CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-22574 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all ve... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-22576 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all ve... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22828 A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary ... | 8.1 | HIGH | — | 0 |
| CVE-2026-23708 A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through... | 7.5 | HIGH | — | 0 |
| CVE-2026-25691 A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all vers... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-27316 A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed admi... | 2.7 | LOW | — | 0 |
| CVE-2026-2399 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the P... | N/A | NONE | — | 0 |
| CVE-2026-2400 CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc req... | N/A | NONE | — | 0 |
| CVE-2026-2401 CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an at... | N/A | NONE | — | 0 |
| CVE-2026-2402 CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authenticati... | N/A | NONE | — | 0 |
| CVE-2026-2403 CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettin... | N/A | NONE | — | 0 |
| CVE-2026-2404 CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | N/A | NONE | — | 0 |
| CVE-2026-38526 An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.9 | CRITICAL | — | 0 |
| CVE-2026-38527 A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request. | 8.5 | HIGH | — | 0 |
| CVE-2026-38530 A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently ... | 8.1 | HIGH | — | 0 |
| CVE-2026-38532 A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently... | 8.1 | HIGH | — | 0 |
| CVE-2026-39809 A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-39810 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump. | 6.0 | MEDIUM | — | 0 |
| CVE-2026-39815 A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or comm... | 8.8 | HIGH | — | 0 |
| CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. | N/A | NONE | — | 0 |
| CVE-2026-5713 The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresse... | N/A | NONE | — | 0 |
| CVE-2026-22692 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-23653 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | 5.7 | MEDIUM | — | 0 |
| CVE-2026-23666 Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-23670 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | 5.7 | MEDIUM | — | 0 |
| CVE-2026-24906 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup ... | N/A | NONE | — | 0 |
| CVE-2026-24907 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When... | N/A | NONE | — | 0 |
| CVE-2026-25184 Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-26143 Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26149 Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network. | 9.0 | CRITICAL | — | 0 |
| CVE-2026-26151 Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | 7.1 | HIGH | — | 0 |
| CVE-2026-26152 Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-26153 Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26154 Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26156 Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26159 Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26160 Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26161 Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26162 Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26163 Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26165 Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-26166 Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2026-26167 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 8.8 | HIGH | — | 0 |
| CVE-2026-26168 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally... | 7.8 | HIGH | — | 0 |
| CVE-2026-26169 Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26170 Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26171 Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-26172 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2026-26177 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.