | Path Traversal
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.5 MEDIUM
CVE-2026-22155 — Fortinet FortiSOAR Clear Text Information Disclosure

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3…

fortisoaron-premise fortisoarpaas | Remote | Cryptography
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.6 MEDIUM
CVE-2026-22154 — Fortinet FortiSOAR Cross-Site Scripting Vulnerability

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR Paa…

fortisoaron-premise fortisoarpaas | Remote | Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
5.7 MEDIUM
CVE-2026-21742 — Fortinet FortiSOAR Cleartext Password Transmission Vulnerability

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3…

fortisoaron-premise fortisoarpaas | Remote | Cryptography
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
2.4 LOW
CVE-2026-21741 — Fortinet FortiNAC Open Redirect Vulnerability

An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may a…

fortinac-f | Remote | Misconfiguration
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.0 MEDIUM
CVE-2025-68649 — Fortinet FortiAnalyzer and FortiManager Path Traversal Privilege Escalation Vulnerability

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all…

fortimanager fortianalyzer fortimanagercloud fortianalyzercloud | Path Traversal
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.1 MEDIUM
CVE-2025-65136 — Manikandan580 School-Management-System Reflected Cross-Site Scripting Vulnerability

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.

Remote | Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
9.8 CRITICAL
CVE-2025-65135 — Manikandan580 School-management-system Blind SQL Injection

In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
0.0 NA
CVE-2025-65134 — Manikandan580 School-management-system Reflected Cross-Site Scripting (XSS)

In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

| Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
0.0 NA
CVE-2025-65133 — Manikandan580 School Management System SQL Injection

A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affec…

| Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.1 MEDIUM
CVE-2025-65132 — Alandsilva26 Hotel Management PHP XSS

alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GE…

Remote | Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
9.8 CRITICAL
CVE-2025-63939 — Anirudhkannan Grocery Store Management System SQL Injection Vulnerability

Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.

Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
5.4 MEDIUM
CVE-2025-61886 — Fortinet FortiSandbox XSS Vulnerability

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 thro…

fortisandbox fortisandboxpaas | Remote | Cross-Site Scripting
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
7.2 HIGH
CVE-2025-61848 — Fortinet FortiAnalyzer/FortiManager SQL Injection Vulnerability

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7…

fortimanager fortianalyzer fortimanagercloud fortianalyzercloud | Remote | Injection
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.0 MEDIUM
CVE-2025-61624 — Fortinet FortiOS and FortiPAM Path Traversal Vulnerability

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions…

fortios fortiswitchmanager fortiproxy fortipam | Path Traversal
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
4.3 MEDIUM
CVE-2025-59809 — Fortinet FortiSOAR SSRF Vulnerability

A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4…

fortisoaron-premise fortisoarpaas | Remote | Server-Side Request Forgery
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
6.5 MEDIUM
CVE-2025-53847 — Fortinet FortiOS Unauthenticated Remote Code Execution

A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS …

fortios | Authentication
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
5.4 MEDIUM
CVE-2024-23104 — Fortinet FortiNDR Information Disclosure Vulnerability

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.…

fortivoice fortindr | Remote | Information Disclosure
Apr 14, 2026 Apr 14, 2026
Apr 14, 2026
Apr 14, 2026
Showing 20 of 6690 Results